Christian Vogt wrote:
What was
meant is that the translation of the IP header is stateless, isomorphic,
and port transparent.
Note that transport checksum must also be translated. See below.
Fragmentation reassembly needs another state, because transport
checksum
may be located in second fragment.
No. IPv6 NAT includes checksum offset compensation
I'm not talking about the amount of value to be offset but the
location of transport checksum.
The location of transport checksum can be known only by traversing
all the extension headers from the beginning of a (unfragmented)
packet.
So, the second and latter fragments of the packet may or may not
contain transport checksum to be offset, which means IPv6 NAT must
first reassemble fragmentation.
and hence does not change the checksum.
I'm not sure what you mean hear, after you mention "compensation".
And, IPv6 NAT can not be transparent to IPSEC.
Nobody claimed that IPv6 NAT was transparent to IPsec. But as you
mention it: Of course, IPv6 NAT can be transparent to IPsec. It
depends on whether the IP addresses in the (outermost) IP header are
covered by the protection.
IPv6 specification requires IPSEC, which means outer most IPv6 must
also support IPSEC.
Feel free to laugh at stupid specification.
Masataka Ohta
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf