Re: ingress filteing problem

[Brian E Carpenter <brc@zurich.ibm.com>]

marcelo bagnulo wrote:
> 
> > > By "NAT" I trust we mean reversible NAT... this WG is not about to
> > > suggest traditional NAT for IPv6, I don't think. Solutions that
> > rewrite
> > > the locator(s) and then set them back to their original value before
> > > final processing at the destination will not break IPSEC and will not
> > > require any transport checksums to be recalculated.
> >
> > What you describe here is "rewrite at both ends", which supposes that
> > both ends are somehow upgraded. My contention is that the solution to
> > ingress filtering should be "single site", i.e., not force any special
> > processing on the other end, which may well be running a non-updated
> > IPv6 network.
> 
> Yes, additionally, a solutions that supports "old" IPv6 hosts (i.e. without
> any specific multihoming support) within the multihomed site would be
> preffered, i guess, since it doesn't impose a flag day in the multihomed
> site when all the internal hosts have to be upgraded.
> 
> So backward compatibility on external hosts (and sites) and also in internal
> hosts

Of course I agree that the solution should not make things *worse*
than today for non-multihoming-aware sites. But the ingress filtering
problem that Christian describes surely exists today on such sites,
which have no mechanism for choosing the appropriate exit router.

   Brian