《信息网络协议基础》课程教学资源（学习资料）istap-6to4

Chapter 12 ISATAP At the end of this chapter,you should be able to do the following: ■Define the address format,encapsulation,and intended use of the Intra-Site Auto- matic Tunnel Addressing Protocol (ISATAP)IPv6 transition technology. ■Describe how the IPv6 protocol in Windows Server2008 and Windows Vista supports ISATAP as a host and router. ■List and describe the routes on ISATAP hosts,ISATAP routers,and IPv6 routers that make ISATAP-based communication possible. Describe how ISATAP communication works between ISATAP hosts and native IPv6 hosts on an intranet. ■Describe how to configure a computer running Windows Server2O08 or Windows Vista as an ISATAP router. ISATAP Overview ISATAP is an address assignment and host-to-host,host-to-router,and router-to-host auto- matic tunneling technology defined in RFC 4214 that provides unicast IPv6 connectivity between IPv6/IPv4 hosts across an IPv4 intranet.ISATAP hosts do not require any manual configuration,and they can create ISATAP addresses using standard IPv6 address autoconfig- uration mechanisms. ISATAP addresses have one of the two following formats: 64-bitUnicastPrefix:0:5EFE:w.x.y.z 64-bitUnicastPrefix:200:5EFE:w.x.y.z The ISATAP address consists of the following: ■64-bitUnicastPrefix is any64-bit unicast address prefix,including link-local,global,and unique local prefixes. ■：0：5EFE:w.x.y.zand:2oo:5EFE:w.x.y.g are the locally administered interface identifiers. For:0:5EFE:w.x.y.之，w.x.y.z is a private unicast IPv4 address.For:200:5EFE:w.x.y.z, w.x.y.z is a public unicast IPv4 address.The interface identifier (ID)portion of an ISATAP address contains an embedded IPv4 address that determines the destination IPv4 address in the encapsulating IPv4 header of ISATAP traffic. 275

￾     !"##$%%$$$&'( ) *+,-.+/0+1223+44,5361/7+.8194:;1/-5.71.2-./+.2+2:4+5,/0+-/+?:/5= 61/-8@:..+;?223+44-.AB35/585;C<>?@?BD+3E+3LMMN1.2K-.25J4O-4/14:9953/4 <>?@?B141054/1.235:/+3H ) P-4/1.22+483-I+/0+35:/+45.<>?@?B054/47<>?@?B35:/+3471.2?@?B=I14+28566:.-81/-5.9544-I;+H ) *+483-I+05J<>?@?B8566:.-81/-5.J53Q4I+/J++.<>?@?B054/41.2.1/-E++3E+3LMMN53K-.25J4 O-4/1141.<>?@?B35:/+3H RSTUSVTW XYZ[Z\]^_`_aabc^^_^^]d`ec`f_`agh^fifhigh^fjgh^fifhibhkfcbj_`abhkfcbifhigh^f_kfhi e_f]lfk``cm]`dfclg`hmhdnaco]`ca]`pqrstusfg_fvbhw]ac^k`]l_^fX\wxlh``clf]w]fn ycfzcc`X\wx{X\wsgh^f^_lbh^^_`X\ws]`fb_`cf|XYZ[Z\gh^f^ah`hfbc}k]bc_`ne_`k_m lh`o]dkb_f]h`j_`afgcnl_`lbc_fcXYZ[Z\_aabc^^c^k^]`d^f_`a_baX\wx_aabc^^_kfhlh`o]di kb_f]h`eclg_`]^e^| XYZ[Z\_aabc^^c^g_wch`chofgcfzhohmmhz]`dohbe_f^~ €‚ƒ„…†ƒ‡ˆ‰„Š‹ŒƒŽ‘’’z||n|• €‚ƒ„…†ƒ‡ˆ‰„Š‹ŒƒŽ‘’’z||n|• [gcXYZ[Z\_aabc^^lh`^]^f^hofgcohmmhz]`d~ ) €‚ƒ„…†ƒ‡ˆ‰„Š‹ŒƒŽ]^_`nxsiy]fk`]l_^f_aabc^^vbco]j]`lmka]`dm]`imhl_mjdmhy_mj_`a k`]}kcmhl_mvbco]c^| ) ~~~™šqš~›œŽœœž_`a~~t~™šqš~›œŽœœž_bcfgcmhl_mmn_ae]`]^fcbca]`fcbo_lc]ac`f]o]cb^| qhb~~~™šqš~›œŽœœžj›œŽœœž]^_vb]w_fck`]l_^fX\ws_aabc^^|qhb~~t~™šqš~›œŽœœžj ›œŽœœž]^_vkym]lk`]l_^fX\ws_aabc^^|[gc]`fcbo_lc]ac`f]o]cbŸX ¡vhbf]h`ho_` XYZ[Z\_aabc^^lh`f_]`^_`ceycaacaX\ws_aabc^^fg_facfcbe]`c^fgcac^f]`_f]h` X\ws_aabc^^]`fgcc`l_v^km_f]`dX\wsgc_acbhoXYZ[Z\fb_oo]l|

276 Understanding IPv6,Second Edition There is a common misconception that before you can begin experimenting with IPv6 connectivity and application migration,you must deploy native IPv6 addressing and rout- ing,which requires a detailed analysis of IPv6 addressing schemes,router updates and configuration,and a rollout schedule.Although this should eventually be done for intra- nets,ISATAP allows you to turn the IPv4-only portion of your intranet into a logical IPv6 subnet.Once this subnet is defined and assigned a global or unique local prefix,IPv6/IPv4 hosts that support ISATAP can use ISATAP-based addresses for IPv6 connectivity.ISATAP allows you to make your IPv4-only intranet IPv6-capable,without requiring modifications to your existing router infrastructure to support native IPv6 addressing and routing. With ISATAP,you can immediately begin experimenting with IPv6 connectivity and application migration. ISATAP allows you to phase in the native IPv6 addressing and routing capability on your intranet in the following way: Phase 1:IPv4-only intranet In this phase,your entire intranet can be a single,logical ISATAP subnet. Phase 2:IPv4-only and IPv6-capable portions of your intranet In this phase, your intranet has an IPv4-only portion(the logical ISATAP subnet)and an IPv6-capable portion.The IPv6-capable portion of your intranet has been updated to support native IPv6 addressing and routing. Phase 3:IPv6-capable intranet In this phase,your entire intranet supports both IPv4 and native IPv6 addressing and routing and ISATAP is no longer needed. With ISATAP,you can have IPv6 connectivity between hosts and applications during the first two phases of the transition from an IPv4-only to an IPv6-capable intranet. ISATAP Tunneling ISATAP-based IPv6 traffic is tunneled or encapsulated with an IPv4 header,also known as IPv6-over-IPv4 traffic.For the details of IPv6-over-IPv4 traffic,see Chapter 11,"IPv6 Transition Technologies."This tunneling is automatically done by an ISATAP tunneling interface on the sending host or forwarding router.The ISATAP tunneling interface treats the entire IPv4-only portion of the intranet as a single link layer,in much the same way as Ethernet.In the case of ISATAP,the link-layer encapsulation is IPv4. The IPv6 protocol for Windows Server 2008 and Windows Vista creates a separate ISATAP tunneling interface for each LAN interface that is installed in the computer that has a different DNS suffix.For example,if a computer running Windows Vista has two LAN interfaces and they are both attached to the same intranet and are assigned the same DNS suffix,there is only one ISATAP tunneling interface.If these two LAN interfaces are attached to two different networks with different DNS suffixes,there are two ISATAP tunneling interfaces.For

￾      !! "! "#$ "$$%& ' ("%)"*#!"$")+$,-./  ""$.$'"0##1$ "!)$ "2' (!($0#1 '"$.,-./00")"0 ($3 ")2+4(0$10"1' &,-./00")!2 ($(#0$"0  "&)($ "2"0 11 ($0(1561$ ()$ (10."$(11'%0 "& "$3 "$2,766-11 +' ($ $("$,-.83 "1'# $ " &' ("$"$"$ 1 )1,-./ (%"$59"$(%"$0&"0"0)"0)1 %1 ("4(1 1#&*2,-./:,-.8  $$$(## $,766-"(,766-3%000& ,-./ ""$.$'5,766- 11 +' ($ !;' (,-.83 "1'"$"$,-./3#%12+$ ($4(")! 0&$ " $ ' (*$") ($"&$($($ (## $"$.,-./00")"0 ($")5 ? @ABCDE  ,"$#2' ("$"$"$"%")121 )1 ,766-(%"$5 > ? FABCDECGHDG  IEJ  ,"$#2 ' ("$"$",-.83 "1'# $ "K$1 )1,766-(%"$L"0",-./3#%1 # $ "5,-./3#%1# $ " &' ("$"$%"(#0$0$ (## $"$. ,-./00")"0 ($")5 > ? MACGHD  ,"$#2' ("$"$"$(## $% $,-.8 "0"$.,-./00")"0 ($")"0,766-" 1 ")"005 <$,766-2' (".,-./ ""$.$'%$+" $"0##1$ "0(")$&$ $+ # &$$"$ "& !",-.83 "1'$ ",-./3#%1"$"$5 NONOJD ,766-3%0,-./$&&$(""10 "#(1$0+$",-.8021 ;" +" ,-./3 .3,-.8$&&5P $0$1 &,-./3 .3,-.8$&&2Q#$RR2S,-./"$ " " 1 )5T$(""1")($ !$11'0 "%'",766-$(""1")"$& "$ "0") $ & +0") ($5,766-$(""1")"$&$$$"$,-.83 "1' # $ " &$"$"$")11";1'2"!($!+'U$"$5,"$ & ,766-2$1";31'"#(1$ ",-.85 ,-./# $  1& <"0 +7.VWWX"0<"0 +Y$$#$,766- $(""1")"$&& Z6["$&$$"$110"$ !#($$$0&&"$ \[7(&&*5P *!#12& !#($(""")<"0 +Y$$+ Z6["$&"0 $'% $$$0$ $!"$"$"0)"0$!\[7(&&*2$ "1' ",766-$(""1")"$&5,&$$+ Z6["$&$$0$ $+  0&&"$"$+ ;+$0&&"$\[7(&&*2$$+ ,766-$(""1")"$&5P 

Chapter 12 ISATAP 277 computers running Windows Server 2008 or Windows Vista with Service Pack 1,the ISATAP tunnel interfaces are placed in a media disconnected state unless the name "ISATAP"can be resolved. By default,the IPv6 protocol for Windows Vista with no service packs installed automatically configures link-local ISATAP addresses(FE80::5EFE:w.x.y.z or FE80::200:5EFE:w.x.y.z)on the ISATAP tunnel interfaces for the IPv4 addresses that are assigned to the corresponding LAN interface.The IPv6 protocol for Windows Server 2008 and Windows Vista with Service Pack 1 configures link-local ISATAP addresses(FE80::5EFE:w.x.y.z or FE80::200:5EFE:w.x.y.z)on ISATAP tunnel interfaces only if the name "ISATAP"can be resolved. These link-local ISATAP addresses allow two hosts to communicate over an IPv4-only network without requiring additional global or unique local ISATAP addresses.You can determine the names and interface indexes of the ISATAP tunneling interfaces from the display of the ipconfig /all command. All tunneling interfaces by default have an asterisk(")in their name,such as"Local Area Connection*6".ISATAP tunneling interfaces have an asterisk in their name,"ISATAP" in their description,and are assigned a link-local ISATAP address.You can obtain the interface index for an ISATAP tunneling interface from the number after the percent sign ("%")in the link-local addresses assigned to the interface.For example,the interface index of the ISATAP tunneling interface with the address FE80::200:5EFE:131.107.9.221%10 is 10 You can disable ISATAP by setting the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControl- Set\Services\tcpip6\Parameters\DisabledComponents registry value to 0x4 (DWORD). Note IPv6 for Windows Server 2003 and Windows XP created only a single ISATAP tunneling interface that was named 'Automatic Tunneling Pseudo-Interface,with an interface index that was typically set to 2. ISATAP Tunneling Example Host A has a single LAN interface and is configured with the IPv4 address of 10.40.1.29.Host B has a single LAN interface and is configured with the IPv4 address of 192.168.41.30.IPv6 on Host A has the ISATAP address of FE80:5EFE:10.40.1.29 assigned to its ISATAP tunneling interface(named"Local Area Connection*6"with the interface index 10)and Host B has the ISATAP address of FE80:5EFE:192.168.41.30 assigned to its ISATAP tunneling interface (named "Local Area Connection*5"with the interface index 11).Figure 12-1 shows this example configuration

￾      !"#$$% &' (!")'*+,(-!./.) 01''0''''0('2-!./.)3' 40"5 671'0,(-)"801 &' ("'*'00'''007 10*90'0-!./.)':;3 ((1'J++D5;+#9+( ( J'01'5

278 Understanding IPv6,Second Edition Host A FE80:5EFE:10.40.1.29 IPv4-Only Infrastructure Host A FE80:5EFE192.168.41.30 Figure 12-1 An example ISATAP configuration When Host A sends IPv6 traffic to Host B destined for Host B's link-local ISATAP address, the source and destination addresses for the IPv6 and IPv4 headers are as listed in Table 12-1 Table 12-1 Example Link-Local ISATAP Addresses Field Value IPv6 Source Address FE80:5EFE:10.40.1.29 IPv6 Destination Address FE80:5EFE:192.168.41.30 IPv4 Source Address 10.40.1.29 IPv4 Destination Address 192.168.41.30 To test connectivity between ISATAP hosts,you can use the Ping tool (subject to Windows Firewall exceptions for Internet Control Message Protocol for IPv6 [ICMPv6]traffic).For example,to ping Host B at its link-local ISATAP address from Host A,you would use the following command: ping fe80::5efe:192.168.41.30%10 Because the destination of the ping command is a link-local address,you must use the %ZonelD as part of the destination address to specify the interface index of the interface from which traffic must be sent.In this case,"%10"specifies interface index 10,which is the inter- face index assigned to the ISATAP tunneling interface on Host A.The ISATAP tunneling inter- face uses its own link-local ISATAP address as a source IPv6 address.The ISATAP tunneling interface determines the destination IPv4 address of the encapsulating IPv4 header from the last 32 bits in the destination IPv6 address,which correspond to the embedded IPv4 address

￾        !"#$%&'()*+,-./!0,* 123456789734:7;8?@AABC865678D:378B43:A6?5678DE7FB4GHF6C@F;I9J9@4:;\;Z[]8?@AABC^QW6? 3X@_YF3K86YB4T5678D@8B87FB4GHF6C@F;I9J9@::?377QJ23;I9J9@::?377KS2BC2C6??37Y64:868233_N3::3:;<=M@::?377 ~€ ‚ƒ€„…„€†~††  € ‡€ %(ˆ‰&*./)ŠŠ/‹‹ ŒŽ‘Œ’’• %(ˆ‰‹0,!0,*ŠŠ/‹‹ ŒŽ‘Œ’•’‰Ž’ %(ˆ&*./)ŠŠ/‹‹ ’’• %(ˆ‹0,!0,*ŠŠ/‹‹ ’•’‰Ž’ ™š›œ žŸ ¡¢¢£ŸžŸ¢¤¡¥¦¡¥¤¥§¨ ™š›œ žŸ ¡¢¢£ŸžŸ¢¤¨§¥¤© ¥¦¤¥ª¡ «¬­®¯°±²³ «±´µ¶·¸µ¹º¸¹µ»

Chapter 12 ISATAP 279 of Host B.For the source IPv4 address in the encapsulating IPv4 header,IPv4 on Host A determines the best source IPv4 address to use to reach the destination IPy4 address 192.168.41.30.In this case,Host A has only a single IPv4 address assigned,so IPv4 on Host A uses the source address of 10.40.1.29. ISATAP Components An ISATAP deployment consists of ISATAP hosts,ISATAP routers,and one or more logical ISATAP subnets.Figure 12-2 shows the components of an IPv4-capable intranet that is using ISATAP and a single ISATAP subnet. Logical ISATAP Subnet (IPv6 over IPv4 Traffic) ISATAP Router IPv4-Only 上 IPv6-Capable ISATAP Host Native IPv6 Addressing and Routing (IPv6 Traffic) ISATAP Host Figure 12-2 Components of ISATAP The IPv4-only portion of the intranet is the ISATAP subnet.The IPv6-capable portion of the intranet has native IPv6 routers and addressing.Hosts on the IPv6-capable portion of the intranet are configured with global or unique local addresses on their LAN interfaces and do not need to use IPv4 encapsulation to communicate with each other using IPv6. ISATAP hosts have an ISATAP tunneling interface and perform their own tunneling to other ISATAP hosts on the same ISATAP subnet (host-to-host tunneling)or to an ISATAP router (host-to-router tunneling).ISATAP hosts can use global,unique local,or link-local ISATAP addresses to communicate with each other.To communicate with other ISATAP hosts on the ISATAP subnet using their ISATAP global,unique local,or link-local addresses,ISATAP hosts tunnel their packets directly to each other.To communicate with IPv6 hosts on the IPv6-capable portion of the intranet using their native global or unique local addresses,ISATAP hosts tunnel their packets to an ISATAP router

￾      !"#$%%&''$()$&'* !"#$%+ !"#' ,%-&'. !"#$%%$%&'$&' !"#$%% /01/23#/45 '&$+,$')6$&'*) !"#$%%$&*'%+ !"#', $%%/5#5/10 789:9;?=@A@BC ,' D,E,!%()6-''& D,E,!+ D,E,!+$'%'-)*&$) D,E,!.'&*/1F1G-(''$' !"#F$($.)&'$'$& &'* D,E,!$'%$&'*) D,E,!.' HIJK L MNOPNQRQSTNUVWXYXZ E !"#F')6(&'&'$'& D,E,!.'E !"2F$($.)(&' &'$'$'$&" !"2$'%$%%&'*' !"2F$($.)(&' &'$'$'&*%G&*).$)'&[)$)$%%'&\,]&'$$'%% ''% !"#'$()$&'--'&$G&$&'* !"2 D,E,!$"$' D,E,!'')&'*&'$$'%(-&G''')&'* D,E,!'$- D,E,!.'^FF'')&'*_$' D,E,! ^FF'')&'*_ D,E,!$'*).$)+'&[)$)+)&'`F)$) D,E,! $%%--'&$G&$E--'&$G& D,E,!' D,E,!.'&'*& D,E,!*).$)+'&[)$)+)&'`F)$)$%%+ D,E,! '')&($`%&)6$E--'&$G& !"2' !"2F$($.) (&'&'$'&'*&'$&"*).$)'&[)$)$%%+ D,E,! '')&($`$' D,E,! abcdefghijkjlimnopq rhlstbspuhlsvkufwwdex yfqdsphlstjzzup{{doc foz|bmqdocrhlstkufwwdex hijkjl|bmqpu hijkjl}b{q hijkjl}b{q ~€‚ƒ„…† ~€‡‚ˆ‰Š‰‹…Œ

280 Understanding IPv6,Second Edition Note Hosts running Windows Vista with no service packs on the IPv6-enabled portion of the intranet,by default,have ISATAP enabled and automatically configure link-local ISATAP addresses on their ISATAP tunneling interfaces.It is possible for these ISATAP hosts on the ISATAP subnet to communicate directly with native IPv6 hosts on the IPv6-capable portion of the intranet through host-to-host tunneling by using link-local ISATAP addresses.However, because link-local addresses are not registered in DNS,ISATAP hosts would have to manually specify the destination link-local ISATAP address and interface index to reach a host on the IPv6-capable portion of the intranet without first tunneling the traffic to the ISATAP router. This type of communication is not practical or commonly used and is not described further in this chapter. To prevent the hosts on the IPv6-capable portion of the intranet from using ISATAP you can disable ISATAP with the DisabledComponents registry value as previously described. An ISATAP router is an IPv6 router with an ISATAP tunneling interface that does the following: Forwards packets between ISATAP hosts on ISATAP subnets and IPv6 hosts on IPv6-capable subnets. Advertises address prefixes to ISATAP hosts on the ISATAP subnet.ISATAP hosts use the advertised address prefixes to configure global or unique local ISATAP addresses. Acts as a default router for ISATAP hosts.When an ISATAP host receives a router adver- tisement from an ISATAP router that is advertising itself as a default router,the ISATAP host adds a default route(:/0)using the ISATAP tunneling interface with next-hop address set to the link-local ISATAP address of the ISATAP router.When ISATAP hosts send packets destined to locations beyond their ISATAP subnet,the packets are tun- neled to the IPv4 address of the ISATAP router corresponding to the ISATAP router's interface on the ISATAP subnet.The ISATAP router then forwards the IPv6 packet to the appropriate next-hop on the IPv6-capable portion of the intranet. An IPv6-capable portion of an intranet is optional,in which case the ISATAP router is only functioning as an advertising router and not a forwarding or default router.This is the case for an initial ISATAP deployment in which there are no IPv6-capable subnets. Router Discovery for ISATAP Hosts To receive a Router Advertisement message from the ISATAP router,the ISATAP host must send the ISATAP router a Router Solicitation message.On an Ethernet subnet,a native IPv6 host sends a multicast Router Solicitation message and the routers on the subnet respond with a multicast Router Advertisement message.Because ISATAP does not use IPv4 multicast traffic or require an IPv4 multicast-capable infrastructure,the ISATAP host must unicast the Router Solicitation message to the ISATAP router.To unicast the Router Solicitation message to the ISATAP router,the ISATAP host must first determine the unicast IPv4 address of the ISATAP router's interface on the ISATAP subnet

￾        !" #$% &$ '() *(+&*,'(-.)/0(&12(#+ 3 '( &(415#(3&24'&)(-6787.(&12(#&#&9& *&225*3 !(2 ,02*&2-6787. &##(('( -6787.(2 ! (3&*(:- + 12(3'((-6787.''( -6787.1(*99 *&(# (*25$ '& )(-.)/''(-.)/0*&+&12(+ 3 '( &('!''00'(2 !15 !2 ,02*&2-6787.&##((:$()(4 1(*&(2 ,02*&2&##((&((! ((# ;9+((! 5)&2(&+() 25#(* 1(#: ?@AB?C?DEFGHIEJKL@ADMNEFGHIEOJHPL@AB?C?DHG@@IQJ@RJ@HIESLTIHPLHUFIKHPI SFQQFOJ@RV W XFEOLEUKYLTZIHK[IHOII@AB?C?DPFKHKF@AB?C?DKG[@IHKL@UADMNPFKHKF@ ADMN\TLYL[QIKG[@IHK] W ?UMIEHJKIKLUUEIKKYEISJ^IKHFAB?C?DPFKHKF@HPIAB?C?DKG[@IH]AB?C?DPFKHKGKIHPI LUMIEHJKIULUUEIKKYEISJ^IKHFTF@SJRGEIRQF[LQFEG@J_GIQFTLQAB?C?DLUUEIKKIK] W ?THKLKLUISLGQHEFGHIESFEAB?C?DPFKHK]`PI@L@AB?C?DPFKHEITIJMIKLEFGHIELUMIE\ HJKIaI@HSEFaL@AB?C?DEFGHIEHPLHJKLUMIEHJKJ@RJHKIQSLKLUISLGQHEFGHIEbHPIAB?C?D PFKHLUUKLUISLGQHEFGHIcVVdefGKJ@RHPIAB?C?DHG@@IQJ@RJ@HIESLTIOJHP@I^H\PFY LUUEIKKKIHHFHPIQJ@Z\QFTLQAB?C?DLUUEIKKFSHPIAB?C?DEFGHIE]`PI@AB?C?DPFKHK KI@UYLTZIHKUIKHJ@IUHFQFTLHJF@K[IgF@UHPIJEAB?C?DKG[@IHbHPIYLTZIHKLEIHG@\ @IQIUHFHPIADMhLUUEIKKFSHPIAB?C?DEFGHIETFEEIKYF@UJ@RHFHPIAB?C?DEFGHIEiK J@HIESLTIF@HPIAB?C?DKG[@IH]CPIAB?C?DEFGHIEHPI@SFEOLEUKHPIADMNYLTZIHHFHPI LYYEFYEJLHI@I^H\PFYF@HPIADMN\TLYL[QIYFEHJF@FSHPIJ@HEL@IH] ?@ADMN\TLYL[QIYFEHJF@FSL@J@HEL@IHJKFYHJF@LQbJ@OPJTPTLKIHPIAB?C?DEFGHIEJKF@Qg SG@THJF@J@RLKL@LUMIEHJKJ@REFGHIEL@U@FHLSFEOLEUJ@RFEUISLGQHEFGHIE]CPJKJKHPITLKISFE L@J@JHJLQAB?C?DUIYQFgaI@HJ@OPJTPHPIEILEI@FADMN\TLYL[QIKG[@IHK] jklmnopqrsktnouvkowxyzy{|krmr CFEITIJMIL}FGHIE?UMIEHJKIaI@HaIKKLRISEFaHPIAB?C?DEFGHIEbHPIAB?C?DPFKHaGKH KI@UHPIAB?C?DEFGHIEL}FGHIEBFQJTJHLHJF@aIKKLRI]~@L@HPIE@IHKG[@IHbL@LHJMIADMN PFKHKI@UKLaGQHJTLKH}FGHIEBFQJTJHLHJF@aIKKLRIL@UHPIEFGHIEKF@HPIKG[@IHEIKYF@U OJHPLaGQHJTLKH}FGHIE?UMIEHJKIaI@HaIKKLRI]€ITLGKIAB?C?DUFIK@FHGKIADMhaGQHJTLKH HELSSJTFEEI_GJEIL@ADMhaGQHJTLKH\TLYL[QIJ@SELKHEGTHGEIbHPIAB?C?DPFKHaGKHG@JTLKHHPI }FGHIEBFQJTJHLHJF@aIKKLRIHFHPIAB?C?DEFGHIE]CFG@JTLKHHPI}FGHIEBFQJTJHLHJF@aIKKLRI HFHPIAB?C?DEFGHIEbHPIAB?C?DPFKHaGKHSJEKHUIHIEaJ@IHPIG@JTLKHADMhLUUEIKKFSHPI AB?C?DEFGHIEiKJ@HIESLTIF@HPIAB?C?DKG[@IH]

Chapter 12 ISATAP 281 For the IPv6 protocol for Windows Server 2008 and Windows Vista,an ISATAP host obtains the unicast IPv4 address of the ISATAP router through one of the following methods: The successful resolution of the host name "ISATAP"to an IPv4 address The netsh interface isatap set router command Resolving the Name "ISATAP" When the IPv6 protocol for Windows Server 2008 or Windows Vista starts,it attempts to resolve the host name "ISATAP"to an IPv4 address using normal Windows-based TCP/IP host name resolution techniques.If it is successful,the host unicasts an IPv4-encapsulated Router Solicitation message to the ISATAP router at the resolved address.The ISATAP router responds with an IPv4-encapsulated unicast Router Advertisement message that contains pre- fixes to use for autoconfiguration of additional ISATAP addresses and,optionally,indicates that the ISATAP router is a default router Normal Windows-based host name resolution techniques for resolving the name"ISATAP" include the following: 1.Checking the local host name. 2.Checking the DNS client resolver cache,which includes the entries in the Hosts file in the %SystemRoot%/system32\drivers\etc folder. 3.Forming a fully qualified domain name(FODN),and sending a DNS name query.For example,if the computer is a member of the example.microsoft.com domain(and exam- ple.microsoft.com is the only domain name in the search list),the computer sends a DNS name query to resolve the FQDN isatap.example.microsoft.com. 4.Converting the host name"ISATAP"into the NetBIOS name "ISATAP " and checking the NetBIOS name cache. 5.Sending a NetBIOS name query for the NetBIOS name "ISATAP <00s" to the configured Windows Internet Name Service(WINS)servers. 6.Sending NetBIOS name query broadcasts for the NetBIOS name "ISATAP <00s" on the local IPv4 subnet. 7.Checking the Lmhosts file in the SystemRoot\system32\drivers\etc folder for an entry with the name“ISATAP To ensure that at least one of these attempts is successful,you can do one of the following: If the ISATAP router is a computer running Windows Server 2008 or Windows Vista, name the computer"ISATAP"and it will automatically register the appropriate records in DNS and WINS

￾      !"#$%&'())*+#$!"#$%&,"&+-+#'./.&0+"#& 1#"+&2+$$&& './.113#  %"#34$&5 6 /&1&& 1&1"# &#+47'./.8+#2+$$&& 6 /9:;9;:?@AB:><A;AC<:;?DE;:?44+#$ FGHIJKLMNOP  Q !# !"#$%&'())*!"#$%&,"&+&+&-"+4& &&#+47'./.8+#2+$$&&1&"#3#4+!"#$%&R0+&$/ST &#+4&1"##"U1&V ""&&1&& 1-&1#"+&&+#2R#+&1+$ W1'""+"#4&&+3'./.1+&$+$$&&V/'./.1 &#$&%"+#2R#+&1+$1#"+&W1.$"&4#4&&+3+#+"#&R "X&1& +1# "31+"# +$$""#+'./.+$$&&&+#$-"#+Y-"#$"+& +'./.1"&+$ +11V Z4+!"#$%&R0+&$&#+4&1"##"U1& &"#3#+47'./.8 "#1$ %"#35 [\ S]"#3+&#+4V ^\ S]"#3_Z'"#&+-%""#1$&#"&"#`&& ""# abcdefghiieaT&Y&4j(k$"&k $V l\ 4"#3+ 1YU1+" "$$4+"##+4mn_Zo-+#$&#$"#3+_Z'#+4U1YV X+4-" 41"&+440 X+4V4"& V4$4+"#m+#$X+4R V4"& V4"&#Y$4+"##+4"#&+"&o-41&#$&+ _Z'#+4U1Y&n_Z"&++VX+4V4"& V4V p\ S#"#3&#+47'./.8"#Zqr'#+4stuvwvxyzz{s +#$]"#3Zqr'#+4+V |\ '#$"#3+Zqr'#+4U1Y Zqr'#+4stuvwvxyzz{s # "31$!"#$%&##Z+4'"m!Z'o&&V }\ '#$"#3Zqr'#+4U1Y0+$+&& Zqr'#+4stuvwvxyzz{s #+2&10#V ~\ S]"#34&& ""#bcdefghiiek&Y&4j(k$"&k $ +##Y %"#+47'./.8V /#&1+++&# &+4&"&&1&& 1-Y1+#$#  %"#35 6  './.1"&+411##"#3!"#$%&'())*!"#$%&,"&+- #+4417'./.8+#$"%"+14+"+Y3"&+"+$& "#_Z'+#$!Z'V

282 Understanding IPv6,Second Edition Manually create an address(A)record for the name "ISATAP"in the appropriate domains in DNS.For example,for the example.microsoft.com domain,create an A record for isatap.example.microsoft.com. Manually create a static WINS record in WINS for the NetBIOS name "ISATAP " Add the following entry to the Hosts file of the computers that need to resolve the name ISATAP: IPv4Address ISATAP Add the following entry to the Lmhosts file of the computers that need to resolve the name ISATAP: IPv4Address ISATAP Note Computers running Windows XP with no service packs installed attempt to resolve the name "ISATAP"to determine the IPv4 address of the ISATAP router. Figure 12-3 shows how an ISATAP host obtains the IPv4 address of the ISATAP router through a DNS name query and performs router discovery with an ISATAP router. DNS Server ISATAP Router IPv4-Only】 IPv6-Capable ISATAP Host ②③ 1.DNS Query for "ISATAP" IPv4 Traffic 2.IPv4-Encapsulated Router Solicitation IPv6 Tunneled with IPv4 ISATAP Host 3.IPv4-Encapsulated Router Advertisement Figure 12-3 Performing router discovery with an ISATAP router ISATAP hosts on the ISATAP subnet send their DNS name queries over IPv4,rather than IPv6, because the ISATAP hosts do not have native IPv6 connectivity.By default,an ISATAP host running Windows Server 2008 or Windows Vista will attempt to register global and unique local ISATAP addresses in DNS using DNS dynamic update

￾￾          !  "" ## $%&  '" (' !) * +,-%.%/0 1 !) 22'21! "'*1# 1 34-5 6' 7*2 8 (' !) 7*2 5*1'#'(!5'* "'*18  !  %  '" (' 1#!25 7*2 5*1'#'(!5'*5    !  #!!1 9,4-  '" 1 9,4- (' !) 4 !:,;- * ?@?A BCCD<5  %"" !) (''E1F ! !' !) G'#!# (1 '( !) '*2! # !)!  " !'  #'H !) * ,-%.%/I JKLMNOOPQRR ,-%.%/  %"" !) (''E1F ! !' !) S*)'#!# (1 '( !) '*2! # !)!  " !'  #'H !) * ,-%.%/I JKLMNOOPQRR ,-%.%/ T  UVWXYZ[\] \Y^^_^` a_^bVc] de c_Zf ^V ][\g_h[ Xihj] _^]Zikk[b iZZ[WXZ ZV \[]Vkg[ Zf[ ^iW[ lmnopqper ZV b[Z[\W_^[ Zf[ negs ibb\[]] Vt Zf[ nopqpe \VYZ[\u 61F vwxy #)'E# )'E  ,-%.%/ )'#! 'z!1# !) ,/H{ "" ## '( !) ,-%.%/ '!  !)'F)  34- * |  " 2 ('*# '!  "1#'H  E1!)  ,-%.%/ '! 5 }~ €‚ ƒ„…†‡…ˆ‰Š‹ …‡Œ„… Ž‰‡‘„…’ ‰ •Š ™ƒ …‡Œ„… ,-%.%/ )'#!# ' !) ,-%.%/ #z ! # " !) 1 34- * | 1 # 'H  ,/H{8 !)  !) ,/Hš8 z # !) ,-%.%/ )'#!# "' '! )H !1H ,/Hš ' !1H1!5 : " (!8  ,-%.%/ )'#! 1F 91"'E# - H  w››œ ' 91"'E# 1#! E1 !! *2! !'  F1#!  F'z " 1| ' ,-%.%/ "" ## # 1 34- #1F 34- "*1 2"! 5 žŸ ¡¢£¤¥¦ žŸ §¢¨©ª©«¥¬ ­®¯°¯± ²³´µ¶· ¸¹ º»® ¼´¶·½ ¾³· ¿­®¯°¯±À Á¹ ­±ÂÃÄÅÆÇÈÉÊ´Ëȵ¶Ì ²³´µ¶· ®³ËÍÇÍµÈµÍ³Æ ­®¯°¯± гʵ ι ­±ÂÃÄÅÆÇÈÉÊ´Ëȵ¶Ì ²³´µ¶· ¯Ì¶·µÍʶ϶Ƶ ­®¯°¯± гʵ º»® ®¶·Â¶· Ñ Ò Ó ­±Âà °·È¾¾ÍÇ ­±ÂÔ °´ÆÆ¶Ë¶Ì Õ굅 ­±ÂÃ

Chapter 12 ISATAP 283 Network Monitor Capture Here is an example of the IPv4-encapsulated Router Solicitation message as displayed by Network Monitor 3.1 (frame 1 of capture 12_0l in the \NetworkMonitorCaptures folder on the companion CD-ROM): Frame: Ethernet:Etype Internet IP (IPv4) -Ipv4:Next Protocol■IPv6 over IPv4,Packet ID■56，Total IP Length■68 Versions:IPv4,Internet Protocol;Header Length =20 DifferentiatedServicesField:DSCP:0,ECN:0 TotalLength:68 (0x44) Identification:56 (0x38) FragmentFlags:0 (0x0) TimeToLive:128 (0x80) NextProtocol:IPv6 over IPv4,41(0x29) Checksum:9815 (0x2657) SourceAddress:10.0.0.2 DestinationAddress:10.0.0.1 Ipv6:Next Protocol ICMPv6,Payload Length =8 Versions:IPv6,Internet Protocol,DSCP 0 PayloadLength:8 (0x8) NextProtocol:ICMPv6,58(0x3a) HopLimit:255 (OxFF) SourceAddress:FE80:0:0:0:0:5EFE:A00:2 DestinationAddress:FE80:0:0:0:0:5EFE:A00:1 Icmpv6:Router Solicitation MessageType:Router Solicitation,133(0x85) RouterSolicitation: Code:0 (0x0) Checksum:43963 (0xABBB) Reserved:0 (0x0) Notice that the IPv4 address of the ISATAP router is 10.0.0.1.Also note the use of the unicast ISATAP address of the ISATAP router as the IPv6 destination address in the IPv6 header. Here is an example of the IPv4-encapsulated Router Advertisement message as displayed by Network Monitor 3.1 (in the \NetworkMonitorCaptures folder on the companion CD-ROM frame 2 of capture 12_01): Frame: Ethernet:Etype Internet IP (IPv4) Ipv4:Next Protocol IPv6 over IPv4,Packet ID 4011,Total IP Length 148 Versions:IPv4,Internet Protocol;Header Length =20 DifferentiatedServicesField:DSCP:0,ECN:0 TotalLength:148 (0x94) Identification:4011 (0xFAB) FragmentFlags:0 (0x0) TimeToLive:128 (Ox80) NextProtocol:IPv6 over IPv4,41(0x29) Checksum:5780 (0x1694) SourceAddress:10.0.0.1 DestinationAddress:10.0.0.2

￾     ￾  !" #$%&'()*+,-.!/ $0% (12&0(3&%/( (&!# 4 1$% 5165 7(8&9:&!(&;' #=&'/ $(0=?@A=!()B7(8&9:&!(&C $(0'&%1&! ()/&#$ !&!CD.2E:FG HIJKLM  N OPQLIRLPM OPSTLUVRPLIRLP VW XVWYZ[ \ VTYZM ]L^P WI_P_`_aUVWYb _YLI VWYZc WJ`dLP VeUfbc g_PJa VW hLRiPQUbj N kLIlm_RlM VWYZc VRPLIRLP WI_P_`_an oLJpLI hLRiPQUqr N emssLILRPmJPLptLIYm`LlHmLapM etuWM rc Ou]M r g_PJahLRiPQM bj Xr^ZZ[ VpLRPmsm`JPm_RM fb Xr^vj[ N HIJiKLRPHaJilMrXr^r[ gmKLg_hmYLM wqj Xr^jr[ ]L^PWI_P_`_aM VWYb _YLI VWYZc ZwXr^qx[ uQL`dlyKM xjwf Xr^qbfz[ t_yI`L{ppILllM wr|r|r|q eLlPmRJPm_R{ppILllM wr|r|r|w \ VTYbM ]L^P WI_P_`_aUVu}WYbc WJSa_Jp hLRiPQUj N kLIlm_RlM VWYbc VRPLIRLP WI_P_`_ac etuW r WJSa_JphLRiPQMjXr^j[ ]L^PWI_P_`_aM Vu}WYbc fjXr^vJ[ o_ThmKmPM qff Xr^HH[ t_yI`L{ppILllM HOjrMrMrMrMrMfOHOM{rrMq eLlPmRJPm_R{ppILllM HOjrMrMrMrMrMfOHOM{rrMw \ V`KTYbM ~_yPLI t_am`mPJPm_R }LllJiLgSTLM ~_yPLI t_am`mPJPm_Rc wvvXr^jf[ \ ~_yPLIt_am`mPJPm_RM  u_pLMrXr^r[ uQL`dlyKM Zvxbv Xr^{[ ~LlLIYLpMrXr^r[ 7&(/() (()*+,- 11&'()*3€€+&0(=A!()B7(8&9:&!(&C $(0'&%1&!()/&#$ !&!CD.2E:ƒ ' #?&'/ $(0=?@A=FG HIJKLM  N OPQLIRLPM OPSTLUVRPLIRLP VW XVWYZ[ \ VTYZM ]L^P WI_P_`_aUVWYb _YLI VWYZc WJ`dLP VeUZrwwc g_PJa VW hLRiPQUwZj N kLIlm_RlM VWYZc VRPLIRLP WI_P_`_an oLJpLI hLRiPQUqr N emssLILRPmJPLptLIYm`LlHmLapM etuWM rc Ou]M r g_PJahLRiPQM wZj Xr^xZ[ VpLRPmsm`JPm_RM Zrww Xr^H{[ N HIJiKLRPHaJilMrXr^r[ gmKLg_hmYLM wqj Xr^jr[ ]L^PWI_P_`_aM VWYb _YLI VWYZc ZwXr^qx[ uQL`dlyKM fzjr Xr^wbxZ[ t_yI`L{ppILllM wr|r|r|w eLlPmRJPm_R{ppILllM wr|r|r|q

284 Understanding IPv6,Second Edition Ipv6:Next Protocol ICMPv6,Payload Length 88 Versions:IPv6,Internet Protocol,DSCP 0 PayloadLength:88 (0x58) NextProtocol:ICMPv6,58(0x3a) HopLimit:255 (0xFF) SourceAddress:FE80:0:0:0:0:5EFE:A00:1 DestinationAddress:FE80:0:0:0:0:5EFE:A00:2 Icmpv6:Router Advertisement MessageType:Router Advertisement,134(0x86) RouterAdvertisement: Code:0 (0x0) Checksum:46260 (OxB4B4) CurHopLimit:0 (Ox0) RouterAdvertisementFlag: : (0.......)Not managed address configuration Q. (.0......)Not other stateful configuration A: (..0.....)Not a Mobile IP Home Agent RouterPreference: (...00...)Medium,0(0x0) Reserved: (..000) RouterLifetime:65535 (0xFFFF) ReachableTime:0 (0x0) RetransTimer:0 (0x0) MTU: Type:MTU,5(0x5) Length:1,in unit of 8 octets Reserved:0 (Ox0) MTU:1280(0x500) PrefixInformation: Type:Prefix Information,3(0x3) Length:4,in unit of 8 octets PrefixLength:64 (0x40) -F1ags:192(0xC0) L: (1.......)On-Link determination allowed A: (.1......)Autonomous address-configuration R: (..0.....)Not router Address S: (...0....)Not a site prefix P: (....0...)Not a router prefix Rsv:(...000) ValidLifetime:4294967295 (0xFFFFFFFF) PreferredLifetime:4294967295 (OxFFFFFFFF) Reserved:0 (0x0) Prefi:×:2001:DB8:3C5A:21DA:0:0:0:0 PrefixInformation: Type:Prefix Information,3(0x3) Length:4,in unit of 8 octets PrefixLength:64 (0x40) -F1ags:192(0xC0) L: (1.......)On-Link determination allowed A: (.1......)Autonomous address-configuration R: (..0.....)Not router Address S: (...0....)Not a site prefix P: (....0...)Not a router prefix Rsv:(..000) ValidLifetime:4294967295 (OxFFFFFFFF) PreferredLifetime:4294967295 (OxFFFFFFFF) Reserved:0 (0x0) Prefix:FD31:2C00:8D33:21DA:0:0:0:0

￾        ! "#$!$%$&'()"* "+,&$+- ./0!1'22 3 4#56$/5 "* /!#/! "#$!$%$&* 78(" 9 "+,&$+-./0!1 22 :9 ;2$.6?6! @;; :9 AA$.6?6!9:9 9$? C0/! F$B!#"#L#/% :KKK99KKK< )-6B?*9:9 9< F5#- :KKKKK999< F$B!#.6L!6? ;;=; :9 AAAA< F+%1+N&G6?9:9 9< F!#+/5G6?#9:9 9<  )GO  , )GO* ;:9 ;< ./0!1 E* 6/ B/6! $L2$%!!5 F5#-9:9 9< )GO E@29 :9 ;99<  "#L6 /L$#?+!6$/  G, "#L6 /L$#?+!6$/* =:9 =< ./0!1 H* 6/ B/6! $L2$%!!5 "#L6 ./0!1 H :9 H9<  A&+05 EP@ :9 (9< . :EKKKKKKK< M/.6/I -!#?6/+!6$/ +&&$Q- C :KEKKKKKK< CB!$/$?$B5 +--#55%$/L60B#+!6$/ F :KK9KKKKK< $! #$B!# C--#55 8 :KKK9KKKK< $!+56! #L6  " :KKKK9KKK< $!+#$B!# #L6  F5 :KKKKK999< 4+&6-.6L!6? H@PHPR@P; :9 AAAAAAAA< "#L##-.6L!6? H@PHPR@P; :9 AAAAAAAA< F5#-9:9 9< "#L6  @99E7J2=(;C@E7C9999  "#L6 /L$#?+!6$/  G, "#L6 /L$#?+!6$/* =:9 =< ./0!1 H* 6/ B/6! $L2$%!!5 "#L6 ./0!1 H :9 H9<  A&+05 EP@ :9 (9< . :EKKKKKKK< M/.6/I -!#?6/+!6$/ +&&$Q- C :KEKKKKKK< CB!$/$?$B5 +--#55%$/L60B#+!6$/ F :KK9KKKKK< $! #$B!# C--#55 8 :KKK9KKKK< $!+56! #L6  " :KKKK9KKK< $!+#$B!# #L6  F5 :KKKKK999< 4+&6-.6L!6? H@PHPR@P; :9 AAAAAAAA< "#L##-.6L!6? H@PHPR@P; :9 AAAAAAAA< F5#-9:9 9< "#L6  A7=E@(9927==@E7C9999