ISPs More Likely To Throttle Netizens Who Connect Through Carrier-Grade NAT: Cloudflare (theregister.com)
- Reference: 0179963298
- News link: https://tech.slashdot.org/story/25/11/04/1610204/isps-more-likely-to-throttle-netizens-who-connect-through-carrier-grade-nat-cloudflare
- Source link: https://www.theregister.com/2025/11/03/cloudflare_cgnat_bias_research
> Before the potential of the internet was appreciated around the world, nations that understood its importance managed to scoop outsized allocations of IPv4 addresses, actions that today mean many users in the rest of the world are more likely to find their connections throttled or blocked.
>
> So says Cloudflare, which last week published research that recalls how once the world started to run out of IPv4 addresses, engineers devised network address translation (NAT) so that multiple devices can share a single IPv4 address. NAT can handle tens of thousands of devices, but carriers typically operate many more. Internetworking wonks therefore developed Carrier-Grade NAT (CGNAT), which can handle over 100 devices per IPv4 address and scale to serve millions of users.
>
> That's useful for carriers everywhere, but especially valuable for carriers in those countries that missed out on big allocations of IPv4 because their small pool of available number resources means they must employ CGNAT to handle more users and devices. Cloudflare's research suggests carriers in Africa and Asia use CGNAT more than those on other continents.
>
> Cloudflare worried that could be bad for individual netizens. "CGNATs also create significant operational fallout stemming from the fact that hundreds or even thousands of clients can appear to originate from a single IP address," wrote Cloudflare researchers Vasilis Giotsas and Marwan Fayed. "This means an IP-based security system may inadvertently block or throttle large groups of users as a result of a single user behind the CGNAT engaging in malicious activity. Blocking the shared IP therefore penalizes many innocent users along with the abuser."
[1] https://www.theregister.com/2025/11/03/cloudflare_cgnat_bias_research
I'm getting blocked (Score:2)
Just from having 10s of tabs open, cloudfare hates users that operate outside of the norm.
Title should read ... (Score:2)
.... IPv6 is a failure.
IPv6 is great if:
1. You are starting from scratch (no IPv4)
2. You trust your firewall/router to fully and accurately work as a stateful firewall, with no bugs.
Re: (Score:2)
That was my thinking as well-- what went wrong with IPv6-- too complex, focused on the wrong problems, or the firewall issues. For home I gave up on it before because my ISP din't give a subnettable allocation which made it not worth the hassle. I have changed ISPs though, might want to check again.
The good news is... (Score:2)
...we should be finished with the IPv6 switchover by the end of the 1990s.
Re: (Score:2)
Some ISPs are way behind the times. I have a symmetrical 300Mbit connection from FiOS and it wasn't until a few years ago they supported IPV6.
Sucks (Score:2)
My local ISP switching to CG NAT was the last straw that made me actually switch to Comcast/Xfinity. Not only do you have all the aforementioned issues, you also can't connect back to your computer from the outside even by using Dynamic DNS services. I don't run websites or anything from my home network, but I do like to be able to get back in via SSH and retrieve files and such from my devices at home.
With Xfinity at least I'm back to having my own IP (and honestly the connection is more stable and faste
CGNAT plus IPv6 here. (Score:2)
I'm on CGNAT. While I understand there are ways to get this turned off, if you do you lose ipv6 connectivity.
My ISP is not the most competent[1] but it's my only option unless I go with something like 5G.
Sometimes IPv4 fails but not IPv6 and sometimes the other way around.
I notice far more quickly when ipv6 goes down. Far more websites stop working that do when I've only got IPv6 connectivity.
(Note that because of the way it fails, it's not that I lose the route, it's that the modem loses the traffic until
As in all things, Not just the internet! (Score:2)
" many innocent users along with the abuser" the innocent are always impacted more than the abuser who just moves on to destroy more elsewhere.
Re: (Score:2)
Hmm... Close to the heart of the matter. Obviously the bad actors are highly motivated to seek more eyeballs and attention, but the current Internet situation is muddled by "mostly harmless" suckers who just want to be famous. It's kind of like winning the lottery if an "influencer's" posts start going viral--but I'm also sure the bad actors are studying how those winners got the visibility, and whatever worked, the bad actors will double it.
Interesting negative example is bugging me right now. Where are al