You can see the easiest one will be SLAAC since you don't have to set up anything but IPv6, but you should be able to see that you can't SLAAC someone a single address. So one possibility is they use DHCP to do it -- DHCP on v6 is pretty similar to IPv4, and can give out single addresses. Another possibility is something called route-filtering. But these are both more complex than SLAAC, so it begs the question why would the sysadmin do something more complex when something easier is (well) easier?
In addition to move your packets around, the ISP needs to know about you moving those packets around, and this typically feeds into accounting and compliance.
One way ISPs do accounting is by monitoring traffic on a link level: This usually involves setting up some database to poll the networking hardware periodically, for example using SNMP polling: https://www.ibm.com/docs/en/networkmanager/4.2.0?topic=mecha... -- this information is then sent to the departments that need usage information.
Another way, is kindof lame, is to do it by assignment: Instead of monitoring the traffic you generate, they arrange for their DHCP-v6 server to trigger an event, for example using SNMP traps or more frequently, by reading the syslog output for ip addresses.
Not knowing anything about Poland except I like your food, but knowing how sysadmins are: my guess is that the move from IPv4 to IPv6 was motivated by trying to reuse some of this accounting/compliance (or configuration) infrastructure the ISP had to build for their IPV4 network. And if all your ISPs do it, well, maybe it's because they all used to be one ISP or the sysadmin-club in Poland is pretty small.
All that being said, something I have seen a few ISPs do in rural UK is interesting: They give you a router which does the NAT locally-- it used SLAAC to establish IPv6 and then it's running a link-local address for me. The effect is the same, but doing NAT carrier-side (or any other kind of connection tracking) is expensive, and more-so for IPv6 (all the addresses are bigger), so even if they gave you a single address, your ISP might not NAT'ing you in their network, but instead gave you a box that NAT's you by default. And if you have (root) access to your router, you can check if this is the case, otherwise you can buy your own router and see if you can swap it. The reason one company gave me for this is that it simplifies support and that "you know what you're doing anyway" so unless you know that you're being NAT'd inside their network, you should check because you might not be.
With IPv6, it is typical (though not guaranteed) that you will be allocated an entire range of IPs rather than a single one. This then allows you to assign a unique, publicly routable address to every device on your local network.
I’m not sure if consumer hardware commonly supports this, or if it does what kind of firewalling they might do, so I have some slight doubt that IPv6 actually makes the problem Bore solves go away. I probably wouldn’t want every device on my network publicly routable even if it were possible — so even without NAT/port forwarding, there’s still a firewall to configure.
All of my desktops and servers and laptops each have their own firewall, and this is good enough to protect against naughty programs who bind to INADDR_ANY instead of ::1 or a uds. I don't need to waste memory and latency on the router doing connection tracking that doesn't buy anything.
> I’m not sure if consumer hardware commonly supports this,
I have not run across consumer hardware that doesn't. I just tried a bunch of netgear, asus, and tplink kit and it was all fine. I've only run into a few ISPs that it didn't work with, and in every case a phone call was able to sort things out (because it had nothing to do with the consumer equipment). I suspect strongly that almost all consumer hardware commonly supports this.
Get different light bulbs; My light bulbs require a password and route-filter. If yours don't, your firewall isn't protecting you if your computer can reach them because someone can just send you and iframe that pokes your light bulbs.
It does make the problem go away. You no longer need to traverse NAT which is what things like Bore and STUN/TURN/ICE do. With IPv6 every device has a public address you don’t really get a choice. Even for IPv4 NAT was an accident and it doesn't protect you from anything, the firewall via contrack does and the firewall still exists in IPv6. If Bore was just “firewall configuration for lazy people” then there are ways that don’t involve a remote server. You can just speak UPnP for instance.
> so even without NAT/port forwarding, there’s still a firewall to configure.
Yes, this is what I've noticed with consumer, ISP-provided routers in France. I think it's a rather good thing, although those same routers usually come with UPnP turned on...
It's a consumer router if you can buy it. If only your ISP buys it and they give to you, it isn't a "consumer router".
This has nothing to do with the router and more to do with your ISP. I had a UK provider which did that, but it was easy to swap their router (I did have to give them a call though). Here in Portugal the ISP-provided router was fine, so I am happy to use it.
