On Nov 5, 2009, Masataka Ohta wrote: >>> One thing that IPv6 NAT has in advantage to IPv4 NAT is that it >>> can be >>> stateless, isomorphic, and port transparent [...] >> >> Right. > > Wrong. > > As I already stated, proper translation of ftp PORT command, for > example, need stateful tracking of ftp command sequences. That's right; address referrals don't work through address translation in the absence of ALGs or host support for NAT traversal. What was meant is that the translation of the IP header is stateless, isomorphic, and port transparent. > Fragmentation reassembly needs another state, because transport > checksum > may be located in second fragment. No. IPv6 NAT includes checksum offset compensation and hence does not change the checksum. > And, IPv6 NAT can not be transparent to IPSEC. Nobody claimed that IPv6 NAT was transparent to IPsec. But as you mention it: Of course, IPv6 NAT can be transparent to IPsec. It depends on whether the IP addresses in the (outermost) IP header are covered by the protection. - Christian _______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf