you're still missing the point. NAT doesn't cause this particular
problem; use of limited scope addresses causes this problem regardless
of whether NAT is used.
I wrote the following text for a document that I never published on
the impact of IPv6 site-local addressing. I thought it might be useful
to interject it here...
Margaret
x.x.x Similarities to NAT
As you read through the problems caused by the use of IPv6 site-
local addresses in globally connected networks, you will find that
many of these problems are similar to the issues caused by IPv4
NAT. This is expected, as many NAT-related problems are caused by
the use of private address spaces.
Some of the complexities of IPv4 NAT are avoided by the fact that
IPv6 SBRs do not translate site-local addresses into global
addresses. Instead, traffic to and from site-local addresses is
dropped at site boundaries, with an appropriate ICMP error message.
SBRs do not modify addresses in forwarded IP headers, so the use of
IPv6 site-local addresses does not conflict with end-to-end
security or peer-to-peer communication at the IP layer.
Unfortunately, dropping packets with site-local IPv6 source or
destination addresses does not prevent site-local addresses from
being sent outside of the local site in upper-layer protocol
headers or data. This causes a set of problems for upper-layer
protocols, some of which have been resolved in IPv4 NAT by the use
of Application Level Gateways (ALGs). One possible solution to
these problems would be to implement IPv6 ALGs on site-border
routers, but this solution does not seem satisfactory, as it would
require infrastructure updates for the deployment of new
applications and would not work properly with end-to-end
encryption.
Without the deployment of IPv6 ALGs, however, IPv6 would require
upper-layer protocols to make intelligent choices about when to
exchange site-local addresses with other nodes and/or how to
interpret site-local addresses that are received. This would
require upper-layer applications to have knowledge of the site
topology of the network, and it is not clear where or how this
information can be obtained.
IPv6 site-local addressing also introduces some problems that
are not seen in networks that use IPv4 NAT, because it is possible
for a single interface to have both global and site-local addresses.
--------------------------------------------------------------------
IETF IPng Working Group Mailing List
IPng Home Page: http://playground.sun.com/ipng
FTP archive: ftp://playground.sun.com/pub/ipng
Direct all administrative requests to [EMAIL PROTECTED]
--------------------------------------------------------------------
