[nousermane]

NAT is ramping up on client side. Many home-internet connections are now NATted twice - in CPE, then again in CGN.

On the server side, in contrast, NAT is winding down. 15 years ago, it was common to have either DMZ-style NAT, or on AWS you had to have NAT (they call it EIP). Nowadays, having a CDN or could-native load-balancer in front of your server is increasingly common. And behind those, that server just don't need a public IP (maybe only a shared outboud NAT for OS updates). That is - if you have a server at all (and not moved to lambda, S3, etc...)

[athrowaway3z]

Yesterday i spend 2 hours trying to figure out why i couldn't ping my home router, only to find out this is probably the reason.

Luckily i had created a reverse ssh tunnel on a vps before leaving.

[innocenat]

ISP blocking ICMP might be a more probable reason than CGNAT. At least where I live.

[lazide]

It’s hard to tell sometimes what is going on. I just learned for instance that the cable modem provided by Comcast switched to NAT - and my router is also doing NAT - and my business firewall also does NAT. So at least 3 layers now.

If they are doing CGNAT further into the infrastructure, how would I even be able to tell at this point? I’m assuming someone would also block ICMP just so it would be less embarrassing, but who knows.

Comcast does generally seem to be moving towards IPv6 at least, which is helpful.

[innocenat]

> If they are doing CGNAT further into the infrastructure, how would I even be able to tell at this point?

Check the IP on your WAN interface of your modem? I mean, that's how I have always been checking for CGNAT.

[jaywalk]

Comcast doesn't do CGNAT, and their network has been 100% IPv6-capable for years now.

[remuskaos]

How do ipv6-only customers reach ipv4 hosts? Wouldn't some 6to4 gateway count as CGN?

I've had this problem in the past with Vodafone, sometimes their AFTR (?) would go down but all ipv6 enabled hosts were still reachable. Only the ipv4 internet was unreachable. It took months for me to find that out, and I still don't know any workaround in case that happens again.

[wmf]

I think Comcast is running dual-stack so they don't have IPv6-only customers.

T-Mobile is running IPv6-only using 464 which is vulnerable to AFTR problems like you saw.

[ninkendo]

They don’t give IPv6-capable cable modems to everyone. I don’t have one.

[jbrzozowski]

Every modem provided by Comcast supports dual stack broadband and IPv6 only for management by default. The latter is transparent to customer and is for internal use only. IPv6 only for management has no impact on dual stack broadband. If your modem is in bridge mode (Wi-Fi router functionality disabled) then you need to ensure that your broadband router supports IPv6 specifically DHCPv6 for the acquisition of IA-NA and IA-PD.

HTH,

John