I grew up in Australia, and have spent a fair bit of time in India for over a decade, and now live in India (1⅓ years).
Every ISP that I have experienced, mobile and broadband, is using CGNAT. The easiest way I’ve seen this on broadband is https://iknowwhatyoudownload.com/ showing several movie downloads per day.
Cloudflare isn’t the only problem, but they are the worst, probably by dint of popularity. I get blocked outright occasionally (presented dishonestly as because my request matched attack patterns due to things like SQL injection in query string parameters, when I’m actually just trying to load any regular page), and blocked with hCAPTCHA frequently (normally presented dishonestly with their stock page as “example.com needs to review the security of your connection before proceeding”, though a few like blender.org customise it). It’s draining.
In Cloudflare’s actual article, they claim their bot detection to be resilient to CGNAT <https://blog.cloudflare.com/detecting-cgn-to-reduce-collater...>. Frankly, if it is so, I wonder if they just have a rule that amounts to “is user in India”. I definitely feel prejudged and discriminated against. I am idly curious if leasing a static IP from my ISP would help anything, in the short or long term.
In Australia, I think I experienced Cloudflare’s blocking page once in my life, and no others.
I use cloudflare to make my weather station available over T-Mobile. They don’t filter inbound ipv6 on regular phone lines (they do for TMHI) so you can host a simple page on ipv6, only set the AAAA record in cloudflare, and they will proxy it for ipv4 users so I can ignore being CGNAT’d for ipv4. Make sure if you do this setup with a tool like ddclient to keep the record current as T-mobile rotates ipv6 frequently
They need to come up with an ip solution that is useful enough that people actually want to upgrade to it.
When you compare it to other technologies like https, tls1.3, unicode, 5g cellular, wifi 6, wifi 5 or bluetooth versions, etc. It’s clear that ipv6 adoption is not what it should be if they launched a protocol with clearer benefits to the end user.
I grew up in Australia, and have spent a fair bit of time in India for over a decade, and now live in India (1⅓ years).
Every ISP that I have experienced, mobile and broadband, is using CGNAT. The easiest way I’ve seen this on broadband is https://iknowwhatyoudownload.com/ showing several movie downloads per day.
Cloudflare isn’t the only problem, but they are the worst, probably by dint of popularity. I get blocked outright occasionally (presented dishonestly as because my request matched attack patterns due to things like SQL injection in query string parameters, when I’m actually just trying to load any regular page), and blocked with hCAPTCHA frequently (normally presented dishonestly with their stock page as “example.com needs to review the security of your connection before proceeding”, though a few like blender.org customise it). It’s draining.
In Cloudflare’s actual article, they claim their bot detection to be resilient to CGNAT <https://blog.cloudflare.com/detecting-cgn-to-reduce-collater...>. Frankly, if it is so, I wonder if they just have a rule that amounts to “is user in India”. I definitely feel prejudged and discriminated against. I am idly curious if leasing a static IP from my ISP would help anything, in the short or long term.
In Australia, I think I experienced Cloudflare’s blocking page once in my life, and no others.
The Register is adding very little on top of https://blog.cloudflare.com/detecting-cgn-to-reduce-collater...
Previously discussed (a bit) at https://news.ycombinator.com/item?id=45746509
> Because CGNAT is more prominent, and more heavily used, in Africa and Asia […]
Isn’t essentially the entire US on CG-NAT for IPv4 on mobile data?
I’ve also had DOCSIS connections, i.e., fixed lines, with only CG-NAT in Europe years ago.
I wonder if that's not very visible in Cloudflare's data because those mobile devices will likely use IPv6 to connect to Cloudflare-hosted sites.
That’s what I was thinking. Anyone coming from Cloudflare will end up getting there via IPv6.
I use cloudflare to make my weather station available over T-Mobile. They don’t filter inbound ipv6 on regular phone lines (they do for TMHI) so you can host a simple page on ipv6, only set the AAAA record in cloudflare, and they will proxy it for ipv4 users so I can ignore being CGNAT’d for ipv4. Make sure if you do this setup with a tool like ddclient to keep the record current as T-mobile rotates ipv6 frequently
mobile devices dont get ip6 do they? last i looked my cheapo gateway only provided v4 cgnat
For those of us who don't have many options other than satellite internet, it generally uses CG-NAT, specifically Starlink.
AFAIK all mobile networks use NAT unless you pay a lot more for a special service with a public static IP.
They need to come up with an ip solution that is useful enough that people actually want to upgrade to it.
When you compare it to other technologies like https, tls1.3, unicode, 5g cellular, wifi 6, wifi 5 or bluetooth versions, etc. It’s clear that ipv6 adoption is not what it should be if they launched a protocol with clearer benefits to the end user.
[delayed]
It's the Internet protocol. End users are not supposed to interact with it directly.
What exactly would replace IPv6? It's just an implementation detail, but an important one if you want to make the rest of the stack suck less.
The same applies to us rich folk on mobile. Not sure what the point of this article is.
I agree. A bunch of platforms use CGNAT, like Tailscale: https://tailscale.com/kb/1015/100.x-addresses