On Nov 5, 2009, Masataka Ohta wrote:
One thing that IPv6 NAT has in advantage to IPv4 NAT is that it
can be
stateless, isomorphic, and port transparent [...]
Right.
Wrong.
As I already stated, proper translation of ftp PORT command, for
example, need stateful tracking of ftp command sequences.
That's right; address referrals don't work through address translation
in the absence of ALGs or host support for NAT traversal. What was
meant is that the translation of the IP header is stateless, isomorphic,
and port transparent.
Fragmentation reassembly needs another state, because transport
checksum
may be located in second fragment.
No. IPv6 NAT includes checksum offset compensation and hence does not
change the checksum.
And, IPv6 NAT can not be transparent to IPSEC.
Nobody claimed that IPv6 NAT was transparent to IPsec. But as you
mention it: Of course, IPv6 NAT can be transparent to IPsec. It
depends on whether the IP addresses in the (outermost) IP header are
covered by the protection.
- Christian
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf