[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Middleboxes [Was: Flow label versus Extension header - protocol itself]



Iljitsch van Beijnum wrote:
On 9-mei-2005, at 14:44, Brian E Carpenter wrote:

So unless having potential middlebox implementation compatibility is a great hardship we shouldn't break it.


But I think it will be a great hardship, simply because of IPSEC.


Wouldn't IPsec be just another higher layer protocol to the shim?

Since the address fields are restored to their original state, even AH should work.

Unless Marcelo's DHCP suggestion works, I don't see how a middlebox could ensure that the address fields get restored.


To restore the fields the unmodified host needs to use a ULID which is part of the HBA/CGA set that the middlebox is holding on behalf of the host.

So unless we come up with how a middlebox and DHCP can conspire to make the ULID be restored for the important cases, then the best thing a middlebox shim6 implementation can do is 1-1 IPv6 NAT. No need to touch the transport protocols/port numbers, but the IP address rewrite would mess up at least AH and ESP transport mode, and have other NAT implications.

   Erik