My question aligns with a question and reply in a Reddit thread about T-Mobile's Cellular Broadband offering and use with HA (smart home stuff).
Specifically, the nature of T-Mobile's IP allocation (CGNAT), port access, and HE server to hub connectivity ....but I created the topic to be more general in case others follow with similar Cellular Provider concerns.
Hope this prompts some discussion for the benefit of future Cellular Broadband subscribers.
Reddit Reply to a question about ...how it's working for smart homes:
""
My wifi thermostat works fine, smart devices like remotes for A/Cs also work fine, my security cameras work if they are connected via Cloud or P2P. You can't do a direct connection like on cable or dsl (ie: mydnsname.net:5400 or 166.26.256.5:5400) unless you run a VPN.
""
I'm not sure what your exact question/concern is, but I think the issue the poster in the comment you linked to is related to carrier-grade NAT that T-Mobile Home Internet and most cellular internet providers use. Your public IP address is shared among multiple other users, unlike cable or DSL where you normally get your own, so you can't do things like port-forwarding to access resources on your network directly from outside. This is a bad idea to do for your Hubitat hub anyway (and hard to do after recent security changes), but it also makes things like hosting a VPN into your own network at home tricky. Along those lines, I'm really not sure how the poster in that same comment is proposing a VPN as a solution--it poses same problem of how to reach if you're hosting it at home--unless you host a VPN in a VPS or whatnot on the Internet and connect both your devices to that, I suppose.
Regardless, this wouldn't affect Hubitat cloud services or anything I can think of related to regular use of any Hubitat feature. Remote Dashboard, Alexa, etc. use a connection initiated inside your own network--from the hub--to these servers. Remote Admin, should you use it, works similarly. This is no more of a problem than the NAT you're undoubtedly using on your internal network is already--which is to say not a problem at all.
There are some verisons of the t-mobile CPE that have extremely limited functionality - in the case I recall from this community there was no way to reserve an IP address. Not insurmountable but it really seemed like the hardware left a lot to be desired.
I got the impression that frequent IP address changing on their side, together with the IPv4/IPv6 gymnastics was presenting a problem for a handful of things. All made worse by the fact that their box (or familiarly called trashcan) does not allow you to use it as a traditional full functioned router, nor does it have a bridge mode so that you can use your own. So that brings up more NAT issues.
Not fully knowing the mechanics of how Hubitat does the Remote Dashboard, Backups, and Remote Admin as it currently is structured I thought I'd throw this out there for the very type of discussion that arose. So thank you. Sorry I didn't make myself clear before.
Their 5G (or rather, facsimile thereof in some areas) is garnering A LOT of attention at it's $50 price point and speed. It's only a matter of time that more folks that use, or want to use, HE may be considering it. This is a stake in the ground for those subsequent discussions.
P.S. I don't want to advertise for T-Mobile but if you go to the top of that Reddit forum and read some of the success stories you'll see why a lot of folks "with Comcast (or lessor) as an option" are excited, ...even with some of the quirks.
I was researching T-Mobile home internet today. TL;DR a home vpn server will not work behind CGNAT. T-Mobile home internet uses GCNAT. In our area Adelphia uses CGNAT (Carrier Grade NAT). They aggregate local user ip addresses and serve them from a router which provides an internet facing ip address which is the same for all of the downstream users. Not a problem unless you want to run a VPN server. For that to work you need a unique public ip address. Normally you would request a static ip address or use a dynamic ip address service. Both work well but will not work with CGNAT. Fortunately for my client Adelphia will bypass CGNAT on request. Most users would have no idea that CGNAT is a thing and would likely just give up.
Been following the Customer Satisfaction side of the T-Mobile deployment and there seems to be some disappointment welling in near-urban areas as Home Broadband takes a back seat to mobile use demand/priority.
Folks go from excitement over the speeds and freedom from a certain ISP many love to hate...to being in the middle of commute-coincident Zoom Mtgs and losing acceptable connectivity.
It's going to be a while before capacity constraints are a less obvious PITA than this in urban areas.
Revisiting this thread to post a link to a relevant thread in case anyone considering T-Mobile's service might benefit from being forewarned. I believe the Business service level avoids CGNAT, or at the least it will if you pay for a Static IP.
After reading some of those links I'm left pondering the trade offs made.
The Cellular ISP options now available seem affordably offered...but at "a cost" ....which in this case TailScale mitigates ....but is that not equally costly in terms of complexity and perhaps security.
The more these new providers try to meet the demand, and do so with methods that allow them to "get more from less" (scraping profit out from under the ISP status quo) , the more creative solutions need to be applied to make some things work right. And so entire new businesses are born, at what risk.