Missed part of the email… In IPv6 the checksum is replaced as 0xFFFF if the checksum yields ZERO and the responder ignores that.
-- Thanks From: Shravan Vuggrala <[email protected]<mailto:[email protected]>> Date: Tuesday, November 26, 2013 at 9:37 AM To: Gandhar Gokhale <[email protected]<mailto:[email protected]>>, "[email protected]<mailto:[email protected]>" <[email protected]<mailto:[email protected]>> Subject: Re: [IPsec] NAT-T and IPv6 Its already mentioned in the first section that there is no technical reason why it should not work with IPv6. << As defined in this document, UDP encapsulation of ESP packets is written in terms of IPv4 headers. There is no technical reason why an IPv6 header could not be used as the outer header and/or as the inner header. >> — Regards Shravan From: Gandhar Gokhale <[email protected]<mailto:[email protected]>> Date: Friday, November 22, 2013 at 7:34 PM To: "[email protected]<mailto:[email protected]>" <[email protected]<mailto:[email protected]>> Subject: [IPsec] NAT-T and IPv6 Hello, RFC3948 states in the Introduction section: “As defined in this document, UDP encapsulation of ESP packets is written in terms of IPv4 headers. There is no technical reason why an IPv6 header could not be used as the outer header and/or as the inner header. And in section 2.1 it states "o the IPv4 UDP Checksum SHOULD be transmitted as a zero value, and o receivers MUST NOT depend on the UDP checksum being a zero value" As per RFC 2460 UDP header with 0 checksum must be discarded. If all these statements are seen together it would mean NAT-T for IPv6 as described in RFC 3498 won't work. Am I missing something? Is NAT-T a valid deployment case for IPv6 network i.e. when the outer header of IPsec tunnel is IPv6? -- Gandhar Gokhale Networking Components Group LSI
_______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
