ISATAP (intra-site automatic tunnel addressing protocol) is an IPv6 transition mechanism meant to transmit IPv6 packets between dual-stack nodes on top of an IPv4 network. It is defined in the informational RFC 5214.[1]
Unlike 6over4 (an older similar protocol using IPv4 multicast), ISATAP uses IPv4 as a virtual non-broadcast multiple-access network (NBMA) data link layer, so that it does not require the underlying IPv4 network infrastructure to support multicast.
Criticisms of ISATAP
editISATAP typically builds its Potential Router List (PRL) by consulting the DNS; hence, in the OSI model it is a lower-layer protocol that relies on a higher layer. A circularity is avoided by relying on an IPv4 DNS server, which does not rely on IPv6 routing being established; however, some network specialists claim that these violations lead to insufficient protocol robustness.[2][better source needed]
ISATAP carries the same security risks as 6over4: the IPv4 virtual link must be delimited carefully at the network edge, so that external IPv4 hosts cannot pretend to be part of the ISATAP link. That is normally done by ensuring that proto-41 (6in4) cannot pass through the firewall.
Implementations of ISATAP
editISATAP is implemented in Microsoft Windows XP, Windows Vista, Windows 7, Windows 8, Windows 10, Windows Server 2008, Windows Server 2012, Windows Server 2016, Windows Server 2019, Windows Mobile, Linux, and in Cisco IOS (since IOS 12.2(14)S and IOS XE Release 2.1).[3]
Due to a patent claim, early in-kernel implementations were withdrawn from both KAME (*BSD) and USAGI (Linux). However, the IETF IPR disclosure search engine reports that the would-be infringing patent's holder requires no license from implementers.[4] ISATAP support has been supported in Linux since kernel version 2.6.25,[5] the tool isatapd [6] provides a userspace helper. For prior kernels, the open source project Miredo provided an incomplete userland ISATAP implementation, which was removed in version 1.1.6.
References
edit- ^ Templin, Fred L.; Gleeson, Tim; Thaler, Dave (March 2008). "Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) RFC 5214". tools.ietf.org. IETF Network Working Group. doi:10.17487/RFC5214. Retrieved 25 November 2020.
Category: Informational
- ^ itojun (2002-12-25). "Request to publish ISATAP". v6ops Mailing List. Retrieved 2015-02-09.
- ^ "Cisco IOS IPv6 Command Reference". Retrieved 2015-05-06.
- ^ Peter Marcotullio (2005-03-15). "SRI International's statement about IPR claimed in draft-ietf-ngtrans-isatap-24.txt". Retrieved 2015-02-09.
- ^ Fred L. Templin (2007-11-29). "IPV6: Add RFC4214 support". Retrieved 2015-02-09.
- ^ Sascha Hlusiak (2010). "ISATAP client for Linux". Retrieved 2015-02-09.
External links
edit- isatap.org Archive at the Wayback Machine (archived 2020-07-30)