Margaret Wasserman - le (m/j/a) 3/31/09 5:36 PM:
If we do need to address prefixes of longer than /48 in NAT66, that is
fairly easy to do. We just need to pick which sacrifices we are willing
to make. I can think of two choices:
(1) Add the checksum correction to a 2byte portion of the lower 64 bits
when the prefix is longer than /48, thus modifying the IID. This
wouldn't be compatible with (currently unspecified) mechanisms that
require a constant IID, but we would already have that problem with
nodes that generate privacy addresses.
or
(2) Fix the UDP or TCP checksum instead of performing the checksum
correction algorithm when the prefix is longer than /48. The cost here
is that we lose the ability to encrypt/protect the transport layer
headers.
I don't understand the point.
If the transport protocol is neither UDP nor TCP, is it not true that
doing or not doing further address modification after prefix replacement
(for UDP/TCP checksums to be unchanged) has no effect on whatever
encrypt/protect mechanism this transport might introduce?
Maybe you could explain more.
In any case, I support this second choice (simple and guaranteed to
work).
Regards,
RD
_______________________________________________
nat66 mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/nat66
