From: ccie2be (ccie2be@nyc.rr.com)
Date: Thu Apr 28 2005 - 17:24:28 GMT-3
Hi guys,
Now that I understand how 6to4 tunnels work thanks to Simon Hart, I'm going
to try to understand how ISATAP works as well.
I know how to configure it - that's clear enough from the Doc-CD but I'd
like to understand the big picture which is still missing some pieces.
Consider this example:
|----------- ipv6 --------- | ---- ipv4 --- | -- ipv6 --- |
host A ------ rtr-A ------- rtr-B ------ rtr-C --- host C
Assume that host A knows host C's ipv6 address and wants to send traffic to
host C. Also, assume the following:
rtr-A is the default gateway for host A.
rtr-B and rtr-C are configured for isatap.
rtr-A and rtr-B are running an ipv6 IGP, so rtr-A knows how to reach rtr-B.
**************************************************************************
How does rtr-A know to send packets to rtr-B for delivery to rtr-C? (Answer
is below)
How does rtr-B know what ipv4 destination address to use to get packets to
rtr-C? (Answer is below)
I posted these questions yesterday but didn't get any response. Today, I
did some googling and found this link:
http://www.ipv6style.jp/en/building/20030820/2.shtml <-- I think this is a
fairly good link for ipv6 info.
which answered the above questions but created some other questions.
Address Creation: ISATAP addresses are created through a unique process.
First, an ISATAP interface identifier is created using the IPv4 address.
::0:5efe:32bitIPv4addr
This interface identifier is locally unique. This identifier is used to
create ISATAP link-local address and, with that, to communicate with ISATAP
routers. Once an ISATAP router is reached the ISATAP node can use router
solicitations to get a globally unique prefix, and through autoconfig,
create a globally unique IPv6 address.
Processes: ISATAP is unique in how it handles router and neighbor discovery.
Initial router discovery is done through name lookup. When an ISATAP node's
ISATAP interface is initialized, it will do a lookup for the name "ISATAP".
This should resolve to the addresses of all ISATAP routers in the AS. This
is called a Potential Router List (PRL). The ISATAP node will then send a
Router Solicitation to the ISATAP link-local address for each ISATAP router
in the PRL.
When communicating between two ISATAP nodes, a node will know that the
destination is an ISATAP node based on the interface identifier. Based on
the prefix, if the destination is onlink (within the AS) the IPv6 packet is
encapsulated in an IPv4 packet and the destination IPv4 address is derived
from the IPv4 address embedded in the destination IPv6 ISATAP address. If
the destination is offlink, then the IPv6 packet is still encapsulated in
IPv4 and the destination is the current default ISATAP router for
forwarding. The latter is also true for packets destined to non-ISATAP
destinations.
***************************
Based on the above, it appears that all ipv6 hosts must be configured to
support ISATAP and must also be configured with an ipv4 address which ISATAP
will use to create its ipv6 address.
Is this true?
If so, it seems to me that the starting point prior to any ipv6 or ISATAP
deployment is a pure ipv4 environment. Is this true?
Finding the ipv4 address of the tunnel endpoint.
I also found out today why the interface command, no ipv6 nd suppress-ra, is
required. Unlike with 6to4 tunnels, with ISATAP the ipv4 address embedded
in the ipv6 address is the ipv4 address of the node itself, not the ipv4
address of the tunnel endpoint.
In this example, there are only 2 "border" routers, rtr-B and rtr-C
surrounding a "core" ipv4 network, but I imagine there could be any number
of border routers. Is that true?
If this is true, then it reasons that the ipv6 neighbor discovery process
could discover many neighbors instead of just one. So, now the question
becomes, if there are potentially many tunnels and thus many tunnel
endpoints how does router creating the tunnel know which tunnel endpoint to
use?
Does the above scenario mean an ipv6 routing protocol needs to run
everywhere including over the tunnels themselves?
TIA, Tim
This archive was generated by hypermail 2.1.4 : Tue May 03 2005 - 07:55:10 GMT-3