Christian Vogt wrote: > What was > meant is that the translation of the IP header is stateless, isomorphic, > and port transparent. Note that transport checksum must also be translated. See below. >>Fragmentation reassembly needs another state, because transport >>checksum >>may be located in second fragment. > No. IPv6 NAT includes checksum offset compensation I'm not talking about the amount of value to be offset but the location of transport checksum. The location of transport checksum can be known only by traversing all the extension headers from the beginning of a (unfragmented) packet. So, the second and latter fragments of the packet may or may not contain transport checksum to be offset, which means IPv6 NAT must first reassemble fragmentation. > and hence does not change the checksum. I'm not sure what you mean hear, after you mention "compensation". >>And, IPv6 NAT can not be transparent to IPSEC. > Nobody claimed that IPv6 NAT was transparent to IPsec. But as you > mention it: Of course, IPv6 NAT can be transparent to IPsec. It > depends on whether the IP addresses in the (outermost) IP header are > covered by the protection. IPv6 specification requires IPSEC, which means outer most IPv6 must also support IPSEC. Feel free to laugh at stupid specification. Masataka Ohta _______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf