On 7/19/2017 11:34 AM, mohamed.boucad...@orange.com wrote: > > Joe, > > > > As mentioned in a previous message in this thread, TCP-AO extensions > (6978) to pass NATs will be required otherwise TCP-AO will fail > because of: > > - Manipulating multiple addresses > > - At least one of the source IP addresses will be rewritten. > TCP-AO-NAT is experimental.
It also has nothing to do with whether the TCP options are covered - that's determined by the MKT on a per-connection basis, and is opaque to on-path devices. An on-path device that manipulates TCP options would break TCP-AO-NAT if the MKT covers the options. Joe
_______________________________________________ Int-area mailing list Int-area@ietf.org https://www.ietf.org/mailman/listinfo/int-area