There are a few. Things like the way addresses are given out (appending your Mac address to the local prefix), large address spaces (IPv6 could number every atom in existence and then some) which then permits getting rid of NAT, and especially CGNAT (carrier grade NAT).
Generally speaking the administrative hacks which enable the internet to keep going as-is can go away. NAT in particular breaks lots of applications which is why STUN/TURN servers are needed for many VoIP applications today, so that two NATed clients can talk directly.
The address space issues mean that even if the registry gives out silly allocations (like the UK's MoD having a /8) the space is so near infinite that it won't matter. Even the most incompetent governance can't exhaust the address space.
Appending MAC to address is a privacy nightmare and is going away with privacy extensions. (I dont want people to know what NIC i have and potentially track me by looking up who bought it).
Because of that DHCP may be needed and ARP as well... nice right?
Getting rid of NAT is also questionable and there are now tools to do NAT with IPv6. So common sense and learned practices win. (I still prefer NAT and firewall, dedicated servers can have port forwarding or separare ip allocated)
Address space is the only feature worth anything as original poster mentioned.
There is no use for NAT under IPv6 at all. It's sole purpose was to work around the IPv4 address space shortage. Any perceived security benefit was coincidental. NAT should not do the job of a firewall.
NAT hides all devices I have in my network from the world.
Nobody from the outside will know who made request x from the n devices in the network.
NAT is mainly privacy/obfuscation.
Can you do that with a firewall?
Another use case is connectivity:
- digital ocean gives 16 ipv6 addresses, how can I vpn through it with more hosts without NAT?
- me as a lone node on another network want to host a VPN but have a limited set of IPv6 addresses available.
- tethering
Note: I will actually be setting up a network with NATv6, DHCPv6 and a firewall in about a month, so I do need it, and since tools are available, I am not the only one.
That is not the original purpose of NAT. What about IPv6 privacy extensions?
> Another use case is connectivity:
Ok, there might be valid use cases for NATv6 (I am not an expert), but it shouldn't be necessary for typical consumer home networks.
I have no problems with NAT as long as it a) doesn't block incoming traffic (that is the job of a firewall) b) doesn't perform symmetric address/port translation (breaks peer-to-peer applications).
Not the original purpose of NAT, sure, but it achieves that goal much better then IPv6
Privacy extensions are a hack and still uniquely identify someone even if it changes once a day.
NAT hides them all the time.
If I have 100 nodes, good luck identifying them over PNAT as an ISP, without PNAT you have nice tags per each node... they change once a day but you match to last days traffic.
Onto connectivity:
a) block incoming traffic - sure - blocking with firewall, NAT is redundant, its a poor mans firewall BUT if you misconfigure the firewall or is disabled, you are screwed, whereas NAT just works.
b) break peer-to-peer applications.
Port NAT is needed for privacy, so this is a given.
I also like it breaking peer-to-peer apps I only want specific nodes to be able to host stuff if ever.
For home networks STUN/TURN works just fine without having external parties know who is placing the call.
STUN doesn't work for symmetric NATs and TURN is not a solution (the traffic gets relayed over the server, which defeats the purpose of a peer-to-peer system).
Port restricted NAT is sufficient: it serves the actual purpose without breaking peer-to-peer systems.
Note: I'm currently developing a peer-to-peer app.
Generally speaking the administrative hacks which enable the internet to keep going as-is can go away. NAT in particular breaks lots of applications which is why STUN/TURN servers are needed for many VoIP applications today, so that two NATed clients can talk directly.
The address space issues mean that even if the registry gives out silly allocations (like the UK's MoD having a /8) the space is so near infinite that it won't matter. Even the most incompetent governance can't exhaust the address space.