The two biggest arguments are Carrier Grade NAT and dodgy transitional stacks.
1) ISPs are increasingly deploying Carrier Grade NAT, which puts several people behind a single IP. This completely breaks end-to-end as you can't port forward but if you're running a website, the worst issue is if you ban an IP address, you could be cutting off several legitimate users to get rid of 1 person. It's like banning a whole country because of a few people which Wikipedia has done in the past by mistake: https://en.wikipedia.org/wiki/User_talk:82.148.97.69 see https://techcrunch.com/2007/01/01/wikipedia-bans-qatar/ This problem will only get worse as time goes on. The Internet is starting to feel broken when an entire country shares a single IP address.
2) In some cases, ISPs might address the shortage slightly differently, by serving up an IPv6 address that proxies back to your website over IPv4. To you it looks like Carrier Grade NAT, but you can actually do this yourself if you have an IPv6 enabled server (Linode, DigitalOcean work) and use nginx to reverse proxy. That way you can at-least set an X-Forwarded-For header that will give you better analytics and more precise blocking. Either you do it or the ISP will do it for you but give absolutely no data.
1) ISPs are increasingly deploying Carrier Grade NAT, which puts several people behind a single IP. This completely breaks end-to-end as you can't port forward
Carrier grade NAT breaks a lot of things in subtle ways. E.g. our ISP does DS-Lite to encapsulate IPv4 in IPv6. For months, our internet connection would sometimes seem dead for a couple of minutes. The router was fine and had uplink.
At some point I figured out that it often happened after a device woke from sleep and that IPv6 continued to work fine. It turns out that Bittorrent Sync was culprit. When a device woke up, BTSync syncs any changes and opens a boatload of connections through different ports. Apparently, the ISP's carrier grade NAT has some QoS where it starts dropping connections if too many ports are opened at the same time.
We shut down BTSync on all devices and never encountered the problem again [1].
At the time Bittorrent Inc. and later Resilio did not really seem interested to add IPv6 support.
[1] Of course, another theory is that they intentionally throttle Bittorrent traffic, but that doesn't explain why no IPv4 connections could be made while IPv6 worked fine.
> Carrier grade NAT breaks a lot of things in subtle ways.
All types of IP Masquerading[1] break the network in both subtle and overt ways. Without proper addresses, we've been s stuck for a couple decades having to work around "party lines" instead of developing real network software. Now that ISPs are starting to do this, some of the workarounds are no longer possible and the damage done to the network is becoming more obvious.
I hope we can successfully transition to IPv6 in the very near future, or the internet will finish transitioning from a powerful peer-to-peer network back into cable tv where we no longer have the ability to publish without an imprimatur[2].
I'm absolutely fucking amazed BitTorrent Sync, recently created peer to peer software, didn't have IPv6 since day one? IPv6 just makes P2P easier and more reliable as there's no NAT anymore. Why wouldn't you want that?
Mobile carriers here are bringing back NAT on ipv6 now. Wannacry fears? NAT for the sake of firewalling?
Phones still seem to get individual addresses.
Which one? Really curious. Another point to mention, that I've seen mobile operators sends you multiple /64s, thus if you run in adnroid shell 'ip addr' you see one /64 while if you connect say to ripe.net it shows completely different IPv6 address from different range, while still no NAT. Perhaps that was your case, perhaps not. Details would be very interesting.
If your address on ripe.net doesn't match any of your local interface addresses, then that's NAT (or perhaps a transparent proxy) by definition.
Well, in some environments, it's possible to bind() to an IP address that's not actually present on a local interface, but it's unlikely that your browser would support that.
On other side I can ping IPv6 address of the tethered laptop. And for tethered devices ripe reported IPv6 matches interface. Indeed, transparent proxy / media gateway could be the case for the phone itself.
1) ISPs are increasingly deploying Carrier Grade NAT, which puts several people behind a single IP. This completely breaks end-to-end as you can't port forward but if you're running a website, the worst issue is if you ban an IP address, you could be cutting off several legitimate users to get rid of 1 person. It's like banning a whole country because of a few people which Wikipedia has done in the past by mistake: https://en.wikipedia.org/wiki/User_talk:82.148.97.69 see https://techcrunch.com/2007/01/01/wikipedia-bans-qatar/ This problem will only get worse as time goes on. The Internet is starting to feel broken when an entire country shares a single IP address.
2) In some cases, ISPs might address the shortage slightly differently, by serving up an IPv6 address that proxies back to your website over IPv4. To you it looks like Carrier Grade NAT, but you can actually do this yourself if you have an IPv6 enabled server (Linode, DigitalOcean work) and use nginx to reverse proxy. That way you can at-least set an X-Forwarded-For header that will give you better analytics and more precise blocking. Either you do it or the ISP will do it for you but give absolutely no data.