On 8 jul 2009, at 9:42, marcelo bagnulo braun wrote:
for example, suppose you want to run shim6 on the nat64 box, how
would you do it if you cannot use the lower 64 bits to store crypto
info?
So then you would have one NAT64 with two Prefix64s, where the CGA
proves that Prefix64a and Prefix64b belong to the same box? I guess
you could do that. But the assumption with Shim6 is that you have two
ISPs that give you two address ranges. That would only apply if the
NAT64 user and the NAT64 are in different networks, and at least the
NAT64 is multihomed. So:
ISP2
/ \
v6client --- ISP1 NAT64
\ /
ISP3
In my opinion, that would be an extremely unusual case: in networks
large enough to have some IPv4 addresss space, the NAT64 would be done
locally. In smaller networks, the ISP would probably do it. Getting
NAT64 service from a random place somewhere is not impossible, but not
exactly an obvious solution. Especially because the NAT64 service
provider would need a mechanism to authenticate its users.
We can go out of our way to find strange use cases and build in
support for them, but wasn't the idea that we need to get NAT64 in the
grubby hands of actual users within a reasonable timeframe?
--------------------------------------------------------------------
IETF IPv6 working group mailing list
[email protected]
Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------
