Comment by LegionMammal978
Comment by LegionMammal978 10 months ago
I don't think I'm disagreeing with you regarding firewalls: what I was trying to say is that "every node being a peer" isn't a good argument against NAT, since these days it holds neither in IPv4 nor in IPv6, now that everything has a firewall in front of it.
> In fact, I'd posit that NAT makes things more complicated and not less.
Sure, it clearly adds some iota of additional work, but I've never seen it as being the worst thing in the world. I'm young enough to have never witnessed the legendary paradise of globally-reachable static IPs for everything, so it seems more like "just the way things are". And yet there is widespread hatred against the existence of NAT, and I can't tell if it's primarily ideological, or if NAT is causing real practical difficulties for many setups. (Though at least the issues with CGNAT are easy to see. And also with broken NAT implementations.)
Meanwhile, one might argue that things like SLAAC in IPv6 can similarly add conceptual difficulties compared to IPv4. E.g., "How do I identify some particular device in my network, if its link-local IP is changing on a regular basis?" (To which the answer is something DNS-like, I guess?) So switching a network's internal operations from NATted IPv4 to NATless IPv6, with all of its different mechanisms, would seem like more of a tradeoff than an unequivocal win.
> I don't think I'm disagreeing with you regarding firewalls: what I was trying to say is that "every node being a peer" isn't a good argument against NAT, since these days it holds neither in IPv4 nor in IPv6, now that everything has a firewall in front of it.
In residential environments you can do whole bunch with UPNP/PCP, but with IPv4 you have the added complexity of STUN, TURN, and ICE:
* https://community.cisco.com/t5/collaboration-knowledge-base/...
* https://medium.com/@ecosmobtechnologies/webrtc-best-practice...
With IPv6 you simply punch a whole and and the two clients simply talking to each other with their GUAs.
(In more tightly controlled environments (e.g., work), firewall policies and hole punching are dictated by IT.)
> Meanwhile, one might argue that things like SLAAC in IPv6 can similarly add conceptual difficulties compared to IPv4. E.g., "How do I identify some particular device in my network, if its link-local IP is changing on a regular basis?"
If a device gets its address via DHCP(v4), how do you identify it? SLAAC is for dynamic environments, but if you want static services, configure IPv6 statically.
At least with IPv6 you don't need DHCP infrastructure (and complexities like IP helpers configured on routers) to get going.