|IPv6 transition mechanisms|
Unlike 6over4 (an older similar protocol using IPv4 multicast), ISATAP uses IPv4 as a virtual nonbroadcast multiple-access network (NBMA) data link layer, so that it does not require the underlying IPv4 network infrastructure to support multicast.
How ISATAP works 
ISATAP defines a method for generating a link-local IPv6 address from an IPv4 address, and a mechanism to perform Neighbor Discovery on top of IPv4.
Link-local address generation 
Any host wishing to participate in ISATAP over a given IPv4 network can set up a virtual IPv6 network interface. The link-local address is determined by concatenating
fe80:0000:0000:0000:0200:5efe: for global unique and
fe80:0000:0000:0000:0000:5efe: for private addresses with the 32 bits of the host's IPv4 address.
For example, host
192.0.2.143 would use
fe80:0000:0000:0000:0200:5efe:192.0.2.143 as its link-local IPv6 address. A shortened notation would be
192.0.2.143, but in hexadecimal notation). Both syntaxes are valid. 
Neighbour Discovery 
Because ISATAP uses IPv4 as a non multicast/broadcast-capable (unlike Ethernet) link layer, ICMPv6 Neighbor Discovery cannot be done in the usual manner. That is why ISATAP is a bit more complex than 6over4.
The link layer address associated with a given IPv6 address is contained in the lower-order 32-bits of the IPv6 address, so that Neighbor Discovery is not really needed. However, the lack of multicast support prevents the use of automatic Router Discovery. Therefore, ISATAP hosts must be configured with a potential routers list (PRL). Each of these routers is infrequently probed by an ICMPv6 Router Discovery message, to determine which of them are functioning, and to perform unicast-only autoconfiguration (typically, obtain the list of on-link IPv6 prefixes that can be used).
In practice, implementations build their PRL by querying the DNS, e.g. by looking up
isatap.example.com if the local domain is
example.com. The local domain is typically obtained via DHCP (over IPv4) or statically configured.
Criticisms of ISATAP 
ISATAP typically builds its PRL by consulting the DNS; hence, in the OSI model it is a lower-layer protocol that relies on a higher layer. A circularity is avoided by relying on an IPv4 DNS server, which does not rely on IPv6 routing being established; however, this is a violation of network design principles, and feels brittle to some network specialists.
ISATAP carries the same security risks as 6over4: the IPv4 virtual link must be delimited carefully at the network edge, so that external IPv4 hosts cannot pretend to be part of the ISATAP link. That is normally done by ensuring that proto-41 (6in4) cannot pass through the firewall.
Implementations of ISATAP 
Due to a patent claim, early in-kernel implementations were withdrawn from both KAME (*BSD) and USAGI (Linux). However the IETF IPR disclosure search engine reports that there would-be infringing patent’s holder requires no license from implementers. ISATAP support has been supported in Linux since kernel version 2.6.25, the tool isatapd [notes 1] provides a userspace helper. For prior kernels, the open source project Miredo provided an incomplete userland ISATAP implementation, which was removed in version 1.1.6.
- R. Hinden, S. Deering (April 2006). "RFC 4291 Section 2.2". IETF. Retrieved 29 December 2012.
- F. Templin, T. Gleeson, D. Thaler Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) RFC 5214, March 2008.