SUZUKI, Shinsuke at KAME Project
$Id: index.html,v 1.6 2005/02/08 06:40:32 suz Exp $
SRI had been claimed an IPR for ISATAP, and due to that KAME stopped the distribution of ISATAP implementation.
However, the contact person of this IPR sent us an e-mail confirming our release to use ISATAP with no license from SRI. Hence, KAME decided to revive ISATAP in KAME SNAP. If you are to use KAME's ISATAP in your product, please ask the SRI contact person to obtain an official permission by yourself (you can find the contact point here. According to the SRI contact person, SRI will update the IPR claim in IETF to allow unrestricted use of ISATAP with no license.)
This document describes how to use ISATAP on KAME.
ISATAP is an automatic tunneling technique especially suited for intranet. Its addressing architecture is a little bit different from 6to4, a well-known automatic tunneling technique; In this mechanism, IPv4 address is embedded at the lower 32bit of IPv6 address, which enables the use of linklocal unicast address like normal physical interfaces.
ISATAP client---(IPv4 only internet/intranet)---ISATAP routers--(IPv6 Internet)---- ==============================> 1. RS to all the ISATAP routers by IPv4 unicast packet encapsulating IPv6 RS <============================== 2. RA to the ISATAP client by an IPv4 unicast packet encapsulating IPv6 RA
KAME's ISATAP implementation is based on draft-ietf-ngtrans-isatap-08.txt, but can accept Router Solicitation from older draft implementations (e.g. Windows-XP) using ff02::2 to solicit RA.
ISATAP router | ISATAP host | |
---|---|---|
KAME snap kernel | x | x | KAME snap ifconfig | x | x |
KAME snap rtadvd | x | - |
KAME snap rtsold | - | x |
IPv4 address | x | x |
/64 IPv6 prefix | x | - |
External IPv6 connectivity | x | - |
If you have 192.168.0.1, then use the following command.
# /usr/local/v6/sbin/ifconfig ist0 inet6 fe80::5efe:192.168.0.1 prefixlen 64
If it's statically defined as "192.168.0.254", then use the following command to configure it.
# /usr/local/v6/sbin/ifconfig ist0 isataprtr 192.168.0.254
If it's defined as "isatap.appropriate-domain", then execute the following shell script periodically (every 1 hour according to draft-ietf-ngtrans-isatap-08.txt) by cron or shell-script to dynamically update ISATAP router info.
#!/bin/sh #user configuration domain=appropriate-domain prlname=isatap dig=/usr/local/bin/dig # BIND9's dig ifconfig=/usr/local/v6/sbin/ifconfig # KAME's ifconfig #internal variables; don't edit curprl="" oldprl="" newprl="" newprl=`${dig} +short +domain=$domain +search $prlname a | grep '^[0-9.]*$'` oldprl=`${ifconfig} ist0 | grep isataprtr | awk '{print $2}'` for r in $newprl; do # case 1. has already appeared in the new list (i.e. already exists # in the current list) -> do nothing found=`echo "find-isataprrtr $curprl" | grep $r` if [ "X$found" != X ]; then continue; fi # case 2. already exists in the old list -> update the old list found=`echo "find-isataprrtr $oldprl" | grep $r` if [ "X$found" != X ]; then oldprl=`echo $oldprl | sed s/$r//` continue; fi # case 3. otherwise -> write down the new isataprtr and update # the old list and the current list. ${ifconfig} ist0 isataprtr $r curprl="$r $curprl" oldprl=`echo $oldprl | sed s/$r//` continue; done for r in $oldprl; do ${ifconfig} ist0 deleteisataprtr $r done
# /usr/local/v6/sbin/rtsold ist0Please take care that "rtsol" is not enough, because the obtained prefix will soon be expired since ISATAP router can only send solicited RAs.
# /usr/local/v6/sbin/ifconfig ist0 inet6 fe80::5efe:192.168.0.254 prefixlen 64
# /usr/local/v6/sbin/ifconfig ist0 inet6 3ffe:ffff:ffff:ffff::5efe:192.168.0.254 prefixlen 64 alias
# /usr/local/v6/sbin/rtadvd ist0
Register a DNS A-record "isatap" to your DNS server, so that you can ping(IPv4) to your ISATAP router using a hostname "isatap".
If it's impossible, please invoke the following command from cmd.exe console.
c:\> netsh interface ipv6 isatap set router (ISATAP router's address)
That's all, if your ISATAP router is properly configured:-) You can confirm it using the following command
c:\> ipconfig .... Tunnel adapter Automatic Tunneling Pseudo-Interface: Connection-specific DNS Suffix . : (blank) IP Address . . . . . . . . . . . : fe80::5efe:x.x.x.x%2 IP Address . . . . . . . . . . . : (some global prefix)::5efe:x.x.x.x Default Gateway . . . . . . . . : fe80::5efe:y.y.y.y%2