[lern_too_spel]

His point is that you're managing alright because you live in a country where your ISP can give you a public IP address. The author lives in a country where that is not possible and accesses the Internet behind layers of NAT.

[wmf]

It's possible for Indian ISPs to buy IPv4 addresses and assign them to customers. Maybe not for $5/month but if you're willing to pay US prices (plus tax) you should be able to get US quality service.

[labcomputer]

Yes, but they can't do that if every Indian wants one, and they especially can't do that if every Chinese person wants one at the same time.

IPv4 is 32 bits. It has a hard cap of ~4 billion addresses. China and India alone have 2.85 billion people.

Add in the United States and Europe, and now nobody else gets an IP address. South America, Canada, Mexico, Australia, Africa, the middle east, the rest of Southeast Asia, etc. don't get to use the internet. That's 4 billion people who don't get to use the internet.

[wmf]

My point in mentioning pricing is that the Indian and Chinese middle class can have IPv4 addresses; the rest can't.

[LoganDark]

What's the difference, other than port forwarding? Does NAT cause some sort of unique issue that makes existence miserable?

[throw0101c]

> What's the difference, other than port forwarding? Does NAT cause some sort of unique issue that makes existence miserable?

The difference is that your home router does not get a public IP on its WAN interface, but perhaps the non-publicly-routable 100.64.0.0/10 [1] with CG-NAT.

So if you don't have a public IP address, how exactly are you supposed to forward anything? What is the other end supposed to connect to as an IP address?

[1] https://en.wikipedia.org/wiki/IPv4_shared_address_space

[LoganDark]

> The difference is that your home router does not get a public IP on its WAN interface, but perhaps the non-publicly-routable 100.64.0.0/10 [1] with CG-NAT.

Yes...? I know that, but does that cause any issues in practice other than death of P2P?

> So if you don't have a public IP address, how exactly are you supposed to forward anything? What is the other end supposed to connect to as an IP address?

I already mentioned port forwarding because with something like CG-NAT, it is often not possible (or not allowed). But I am not aware of any issues that stem from this other than an inability for others to establish connections directly to you. In fact, my network has a public IPv4 without CG-NAT and yet I am already used to being unable to receive data other than back through a TCP stream. That is the entire reason reverse proxy tunnels (such as ngrok, etc.) exist.

[throw0101d]

> Yes...? I know that, but does that cause any issues in practice other than death of P2P?

Well:

> If you’re a gamer using PS5, Xbox, or PC in 2025, running into Double NAT or CGNAT port forwarding issues can make online play nearly impossible. Many 5G home internet and satellite services (like T-Mobile Home Internet and Starlink) put users behind carrier-grade NAT, which blocks direct connections and port forwarding. The good news? There are still workarounds that can open up your connection for smoother online gaming.

* https://www.modemguides.com/blogs/modemguides-blog/double-na...

See also:

* https://en.wikipedia.org/wiki/Carrier-grade_NAT#Disadvantage...

When we went from dial-up speeds to DSL/cable to fibre we were able to have all sorts new applications due to higher bandwidth. Smartphones are capable of all sorts of things because they're always online: back in the day people used to talk about "being online" and saying "sorry, I was offline", because you only had connectivity at the office or at home (where you dialed into your ISP).

What kind of applications and services are not being invented because we're stuck with the current non-P2P / centralized setup of IPv4+NAT?

[LoganDark]

> What kind of applications and services are not being invented because we're stuck with the current non-P2P / centralized setup of IPv4+NAT?

I don't know? I've never had CG-NAT and yet I've never seen a piece of software that takes advantage of that except maybe for games that use UPnP to open ports.

[vel0city]

> I've never seen a piece of software that takes advantage of that except maybe for games

Maybe we haven't seen many products available on the market to take advantage of it because the current standard of NATs make such things practically unworkable?

Its pretty much impossible to ship smart home stuff that is hosted locally (i.e. not without it connecting to some cloud service) because people want to access these smart devices from outside their home. They're not likely to configure a VPN to connect home, they're not going to configure NATs in any workable fashion (or may be unable to, such as CGNAT), the applications probably don't want to have to handle having NAT hairpinning issues, etc.

So instead we continue down everything that's popular being something that requires a cloud proxy/relay (because that's the only way things actually work for most people), when in reality if things could just be public we could do a whole bunch more and empower people to easily host things themselves.

[throw0101d]

> I don't know? I've never had CG-NAT and yet I've never seen a piece of software that takes advantage of that except maybe for games that use UPnP to open ports.

Which, as a sibling comments mentions, is the point.

The fact that (CG-)NAT is in the way could be precluding the development of "software that takes advantage of that". It's a form of (negative/inverse) survivorship bias: kind of like zoning for only single-family homes and yet saying "no one wants mid-rise towers/apartments as evidenced by the fact no one building them". The current rules/structure/architecture preclude any other options.

[direwolf20]

Games, voice/video chat (especially open source ones), stuff like Tailscale, stuff like Magic Wormhole, ... stuff like Dropbox.

Is there anything you do on a computer that involves communicating with another user? That's not just anything - that's most things! All communication between two computers is improved by not requiring NAT.

Corporations love to keep us dependent on their central servers, of course.

[orangeboats]

>other than port forwarding

>other

Well you just handwaved away the most significant difference between NAT and native IP, obviously there won't be any major difference to discuss about anymore!

No, we can't ignore port forwarding. The key thing to realize about NAT is that someone owns the NAT. Back then, the NAT lived inside each of the home routers, so even if you have a "strict" NAT (endpoint-dependent mapping NAT, i.e. one that doesn't allow for hole-punching), you can easily bypass it by setting up a manual port forwarding entry.

With CGNAT that's no longer possible, you do not control the NAT. If your ISP decides to screw you over, you essentially do not have a choice but to get a relay, which needlessly costs you money.

---

But if you really want to know what advantages native IP has over NAT, I'd say the lack of keepalive packets (to keep a holepunched NAT entry from being removed) is a pretty nice thing.

[LoganDark]

What is this entitled mindset that somehow people without CG-NAT already benefit from their public IPv4? The only benefit I get from port forwarding is being able to expose my Plex media server to the wider internet, and Tailscale and Steam Networking being able to establish P2P. But even UDP should work through CG-NAT. So you can't hole-punch over WAN -- I've never encountered even a single piece of software that needs that except for servers.

Port forwarding is nice, but everyone already knows you can hardly run a server at home (even in countries where port forwarding is standard). It's been this way for as long as I can remember. So yes I handwave it away because it doesn't matter. If that's the only drawback to CG-NAT (other than single IP address bans applying to entire nations or something) I hardly understand why it warrants treatment as such a terrible awful disaster.

[orangeboats]

>What is this entitled mindset that somehow people without CG-NAT already benefit from their public IPv4?

I will raise you the opposite point: why deprive people of their ability to have a globally addressable IP address?

>But even UDP should work through CG-NAT.

I have already told you why it is wrong to make such as assumption, haven't I?

I have heard of stories coming from China and Vietnam that some ISPs implement so-called "type 4 NAT", otherwise known as symmetric NAT or NAT with endpoint-dependent mapping.

This kind of NAT is NOT hole-punchable. And because you don't control the NAT, you are simply SOL if one day your NAT decides to switch to it. Can't even use Tailscale without significant service degradation now, ouch.

Granted, I have only heard about it in Vietnam and China, and it's not a national thing -- only some provinces seem to have symmetric NAT implemented. But I feel the need to remind you that the ISPs there were able to get away with it, because the two countries have significant IPv6 presence. [0]

>Port forwarding is nice, but everyone already knows you can hardly run a server at home (even in countries where port forwarding is standard).

You can hardly run a server at home because we have been facing address space depletion since the dot com bubble.

>I hardly understand why it warrants treatment as such a terrible awful disaster.

You haven't faced an overloaded CGNAT gateway, have you? [1]

[0]: https://stats.labs.apnic.net/ipv6/XD

[1]: https://www.reddit.com/r/ipv6/comments/1as8dvy/is_there_a_wa...

[LoganDark]

> I will raise you the opposite point: why deprive people of their ability to have a globally addressable IP address?

I wouldn't. I just don't understand, if the alternative is having no internet access at all, why CG-NAT is so utterly deplorable.

> This kind of NAT is NOT hole-punchable. And because you don't control the NAT, you are simply SOL if one day your NAT decides to switch to it.

Can you clarify what you mean by hole-punchable? If all else fails, just use TCP, right? Does TCP also not work? I'm also not talking about connection between peers but connection to a server. Connection between peers has never been a 100% reliable strategy regardless of anything.

> You haven't faced an overloaded CGNAT gateway, have you? [1]

I have not, but that is not inherent to CG-NAT, is it? Any switch or other hop between you and your destination can be overloaded. The destination itself can be overloaded.

[orangeboats]

>Can you clarify what you mean by hole-punchable? If all else fails, just use TCP, right? Does TCP also not work?

I... uh, what? Please... learn more about hole punching before trying to engage in the topic.

Hole punching, in the context of NAT, is a technique where you establish peer-to-peer connection between hosts behind a NAT.

It does not matter which protocol you use, UDP or TCP or chuckles SCTP. If you want to establish P2P connection, you must hole punch.

The only alternative is to use relays.

>I have not, but that is not inherent to CG-NAT, is it? Any switch or other hop between you and your destination can be overloaded.

A typical hop does not need to maintain a huge dynamic state table. NAT, due to its very own temporal nature, must do so.

>destination itself can be overloaded.

Apples and oranges. Destination overload is a service problem. Hop overload is an infrastructural problem.

[lmm]

"What's the difference other than the difference?". Not being able to forward ports means I can't play Tricky Towers with my friend (who isn't technical enough to join a VPN with me and would have privacy concerns about doing so).

[jofla_net]

Hole punching, which has various forms, may or may not work. This means if you're doing something realtime, you may need to stick a server(reachable endpoint) in between it, at the very least reducing performance.

[LoganDark]

I have never seen any situation where this is not already necessary other than UPnP which already almost never works reliably. A publicly-addressable relay is already practically non-negotiable for anything over the internet.

[lern_too_spel]

IPv6 everywhere makes that not necessary, which is what the author is pushing for.

[direwolf20]

Without NAT, it wouldn't be. That's the point.

[lmm]

uPnP works fine though? What was the problem you had with it?

[LoganDark]

For one, monopolies disabling it by default on their equipment? I remember some years ago having to guess the admin password at a vacation house so I could enable UPnP. It's usually framed as a security vulnerability, even.

[vel0city]

uPnP fails when multiple devices are fighting over the same port assignments. uPnP fails when people have it disabled, as has been recommended many times over the years.

[kalleboo]

It makes everything slower and more expensive.

[netdevme]

You can even buy a block, but the smallest one has 256 addresses.