On Mon, 1 Dec 2008 19:07:35 -0800
Christian Huitema <huitema(_at_)windows(_dot_)microsoft(_dot_)com> wrote:
GSE/8+8 also does not achieve topology hiding, not if the mapping
between internal and external /64 is a one-one. Of course, you could
smash multiple internal subnets to a single /64 external view, but
then you would probably need a new duplicate address detection
algorithm to avoid conflicts, not to mention recognize cases of a
single host using the same host ID on multiple subnets.
I'm not sure I believe in the need for topology hiding. But if I did,
on v6 I'd just allocate a separate subnet or group of subnets for
external access. If really necessary, have such hosts set up IP over
IP or L2TP tunnels to a concentrator; that will make this external
access net look flat.
Of course, Iljitsch points an interesting issue. If NAT66 behaves
exactly like, say, NAT 64, then why would the organization bother to
use IPv6 rather than sticking with net 10?
Services like Microsoft DirectAccess?
--Steve Bellovin, http://www.cs.columbia.edu/~smb
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf