[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Middleboxes [Was: Flow label versus Extension header - protocol itself]
Jeroen Massar wrote:
IMHO shim6 being able to be done in middleboxes is actually a
requirement if you really think this will every be deployed at all. With
shim6 in the 'middleboxes' one can let the egress/ingress routers or the
firewalls on the boundaries of the site do the shim6. This allows you to
not touch the hosts at all and you will only have to configure those
boxes and not all the boxes in your network. Which gives all the
advantages of NAT, at least the ones that people perceive to have now.
I've thought of shim6 middleboxes on and off, and it seems like the best
we can do is that they become a 1-1 IPv6 NAT (which speaks non-shim6 to
the host, and shim6 on the other side).
It seems hard to do much better.
One of the issues is that in order to do better the host needs to know
its HBA/CGA address sets. Autoconfiguring the addresses using existing
mechanisms will not produce a HBA/CGA address set. So either the host
has to be modified to implement that address generation (in which case
it can presumably implement all of shim6), or the host has to be
manually configured with the HBA/CGA address set, and the middlebox
takes care of doing the shim6 signaling on the host's behalf.
Does anybody think we can do better?
Of course, exactly if you put this in the endhost itself or in some
middlebox should be left open to the person configuring the network.