On Mon, 1 Dec 2008 19:07:35 -0800
Christian Huitema <[EMAIL PROTECTED]> wrote:
> GSE/8+8 also does not achieve topology hiding, not if the mapping
> between internal and external /64 is a one-one. Of course, you could
> smash multiple internal subnets to a single /64 external view, but
> then you would probably need a new duplicate address detection
> algorithm to avoid conflicts, not to mention recognize cases of a
> single host using the same host ID on multiple subnets.
I'm not sure I believe in the need for topology hiding. But if I did,
on v6 I'd just allocate a separate subnet or group of subnets for
external access. If really necessary, have such hosts set up IP over
IP or L2TP tunnels to a concentrator; that will make this external
access net look flat.
> Of course, Iljitsch points an interesting issue. If NAT66 behaves
> exactly like, say, NAT 64, then why would the organization bother to
> use IPv6 rather than sticking with net 10?
Services like Microsoft DirectAccess?
--Steve Bellovin, http://www.cs.columbia.edu/~smb
_______________________________________________
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf
