[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: (NAT) Re: Interactions between IPSEC and NAT
I think IPSEC has it right, and Perry gave us the bottom line many
messages ago.
I am talking to my friend Ray at X and I encrypt my packet which is the
checksum and all stuff. IPSEC gives me the hope that NO ONE else can
see the data including my ISP or routers or NAT boxes I don't even know,
between me and Ray. I like the idea of not being violated on the
Internet.
I have already figured out to avoid NAT in most cases with IPv6 and now
working on an NNAT for IPv4 if I can find someone who wants to do the
writing? At first I thought DHCPv4 could not do NNAT but now I think it
can though it does not have the Reconfigure msg of DHCPv6 I think we can
do it with Multicast packets. The other option is to use DHCPv6 for
IPv4 nodes too, which is possible.
For those that want IPSEC, but need a temporary address like NAT does,
the goal is to just avoid using NAT and I think this is very doable.
I am not saying that NAT cannot still be used cause it will at least
until IPv6 is pervasive, but I think we (engineers) are trying to solve
this problem in the wrong way. We should be working on solutions to
avoid NAT when it is not an optimal way to do "business" on the Internet.
Do we discuss such notions here or do we need to have an Avoidance of
NAT BOF and eventual Working Group at the L.A. IETF?
Changing IPSEC for NAT is a bad engineering idea IMO.
/jim
Follow-Ups:
References: