ISATAP Router Redundancy using HSRP

ISATAP Configuration

Here, the following steps are taken on the host (Windows XP) to make it ISATAP-capable-

IPv6 is disabled by default in Windows XP. To enable, use ipv6 install command from the command-prompt.
The host needs to resolve the IPv4 address for the name "ISATAP". This can be done in one of following ways-

Manually provide the IPv4 address of the ISATAP Router using netsh interface ipv6 isatap set router 192.16.1.1 command from the command-prompt. OR
Edit the hosts file located in C:\Windows\System32\drivers\etc folder with the entry- 192.16.1.1 isatap OR
Use the DNS Server

TIP

If a host would like to use multiple ISATAP routers for redundancy, the manual configuration wont work. DNS lookup using above methods is necessary in that case.

When the host is first enabled for IPv6, the ipconfig /all command shows the following for ISATAP adapter. The host generates a link-local address of the form FE80::0:5EFE:d.d.d.d for itself, where d.d.d.d is the IPv4 address of the host. It does not have any information about its Default Gateway, which will be the link-local address of the ISATAP router.

Tunnel adapter Automatic Tunneling Pseudo-Interface:

        Connection-specific DNS Suffix  . :

        Description . . . . . . . . . . . : Automatic Tunneling Pseudo-Interface

        Physical Address. . . . . . . . . : 0A-01-01-02

        Dhcp Enabled. . . . . . . . . . . : No

        IP Address. . . . . . . . . . . . : fe80::5efe:10.1.1.2%2

        Default Gateway . . . . . . . . . :

        DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%2

                                                    fec0:0:0:ffff::2%2

                                                    fec0:0:0:ffff::3%2

        NetBIOS over Tcpip. . . . . . . . : Disabled

The ISATAP Router is configured as below-

ISATAP1 Router configuration

ipv6 unicast-routing

ipv6 cef

interface fastethernet 0/0

 ip address 192.16.1.1 255.255.255.0

interface Tunnel 0

 ipv6 address 2001:ABAB::/64 eui-64

 tunnel source fastethernet 0/0

 tunnel mode ipv6ip isatap

 no ipv6 nd ra suppress

interface Loopback 0

 ipv6 address CAFE::1/128

NOTE

The command no ipv6 nd ra suppress is required as the router does not send RA messages on Tunnel interface (disabled by default).

This configuration results in an IPv6 address assigned to the Tunnel interface corresponding to the Fastethernet 0/0 interface (C010:0101 = 192.16.1.1)

ISATAP1# show ipv6 interface brief

FastEthernet0/0            [up/up]

FastEthernet0/1            [administratively down/down]

Loopback0                  [up/up]

    FE80::CE02:14FF:FEE4:0

    CAFE::1

Tunnel0                    [up/up]

    FE80::5EFE:C010:101

    2001:ABAB::5EFE:C010:101

When the host sends a Router Solicitation (RS) message encapsulated in an IPv4 packet over the ISATAP tunnel, the ISATAP router sends a Router Advertisement (RA) message to the host with Prefix Information and MTU. It also advertises the default route and the next-hop as its link-local address.

"debug ipv6 nd" and "debug ipv6 icmp" on ISATAP1 Router

*Mar  1 00:54:17.719: ICMPv6: Received ICMPv6 packet from FE80::5EFE:A01:102, type 133

*Mar  1 00:54:17.723: ICMPv6-ND: Received RS on Tunnel0 from FE80::5EFE:A01:102

*Mar  1 00:54:17.727: ICMPv6-ND: Sending solicited RA on Tunnel0

*Mar  1 00:54:17.727: ICMPv6-ND: Sending RA from FE80::5EFE:C010:101 to FE80::5EFE:A01:102 on Tunnel0

*Mar  1 00:54:17.731: ICMPv6-ND:     MTU = 1480

*Mar  1 00:54:17.735: ICMPv6-ND:     prefix = 2001:ABAB::/64 onlink autoconfig

*Mar  1 00:54:17.735: ICMPv6-ND:             2592000/604800 (valid/preferred)

The host generates an IPv6 address for itself based on the prefix advertised by the ISATAP router in RA message.

TIP

Sometimes in Windows XP, the host will not accept the RA message from the ISATAP router. In this case, uninstall IPv6 using IPv6 uninstall command from command-prompt and install IPv6 again.

ISATAP adapter on host after receiving the RA message

Tunnel adapter Automatic Tunneling Pseudo-Interface:

        Connection-specific DNS Suffix  . :

        Description . . . . . . . . . . . : Automatic Tunneling Pseudo-Interface

        Physical Address. . . . . . . . . : 0A-01-01-02

        Dhcp Enabled. . . . . . . . . . . : No

        IP Address. . . . . . . . . . . . : 2001:abab::5efe:10.1.1.2

        IP Address. . . . . . . . . . . . : fe80::5efe:10.1.1.2%2

        Default Gateway . . . . . . . . . : fe80::5efe:192.16.1.1%2

        DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%2

                                                   fec0:0:0:ffff::2%2

                                                   fec0:0:0:ffff::3%2

        NetBIOS over Tcpip. . . . . . . . : Disabled

The routing table of the host looks like this-

C:\> netsh interface ipv6 show route

Querying active state...

Publish  Type       Met  Prefix                      Idx   Gateway/Interface Name

-------  --------  ----  ------------------------  ---  ---------------------

no       Autoconf     9     2001:abab::/64         2     Automatic Tunneling Pseudo-Interface

no       Autoconf   257    ::/0                        2     fe80::5efe:192.16.1.1

A PING to the IPv6 Domain i.e. Loopback 0 interface of the ISATAP router from the host is successful.

C:\> ping6 cafe::1

Pinging cafe::1

from 2001:abab::5efe:10.1.1.2 with 32 bytes of data:

Reply from cafe::1: bytes=32 time=129ms

Reply from cafe::1: bytes=32 time=197ms

Reply from cafe::1: bytes=32 time=177ms

Reply from cafe::1: bytes=32 time=206ms

Ping statistics for cafe::1:

    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 129ms, Maximum = 206ms, Average = 177ms