At 22:42 09/12/2010, Marie-France Berny wrote:
I may be wrong but I understand that IPsec can be at least used with
IPv4 and IPv6. So the best solution seems to be to add IPsec as a
frontend to the NPTv6 function of for IPv4. In this case the full
subnet two bytes are available to the user. However, there is need
for one bit to tell if an adjustment was made or not.
MFB
Marie-France,
As Fred says you get a 64-N space, N being what the ISP gives you.
The real issue you raise is what we called IPP, i.e. a way to let
know that an adapted/extended IP header is being used. Here Fred discusses :
- an ISP based routing prefix which is independent from the IDv6
local prefix (we use 64 bits for local addressing, but we need 128
bits addresses if is IPv6 is used internally - he is using the
ULA proposition)
- a transparency to IPsec in using two bytes.
Our interest may not be directly in what he proposes - this is what
we need to understand. But our interest seems at least to be in the
homogeneity permitted this way between a large edge networks solution
and our own *possible* solution for lead users' systems.
jfc
2010/12/9 JFC Morfin <<mailto:[email protected]>[email protected]>
Too bad it makes us lose two bytes in the address (unless IPSec is
carried in the IUI - after the NPTv6 process?). We would need to
indicate somewhere that we could use an extended IPv6 header. We
have needs for that, but it is too early to discuss this. Our
priorities are to test the InterPlus concept (Plugged Layers on the
User Side) with the ML-DNS and internal IDv6 ported by 3rd or 4th
level domain names.
GSE
I understand that an edge network may have several upstreams that it
can use to send (and rotate upstreams) but also that on each of
these upstreams it has a different address.
jfc
_______________________________________________
iucg mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/iucg
_______________________________________________
nat66 mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/nat66
