Jared Mauch wrote:
Are you saying, without NAT or something like that to restrict reachable ports, the Internet, regardless of whether it is with IPv4 or IPv6, is not very secure?
I'm saying two things:
1) UPnP is a security nightmare and nobody (at scale) will let you register ports with their CGN/edge.
Don't do that. Just have static port forwarding. UPnP may be used as a channel to advertise the forwarding information but you can also do it manually (for reverse translation, configuring a global IP address and a range of port numbers is enough).
2) We are an industry in transition. Internet connectivity will soon be defined by v6 + v4, not v4+ sometimes v6.
Yeah, we have been so for these 20 years.
Our services need to work for the broadest set of users. Many people are now used to the non-e2e results of a NAT/CGN environment.
Exactly. And, as e2e transparency over NAT can be offered to exceptional people, we can live with IPv4 forever. Masataka Ohta