> Of course, NAT66 eliminates ingress filtering as a question, as the source > address is forced to a prefix that won't be filtered.
Maybe. But NAT66 doesn't eliminate the other problem linked to ingress filtering, direct consequence of managing several egress addresses. If an internal routing change causes the packets from internal host H to external host X to be routed through a different egress, then the external address of X will change... and the TCP connection between H and X will break. -- Christian Huitema _______________________________________________ nat66 mailing list [email protected] https://www.ietf.org/mailman/listinfo/nat66
