for each host, the above story may make sense. however, for a operator
of a given site (like sun.com) there will be IPv4-only nodes, IPv6-only
nodes (with SIIT support) and IPv4/v6 dual stack nodes. if we are
to add the above sentences somewhere and leave IPv4 mapped address
on wire be legal, it will be unmanageable.
I do not see why it would add any extra unmanageable complexity. The only place where extra caution would be needed would be the firewalls, and those one anyway need to be rethink to understand Ipv6 in Ipv4 tunnels better.so tell me - assuming that there are mixture of IPv4/v6 dual stack nodes and IPv6-only nodes in your site. when IPv4 traffic comes in to your firewall box, how a firewall can decide if it should let the traffic go through as is, or to translate it in SIIT way?
If it is v4 traffic, the firewall applies v4 sanity checks. The SIIT box does not need to be collocated with the firewall. Inbound packets that need translation (at least in NAT64) have an IPv4 dst address of one of the NAT64/SIIT gateways. They are easily identifiable by the firewalls if necessary. \What is the problem?
SIIT/NAT64 is not RSIP. It does not negotiate anything with the NAT boxSIIT/NAT64 are RSIP for IPv4 and IPv6 - end node knows what needs toActually, I think that a solution like this one (SIIT+NAT64) would enable me to deploy an Ipv6 only island in my network with reasonable chances to make it work (that is, no worse than today's NAT)
be done at NAT box, and end node must act like IPv4 box (see RFC2765
page 6 for very strange description - it asks IPv6-only node to compute
IPv4 AH checksum). i don't think they are workable even in IPv6-only
cloud.