ISATAP

Criticisms of ISATAP

ISATAP typically builds its Potential Router List (PRL) by consulting the DNS; hence, in the OSI model it is a lower-layer protocol that relies on a higher layer. A circularity is avoided by relying on an IPv4 DNS server, which does not rely on IPv6 routing being established; however, some network specialists claim that these violations lead to insufficient protocol robustness.

ISATAP carries the same security risks as 6over4: the IPv4 virtual link must be delimited carefully at the network edge, so that external IPv4 hosts cannot pretend to be part of the ISATAP link. That is normally done by ensuring that proto-41 (6in4) cannot pass through the firewall.

Implementations of ISATAP

ISATAP is implemented in Microsoft Windows XP, Windows Vista, Windows 7, Windows 8, Windows 10, Windows Server 2008, Windows Server 2012, Windows Server 2016, Windows Server 2019, Windows Mobile, Linux, and in Cisco IOS (since IOS 12.2(14)S and IOS XE Release 2.1).

Due to a patent claim, early in-kernel implementations were withdrawn from both KAME (*BSD) and USAGI (Linux). However, the IETF IPR disclosure search engine reports that the would-be infringing patent's holder requires no license from implementers.{{cite web | access-date=2015-02-09}} ISATAP support has been supported in Linux since kernel version 2.6.25,{{cite web | access-date=2015-02-09}} the tool isatapd {{cite web | access-date=2015-02-09}} provides a userspace helper. For prior kernels, the open source project Miredo provided an incomplete userland ISATAP implementation, which was removed in version 1.1.6.

References

References

1. (March 2008). "Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) RFC 5214". IETF Network Working Group.
2. itojun. (2002-12-25). "Request to publish ISATAP". v6ops Mailing List.
3. "Cisco IOS IPv6 Command Reference".