On Mon, 1 Dec 2008 19:07:35 -0800 Christian Huitema <huitema@xxxxxxxxxxxxxxxxxxxxx> wrote: > GSE/8+8 also does not achieve topology hiding, not if the mapping > between internal and external /64 is a one-one. Of course, you could > smash multiple internal subnets to a single /64 external view, but > then you would probably need a new duplicate address detection > algorithm to avoid conflicts, not to mention recognize cases of a > single host using the same host ID on multiple subnets. I'm not sure I believe in the need for topology hiding. But if I did, on v6 I'd just allocate a separate subnet or group of subnets for external access. If really necessary, have such hosts set up IP over IP or L2TP tunnels to a concentrator; that will make this external access net look flat. > Of course, Iljitsch points an interesting issue. If NAT66 behaves > exactly like, say, NAT 64, then why would the organization bother to > use IPv6 rather than sticking with net 10? Services like Microsoft DirectAccess? --Steve Bellovin, http://www.cs.columbia.edu/~smb _______________________________________________ Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf