> It's math. Doubt or opinion should not be involved.
It derives from the requirement to be checksum compatible. The checksum is
computed complement to 1, and under complement to 1, 0 = 0xFFFF. There is no
way to enable symmetric mapping if you allow both values. This is best shown on
an example:
Assume internal prefix is 0::/48, external 1::/48. Observe that:
In order to be checksum neutral, 0:0:0:0 must map to 1:0:0:FFFE
In order to be checksum neutral, 0:0:0:FFFF must also map to 1:0:0:FFFE
In order to be checksum neutral, 1:0:0:FFFE may map to either 0:0:0:0
or 0:0:0:FFFF
In order to be checksum neutral, 1:0:0:0 must map to 0:0:0:1
In order to be checksum neutral, 1:0:0:FFFF must also map to 0:0:0:1
In order to be checksum neutral, 0:0:0:1 may map to either 1:0:0:0 or
1:0:0:FFFF Different prefixes will lead to different values, but the same
pattern.
Other prefixes result in the same issue: two internal prefixes, subnet 0 and
subnet FFFF, map to the same external subnet prefix. When that external prefix
is mapped back, the translator has to pick either 0 or FFFF, cannot pick both.
Similarly, external subnets 0 and FFFF map to the same internal prefix, so only
one of the two values can be used.
-- Christian Huitema
_______________________________________________
nat66 mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/nat66
