ISATAP enables unicast communication between IPv6/IPv4 hosts
across the IPv4-only Internet. ISATAP works by encapsulating IPv6
packets with an IPv4 header so that the IPv6 packet can be sent over
an IPv4-only network. This approach is called IPv6-over-IPv4
tunneling, and ISATAP uses automatic tunneling that does
not require any manual configuration.
ISATAP addresses are assigned by ISATAP hosts to their ISATAP
tunnel interfaces. An ISATAP address consists of a valid 64-bit
unicast address prefix and a 64-bit interface identifier. The
interface identify can be either ::0:5efe:w.x.y.z or
::200:5efe:w.x.y.z,where w.x.y.z is either a
private or public IPv4 address, respectively.
On Windows platforms, IPv6 automatically creates a separate
ISATAP tunneling interface for each LAN interface that has a unique
DNS suffix. A link-local ISATAP address is then automatically
configured on these ISATAP interfaces to enable IPv6 communication
over an IPv4-only network without the need of assigning global or
unique local ISATAP addresses to the interfaces.
In Windows Server 2012, you can use the Get-NetIPInterface
cmdlet to list the interfaces on the computer (the command output
has been truncated for display reasons):
PS C:\> Get-NetIPInterface -AddressFamily IPv6
ifIndex InterfaceAlias NlMtu(Bytes) InterfaceMetric ConnectionState
------- -------------- ------------ --------------- ---------------
12 Ethernet 1500 5 Connected
14 Teredo Tunneling Pseudo-Inte... 1280 50 Disconnected
13 isatap.{DD59BFFD-706A-4685-9... 1280 50 Disconnected
1 Loopback Pseudo-Interface 1 4294967295 50 Connected
From the preceding output, you can see that the index number
of the ISATAP interface is 13, which allows you to display more
detailed information about the interface as follows:
PS C:\> Get-NetIPInterface -AddressFamily IPv6 -ifIndex 13 | fl
InterfaceIndex : 13
InterfaceAlias : isatap.{DD59BFFD-706A-4685-9073-647788046335}
AddressFamily : IPv6
Forwarding : Disabled
Advertising : Disabled
NlMtu(Bytes) : 1280
AutomaticMetric : Enabled
InterfaceMetric : 50
NeighborDiscoverySupported : Yes
NeighborUnreachabilityDetection : Disabled
BaseReachableTime(ms) : 30000
ReachableTime(ms) : 23000
RetransmitTime(ms) : 1000
DadTransmits : 0
RouterDiscovery : Enabled
ManagedAddressConfiguration : Disabled
OtherStatefulConfiguration : Disabled
WeakHostSend : Disabled
WeakHostReceive : Disabled
IgnoreDefaultRoutes : Disabled
AdvertisedRouterLifetime : 00:30:00
AdvertiseDefaultRoute : Disabled
CurrentHopLimit : 0
ForceArpNdWolPattern : Disabled
DirectedMacWolPattern : Disabled
EcnMarking : AppDecide
Dhcp : Disabled
ConnectionState : Disconnected
PolicyStore : ActiveStore
As shown in Figure 6, an ISATAP
infrastructure includes the following components:
-
ISATAP subnets An ISATAP
subnet is a portion of an IPv4-only network on which ISATAP will
be used for IPv6-over-IPv4 tunneling.
-
ISATAP hosts An ISATAP host
has an ISATAP tunneling interface, which it can use communicate
with other ISATAP hosts on the same ISATAP subnet. Windows
computers can function as ISATAP hosts using either link-local,
unique-local, or global ISATAP addresses.
-
ISATAP routers An ISATAP
router is used to enable communication between ISATAP hosts on
an ISATAP subnet and IPv6 hosts on an IPv6-capable network.
Computers running Windows Server 2012 can function as ISATAP
routers by configuring their LAN interfaces with appropriate
IPv6 addresses, routes, and other settings.
You can configure a Windows computer to use an ISATAP router
in the following ways:
-
By using Group Policy as shown in Figure 7
-
By using the Set-NetIsatapConfiguration cmdlet
-
By using the Netsh interface isatap set router
command
Important
Scope of ISATAP deployment
Do not deploy ISATAP across your entire IPv4 network
infrastructure. Instead, enable it only on select computers within
your organization that need it.
