APNIC: Big Tech’s use of carrier-grade NAT is holding back internet innovation

Original Article ↗ Hacker News Discussion ↗

CGNAT motivations and impacts

  • Some ISPs avoid or delay IPv6 rollout, allegedly to upsell “business” static IPv4 and keep users behind CGNAT, despite higher latency and packet loss.
  • CGNAT is described as degrading the internet: harder port forwarding, blocked hosting, mis-shared IP reputation (one abuser can get many users firewalled).
  • A few see CGNAT as acceptable or even beneficial for typical consumers; others argue it should not be marketed as a full “Internet connection” because arbitrary inbound IP traffic is impossible.

Privacy: CGNAT vs IPv6

  • One camp strongly prefers CGNAT, seeing shared IPv4 as privacy by default: third‑party sites relying mainly on IP logs (e.g., torrent trackers, Wikipedia, basic IP-based blocking) get weaker identifiers.
  • Counterpoint: ISPs log CGNAT mappings (IP + port + time) and can still identify users, especially under subpoena; CGNAT doesn’t protect against serious investigators.
  • Debate over whether IPv6 inherently harms privacy: stable per‑customer prefixes can be long‑term identifiers, even with rotating interface IDs; others note IPv6 can use frequently changing addresses.
  • Several argue that real anonymity requires Tor/VPN and strict fingerprint/cookie controls; CGNAT alone is insufficient.

Hosting, P2P, and “real internet”

  • Many lament losing the ability to run services at home once moved behind CGNAT; workarounds include VPS, reverse tunnels, NAT hole punching, or commercial VPNs.
  • Some assert that if you can’t accept inbound connections, you don’t have “the internet” but a gated, centralized service.
  • Concern that NAT/CGNAT pushes architectures toward centralized servers and away from true peer‑to‑peer, increasing dependence on large providers.

IPv6 adoption and deployment challenges

  • Thread cites steady but slow IPv6 client growth; projections suggest coexistence with IPv4 well into the 2030s–2040s.
  • However, many major services still lack IPv6, so real IPv6 traffic share may be substantially lower than client-enablement graphs suggest.
  • Lack of incentives is seen as a key reason IPv6 may remain a “perpetual runner‑up.”

IPv6 complexity and operational pain

  • Some users report IPv6 “just working” and solving CGNAT/port issues once firewall and ICMP rules are correctly set.
  • Others find IPv6 overcomplex: long addresses, dependence on DNS, dynamic prefixes, RA/SLAAC quirks, DHCPv6, and multi‑ISP failover requiring NPTv6.
  • A minority reject IPv6 entirely, seeing it as an over-engineered replacement rather than a simple expanded address space.

NAT traversal and gaming

  • NAT (especially CGNAT and symmetric NAT) complicates P2P apps, VoIP, and gaming; technologies like STUN/TURN and products like Tailscale are cited as workarounds.
  • Modern games often avoid player‑hosted servers and direct connections, partly due to NAT realities, reinforcing centralization trends.