Configuring an ISATAP Router

Use this command one or multiple times to advertise as many prefixes as required. For example, the ISATAP subnet might have both global and unique local subnet prefixes. All the prefixes configured using this command are included in the Router Advertisement message sent by the ISATAP router to the ISATAP host.

If the router is not named ISATAP or the name “ISATAP” cannot be resolved to the IPv4 address assigned to the router’s interface on the ISATAP subnet, you also need to issue the netsh interface isatap set router AddressOrName command on the router.

For example, a computer running Windows Server 2008 that is a member of the example.microsoft.com domain has the following configuration:

■A LAN interface named “Local Area Connection” is attached to the ISATAP subnet and assigned the IPv4 address 10.0.91.211.

■A LAN interface named “Local Area Connection 2” is attached to the IPv6-capable network.

■The ISATAP tunneling interface that is associated with the “Local Area Connection” LAN interface is named “Local Area Connection* 7”.

Additionally, the address prefix assigned to the ISATAP subnet is 2001:DB8:2A05:10::/64 and the computer uses a default router on the IPv6-capable network at the next-hop address of FE80::2AA:FF:FE98:2AB1. To configure this computer as an ISATAP advertising and forwarding router, run the following commands:

■netsh interface isatap set router 10.0.91.211

This command activates the ISATAP tunneling interface on the router.

■netsh interface ipv6 set interface "Local Area Connection 2" forwarding=enabled

This command enables IPv6 forwarding on the LAN interface connected to the IPv6capable portion of the intranet.

■netsh interface ipv6 add route ::/0 "Local Area Connection 2" nexthop=fe80::2aa:ff:fe98:2ab1 publish=yes

This command adds a default route pointing to a neighboring router on the IPv6-capable portion of the intranet. Because the default route is configured to be published, the computer will advertise itself as a default router.

■netsh interface ipv6 set interface "Local Area Connection* 7" forwarding=enabled advertise=enabled

This command enables IPv6 forwarding and advertising on the ISATAP tunneling interface that is associated with the LAN interface that is connected to the ISATAP subnet.

■netsh interface ipv6 add route 2001:db8:2a05:10::/64 "Local Area Connection* 7" publish=yes

This command adds a published route for the ISATAP subnet to the ISATAP tunneling interface.

292 Understanding IPv6, Second Edition

The ISATAP router is now configured for forwarding and advertising, but the ISATAP hosts and the ISATAP router need to be able to resolve the name “ISATAP” to the IPv4 address 10.0.91.211. Therefore, the last step in this simplified example is to add the following example A record to DNS:

isatap.example.microsoft.com. 3600 A IN 10.0.91.211

ISATAP hosts that are members of the example.microsoft.com domain will use an IPv4-based DNS name query to resolve the name “isatap.example.microsoft.com.” and send an encapsulated Router Solicitation message to the ISATAP router at 10.0.91.211. The ISATAP router responds with an encapsulated Router Advertisement message from its link-local ISATAP address (FE80::5EFE:10.0.91.211) containing the following:

■The Router Lifetime field set to 65,535, indicating that the ISATAP router is a default router. Based on this field, the ISATAP hosts add a default route to their routing tables with the next-hop address of FE80::5EFE:10.0.91.211.

■A Prefix Information option containing the 2001:DB8:2A05:10::/64 prefix with the On-link and Autonomous flags set. Based on this option, the ISATAP hosts configure a global ISATAP address on their ISATAP tunneling interfaces, add a route to their routing tables for the on-link subnet prefix 2001:DB8:2A05:10::/64, and attempt to register their global ISATAP addresses in DNS using DNS dynamic update.

For information about deploying ISATAP in more complex configurations, see the Intra-site Automatic Tunnel Addressing Protocol Deployment Guide at http://www.microsoft.com/ipv6.

References

The following reference was cited in this chapter:

■ RFC 4214 – “Intra-Site Automatic Tunnel Addressing Protocol (ISATAP)”

You can obtain this RFC from the \RFCs_and_Drafts folder on the companion CD-ROM or from http://www.ietf.org/rfc.html.

Testing for Understanding

To test your understanding of ISATAP, answer the following questions. See Appendix D, “Testing for Understanding Answers,” to check your answers.

1.Describe the intended use of the ISATAP IPv6 transition technology.

2.How can you recognize an ISATAP address?

3.How are the source and destination addresses in the encapsulating IPv4 header determined for ISATAP traffic?

4.Define the required and optional roles of an ISATAP router.

5.List and describe the steps that a Windows Vista–based ISATAP host with a single LAN interface goes through to perform router discovery for its ISATAP tunneling interface.

6.To reach a native IPv6 host, IPv6 packets from an ISATAP host must traverse seven IPv4 routers on the ISATAP subnet and three native IPv6 routers on the IPv6-capable portion of the intranet. If the IPv6 packets were sent by the ISATAP host with a Hop Limit field of 128, what is the value of the Hop Limit field when the packets are received at the destination?

7.A network administrator needs to begin experimenting with IPv6 connectivity on their IPv4-only intranet. Describe how the network administrator can configure a computer running Windows Server 2008 as an ISATAP router to immediately turn the entire IPv4only intranet into a logical IPv6 subnet. What other steps must be done?