Its not really so bad. Its not like end users need IP addresses. All you need is addresses for all the major servers, and then like a couple dozen for each ISP, right?
It means that NAT-punching may stop working (because there may be two or three levels of it).
It makes fraud detection harder.
Plus, it's error prone -- once in a while, you'll get data that happens to look like your IP address, and you'll find that you can't send that precise sequence of bits in a packet ever because it'll get mangled by the NAT.
> once in a while, you'll get data that happens to look like your IP address, and you'll find that you can't send that precise sequence of bits in a packet ever because it'll get mangled by the NAT
How so? Those bits should only matter to the NAT logic if they are found in their expected position in the IP header, not in the payload portion of the datagram.
Some cheap NAT devices rewrites stuff that "looks like" the internal IP addresses inside the TCP payload, in a hackish attempt to "fix" things like FTP and other protocols that send addresses in the payload. A really stupid and dangerous way to do things, but it's been known to happen.
Crazy. Has that been observed in carrier-grade NAT boxes, though? Or only in el-cheapo residential devices? It seems an incredible risk to the carriers to do things that way.
