IPv6 ISATAP (Intra Site Automatic Tunnel Addressing Protocol)

This topic is to discuss the following lesson:

HI Rene’

I not understand very well why the eui-64 i s needed, and also why on R1 the command
tunnel mode ipv6ip isatap
is not needed.
Also I’m testing this configuration on gns3 and router r1 not install a static route.

1 Like

Hello Giovanni

According to Cisco documentation, when configuring ISATAP:

The IPv6 tunnel interface must be configured with a modified EUI-64 address
because the last 32 bits in the interface identifier are constructed using the IPv4 tunnel source address.

If you were to specify the address fully, the ISATAP operation would not function.

Also, when you configure tunnel mode ipv6ip isatap on the headend, there is no need to specify the mode in which the tunnel will be functioning on the client. On the client, you also set ipv6 address autoconfig, which means that it will obtain the IPv6 address (and the mode of the tunnel) from the headend.

I hope this has been helpful!

Laz

1 Like

Hi Rene and Laz,

Would you say that the ISATAP operation is very similar to the DMVPN Phase 1 where all of the tunnel traffic has to traverse the “Headend” router just like with DMVPN phase 1 and its “HUB”?

1 Like

Hello Nitay

It is similar only so far as the traffic actually traverses the router itself (either the head end or the HUB in each case) to get to its destination. However, beyond that, the purpose and the mechanisms of the two features you mention are completely different.

I hope this has been helpful!

Laz

2 Likes

In the ISATAP lesson, client config section, the tunnel mode command says: tunnel mode ipv6ip and there is no isatap in the end. Was that left out on purpose -because it’s a client- or is that a typo?

Hello @haniyeh.maghsoudi,

That’s right, the client only needs tunnel mode ipv6ip . No need to add the isatap keyword there.

Rene

1 Like

Hi,

I tried to lab this up in CML2 but couldn’t get it working. The configs are identical apart form the interfaces being Gigabit and command no ipv6 nd ra suppress being slightly different.

Headend:

interface Tunnel0
 no ip address
 no ip redirects
 ipv6 address 2001:DB8:13:13::/64 eui-64
 no ipv6 nd ra suppress
 tunnel source GigabitEthernet0/0
 tunnel mode ipv6ip isatap

Client:

interface Tunnel0
 no ip address
 ipv6 address autoconfig
 tunnel source GigabitEthernet0/0
 tunnel mode ipv6ip
 tunnel destination 192.168.23.3

The client is not acquiring an ipv6 address.

Tunnel0 is up, line protocol is up
  IPv6 is enabled, link-local address is FE80::C0A8:C01 
  No Virtual link-local address(es):
  Stateless address autoconfig enabled
  No global unicast address is configured
  Joined group address(es):
    FF02::1
    FF02::1:FFA8:C01
  MTU is 1480 bytes
  ICMP error messages limited to one every 100 milliseconds
  ICMP redirects are enabled
  ICMP unreachables are sent
  ND DAD is enabled, number of DAD attempts: 1
  ND reachable time is 30000 milliseconds (using 30000)
  ND NS retransmit interval is 1000 milliseconds

see also…

R1#sh ipv6 int brief
GigabitEthernet0/0     [up/up]
    unassigned
Tunnel0                [up/up]
    FE80::C0A8:C01

The headend (R3) sh ipv6 int tunnel 0 output is as follows:

Tunnel0 is up, line protocol is up
  IPv6 is enabled, link-local address is FE80::5EFE:C0A8:1703 
  No Virtual link-local address(es):
  Global unicast address(es):
    2001:DB8:13:13:0:5EFE:C0A8:1703, subnet is 2001:DB8:13:13::/64 [EUI]
  Joined group address(es):
    FF02::1
    FF02::1:FFA8:1703
  MTU is 1480 bytes
  ICMP error messages limited to one every 100 milliseconds
  ICMP redirects are enabled
  ICMP unreachables are sent
  ND DAD is not supported
  ND reachable time is 30000 milliseconds (using 30000)
  ND NS retransmit interval is 1000 milliseconds

which differs slightly from output in the course notes.

I have confirmed full connectivity via OSPF.

I’m beginning to think this is CML related.

Thanks for any help.

Sam

Hi @samirkhair ,

I ran into the same issue with both IOSv and CSR1000v on CML2. From what I can see, the config hasn’t changed:

On both routers, I enabled debug ipv6 nd. With IOSv, I don’t see any packets making it to the other side:

R1#show int tun0 | include packets
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     0 packets input, 0 bytes, 0 no buffer
     87 packets output, 5728 bytes, 0 underruns
R3#show int tun0 | include packets
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     95 packets input, 10036 bytes, 0 no buffer
     0 packets output, 0 bytes, 0 underruns

With the CSR1000v, I do see some interaction:

R1#show int tun0 | include packets
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     2 packets input, 192 bytes, 0 no buffer
     13 packets output, 1092 bytes, 0 underruns
R3#show int tun0 | include packets
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     11 packets input, 900 bytes, 0 no buffer
     2 packets output, 232 bytes, 0 underruns

The client doesn’t get an IPv6 address though. I don’t see anything meaningful with debug ipv6 nd.

Next week, I receive 2x ISR4331. I’ll give it another try then.

Rene

Hi Rene,

Thanks for the follow-up.

I’m getting the impression CML doesn’t quiet work 100% for all the features it claims it supports. Which throws me when I’m troubleshooting.

Thanks again,

Sam

Hi Sam,

Usually, the L2 features cause issues. Things like IGMP snooping.

I wouldn’t expect IPv6 tunneling and routing to fail but you never know…I’ll let you know next week what happens on my routers :slight_smile:

Rene

Hi Rene,

Thanks very much.

Sam

Hi Sam,

It took a bit longer but I tested this today. Still running into the same issue. This time, I’m running Cisco IOS XE Software, Version 17.04.01a on an ISR4331.

I did find something though. It seems to be related to the client. When I use Windows 10 as a client, it’s working :slight_smile:

PS C:\Windows\system32> Set-NetIsatapConfiguration -State Enabled -Router 10.56.100.130 -PassThru


Description               : ISATAP Configuration
State                     : Enabled
Router                    : 10.56.100.130
ResolutionState           : Default
ResolutionIntervalSeconds : 60

I can check my IPv6 address here:

PS C:\Users\info> ipconfig

Windows IP Configuration

Ethernet adapter Ethernet:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter isatap.{FB3F1AD9-0574-4637-AFD2-CD6EFA0FC4C9}:

   Connection-specific DNS Suffix  . :
   IPv6 Address. . . . . . . . . . . : 2001:db8:13:13:0:5efe:10.56.100.1
   Link-local IPv6 Address . . . . . : fe80::5efe:10.56.100.1%79
   Link-local IPv6 Address . . . . . : fe80::5efe:192.168.1.44%79
   Default Gateway . . . . . . . . . : fe80::5efe:10.56.100.130%79

Tunnel adapter isatap.{2B8ADB1C-52CE-4D47-B118-01E757D41E07}:

   Connection-specific DNS Suffix  . :
   Link-local IPv6 Address . . . . . : fe80::5efe:172.25.0.1%80
   Default Gateway . . . . . . . . . :

Quick ping to test things:

PS C:\Users\info> ping 2001:DB8:3:3::3

Pinging 2001:db8:3:3::3 with 32 bytes of data:
Reply from 2001:db8:3:3::3: time=1ms
Reply from 2001:db8:3:3::3: time=1ms
Reply from 2001:db8:3:3::3: time=1ms
Reply from 2001:db8:3:3::3: time=1ms

Ping statistics for 2001:db8:3:3::3:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 1ms, Maximum = 1ms, Average = 1ms

I tried some of the tunnel mode settings on the router client but no luck.

Rene

Hi Rene,

Thanks for letting me know.

Sam