Christian;
But that architecture (hosts having multiple addresses
representing a site's multiple aggregation prefixes and
selecting among them) requires some method of identifying
hosts when they switch from one address to another
mid-connection. I would assume that what people have in
mind for this are the mobility mechanisms? (The alternative
is 8+8 or some variant, which I understand to be contentious
enough that it is a defacto non-starter.)
8+8 is not strictly necessary here unless you use locally scoped
addresses. As you can see, DNS reverse and, then, forward look
up is working fine for IPv4 hosts to know all the addresses of
other hosts with weak security.
Mobility, which does not work when home is unreachable, is no rubust
and, as is often the case with a psuedo multihoming proposal, does
not satisfy people needing multihoming. To make mobility rubust,
it is, instead, necessary to make mobile hosts multihomed.
The rubbing point is that identifying is not quite enough -- you need
"secure identifying" in order to avoid connection hijacking, probably
through some variation of IPSEC. Which brings us back to NATs not being
terribly helpful...
Wrong.
Use of complex and time consuming mechanisms such as IPSEC makes the
system insecure vulnerable to DoS attacks.
To avoid connection hijacking, cookies, such as TCP port and sequence
numbers, is enough, if they are long enough.
You may use optional IPSEC over it for extra security (it is more
secure primarily because IPSEC keys are long cookies), but you
don't need it.
Masataka Ohta