Last Call Review of draft-ietf-v6ops-incremental-cgn-
review-ietf-v6ops-incremental-cgn-secdir-lc-kivinen-2010-12-03-00

I have reviewed this document as part of the security directorate's 
ongoing effort to review all IETF documents being processed by the 
IESG.  These comments were written primarily for the benefit of the 
security area directors.  Document editors and WG chairs should treat 
these comments just like any other last call comments.

This document describes how to use Carrier Grade NAT with IPv6 over
IPv4 tunneling feature to provide incremental Carrier Grade NAT
approach. It seems to mostly describe overall architecture, leaving
specific protocols out (or listing multiple protocols). As such this
is not really anything that can be implemented, but might provide
information when someone selects the suitable protocols for different
pieces, and what kind of features to include in different devices.

The security consideration section refers to RFC2663 and RFC2993 for
NAT security issues. The tunnel security issues are considered
relatevely simple as the tunnel is entirely within a single ISP
network. 

One nit:

In section 2:

                                    ISPs facing only one pressure out of 
   two could adopt either CGN (for shortage of IPv6 addresses) or 6rd 
   (to provide IPv6 connectivity services). 

I do not think there is shortage of IPv6 addresses... I assume it is
meaning shortage of IPv4 addresses.
-- 
kivinen at iki.fi