> In my vision the /48s being given out as "PI" today can be used for the > ID portion, while every transit will give a "location" /48 to the site > that needs it. Over the DFZ the src/dst will be in DFZ/location style, > but when it arrives at the endsite it will be in PI mode again. NAT > (that evil thing) is useful and when you do it twice you actually still > have the same packet and have achieved a tunnel without the overhead of > it. The signaling of what to use is the tricky part though. > I think that dual NAT can be used in a somewhat benign way. If it's done by bilateral agreement between networks with globally unique prefixes, and the mappings at each end are symmetrical, it seems like it's basically equivalent to a tunnel with a kind of header compression and without the PMTU reduction issues. And if the addresses used at the host are unique, it gets rid of many of the problems caused by overlapping use of RFC 1918 addresses in IPv4. There's still some issues related to traceability of traffic over the network, but maybe those are manageable. _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf