ISATAP

ISATAP


In this video from ITFreeTraining, we’ll be taking a look at ISATAP. ISATAP is an IPv6 transition technology and is used to allow IPv4 only and IPv6 only networks to communicate with each other.

Download the PDF handout:

ISATAP
05:15 – ISATAP stands for Intra-site Automatic Tunnel Address Protocol. The main takeaway from the name is the “Intra” in Intra-site which stands for internal. ISATAP is designed to work within a site or internal network. This means it is not used for public communications across the Internet. An easy rule when encountering ISATAP on an exam is to eliminate any options that involve external communications.
0:49 – To put it simply, ISATAP connects an IPv4 only network to a network that only uses IPv6. To illustrate this case, consider two networks where one is IPv4 only and the other is IPv6 only. With no common protocols between the networks, there is currently no way to communicate. With an ISATAP router placed between the networks, they will be able to communicate with one another. ISATAP acts as a bridge to facilitate the communication between IPv4 and IPv6. Let’s take a look at how ISATAP accomplishes this.

ISATAP Address (IPv4 node)
1:20 – To accomplish this feat, an IPv4 node creates a tunnel to the ISATAP router. This tunnel is assigned an IPv6 address. The IPv6 address of the tunnel is broken down into two individual parts. The prefix is controlled by the administrator. This prefix can be any valid IPv6 prefix. This is used for routing on the IPv6 network and has the ability to communicate with the ISATAP router.
1:45 – The second part of the address is called the interface ID. This interface ID incorporates the IPv4 address within it. The interface always begins with an identical sequence which is followed by the IPv4 address. When reviewing the address, sometimes the IPv4 part of the address will be displayed as an IPv4 address while at other times it may appears in hexadecimal.

How it works
2:10 – In order to understand, the ISATAP transition technology, we’ll take a look at a different example. ISATAP utilizes tunneling to communicate data from the IPv4 host to the ISATAP router. This essentially states that an IPv6 packet will be embedded, or placed, within an IPv4 packet.
2:30 – To help you understand, let’s consider an IPv4 only network with a single IPv4 computer with no IPv6 connection. The IPv4 computer would like to communicate with the computer on the IPv6 only network. In order to do this, the computer creates an IPv6 packet, however, with it not being allowed on the IPv6 network, it will then encase the packet in an IPv4 packet.
2:55 – In this next step, the packet is transferred via an ISATAP tunnel to the designated ISATAP router. This example is a basic scenario, but the packet could have potentially travelled over a large number of IPv4 routers in order to arrive at its destination. Once it reaches its destination, the IPv4 packet is discarded leaving only the IPv6 packet. This packet is then sent on the IPv6 network to the appropriate destination. This is a simple example that is meant to illustrate the process involved. If you’ve been following along so far, you’ll be ready to take a deeper dive.

How it works in detail
3:30 – In this example, we’ll take a look at a computer that is attached to an IPv4 network. This computer is allocated an IPv4 address on this network. The computer is attempting to contact another computer which is on an IPv6 only network with an IPv6 address.
3:43 – There is no common protocol that will connect them, so ISATAP would be employed in order to bridge both networks. In order to make this possible, the IPv4 computer has to obtain an IPv6 address which it will do by soliciting the ISATAP server. The first part of the address will contain the network prefix, which is configured by the administrator or set by the ISATAP server. The interface ID part of the address will start with 5efe followed by the IPv4 address of the computer.
4:15 – The computer now has an IPv6 address. However, it is still connected to an IPv4 network. This is where the transition protocol plays a role. To begin, the computer needs to locate an ISATAP router. This can be manually configured, but in this case, the computer will contact the DNS server to obtain the ISATAP router’s address.
4:35 – The computer will then formulate the IPv6 packet. Notice that the source address is the address that is allocated to the computer utilizing ISATAP and the destination address is that of the IPv6 computer. Since the computer is within an IPv4 only network, the IPv6 packet will be embedded within an IPv4 packet. Notice that the source IP address is the local computer’s address and that the destination address is that of the ISATAP router.
5:05 – In order to communicate with the IPv6 computer, the IPv4 packet has to be transmitted across the network. As this is an IPv4 packet currently, it will be routed just as any other IPv4 packet would be. This changes upon hitting the ISATAP router, as at this point the IPv4 packet is removed and the embedded IPv6 packet is now routed to the destination as an IPv6 packet would.
5:30 – If an IPv6 computer wants to contact an IPv4 router, this process is simply reversed. In this example, you can visualize how the ISATAP router acts as a bridge between IPv4 only and IPv6 only networks. One point to remember however, is that ISATAP is for internal routing on a private network and will not be publicly routable.

References
“Installing and Configuring Windows Server 2012 R2 Exam Ref 70-410” page 204

Credits
Trainer: Austin Mason http://ITFreeTraining.com
Voice Talent: HP Lewis http://hplewis.com
Companion Document: Phillip Guld https://philguld.com
Video Production: Kevin Luttman http://www.KevinLuttman.com
Quality Assurance: Brett Batson http://www.pbb-proofreading.uk