You can host stuff on your network that is accessible outside of it without port forwarding.
You can have zero configuration address discovery in a way that is simpler than IPv4.
You don’t need to worry about what happens when you get to over 200 devices on your local network (not unheard of in at home networks when you start adding IoT devices.
You can have stable addresses across ISPs if you bring your own prefix or use a tunnel.
You save money by not renting IPv4 addresses.
You don’t get as easily blacklisted for email delivery since you dot. Share a /24 with a bunch of spammers.
This is before you get into P2P networking without having to rely on a third party relay.
> You can host stuff on your network that is accessible outside of it without port forwarding
Why is this an advantage? As in, what's the downside to having to port forward?
Because port forwarding is done in addition to firewall rules. So it is extra work. And because a lot of devices can’t do UPnP. And because port forwarding at a “large” scale is not good. There are only so many ports.
> So it is extra work
It really isn't, it's the same declaration in your config, and then your automation makes your devices make it happen.
Depends on what you are using for your router and your firewall. Not everything runs on an Asus router from Best Buy.
My fortigate clusters do both natting and session based firewalls. I configure them via a pull request into git which is approved by a second person and applies the config automatically.
I assume that Palo Alto have similar APIs.
My routers don't do anything at layer 4, the fortigates advertise default routes via BGP into the core switches, which route everything.
Now of course you need to make sure that your traffic going out of one firewall comes back via the same firewall, that's trivial to handle though, and is required for session based firewalling.
Plesae don't tell me that "ipv6 is better" because you are still logging into network devices and making changes like its 1999?
You can set up p2p connections using a server only to do connection setup/firewall punching instead of relaying all traffic (e.g. for voice/video calling or hosting a game). You can also have more than 1 computer using the same port on a network.
I get most of your points but from experience it just doesn't work out very well. For example I get a different /64 (or was it /60?) prefix every day from my ISP. I complained about it and the reply was that they don't offer a stable prefix for non-business customer. Your point with email is something I didn't experience. I could never get email on ipv6 only to work because the mailservers I wanted to send mail to were ipv4 only...
That is very unfortunate and where pressuring the ISP becomes necessary for a bit. You can always route your IPv6 traffic through a relay of your choice to get a stable prefix but I 100% agree that it isn’t fun.
> You can have zero configuration address discovery in a way that is simpler than IPv4.
SLAAC is great, unless you want to be able to be able to register devices ex. so you can add them to DNS, at which point it becomes a liability.
> You can have stable addresses across ISPs if you bring your own prefix or use a tunnel.
I do really like that, yes. Being able to do a VPN and not worry about colliding with other RFC 1918 users is great.
> You don’t get as easily blacklisted for email delivery since you dot. Share a /24 with a bunch of spammers.
Anyone doing blacklisting by IP just blacklists subnets or ASs, so I really doubt that this is better.