On 5/3/10 3:46 PM, Dan Wing wrote: >> Actually, this seems like what IPv6 Privacy Addresses were made for. > > IPv6 privacy addresses have to be managed by the application and/or the OS, > and to achieve the same result as NAPT would need to be changed _much_ more > often than every 24 hours (24 hours is the Windows 7 default for changing the > host's privacy address, per my understanding). As an application developer, what I really want for privacy addresses is to be able to use a different source address for every outgoing connection, and to not hold on to that address-to-interface binding any longer than needed to do FIN-ACKs (or equivalent for other transport protocols) on that connection. I want the host to keep a pool of available addresses to use for privacy addresses, allocate more from the local network when the pool goes below a threshold, and free old addresses up when they're no longer needed.
I want to be able to specify, on a per-connection basis, whether (a) the source address should be a privacy address and (b) whether the host should accept connections at that address. It doesn't work nearly as well to reuse a privacy address across multiple connections, because you never know how long an app will need to use that connection. But since you said 24 hours isn't short enough (and I pretty much agree) - do you think that typical NAT44 internal-to-external address binding times /are/ short enough? My impression was that most NATs would maintain such bindings indefinitely as long as there were active connections using them. Keith
_______________________________________________ nat66 mailing list [email protected] https://www.ietf.org/mailman/listinfo/nat66
