ISATAP
{{Short description|IPv6 transition mechanism}}
{{IPv6 transition mechanisms}}
ISATAP (intra-site automatic tunnel addressing protocol) is an IPv6 transition mechanism meant to transmit IPv6 packets between dual-stack nodes on top of an IPv4 network. It is defined in the informational RFC 5214.{{cite journal |last1=Templin |first1=Fred L. |last2=Gleeson|first2=Tim |last3=Thaler|first3=Dave |title=Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) RFC 5214 |url=https://tools.ietf.org/html/rfc5214 |website=tools.ietf.org |publisher=IETF Network Working Group |access-date=25 November 2020 |language=en |date=March 2008 |doi=10.17487/RFC5214 |quote=Category: Informational|doi-access=free |url-access=subscription }}
Unlike 6over4 (an older similar protocol using IPv4 multicast), ISATAP uses IPv4 as a virtual non-broadcast multiple-access network (NBMA) data link layer, so that it does not require the underlying IPv4 network infrastructure to support multicast.
Criticisms of ISATAP
ISATAP typically builds its Potential Router List (PRL) by consulting the DNS; hence, in the OSI model it is a lower-layer protocol that relies on a higher layer. A circularity is avoided by relying on an IPv4 DNS server, which does not rely on IPv6 routing being established; however, some network specialists claim that these violations lead to insufficient protocol robustness.{{cite web |url=http://www.psg.com/lists/v6ops/v6ops.2002/msg01045.html |title=Request to publish ISATAP| author=itojun| date=2002-12-25| work=v6ops Mailing List| access-date=2015-02-09}}{{Better source needed |reason=I cannot judge from a public mailing list and draft 10 of an RFC that eventually wasn't made into a standard whether either the "some claim" should be "most claim" or the specialists part is even true.|date=November 2020}}
ISATAP carries the same security risks as 6over4: the IPv4 virtual link must be delimited carefully at the network edge, so that external IPv4 hosts cannot pretend to be part of the ISATAP link. That is normally done by ensuring that proto-41 (6in4) cannot pass through the firewall.
Implementations of ISATAP
ISATAP is implemented in Microsoft Windows XP, Windows Vista, Windows 7, Windows 8, Windows 10, Windows Server 2008, Windows Server 2012, Windows Server 2016, Windows Server 2019, Windows Mobile, Linux, and in Cisco IOS (since IOS 12.2(14)S and IOS XE Release 2.1).{{cite web| title=Cisco IOS IPv6 Command Reference| url=http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipv6/command/ipv6-cr-book/ipv6-s6.html#wp2787421125| access-date=2015-05-06}}
Due to a patent claim, early in-kernel implementations were withdrawn from both KAME (*BSD) and USAGI (Linux). However, the IETF IPR disclosure search engine reports that the would-be infringing patent's holder requires no license from implementers.{{cite web
| url=https://datatracker.ietf.org/ipr/550/
| title=SRI International's statement about IPR claimed in draft-ietf-ngtrans-isatap-24.txt
| date=2005-03-15
| author=Peter Marcotullio
| access-date=2015-02-09}} ISATAP support has been supported in Linux since kernel version 2.6.25,{{cite web
| url=https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c7dc89c0ac8e7c3796bff91becf58ccdbcaf9f18
| title=IPV6: Add RFC4214 support
| author=Fred L. Templin
| date=2007-11-29
| access-date=2015-02-09}} the tool isatapd {{cite web
| url=http://www.saschahlusiak.de/linux/isatap.htm
| title=ISATAP client for Linux
| author=Sascha Hlusiak
| date=2010
| access-date=2015-02-09}} provides a userspace helper. For prior kernels, the open source project Miredo provided an incomplete userland ISATAP implementation, which was removed in version 1.1.6.
References
{{Reflist}}
External links
- {{webarchive |url=https://web.archive.org/web/20200730191027/http://www.isatap.org/ |title=isatap.org Archive}}
{{DEFAULTSORT:Isatap}}