> I agree that NAT and stateful firewalls (e.g. 'ip inspect' in IOS) > would need explicit support to understand the packet layout.
what il services would you apply spi to? one doesn't ftp or http over il. > NAT - it should simply die, until then > run IL over IPv6 and avoid NAT? il isn't defined over ip6. why should nat die? translating network addresses from one network to another seems natural enough to me—and quite similar to what various storage systems do to present logical volumes. why should renumber a formerly private network because i'd like to hook it up to the internet? why should i renumber my network because i change service providers? why is using nat to make many hosts look like one a bad thing? - erik
