Learning ISATAP 2 – Lab Configuration

In this post, we’ll configure a test-lab. By the end of this post, you’ll have an IPv6\IPv4 dual-stack network configured. You will also have an IPv4-only island that we will use for testing ISATAP.

Overview:

  1. Create VM’s
  2. Create VM Switches
  3. Configure Routers
  4. Configure Network Services

Create VM’s

We can create all the VM’s we need using PowerShell (assumes Hyper-V).

##code assumes you have sysprep'd server 2012 r2 and windows 8.1 template VHDs. Change the first 2 lines as necessary.
$svrVmParentVhd = "C:\vm\vhdtmpl\svr2012r2-tmpl.vhdx"
$clientVmParentVhd = "C:\vm\vhdtmpl\win81-template.vhdx"
$svrVMs = @("isatap1","adds1","rras1","rras2")
$clientVMs = @("client1","client2","client3")

$svrVMs | %{New-VHD -ParentPath $svrVmParentVhd -Path ("C:\VM\VHD\" + $_ + ".vhdx") -Differencing}
$clientVMs | %{New-VHD -ParentPath $clientVmParentVhd -Path ("C:\VM\VHD\" + $_ + ".vhdx") -Differencing}

($svrVMs + $clientVMs) | %{New-VM -Name $_ -VHDPath ("C:\VM\VHD\" + $_ + ".vhdx") -Generation 2 -MemoryStartupBytes 1024MB}

Get-VM | Set-VM -DynamicMemory

Create VM Switches

More PowerShell:

#Build VMSwitches
#Change the first line to match the name of your public internet adapter.
$inetAdapterName = "Wi-Fi"
$privNets = @("net2","net3","inter-router-link")
New-VMSwitch -Name internet -NetAdapterName $inetAdapterName
New-VMSwitch -Name net1 -switchType internal
$privNets | % {New-VMSwitch -Name $_ -SwitchType private}

#Map VM Switches to VMs
Connect-VMNetworkAdapter -vmname isatap1 -SwitchName "net1"
Connect-VMNetworkAdapter -vmname adds1 -SwitchName "net1"
Connect-VMNetworkAdapter -vmname client1 -SwitchName "net1"

Connect-VMNetworkAdapter -vmname rras1 -SwitchName "internet"
Add-VMNetworkAdapter -vmname rras1 -SwitchName "net1"
Add-VMNetworkAdapter -vmname rras1 -SwitchName "net2"
Add-VMNetworkAdapter -vmname rras1 -SwitchName "inter-router-link"

Connect-VMNetworkAdapter -vmname rras2 -SwitchName "net3"
Add-VMNetworkAdapter -vmname rras2 -SwitchName "inter-router-link"

Connect-VMNetworkAdapter -vmname client2 -SwitchName "net2"
Connect-VMNetworkAdapter -vmname client3 -SwitchName "net3"

#start vm's
Get-VM | Start-VM -AsJob

Configure Routers

rras1

First, we need to install the RAS service. Then, configure the router’s name and interfaces. Start with the server rras1. Powershell incoming:

Install-WindowsFeature Routing -IncludeManagementTools -IncludeAllSubFeatures
#open firewall for testing
Get-NetFirewallRule | ?{$_.name -like "*icmp*"} | Enable-NetFirewallRule

#Configure RRAS1 Interfaces
#note -- you will need to figure out this mapping, probably by disconnecting the interfaces
#   in hyper-v manager, then connecting them one-at-a-time to see which interfaces are which.
Rename-NetAdapter -Name "Ethernet" -NewName "internet"
Rename-NetAdapter -Name "Ethernet 4" -NewName "net1"
Rename-NetAdapter -Name "Ethernet 3" -NewName "net2"
Rename-NetAdapter -Name "Ethernet 2" -NewName "inter-router-link"

#note: in the following lines, the address fd1a:6cf8:7eeb:400::64 was picked randomly. Nothing special about it.
New-NetIPAddress -IPAddress 10.10.10.1 -PrefixLength 24 -InterfaceAlias "net1"
New-NetIPAddress -IPAddress fd1a:6cf8:7eeb:401:: -PrefixLength 64 -InterfaceAlias "net1"
New-NetIPAddress -IPAddress 10.20.20.1 -PrefixLength 24 -InterfaceAlias "net2"
New-NetIPAddress -IPAddressfd1a:6cf8:7eeb:402:: -PrefixLength 64 -InterfaceAlias "net2"
New-NetIPAddress -IPAddress 172.24.0.2 -PrefixLength 24 -InterfaceAlias "inter-router-link"

#Configure a route for 10.30.30.0/24 from rras1 to rras2 via inter-router-link
#We will need this later.
New-NetRoute -InterfaceIndex [inter-router-link interface #] -DestinationPrefix "10.30.30.0/24" -Nexthop=172.24.0.3

Rename-Computer rras1
Restart-Computer

Now that we have the interfaces configured, we need to enable Routing, NAT, and the DHCP Relay Agent.

  1. Login and launch Routing and Remote Access.
  2. Right-click the host and choose ‘Configure’.
  3. Choose custom configuration.
  4. When presented, choose the ‘LAN Routing’ and ‘NAT’ checkboxes.
  5. Finish the configuration wizard.
  6. Navigate to Routing -> IPv4 -> NAT.
  7. Right-click and Choose ‘New Interface’.
  8. Add all available interfaces to the NAT section.
  9. Ensure that the internet interface is being used as the public internet-facing interface, and the rest as private. Do this by looking at the properties of each interface in the NAT section.
  10. Navigate to ‘Router -> IPv4 -> General’.
  11. Right-click ‘General’ and choose ‘New Routing Protocol’.
  12. Choose ‘DHCP Relay Agent’ and click ‘OK.
  13. Right-click ‘DHCP Relay Agent’ and choose ‘Properties’.
  14. Add the DHCP server address (in our test lab, this will be 10.10.10.10) and click ‘OK’.
  15. Add all interfaces except ‘internet’ and ‘net1’ to the DHCP Agent Relay Agent section.

rras2

Now, let’s configure our second router. This one will use an inter-router-link to connect to rras1, and will serve an IPv4-only link (island) that we’ve named net3.

First, the Install the RAS service, then configure the interfaces.

Install-WindowsFeature Routing -IncludeManagementTools -IncludeAllSubFeatures
#open firewall for testing
Get-NetFirewallRule | ?{$_.name -like "*icmp*"} | Enable-NetFirewallRule

#Interfaces
#note -- you will need to figure out this mapping, probably by disconnecting the interfaces
#   in hyper-v manager, then connecting them one-at-a-time to see which interfaces are which.
Rename-NetAdapter -Name "Ethernet" -NewName "net3"
Rename-NetAdapter -Name "Ethernet 2" -NewName "inter-router-link"

New-NetIPAddress -IPAddress 10.30.30.1 -PrefixLength 24 -InterfaceAlias "net3"
New-NetIPAddress -IPAddress 172.24.0.3 -PrefixLength 24 -InterfaceAlias "inter-router-link"
New-NetRoute -InterfaceAlias "inter-router-link" -DestinationPrefix "0.0.0.0/0" -nexthop=172.24.0.2

#Name
Rename-Computer rras2
Restart-Computer

Now, let’s configure Routing and the DHCP Relay Agent.

  1. Launch Routing and Remote Access
  2. Right-click the host and choose ‘Configure’.
  3. Choose custom configuration.
  4. Choose the ‘LAN Routing’ checkbox.
  5. Finish the wizard
  6. Navigate to ‘Router -> IPv4 -> General’.
  7. Right-click ‘General’ and choose ‘New Routing Protocol’.
  8. Choose ‘DHCP Relay Agent’ and click ‘OK.
  9. Right-click ‘DHCP Relay Agent’ and choose ‘Properties’.
  10. Add the DHCP server address and click ‘OK’.
  11. Add the interface ‘net3’ to the DHCP Agent Relay Agent section.

Configure Network Services

At this point, our routing is all configured properly. Now we just need to install DNS and DHCP. I’m also going to install ADDS.

Run the following code on ADDS1:

#Configure ADDS1
Rename-Computer adds1
restart-computer

#Configure Interface
New-NetIPAddress -IPAddress 10.10.10.10 -PrefixLength 24 -InterfaceAlias "ethernet"
New-NetRoute -InterfaceIndex 15 -destinationPrefix "0.0.0.0/0" -NextHop 10.10.10.1

Install-WindowsFeature AD-Domain-Services,DHCP,DNS -IncludeManagementTools -IncludeAllSubFeatures
Install-ADForest -DomainName contoso.com -InstallDNS
##take a break here; you'll need to manually enter the "SafeModeAdministratorPassword"

Once adds1 reboots, continue its configuration with this code:

#configure dhcp
Add-DhcpServerV4Scope -Name 10.10.10.0 -StartRange 10.10.10.50 -EndRange 10.10.10.100 -SubnetMask 255.255.255.0 -State Active
Set-DhcpServerv4OptionValue -ScopeId 10.10.10.0 -DnsDomain contoso.com -DnsServer 10.10.10.10 -Router 10.10.10.1
Add-DhcpServerV4Scope -Name 10.20.20.0 -StartRange 10.20.20.50 -EndRange 10.20.20.100 -SubnetMask 255.255.255.0 -State Active
Set-DhcpServerv4OptionValue -ScopeId 10.20.20.0 -DnsDomain contoso.com -DnsServer 10.10.10.10 -Router 10.20.20.1
Add-DhcpServerV4Scope -Name 10.30.30.0 -StartRange 10.30.30.50 -EndRange 10.30.30.100 -SubnetMask 255.255.255.0 -State Active
Set-DhcpServerv4OptionValue -ScopeId 10.30.30.0 -DnsDomain contoso.com -DnsServer 10.10.10.10 -Router 10.30.30.1

#authorize dhcp
Add-DhcpServerInDc

#add dns forwarders
Add-DnsServerForwarder -IPAddress 8.8.8.8

At this point, you probably want to check the host OS (the ‘parent partition’). I’m guessing that your host internet access is dead, since your parent partition will now have two interfaces which both have default gateways.

To fix this, login to adds1, open the DHCP snap-in, and convert your parent partition’s lease into a reservation. Then, configure the reservation such that it’s router and dns server options are blank. Then, perform an ipconfig /renew on your host system.

Verify IPv4 Connectivity

At this point, all of your clients should be able to access the internet, though they may need a reboot or an ipconfig /renew. Make sure every host can ping every other host in our test network. Do this by first running the following PowerShell command on every system to enable ICMP. Then, run the ping command.

Powershell to Enable ICMP echo’s:

Get-NetFirewallRule | ?{$_.name -like "*icmp*"} | Enable-NetFirewallRule

If you’re not able to ping hosts, check the ip addresses and gateways of all nodes. You can also try restarting the rras servers.

Configure Native IPv6

Next step, configuring IPv6. We want net1 and net2 to have native IPv6. Later, we’ll configure ISATAP so that net3 can use IPv6 even though rras2 doesn’t have IPv6 enabled.

To configure IPv6, we just need to pick a network prefix, then configure router advertisements on rras1. For our test lab, I’ve chosen the following network prefixes:

  • net1: fd1a:6cf8:7eeb:401::/64
  • net2: fd1a:6cf8:7eeb:402::/64

Here’s the overview:

  1. Configure RRAS1’s net1 and net2 interfaces to advertise as an ipv6 default gateway, and to forward.
  2. Publish the appropriate routes on rras1.

First, let’s configure general IPv6 routing. It’s actually pretty easy:

  1. Login to RRAS 1 and launch ‘Routing and Remote Access’.
  2. Right-click the host and choose ‘Properties’.
  3. Check the box on the general tab next to ‘IPv6 Router’ and click ‘OK’.

Next, let’s do some command-line magic on rras1 (works in powershell too).

#first, get the names and numbers of your interfaces
Get-NetAdapter

#We need to configure the net1 and net2 to broadcast RA's. This will cause all of your net1 and net2 hosts to see an IPv6 'default gateway'. The default gateway will be set to the link-local address of the rras1 interface that's on their respective link.
netsh interface ipv6 set interface [#-of-net1] advertise=enabled forwarding=enabled advertisedefaultroute=enabled
netsh interface ipv6 set interface [#-of-net2] advertise=enabled forwarding=enabled advertisedefaultroute=enabled

#Next, we need to instruct hosts to use the prefix we want. After this command, you will see a new IPv6 address on net1 and net2 hosts beginning with our prefix (use ipconfig to verify). Sometimes you need to disable and re-enable the adapter to see a host pick up its new address.
netsh interface ipv6 set route fd1a:6cf8:7eeb:401::/64 [#-of-net1] publish=yes
netsh interface ipv6 set route fd1a:6cf8:7eeb:402::/64 [#-of-net2] publish=yes

At this point, you should be able to ping client1’s IPv6 address from client2 and vice-versa. Congrats, you have enabled native IPv6 on the links net1 and net2.

Enabling ISATAP

The next blog post will cover configuring a new server named isatap1 as an isatap router, and with it connecting our ipv4 island like ‘net3’ to ipv6.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s