It's good to support it to resolve the chicken egg problem. If no service supports it, there is no sense in deploying it to the customers and the other way around.
Also you made the life better of people who have DS lite. They only get a public IPv6 and all their IPv4 traffic goes through a CGNAT.
For people like me: DS Lite stands for "IPv6 dual-stack lite". My mind went directly to Nintendo and I was confused.
Unfortunately, individual actions would never be enough to solve the IPv6 chicken and egg problem. See djb's "IPv6 mess" article:
https://cr.yp.to/djbdns/ipv6mess.html
Yes, it is old, many examples are outdated, but the main points still hold. Decades later his suggestions for making IPv6 succeed are still not implemented.
This stuff is obvious now, but I think back then this was probably quite clever.
It's not a lot but it's better to be part of the solution than the problem even if it is an insignificant contribution.
Which is which?
For client server web browsing what's the downside of CGNAT? I'd understand if we were talking about self hosting a service from home but for typical consumer usage?
1. Peer-to-peer networking won't usually work correctly. And quite a bit of software uses P2P networking these days---BitTorrent, Zoom/Teams (via WebRTC), Tailscale, PlayStation/Xbox multiplayer, etc. Most of these services have automatic fallbacks when P2P networking doesn't work, but these fallbacks are usually slower and less reliable.
2. Most websites assume that 1 IPv4 address==1 household, so you'll often run into rate limits. Or even worse, you might be blocked entirely if your CGNAT neighbours are spammers or otherwise breaking website rules.
While true, neither of those are relevant in context (and I even explicitly acknowledged your first bullet in my comment above). It was suggested that a website operator deploying IPv6 would somehow improve the end user experience by virtue of avoiding CGNAT and I was questioning that. I do of course appreciate that going via CGNAT to a clueless operator that eagerly adds IPv4 bans can be problematic but that's more a question of why you as a consumer might want IPv6 connectivity not why a service provider would want to deploy it.
> While true, neither of those are relevant in context (and I even explicitly acknowledged your first bullet in my comment above).
Yeah, I just mentioned that because P2P networking is used a lot more than most people think these days, since even things like Zoom that look like typical client–server web browsing actually use P2P networking internally.
> It was suggested that a website operator deploying IPv6 would somehow improve the end user experience by virtue of avoiding CGNAT and I was questioning that.
Reliability and latency will be marginally better with IPv6 than with CGNAT, but this is so minor that I doubt that most people will notice this. And many CGNATs will RST connections that last too long, but most protocols have some sort of automatic retry/reconnect built in, so this shouldn't cause issues very often either.
IPv6 addresses are quite a bit cheaper than IPv4 addresses in most clouds, but since most servers still need to support IPv4, this doesn't help you directly. Supporting IPv6 means that others using the cheaper IPv6-only cloud services will be able to connect to your server, but this doesn't matter for consumer-only services.
So yeah, you're probably right that enabling IPv6 server-side won't have (m)any benefits.
> I do of course appreciate that going via CGNAT to a clueless operator that eagerly adds IPv4 bans can be problematic but that's more a question of why you as a consumer might want IPv6 connectivity not why a service provider would want to deploy it.
Being able to ban IP addresses without worrying about collateral damage is a pretty big benefit to the service provider though, for certain applications at least.
If you're using a cloud you'll probably find it useful to have ipv6 on every server and ipv4 only on the front end gateway
> It was suggested that a website operator deploying IPv6 would somehow improve the end user experience by virtue of avoiding CGNAT and I was questioning that.
Non-legacy, newly formed ISPs have to spend a lot of money on either buying or leasing IPv4 address space, and even then if they grow they probably won't be able to keep up, and so have to deploy 100.64.0.0/10 to the WAN interface of CPEs and then buy a bunch of CG-NAT hardware.
The problems are on not entirely visible at the end-user side of things because of the Herculean efforts by ISPs.
IPv4-only services are thus externalizing the costs of connectivity to ISPs (especially newly formed ones).
> externalizing the costs of connectivity to ISPs
Isn't that literally their raison d'être? Point taken that in aggregate it increases the costs of network operators but still that's got nothing to do with an individual instance of an individual user visiting an individual website.
1) my stateful firewall is going to break most of that anyway
2) if cg nat is as popular as people claim then they won’t be doing that as it’s not an edge case
P2P protocols don't have much problem opening up a stateful firewall connection as you just have to send one packet out to open a known address and port.
I prefer to run scrapers behind CGNAT because websites can't ban it without causing collateral damage, which matters more to some than to others. The website probably has to put up a captcha. Which hurts its human traffic. Think about how much more traffic you could have if you didn't show everyone a captcha, and you might see that you should also be in favour of IPv6.
> 1) my stateful firewall is going to break most of that anyway
Your CPE is probably running UPnP IGD and/or PCP for hole punching of P2P services, and IGD/PCP can hole punch just as easily for IPv6.
> 2) if cg nat is as popular as people claim then they won’t be doing that as it’s not an edge case
It's not whether CG-NAT is an edge case or not, it's whether there are things that are completely impossible with it or not. Want to play with your friends on your Xbox/PS? Too bad, CG-NAT makes it completely impossible.
Why should we be happy with a technology that makes certain use cases impossible? On what planet is that a good thing?
> 1) my stateful firewall is going to break most of that anyway
Stateful firewalls and even regular NAT aren't much of an issue for P2P, but CGNAT is much more problematic [0].
> 2) if cg nat is as popular as people claim then they won’t be doing that as it’s not an edge case
You'd hope, but people tend to be pretty slow to update their networking assumptions, so this is still pretty common. And it doesn't help that most CGNAT users tend to be either from poorer, since poorer countries and mobile data providers are far more likely to use CGNAT than legacy North American ISPs.
[0]: https://tailscale.com/blog/how-nat-traversal-works
> people tend to be pretty slow to update their networking assumptions, so this is still pretty common.
My ISP doesn't do CGNAT in FTTH deployments, but I'm paying extra for a static IPv4 allocation anyway since I was increasingly getting hit with captchas every time my IPv4 rotated to flagged IPs that were trashed by my fellow subscribers with poor infosec practices - i.e. 99.9% of residential subscribers.
Once I got a static allocation, captchas are getting easy to pass.