We all understand that many current NAT devices and their deployments are not
compatible with IP fragmentation (v4 or v6).
That leaves us with two options:
1. change IP, but that leaves us with problems for which we have no
solution (encrypted payloads, other DPI devices that look further in, etc.)
2. change NATs and how they’re deployed (to require reassembly or its
equivalent before processing, to not be deployed except where they can act as
the host they proxy for)
Both cost money and will have an impact.
#2 involves changing less devices AND has the benefit that we know it will work.
I see no good reason to continue to try #1 in the meantime.
Joe
_______________________________________________
Int-area mailing list
Int-area@ietf.org
https://www.ietf.org/mailman/listinfo/int-area
