Overview
The service block model (SBM) is an IPv6 migration strategy utilizing ISATAP tunnels designed for organizations who must rapidly implement IPv6. The service block model acts as an overlay network which has no impact on the underlying IPv6 network.
Two Catalyst 6500 switches comprise the core of the SBM. The two Catalyst 6500 switches in the service block then connect out to dual stack hosts via ISATAP tunnels and into the data center block through manual IPv6 tunnels connected to the data center aggregation layer. The two images below depict the service block model.
What are Dual Stack Hosts?
Fortunately, dual stacking is a pleasantly simple subject. A dual stack host is a host which runs IPv4 and IPv6 simultaneously and can communicate freely with either. You may be most familiar with this when configuring an interface on Windows. Have you ever seen this?
This is how you would configure dual stacking on Windows. You may have passed right by it on your way to configure your IPv4 interface.
What is ISATAP?
ISATAP (Intra-Site Automatic Tunnel Addressing Protocol) is an IPv6 transition mechanism meant to transmit IPv6 packets between dual-stack nodes on top of an IPv4 network. How does ISATAP actually transmit the packets?
First, ISATAP must generate a link local IPv6 address. It takes this by taking the IPv4 address and converting it to an IPv6 address. Let’s say your IPv4 address is 172.16.0.1. This would convert to AC10:0001. ISATAP attaches this converted address to the prefix fe80::0200:5efe: to give you fe80::0200:5efe:AC10:0001 for your IPv6 address. Remember, this is only a link local address, which can only be used to communicate within the network segment the device is on. In our service block example, this would be the lines between the two 6500 switches and the dual stack hosts. So how do we get a global address in this model?
Well, in the case of the service block model, you will likely configure the two 6500s as IPv6 routers. If the 6500s are acting as routers, you will probably configure the IPv6 addresses of the interfaces on the 6500s manually. We already know that the manual tunnels will definitely have statically configured addresses at a minimum. This leaves the end hosts. How do they get a global address? You might say, well they just multicast out a router solicitation! If this were a 6over4 solution, you would be correct. However, ISATAP is a NBMA, which means no multicast. Instead, ISATAP hosts must be configured with a potential routers list. They then send ICMPv6 router discovery messages to the routers on the list to see if they are up. Once the hosts discovers one of the 6500s is up, they can perform the usual IPv6 autoconfiguration to obtain an IP address.
Finally, ISATAP takes data generated by an IPv6 application, prepends the IPv6 header in it’s totality, and then encapsulates all of that in an IPv4 packet. Recall, the destination end point like the originator will be a dual stack host. The destination endpoint will uncapsulate the traffic and pass it through its IPv6 stack.
What is a Manually Configured Tunnel?
A manually configured tunnel is equivalent to a permanent link between two IPv6 domains over an IPv4 backbone. An IPv6 address is manually configured on a tunnel interface, and manually configured IPv4 addresses are assigned to the tunnel source and the tunnel destination. In much the same manner as ISATAP, a manually configured tunnel then encapsulates the IPv6 traffic in IPv4 packets to the other destination, which then decapsulates the packets on the other end.
So Then… What’s the Difference between ISATAP and a Manually Configured Tunnel?
The biggest difference is that an ISATAP tunnel has a dynamic endpoint calculated on the fly whereas a statically configured tunnel has a set destination endpoint.
An Example
Now, let’s return to our example of the service block with hosts connected to our two switches via ISATAP and the two switches connected to the data center aggregation layer via manually configured IPv6 tunnels (the one depicted in the pictures above). Let’s say that the top left host is Host A and wants to communicate with some application called App B on the dual stack server on the right.
You would configure the IPv6 address of the server hosting App B on Host A. When Host A wants to communicate with App B, host A generates the data and appends the IPv6 header. Host A then encapsulates that data and header inside an IPv4 packet with the address of one of the 6500s. Host A sends the packet to the 6500 which then unencapsulates it and forwards it via the manual tunnel in it’s IPv6 state. After it arrives on the other side of the manual tunnel, the routers route the IPv6 packet like any other IPv6 packet.
Sources