Tag Archives: ISATAP

IPv6: Tunnel type review, links to IPv6 address identification, migration, and GRE / DMVPN that I highly encourage you to review!

I know I said no more posts, but IPV6 was begging for some kind of review before exam day so here it is!

There are two general ways to route IPv6 packets, those being a fully native end to end IPv6 network from host – across the WAN – to the end host and back, or IPv6 Tunnels.

IPv6 tunneling consists of taking IPv6 traffic, and encapsulating it like interesting traffic for an IPSec tunnel before transmission into an IPv4 packet, so it can traverse the IPv4 network to its tunnel endpoint that then decapsulates the IPv6 packet for delivery to the inside IPv6 host.

Tunneling is generally done by only two routers, however the Tunneling protocol ISATAP can be done by the hosts themselves, if they are capable of creating the packet that includes the IPv6 payload encapsulated within an IPv4 packet type.

There are 4 general types of IPv6 Tunnels:

  • Manually configured – Point to Point, generally permanent, like any site to site VPN
  • GRE – Point to Point, manually configured, wide support of protocols it can transmit
  • 6to4 – Multipoint tunnel, dynamically formed, uses 3rd and 4th “quartets” for IPv4 address
  • ISATAP – Multipoint tunnel, dynamically formed, uses 7th and 8th “quartets” for the IPv4 address

Now, you may be asking yourself, what on Earth is a quartet, because I sure am. Being that it’s only 3am or so, why not google it, because I doubt it is the part of a musical ensemble.

After a quick google search (how did we even survive before google?), a quartet is 4 digits of the 128 bit address, so it would make sense that 4 of these bits are being used, as each bit represents part of a hexadecimal address as shown in this explanation.

I highly suggest you read that quick explanation of Hex conversion if you’re rusty.

NAT-PT will also get an honorable mention here, though it is not technically a tunnel so there is no encapsulation / decapsulation of packets, however it does translate between protocols. It does also translate and keep track of DNSv4 and DNSv6 name to address bindings, while translating both IPv4 to IPv6 and back between the two.

I have updated this link with how to identify some IPv6 addresses on exam day if asked “Which one of these is is an ISATAP / TEREDO / 6to4 / Link-Local” Address type. It is not conclusive, but that is really all I got before exam day that is now less than 24 hours away.

I was going to post something else about IPv6, but I am too tired to remember what at 3:30am now, just read everything I’ve ever written and you should be good to go for exam day I think – We’ll see how tomorrow goes 🙂

Ooop, just remember, migration strategies link for IPv6, if you add up everything I’ve said between those links and this post it will hopefully make sense and I don’t contradict myself in every explanation.

One big take away from the migration strategies, as a majority of it is using Tunnels as part of the Migration, is Dual-Stacking which is having your hosts run both IPv6 and IPv4, which is how most migrations work.

Start out with a single web facing server that is not critical to production, and give it both an IPv4 and IPv6 test, and see if you can communicate with it over IPv6 (while still having the reliable IPv4 address on it that you know works within your environment).

Also since it was a tunnel type mentioned, and it is also in the VPN section of topics to be covered, do yourself a favor and read the GRE over IPSec tunnel configuration that I did a fairly brief write up about.

I gotta go to bed but wanted to post one last link, this is for mGRE used for DMVPN, which gives a very brief overview of concepts / terminology of how mGRE is used, as well as NHRP (Next Hop Routing Protocol) to make DMVPN works.

I highly encourage you to familiarize yourself with the DMVPN high level view setup process of the tunnels, not so much the configuration, so you are familiar with the terminology.

Ok, must stop researching and studying and posting resources, and test time tomorrow – Hope to see that Pass on the grade!

ALSO ONE LAAAST NOTE, NAT64 – This is used for your IPv4 hosts to communicate with IPv6 servers, hence the device configured for it holding the bindings / address mappings! Remember on exam day, IPv4 hosts talking to IPv6 hosts involves Dual Stacking, or NAT64 to translate for hosts / server on different IP versions!