In fairness it's not the consumer which feels the effects of IPv4 address exhaustion, but the organisations on the other side providing services to them. Until ISPs like TalkTalk and Plusnet jump on board the whole migration process is frustrated.
Ideally we would be at a point now (or indeed a few years ago) where every connection is IPv6 enabled and IPv6 only services were a possibility.
the consumer can feel the pain.. devices inside the network try and rely on weird nat traversal services, or uPNP, in order to be connectable. Sometimes you find multiplayer games act up. If you and your partner both work from home, you might find you can't both use the corporate VPN at the same time (I have direct experience of this) because of weird nat issues.
with single nat, there's workable solutions, but with double or cgnat, it can become a real mess.
"NAT was only ever a temporary bodge"
Exactly this. When I and a few other people developed NAT routing into a viable solution for dialups in 1991-1993 it was to solve very specific problems relating to _small_ networks of computers behind dialups and we regarded it as a kludge even then as it broke a lot of stuff. Other people developed helpers and automated port forwarders later on, but they're _all_ just kludges on the original kludge.
We had no idea that over the following 20-25 years it would turn into a Saturnian monster that would be inflicting breakage on epic scales, as we were expecting IPv6 to be deployed by then.
IPv4 was an interim kludge solution to a critical shortage of IP address space which was only intended to exist for 5-7 years until the new protocol was finished. That new protocol (IPv5 - aka IPX) turned out to be utterly unusable because it didn't scale. It was already over a decade old when I started dealing with it and it was already clear that shortages were looming on the horizon - the large space isn't intended to be packed full of IPs, it's supposed to be used for routing , like a red/black binary tree - and because of the kludges that were tacked onto it, we've had to come up with mountains of other kludges such as the myriad routing protocols (OSPF, BGP, etc etc) that shouldn't have to exist.
IPv6's 128-bit address space is the same size that IPv4's was originally set out as, until Vint Cerf was browbeaten into reducing it to 32 bits because IPv4 was a temporary fix and 32 bits would last 5 years.
The really ironic thing is that the IETF conference where the BOF engineering meeting was held to "get IPv6 signed off and rolled out before something comes along and locks IPv4 in place for the next 20 years" was the same conference (in the same hall, at the same time, in a room literally two doors down from that meeting) where the first world wide web browsers were demonstrated.
"the consumer can feel the pain.. devices inside the network try and rely on weird nat traversal services, or uPNP, in order to be connectable."
uPNP is only part of it.
- Google Nest Protect is IPv6 only.
- Xbox networking is IPv6 native and if you're on a IPv4 provider you need to tunnel (usually teredo)
- LoraWan (increasingly used for environmental monitoring) is IPv6 only (you can make it work over IPv4, "kind of")
- second/third generation IoT stuff is moving to IPv6-only
- some of the newer PtP communications systems only hold their privacy in IPv6 mode. If they're forced to use IPv4, then privacy is blown.
- Virtually ALL the security breaches relating to "Internet of Things" and in particular the widely publicised CCTV camera breaches over the last few years come down to the way these devices punch gaping holes in firewalls by tunnelling out to a static IPv4 host in order to provide a stable connection address (NAT is _not_ a firewall and is no substitute for proper firewall rules - even if it sometimes can have that effect in inbound connections)
- this is quite specifically down to the lack of IPv4 addresses (there are 4 billion possible IPv4 addresses and _at least_ 20 billion IPv4 devices in the world today) and very poor security coding by makers who think that "oh, I'll just run up a tunnel" will solve the problem with no thought about firewalling the ends.
- Nat traversal is a security nightmare on steroids.
- It's hardly a unique problem. The number of times I see "expert advice" to _disable_ security on a network in order to allow some broken software to work defies belief. Why should I compromise MY systems and expose MY wallet to being pilfered because YOUR software is borked?
We regard anyone attempting to bypass network security in the workplace as a disciplinary matter and treat this kind of tunnelling stuff as security breaches and we've pushed back _hard_ on vendors pulling these kinds of stunts with substandard software - the ironic thing being that it's things like the £2 million UPS system with 2MW generator and a 4 tonne motor/generator flywheel spinning at 9000rpm which are the most susceptable to security problems and have the least attention paid to keeping bad stuff out (a flywheel like that can go about a mile if it breaks loose from its mounts. It's been known to happen - and we've demonstrated that once past the laughable security a hacker can easily turn off the oil pumps. These things really are that bad. Wind turbines are even worse - and the makers are insisting on direct internet connections for ease of monitoring/maintenance. Not on my watch.)
"Those that argue that NAT offers protection"
Have zero idea what they're talking about.
It offers an illusion of protection, which lasts about as long as it takes for uPNP to open a hole, or someone to setup a tunnel - at which point your entire internal network is as open as what's on the other end of the tunnel.
That's _how_ those breaches via CCTV systems happened (Nest, Ring and others), where the tunnel endpoints were compromised, leading to direct access into the CCTV units, which were trivially broken into (hardcoded passwords) and then used as jumping off points into the rest of the network allowing the bad guys to syphon off data from vulnerable machines which trusted the internal LAN.
There were more consumer networks, windows boxes and banking passwords compromised this way than corporate networks, so there _is_ a consumer angle to this.
There is no substitute for proper firewalling rules - and ideally you should be firewalling _outbound_ connections as well as inbound. I can't even begin to explain how many times this precaution has allowed us to spot compromised systems (usually someone's laptop) doing things that they shouldn't be doing.
Here's an interesting article about IP, Ethernet, bridges and routers
One question people might ask... Why don't we drop TalkTalk or PlusNet and go to an ISP which does offer IPv6? Well, I use these cheap services as a backup.. so I want the cheapest ADSL service but I still want IPv6. I'd use Sky but I don't want to use their router. BT are expensive. Static IPs are seen as a luxury my many.
At the moment if my firewall detects wan1 goes down, it has to turn off v6 route advertisements, and various things stop working, whilst default route switches to wan2. Fortunately that's maybe an hour a week. When wan1 recovers, route advs get turned on and default route swung back.
Here's what I'd regard as a near-canonical response as it's coming from one of TalkTalk wholesale reseller agents:
Randy has sent your account to myself to answer your questions around supplying you with IVP6.
Unfortunately, this is not a product we support or plan to support In the near future. We have never advised that we support IVP6, so we are not breaching any rules or relations put in place by OFCOM.
There is another topic on this subject where the TalkTalk team have been asked to comment:
I am closing this as a duplicate thread.