Yeah it’s the feature changes that made it problematic.
They removed NAT, which made laymen deployment difficult. I can’t just plug an IPv6 router behind another router (or 3-4 levels of routers) and expect it to just work. In IPv4, DHCP+NAT handles that just fine. In IPv6 I need to worry about address assignment. I don’t care about P2P connectivity issues- the NAT trade-off of using STUN/TURN techniques works for me.
They replaced ARP, and replaced DHCP with SLAAC then realised that people like DHCP so added a version of DHCP back. Except it’s still not the same so has it’s own quirks.
Then there’s the difficulty of supporting multiple IPv6 WANs in one router in a useful fashion. SLAAC takes too long for a PC to detect a dead WAN and use the other WAN range. And there’s no ability to do policy based routing (eg prefer YouTube via dsl, prefer VoIP via fibre) without using NAT+ULA.
Don’t get me wrong, there’s a lot of great things about not using NAT, but there’s a lot of real world scenarios where using NAT is the preferred trade-off.
IPv6 originally decided they didn’t want NAT, and tried to force people into their one way of doing things. They just needed to support both, and then IPv6 deployments wouldn’t be so complicated. They added NAT and DHCPv6 far too late in the game. Even Android doesn’t support DHCPv6 yet and it’s 2019!
You are correct there’s nothing in the core IPv6 spec itself about NAT. However the goal of IPv6 - to make all devices globally reachable - resulted in pretty much everyone not implementing NAT support until way too late in the game. And resulted in related specs required to implement NAT not appearing for years/decade after IPv6 was created.
Linux/Iptables support wasn’t until Linux 3.7 & iptables 1.4.18 [1]. So that’s only from 2013, when IPv4 NAT has been possible for well over a decade before that.
Also to do NAT66 you really need a ULA address space, that wasn’t defined until 2005 [2]. RFC1918 addresses for IPv4 were set in 1996.
The tooling, support code, supporting RFCs, and UIs for doing IPv6 NAT has been neglected. It’s a halfway house.
> They removed NAT, which made laymen deployment difficult. I can’t just plug an IPv6 router behind another router (or 3-4 levels of routers) and expect it to just work.
Is this common, plugging consumer routers with NAT several layers deep? I haven’t seen that in the wild. The only time I myself tried it didn’t work for some unknown reason.
My only real gripe with IPv6 is the fact that Duplicate Address Detection seems broken on many Wi-Fi networks (clients for some reason see their own traffic as traffic from another node and trigger DAD, which shuts down IPv6 access). I’ve seen this on routers from multiple vendors and I believe it’s some bug in their broadcast/multicast implementations.
Re consumers, I can’t comment on how common they are, but people will have the ISP router, and then their router. They should ideally bridge but that doesn’t always happen, either due to just not knowing you should do that, or the ISP router/modem is a piece of junk that doesn’t support bridging or has quirks.
In the commercial/business space it’s more common to see 3 deep. I see it every day. Petroleum in particular often has ISP Router -> Site Firewall/Router -> ServiceProvider Router, because the fuel tank monitoring equipment is behind its own router so the vendor can get remote access/send data back over VPNs they manage.
In retail environments, especially malls and concession stands within department stores, it’s common to be plugged into their network, which you’ll want your own firewall protecting your PCs etc. I’ve also seen businesses at the same office building pool resources and share the one internet connection, with each having their own firewall/router behind the primary site firewall/router.
There’s also hotspots, where the business both puts that infrastructure on a separate network from their back office, and the hotspots themselves are doing NAT too.
Also some payment processors these days are pushing for organisations to install their own router behind the customers network and route all payments via that (Rather than customer managed IPsec VPNs or straight TLS over the Internet).
Mobile carrier NAT, mobile device hotspot NAT, vmware NAT - that's the most I've seen so far.
But IPv6 in home networks replaces the unreachability-because-of-NAT by unreachability-because-of-filtering. The usual home router protects your clients, and if it's not your box, you're out of luck.
