After trying to connect two machines via WebRTC I learned that one of the machines is sitting behind a symmetric NAT (here's a great article about it by Philipp Hancke). This machine hasn't been always sitting behind a symmetric NAT. I could connect to it a couple of months ago without any problems (using only STUN servers). The hardware and software on that machine hasn't change since then, so I figure that the ISP must have done something.
My questions are:
What do you think?
Symmetric NATs, (aka "address and port dependent mapping"), don't really have any customer benefit. They make P2P connections much harder and more likely to be relayed.
Symmetric NAT are inherently simpler as the code behind such devices (or services) can just "obtain the first available port" instead of having to maintain a more complicated routing table. Less state to maintain.
It's entirely possible that your ISP literally ran out of unique IPv4 addresses and is now running NAT within their own network. ("carrier nat").
When you think of your ISP running multiple layers of networking gear, symmetric NAT just sort of occurs as a result of their network architecture. And because trying to guarantee predictable port mapping is harder at their scale.
You can self detect what kind of NAT environment you are running by using the stunclient tool that comes with the stuntman code.
stunclient --mode full stunserver.stunprotocol.org