Hacker News new | ask | show | jobs
by Dagger2 1284 days ago
It causes no end of problems, not just for ISPs and mobile networks but also for people running server networks and for end users like us. I suppose it can be hard to see that when you grew up with the problems and have never used a network where you didn't need to deal with them though.

The world can mostly function without NAT. It's mainly only used to work around address shortages, which aren't an issue on v6, so there's simply no reason to use it most of the time. It can be a useful tool in your toolbox, but it's one that you only need to use very rarely.

Here's a benefit from v6: 40% faster connection setup†. Measurable benefits show that there are benefits. "No need to use NAT" is of course another obvious benefit of v6.

†: https://www.zdnet.com/article/apple-tells-app-devs-to-use-ip....
1 comments
otabdeveloper4 1284 days ago
No, NAT is not for network address shortages.

NAT is a cruicial privacy and security feature.

"No need to use NAT" is, of course, a horrible anti-feature, not a benefit of IPv6. (And, of course, in the real world the vast majority of IPv6 is rolled out with NAT anyways.)

link
keiyakins 1283 days ago
NAT is neither a privacy nor security feature, what are you talking about? Have you actually tested what your CPE does when it gets packets addressed to internal IPs from the WAN port? Almost every time, the answer is just pass it on to the target host. Thinking NAT is a security feature makes your network MUCH less secure.

As for privacy - you can fingerprint individual devices pretty trivially, and with privacy extensions for SLAAC you can only tell what /64 network it's coming from, which is no more information than IPv4 (unless you're behind CGNAT, but frankly being behind a 4-to-4 CGNAT shouldn't count as internet access because you literally can't get incoming connections.)

link
Dagger2 1282 days ago
Having enough address space to not need to NAT is hardly an anti-feature.

I don't have any hard stats, but NAT seems to be very rare in v6 deployments. You don't really hear of ISPs using it. I'm certain you could find some if you looked hard enough, but mostly it's not a thing.

link
preisschild 1281 days ago
NAT was never intended for security and privacy.

IPv6 security is like IPv4 security: Firewalls

For privacy IPv6 uses Security Extensions, which shuffles your ipv6 ip.

link