IPv6 traffic between nodes on different subnets of an IPv4 internetwork

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

IPv6 traffic between nodes on different subnets of an IPv4 internetwork

The IPv6 protocol for the Windows Server 2003 family and Windows XP provides the following methods for communicating between IPv6 nodes on different subnets of an IPv4 internetwork:

  • Intrasite Automatic Tunnel Addressing Protocol addresses

  • 6over4

    6over4 requires that the IPv4 internetwork be multicast-capable. Because most IPv4 networks are not multicast-capable, 6over4 is rarely used. For more information about 6over4, see IPv6 protocol features and RFC 2529.

  • 6to4

    While 6to4 is primarily designed to allow communication between separate IPv6-enabled 6to4 sites, 6to4 hosts that are using the IPv6 protocol can also use 6to4 addresses and 6to4 tunneling to communicate across the IPv4 Internet. For more information, see IPv6 traffic between nodes in different sites across the Internet (6to4).

  • IPv4-compatible addresses

    IPv4-compatible addresses derived from IPv4 public addresses provide a method for connecting IPv6 hosts or sites over the existing IPv4 Internet infrastructure. For more information, see Using IPv4-compatible addresses.

In all of these cases, while IPv6 traffic is being carried as the payload of an IPv4 packet (treating the IPv4 infrastructure as an IPv6 link-layer), it remains IPv6 traffic. Applications that use the addresses associated with these methods are using the same Windows Sockets functions as if global IPv6 addresses and an IPv6 infrastructure were being used.

Using Intrasite Automatic Tunnel Addressing Protocol addresses

Another address assignment and tunneling mechanism that can be used for communication between IPv6/IPv4 nodes on an IPv4 network is described in the Internet draft titled "Intra-Site Automatic Tunnel Addressing Protocol (ISATAP)" (draft-ietf-ngtrans-isatap-Ox.txt). These addresses are called Intrasite Automatic Tunnel Addressing Protocol (ISATAP) addresses. ISATAP addresses use the locally administered interface ID ::0:5EFE:w.x.y.z where:

  • The 0:5EFE portion is formed from the combination of both the organizational unit identifier that is assigned to the Internet Assigned Numbers Authority (IANA) (00-00-5E) and a type that indicates an embedded IPv4 address (FE).

  • The w.x.y.z portion is any unicast IPv4 address, which includes both public and private addresses.

The ISATAP interface ID can be combined with any 64-bit prefix that is valid for IPv6 unicast addresses. This includes the link-local address prefix (FE80::/64), site-local prefixes, and global prefixes.

Like IPv4-compatible addresses, 6over4 addresses, and 6to4 addresses, ISATAP addresses contain an embedded IPv4 address that is used to determine either the source or destination IPv4 addresses within the IPv4 header when ISATAP-addressed IPv6 traffic is sent across an IPv4 network.

By default, the IPv6 protocol for the Windows Server 2003 family and Windows XP automatically configures the ISATAP address of FE80::5EFE:w.x.y.z on the Automatic Tunneling Pseudo-Interface for each IPv4 address that is assigned to the node. This link-local ISATAP address allows two hosts to communicate over an IPv4 network by using each other's ISATAP addresses.

For example, Host A is configured with the IPv4 address of 10.40.1.29 and Host B is configured with the IPv4 address of 192.168.41.30. When the IPv6 protocol for the Windows Server 2003 family and Windows XP is started, Host A is automatically configured with the ISATAP address of FE80::5EFE:10.40.1.29 and Host B is automatically configured with the ISATAP address of FE80::5EFE:192.168.41.30. When Host A sends IPv6 traffic to Host B by using Host B's ISATAP address, the source and destination addresses for the IPv4 and IPv6 headers are listed in the following table.

Field Value

Source address in IPv6 header

FE80::5EFE:10.40.1.29

Destination address in IPv6 header

FE80::5EFE:192.168.41.30

Source address in IPv4 header

10.40.1.29

Destination address in IPv4 header

192.168.41.30

To test connectivity, you can use the ping command. For example, Host A would use the following command to ping Host B by using its link-local ISATAP address:

ping FE80::5EFE:192.168.41.30%2

The **%**ZoneID portion of the command is used to specify the interface index of the interface from which traffic is sent. In this case, %2 specifies interface 2, which is the interface index assigned to the Automatic Tunneling Pseudo-Interface on Host A.

The use of link-local ISATAP addresses allows IPv6/IPv4 hosts on an IPv4 intranet to communicate with each other, but not with other IPv6 hosts outside of the site. To communicate outside of the site, the following additional configuration is required:

  • A host must receive a router advertisement from the site border router that contains a global address prefix. The site border router is placed between the intranet and either the IPv4 Internet or the IPv6 Internet. A site border router is most often a 6to4 router that is connected to the Internet. Upon receiving the router advertisement, additional ISATAP addresses that are based on the global prefix are automatically added.

    For example, if the site is connected to the IPv6 Internet and Host A receives the global prefix of 3FFE:FFF::/64 in a router advertisement, the ISATAP address of 3FFE:FFFF::5EFE:10.40.1.29 is automatically configured. Without a global address prefix and an IPv6 Internet connection, a site can use a 6to4-based global address prefix and connect to other 6to4 sites, 6to4 hosts, and the IPv6 Internet, by using the IPv4 Internet. If the site is using the 6to4 address prefix of 2002:836B:1:5::/64 (based on the public address of 131.107.0.1 and an SLA ID of 5), the ISATAP address of 2002:836B:1:5:0:5EFE:10.40.1.29 is automatically configured.

    ISATAP router addresses are auto-configured in Windows XP when IPv6 queries for "_ISATAP" and receives responses from ISATAP routers. For members of the Windows Server 2003 family and for Windows XP Service Pack 1, IPv6 queries for "ISATAP" (without the underscore character) and auto-configures ISATAP router addresses when responses from ISATAP routers are received.

  • A host must have a default route, pointing to an ISATAP address that corresponds to the intranet interface of the site border router.

    For example, if the intranet interface of the site border router is configured with the IPv4 address of 172.16.0.1, Host A must be configured with a default route (::/0), which uses the ISATAP address of FE80::5EFE:172.16.0.1 as the next-hop address. As the result, all IPv6 traffic that matches this default route (as the closest matching route) is encapsulated and forwarded to the site border router. The site border router then forwards the traffic. If the site border router is a 6to4 router, it encapsulates the IPv6 traffic and forwards it on the Internet.

    For more information, see Add an IPv6 route.

For additional information about configurations, see IPv6 Configurations. For information about using IPv6 in a test lab, see Setting up an IPv6 Test Lab.