Also you made the life better of people who have DS lite. They only get a public IPv6 and all their IPv4 traffic goes through a CGNAT.
https://cr.yp.to/djbdns/ipv6mess.html
Yes, it is old, many examples are outdated, but the main points still hold. Decades later his suggestions for making IPv6 succeed are still not implemented.
2. Most websites assume that 1 IPv4 address==1 household, so you'll often run into rate limits. Or even worse, you might be blocked entirely if your CGNAT neighbours are spammers or otherwise breaking website rules.
Yeah, I just mentioned that because P2P networking is used a lot more than most people think these days, since even things like Zoom that look like typical client–server web browsing actually use P2P networking internally.
> It was suggested that a website operator deploying IPv6 would somehow improve the end user experience by virtue of avoiding CGNAT and I was questioning that.
Reliability and latency will be marginally better with IPv6 than with CGNAT, but this is so minor that I doubt that most people will notice this. And many CGNATs will RST connections that last too long, but most protocols have some sort of automatic retry/reconnect built in, so this shouldn't cause issues very often either.
IPv6 addresses are quite a bit cheaper than IPv4 addresses in most clouds, but since most servers still need to support IPv4, this doesn't help you directly. Supporting IPv6 means that others using the cheaper IPv6-only cloud services will be able to connect to your server, but this doesn't matter for consumer-only services.
So yeah, you're probably right that enabling IPv6 server-side won't have (m)any benefits.
> I do of course appreciate that going via CGNAT to a clueless operator that eagerly adds IPv4 bans can be problematic but that's more a question of why you as a consumer might want IPv6 connectivity not why a service provider would want to deploy it.
Being able to ban IP addresses without worrying about collateral damage is a pretty big benefit to the service provider though, for certain applications at least.
Non-legacy, newly formed ISPs have to spend a lot of money on either buying or leasing IPv4 address space, and even then if they grow they probably won't be able to keep up, and so have to deploy 100.64.0.0/10 to the WAN interface of CPEs and then buy a bunch of CG-NAT hardware.
The problems are on not entirely visible at the end-user side of things because of the Herculean efforts by ISPs.
IPv4-only services are thus externalizing the costs of connectivity to ISPs (especially newly formed ones).
Isn't that literally their raison d'être? Point taken that in aggregate it increases the costs of network operators but still that's got nothing to do with an individual instance of an individual user visiting an individual website.
2) if cg nat is as popular as people claim then they won’t be doing that as it’s not an edge case
I prefer to run scrapers behind CGNAT because websites can't ban it without causing collateral damage, which matters more to some than to others. The website probably has to put up a captcha. Which hurts its human traffic. Think about how much more traffic you could have if you didn't show everyone a captcha, and you might see that you should also be in favour of IPv6.
Your CPE is probably running UPnP IGD and/or PCP for hole punching of P2P services, and IGD/PCP can hole punch just as easily for IPv6.
> 2) if cg nat is as popular as people claim then they won’t be doing that as it’s not an edge case
It's not whether CG-NAT is an edge case or not, it's whether there are things that are completely impossible with it or not. Want to play with your friends on your Xbox/PS? Too bad, CG-NAT makes it completely impossible.
Why should we be happy with a technology that makes certain use cases impossible? On what planet is that a good thing?
Stateful firewalls and even regular NAT aren't much of an issue for P2P, but CGNAT is much more problematic [0].
> 2) if cg nat is as popular as people claim then they won’t be doing that as it’s not an edge case
You'd hope, but people tend to be pretty slow to update their networking assumptions, so this is still pretty common. And it doesn't help that most CGNAT users tend to be either from poorer, since poorer countries and mobile data providers are far more likely to use CGNAT than legacy North American ISPs.
My ISP doesn't do CGNAT in FTTH deployments, but I'm paying extra for a static IPv4 allocation anyway since I was increasingly getting hit with captchas every time my IPv4 rotated to flagged IPs that were trashed by my fellow subscribers with poor infosec practices - i.e. 99.9% of residential subscribers.
Once I got a static allocation, captchas are getting easy to pass.
Mobile carriers use it almost exclusively, which is already a huge chunk of the internet, and newer ISPs are switching to it too.
> I'm supporting both because I heard it's good to support both, but I'm not sure what the actual benefit is.
The benefit is that you allow IPv4-only and IPv6-only clients to connect.
Some applications will still fail to work though unless you also have 46 nat on your device which still doesn’t work transparently on majority of types of device.
You also need all devices on your lan to support v6 natively, and v6 only. From your printer to your speaker.
You might be able to do something with mdns and nat64 to get them working on an IPv4 only subnet. But you’re talking layers and layers of complexity for things which just have to work.
I’m posting this from my phone on my IPv6 only subnet, not sure if it’s using a 64 gateway or 6 native to HN, but it’s possible.
From the user side IPv6 is great for me. My ISP is using CGNAT and would bill me ten pounds a month for a static IPv4 address but I automatically get a vast block of IPv6. I'm using that block to allow me to VPN back home when out and about, and if I wanted to I could also host services from devices on my home network without needing any NAT nonsense, I can just open access to the relevant device on the router. (Because this is a world where not everywhere supports IPv6 yet if I'm on an IPv4 only network the VPN endpoint is a dedicated server I rent which forwards the relevant port back to my home router over IPv6)
Chances are they also skimping on other areas including over subscription. Choose a better isp if you want a better service.
Your “just open traffic to internal host 1 on your firewall is the same no matter if it has nat or not, unless you are using a non stateful firewall? Or perhaps your configuration layer splits the two for reasons.
The great news is those vulnerability scans from random IPs are coming just on ipv4, there hasn't been any yet on ipv6 :)