Re: NAT traversal and its relation to IPv6 [RE: Comments on draft -tsirtsis-dsmip-problem-01.txt]

[Alexandru Petrescu <petrescu@nal.motlabs.com>]

Marc Blanchet wrote:
> to add to this conversation, tunnel broker with tsp does manage 
> v*-in-v* with security (aaa). if the outer v* address change (i.e. v4
>  address change for v6 over v4 tunnels), then the tunnel is 
> automatically re-established with the broker: "mobility feature". the
>  ipsec need can be handled on the appropriate IP version.

The idea to join the Security Gateway into the HA, or the tunnel broker
into the HA can not stand, because the HA performs proxy ND for HoA of
MH when MH is not at home.

The Security Gateway/tunnel brokers is something that lies in the
perimeter buffer secure zone ('DMZ'), while an HA is most of the time
the router towards a link, most often a leaf link.

Alex
GBU