(CG)NAT can been a real cost to ISPs, especially smaller ones:
> Our [American Indian] tribal network started out IPv6, but soon learned we had to somehow support IPv4 only traffic. It took almost 11 months in order to get a small amount of IPv4 addresses allocated for this use. In fact there were only enough addresses to cover maybe 1% of population. So we were forced to create a very expensive proxy/translation server in order to support this traffic.
> We learned a very expensive lesson. 71% of the IPv4 traffic we were supporting was from ROKU devices. 9% coming from DishNetwork & DirectTV satellite tuners, 11% from HomeSecurity cameras and systems, and remaining 9% we replaced extremely outdated Point of Sale(POS) equipment. So we cut ROKU some slack three years ago by spending a little over $300k just to support their devices.
This sounds like incompetence. You can procure IPv4 addresses in days as a monthly rental (go speak to Cogent etc), or even buy outright with little delay. Going rate is currently $34/address at the /24 level and cheaper for larger blocks.
This sounds like a great sob story but it's more like "people who aren't competent to run an ISP attempted to cut corners and encountered the inevitable consequences".
> "people who aren't competent to run an ISP attempted
Or it was people who weren't going to be served by commercial companies tried to help their community as best they could on a shoestring budget, with minimal funding, in a non-profit fashion.
Any network engineer worth their salt knows that ivp6-only connectivity is going to be flaky, which is why basically nobody does ivp6-only. Even bottom-of-the-barrel VPS providers selling ipv6-only servers for $15/year provides CGNAT for ivp4. An ISP charging presumably an order of magnitude more should be expected to be more competent than that.
The fact that they did try to go ipv6-only (ie. "cutting corners") shows that the people involved were blamed were incompetent.
Although some of the earlier adopters of IPv6 are the biggest ISPs, as their networks are so big that IPv6 actually simplifies their network management. In the US, Comcast was an early adopter and globally the mobile networks have been as well.
It really isn't. As the parent commenter mentioned, most of the ipv4 traffic comes from non-ISPs, which makes sense given that basically nobody uses p2p given how much of a pain NAT traversal is. Maybe there's a point that ISPs are the last holdouts, we're nowhere close to that yet.
It's really fun when your ISP starts using CG-NAT as a security feature in marketing. You ask them for a static IP and they have you sign an agreement that you won't be getting the BENEFITS of their CUSTOMER FIREWALL. Yeah ok, so if that's the language around this then we're just screwed aren't we? And you also can't tell me when you're planning to support IPv6 of course.
>they have you sign an agreement that you won't be getting the BENEFITS of their CUSTOMER FIREWALL
Sounds like the legal department didn't want them to get sued for "negligence" or whatever when some customer exposes their windows server 2008 installation to the internet and promptly gets hacked.
Eh? CGNAT is purely a cost saving measure. I have no idea who would try and run a pure IPv6 network for (i assume given Roku etc) home use and then get mad that some stuff doesn't support IPv4.
The 71% is almost certainly because Roku consumes a lot more bandwidth doing video streaming than the other services. Even if Roku did support it I'm sure the users wouldn't be happy that xx% of the web was unreachable.
Typically if you want to indicate that somebody is an immigrant in the US, you put the country of origin in the front. British-American or European-American would be ok I guess.
I guess an American-British would be somebody who immigrated to GB from the US in that convention, but actually I’m not sure what convention they use over there.
Anyway in this case they aren’t talking about anybody who’s immigrated at all so it is pretty much unrelated.
The nationality of ancestors is not very relevant to most Europeans, mostly because we're the native people of the continent.
People with multiple nationalities or who grew up in a different country than their nationality very often describe themselves in terms of a single nationality, often the place they spent most of their childhood. "I'm Argentinian" "Oh, was it difficult to get a visa to come here?" "Well, I have an Italian passport because of my mother."
Americans describing themselves as British-American or whatever seems strange to us, since we can recognize typical British people but aren't seeing any of it in the American.
Euro American most likely would be the correct terminology, sort of whatever rolls off the tongue better. A lot of non-Hispanic white Americans are actually not British, but are instead a broad mix of European countries that varies depending on geography (e.g. Louisiana is very French).
Even nailing it down to XYZ country in Europe is a bit of a stretch, as the European genepool isn't the most diverse thing in the world.
Several major ISPs in the US rolled out IPv6 years ago, as did some of the big cell phone companies. US businesses generally have enough IPv4 addresses for their needs (though probably running NAT and considering the issues part of their firewall policy). As such there is an uptick on weekends and most people have no clue what is going on down in the bottom (which is a good thing - the average person shouldn't care about anything below OSI layer 7 - their application).
Even at home, many home wifi routers do not have IPv6 enabled, and there are many in-home devices that still don't support it.
Google's numbers for IPv6 connections used are significantly (about 40%) lower than the percentage of homes and other locations that have IPv6 enabled by their ISP to their location.
My personal benchmark: hotels. I have not seen a _single_ hotel that provides IPv6 on their WiFi. And I made a habit of checking this every time I check in.
And I've seen a hotel that was giving out public IPv4 addresses (in Mountain View, CA).
I've gotten back to the hotel, and I take back this comment. The hotel wifi does not seem to actually route the ipv6 address it assigns.
I bought this laptop at an electronics recycler. It came with a verizon SIM card, with service that's still working. So this ipv6 address is from Verizon, not the hotel.
Exactly. Even if you enable "privacy addresses", you'll be disappointed to find that they only rotate every 24 hours by default, so all your incognito tab browsing can be trivially linked back to you, if they're done in the same day as your regular browsing.
>You already said the word "default". One can simply adjust the rotation time to 600 seconds or even shorter.
1. setting it to short intervals eventually causes issues, because it fills up your router's routing tables and eventually causes it to crash.
2. Having a short rotation period doesn't help because people typically don't time their incognito tab usages to when the privacy IP rotates. Moreover if you have any apps/tabs in the background that are logged in (eg. gmail), it can track your new privacy addresses as they're being rotated. The only way to fix this is to somehow integrate privacy addresses into the browser itself (ie. having separate privacy addresses for regular/incognito browsing), but that doesn't seem like it's going to happen any time soon.
>The control is in _your_ hands. Unlike CGNAT, where the NAT owner is the one making decisions.
You're trying to imply this is a bad thing but it's unclear how the CGNAT owner can sabotage anonymity in this case. You're mixing your browsing with tens or hundreds of other customers. That provides strictly better anonymity compared to privacy addresses that rotate but are shared by every app/tab on a given system.
>setting it to short intervals eventually causes issues, because it fills up your router's routing tables and eventually causes it to crash.
I don't buy this argument at all. The router knows about the /64 prefix only, unless are you talking about the ND cache?
Furthermore, let's say you can fill up your route table somehow. What prevents the same thing from happening to the NAT state tracker?
>Moreover if you have any apps/tabs in the background that are logged in (eg. gmail), it can track your new privacy addresses as they're being rotated.
HTTP cookies are enough for that (tracking sessions). No amount of Layer 3 tricks like CGNAT or IPv6 privacy extension will fix it.
>You're trying to imply this is a bad thing but it's unclear how the CGNAT owner can sabotage anonymity in this case.
I assume you understand CGNAT sessions are logged?
>I don't buy this argument at all. The router knows about the /64 prefix only, unless are you talking about the ND cache?
How does your router know which device to route a specific address? It can't possibly be broadcasting any incoming packet to all devices.
>Furthermore, let's say you can fill up your route table somehow. What prevents the same thing from happening to the NAT state tracker?
NAT has specific logic to handle dead connections. UDP connections typically time out if there's no activity within 2 minutes, and TCP within 10-60 minutes. Under typical usage situations you're unlikely to hit those limits, however consumer routers were known to choke on too many connections, eg. from torrenting. There's no similar mechanism for ipv6 privacy addressees. The closest is a dumb expiration timer (ie. temp_valid_lft), but that means it can only drop addresses without regard for whether it's active or not, causing issues for long lived connections (eg. ssh).
None of these are impossible problems to solve. There's clearly enough computing power on routers to track each and every connection, so it should be possible to implement better tracking of privacy addresses, but that doesn't mean it's happening today. The same applies to browsers using a different address for private browsing. However "it can theoretically be fixed" isn't a valid response to the sad state of ipv6 privacy today. It's entirely reasonable for ivp4 holdouts to refuse ivp6 until these issues are fixed.
>HTTP cookies are enough for that (tracking sessions). No amount of Layer 3 tricks like CGNAT or IPv6 privacy extension will fix it.
This is false. Third party cookie tracking doesn't work on Firefox anymore because they enabled first party isolation by default a few years ago. Chrome is planning to do the same, but regardless users can already opt into it.
>I assume you understand CGNAT sessions are logged?
Irrelevant. If ISPs wants to log your CGNAT sessions, they can also log your ipv6 traffic.
Requiring web services and ISPs to retain detailed logs in perpetuity until IPv6 is universal would be one way to expedite the transition.
But personally I don't think IPv6 is ever going to happen. There's simply too little monetary incentive for supporting it. For outbound connections NAT/CGNAT works fine. For inbound connections you can use SNI routing with a tunnel[0].
> IPv6 allocations are orders of magnitude cheaper and wider than v4 allocations, which are already exhausted.
Which is of no consequence to the incumbents who have enough existing stock to last them forever (with tricks like CGNAT/etc). The cost of IPv4s mostly impacts smaller players and/or new entrants, which works in favor of the incumbent ISPs.
> Which is of no consequence to the incumbents who have enough existing stock to last them forever (with tricks like CGNAT/etc).
And yet, Comcast was one of the first nationwide ISPs to enable residential IPv6 service. Comcast is a Very Large ISP. They also happen to have switched ages ago to an all-IPv6 internal network because they ran out of non-routable IPv4 addresses many times over. I suspect (but do not know) that Comcast's experience with how much easier switching over made operations for them to have been a significant factor in providing IPv6 service to residential (and eventually business) users.
> But personally I don't think IPv6 is ever going to happen.
Weird. I've had "native" IPv6 service continuously since... 2004? 2006? and IPv6 via a 6to4 tunnel that terminated in Hurricane Electric's network since two years before that.
Bonus: I discovered recently that the Zoom teleconferencing software works just fine if you have only IPv6 connectivity.
Is there stuff that's IPv4-only? Sure. But IPv4 doesn't need to be shut down for IPv6 to have happened (and have been happening for a long time now).
It's still growing fairly steadily, but I do feel like the need for it has been diminished. P2P software doesn't really exist for the mainstream anymore. Directly connecting between two end user computers without a server doesn't really happen much like it used to.
CGNAT still causes issues for long lived connections though. Things like SSH will get cut off.
My ISP, Metronet, is mostly CGNAT. That broke some things for me, so I called in and they gave me a "free" static IP to fix it. Except, once per year they start charging me for it and I have to call back, and then they make it free again.
Wait, with OpenDNS you can change settings for everyone on an IP address just by connecting from the that same IP address? That seems horribly insecure.
"CGNAT providers" is like saying "DHCP providers" or "PPPoE providers". I've never heard of a "WSP". What if I send an email on port 25 (not web) via my "WSP"? LOL.
Indeed classic: talking about the form of my comment instead of the content it addresses: that many ISP are incomplete because of CGNAT and do not provide real internet access (ie, being able to receive connections to tcp ports). These incomplete ISP without ability to participate in the internet should not be called ISP because of this lack. Your objection to the term itself is inconsequential. Do you deny the original posts claims? Is this just insult time?
As for incorrect? How so? Perhaps "web service providers" is a bit glib and incomplete too, but it gets to the core of the issue here: ISP not providing internet service and only providing a limited subset. if the 'web' works that's all that really matters for advertising and getting people to pay them. Meanwhile most people aren't even aware of what they're missing and their inability to participate in the internet; but they, and especially their kids', educations are stunted by the lack of being able to participate, etc. And all of society is worse for it.
> Our [American Indian] tribal network started out IPv6, but soon learned we had to somehow support IPv4 only traffic. It took almost 11 months in order to get a small amount of IPv4 addresses allocated for this use. In fact there were only enough addresses to cover maybe 1% of population. So we were forced to create a very expensive proxy/translation server in order to support this traffic.
> We learned a very expensive lesson. 71% of the IPv4 traffic we were supporting was from ROKU devices. 9% coming from DishNetwork & DirectTV satellite tuners, 11% from HomeSecurity cameras and systems, and remaining 9% we replaced extremely outdated Point of Sale(POS) equipment. So we cut ROKU some slack three years ago by spending a little over $300k just to support their devices.
* https://community.roku.com/t5/Features-settings-updates/It-s...
* Discussion: https://news.ycombinator.com/item?id=35047624