Hacker News new | ask | show | jobs
by orangeboats 65 days ago
>other than port forwarding

>other

Well you just handwaved away the most significant difference between NAT and native IP, obviously there won't be any major difference to discuss about anymore!

No, we can't ignore port forwarding. The key thing to realize about NAT is that someone owns the NAT. Back then, the NAT lived inside each of the home routers, so even if you have a "strict" NAT (endpoint-dependent mapping NAT, i.e. one that doesn't allow for hole-punching), you can easily bypass it by setting up a manual port forwarding entry.

With CGNAT that's no longer possible, you do not control the NAT. If your ISP decides to screw you over, you essentially do not have a choice but to get a relay, which needlessly costs you money.

---

But if you really want to know what advantages native IP has over NAT, I'd say the lack of keepalive packets (to keep a holepunched NAT entry from being removed) is a pretty nice thing.
1 comments
LoganDark 64 days ago
What is this entitled mindset that somehow people without CG-NAT already benefit from their public IPv4? The only benefit I get from port forwarding is being able to expose my Plex media server to the wider internet, and Tailscale and Steam Networking being able to establish P2P. But even UDP should work through CG-NAT. So you can't hole-punch over WAN -- I've never encountered even a single piece of software that needs that except for servers.

Port forwarding is nice, but everyone already knows you can hardly run a server at home (even in countries where port forwarding is standard). It's been this way for as long as I can remember. So yes I handwave it away because it doesn't matter. If that's the only drawback to CG-NAT (other than single IP address bans applying to entire nations or something) I hardly understand why it warrants treatment as such a terrible awful disaster.

link
orangeboats 64 days ago
>What is this entitled mindset that somehow people without CG-NAT already benefit from their public IPv4?

I will raise you the opposite point: why deprive people of their ability to have a globally addressable IP address?

>But even UDP should work through CG-NAT.

I have already told you why it is wrong to make such as assumption, haven't I?

I have heard of stories coming from China and Vietnam that some ISPs implement so-called "type 4 NAT", otherwise known as symmetric NAT or NAT with endpoint-dependent mapping.

This kind of NAT is NOT hole-punchable. And because you don't control the NAT, you are simply SOL if one day your NAT decides to switch to it. Can't even use Tailscale without significant service degradation now, ouch.

Granted, I have only heard about it in Vietnam and China, and it's not a national thing -- only some provinces seem to have symmetric NAT implemented. But I feel the need to remind you that the ISPs there were able to get away with it, because the two countries have significant IPv6 presence. [0]

>Port forwarding is nice, but everyone already knows you can hardly run a server at home (even in countries where port forwarding is standard).

You can hardly run a server at home because we have been facing address space depletion since the dot com bubble.

>I hardly understand why it warrants treatment as such a terrible awful disaster.

You haven't faced an overloaded CGNAT gateway, have you? [1]

[0]: https://stats.labs.apnic.net/ipv6/XD

[1]: https://www.reddit.com/r/ipv6/comments/1as8dvy/is_there_a_wa...

link
LoganDark 64 days ago
> I will raise you the opposite point: why deprive people of their ability to have a globally addressable IP address?

I wouldn't. I just don't understand, if the alternative is having no internet access at all, why CG-NAT is so utterly deplorable.

> This kind of NAT is NOT hole-punchable. And because you don't control the NAT, you are simply SOL if one day your NAT decides to switch to it.

Can you clarify what you mean by hole-punchable? If all else fails, just use TCP, right? Does TCP also not work? I'm also not talking about connection between peers but connection to a server. Connection between peers has never been a 100% reliable strategy regardless of anything.

> You haven't faced an overloaded CGNAT gateway, have you? [1]

I have not, but that is not inherent to CG-NAT, is it? Any switch or other hop between you and your destination can be overloaded. The destination itself can be overloaded.

link
orangeboats 64 days ago
>Can you clarify what you mean by hole-punchable? If all else fails, just use TCP, right? Does TCP also not work?

I... uh, what? Please... learn more about hole punching before trying to engage in the topic.

Hole punching, in the context of NAT, is a technique where you establish peer-to-peer connection between hosts behind a NAT.

It does not matter which protocol you use, UDP or TCP or chuckles SCTP. If you want to establish P2P connection, you must hole punch.

The only alternative is to use relays.

>I have not, but that is not inherent to CG-NAT, is it? Any switch or other hop between you and your destination can be overloaded.

A typical hop does not need to maintain a huge dynamic state table. NAT, due to its very own temporal nature, must do so.

>destination itself can be overloaded.

Apples and oranges. Destination overload is a service problem. Hop overload is an infrastructural problem.

link
LoganDark 64 days ago
> Please... learn more about hole punching before trying to engage in the topic.

I'm not engaging in the topic of hole punching though? The topic is whether CG-NAT has drawbacks other than lack of port forwarding. As I've said many times, expecting P2P connectivity has never been viable. But you ignore that and keep talking about how hard hole punching is, as if it's indispensable. What makes it so indispensable? Why is it so critical?

> Hole punching, in the context of NAT, is a technique where you establish peer-to-peer connection between hosts behind a NAT.

Good, that confirms I was never talking about that. I even explicitly clarified I was not talking about that (though you may have loaded my comment before that edit.)

> It does not matter which protocol you use, UDP or TCP or chuckles SCTP. If you want to establish P2P connection, you must hole punch.

You don't need to establish P2P connection so I don't see why that's such a problem. Again, it has never been safe to assume P2P connection is possible. Period. It is merely a progressive enhancement.

link
orangeboats 64 days ago
>The topic is CG-NAT and port forwarding

You don't mention port forwarding without mentioning about hole punching.

Because what port forwarding is for, if not to ease the establishment of direct connections?

>You don't need to establish P2P connection

If you are seriously suggesting Server-Client Is All You Need (TM), I feel we might as well stop the discussion now. VoIP essentially requires P2P, WebRTC is much better with P2P. BitTorrent etc obviously runs on P2P.

Services that provide relays (for people who can't establish P2P connection) for free, can only do so because they expect most connections to NOT go through the relay, and so they could simply stomach the costs of running one small relay.

link