top | item 46696783

(no title)

The CGNAT point is underrated. Carriers have zero incentive to move away from it - thousands of users per public IP, no transition cost.

The interesting downstream effect is on IP reputation systems. Traditional detection assumed 1 IP = 1 user. CGNAT breaks that entirely - platforms can't aggressively filter mobile carrier IPs without blocking legitimate customers by the thousands.

Makes sense the IPv4 price dropped once mobile networks proved you can serve massive user bases with relatively few public addresses.

discuss

patmorgan23|1 month ago

Expect CG-NAT boxes are expensive, and introduce another point of failure into the network. Most mobile carriers are running IPv6 first networks these days anyway.

Like you said, CG-NAT does have the benefit of making v4 address reputation less reliable, which means it's not as big a deal for the transition to v6.

pixl97|1 month ago

>CG-NAT does have the benefit of making v4 address reputation less reliable

heh, less reliable is doing a lot of heavy lifting there. You mean "complete and total trash". We need to get to the point where Cloudflare/AWS/some other big sites just block CG-NAT nodes for a day going this IP address is a risk.

Instead if you're a website, instead of doing an easy block by IP, you're left filtering out AI crawlers, spammers, and lots of other crap hiding behind a single IP with thousands of other users behind it, and ISPs that don't really give a shit about doing anything about it.

We need to push the value of IPv4 to nearly zero and finally move away from that crap.

wcfields|1 month ago

Anecdotally on how this affects the day to day user experience: I just deployed T-Mobile 5G Business Internet to a temporary pop-up art space (it's only active for a few months) and I'd say twice daily I get a CAPTCHA challenge on Google search.

pixl97|1 month ago

And I hope it gets worse for users behind CG-NAT to the point that websites and ISPs move to IPv6.

kalleboo|1 month ago

I would have thought that a 5G connection would have IPv6 and wouldn't need CGNAT to Google properties

SchemaLoad|1 month ago

I wonder if all these new tools that punch through CGNAT like tailscale will end up breaking it when they force these NAT boxes to maintain tons of long lived connections.

With the uptake in smart home and internet connected CCTV by consumers, things could dramatically shift.

anyfoo|1 month ago

I personally hate CGNAT, but I cannot deny that nowadays, the overwhelmingly vast majority of customers most likely does not care (and much less know) that they are behind CGNAT, so this is valid.

Come to think of it, for my use cases, I would probably be fine to be behind IPv4 NAT as long as I also have an un-NATted IPv6 prefix. But a big part of the question here of course is whether IPv6 adoption is worthwhile...