On Dec 9, 2010, at 1:42 PM, Marie-France Berny wrote: > I may be wrong but I understand that IPsec can be at least used with IPv4 and > IPv6. So the best solution seems to be to add IPsec as a frontend to the > NPTv6 function of for IPv4. In this case the full subnet two bytes are > available to the user. However, there is need for one bit to tell if an > adjustment was made or not.
I'm in favor of IPsec; ESP (Encryption or the ESP-NULL integrity check) works through this. AH doesn't. I'm not at all sure how that relates to the subnet part. If the ISP gives you an N bit prefix, you have 64-N bits available for the subnet. > MFB > > 2010/12/9 JFC Morfin <[email protected]> > Too bad it makes us lose two bytes in the address (unless IPSec is carried in > the IUI - after the NPTv6 process?). We would need to indicate somewhere that > we could use an extended IPv6 header. We have needs for that, but it is too > early to discuss this. Our priorities are to test the InterPlus concept > (Plugged Layers on the User Side) with the ML-DNS and internal IDv6 ported by > 3rd or 4th level domain names. > > GSE > I understand that an edge network may have several upstreams that it can use > to send (and rotate upstreams) but also that on each of these upstreams it > has a different address. > > jfc >
_______________________________________________ nat66 mailing list [email protected] https://www.ietf.org/mailman/listinfo/nat66
