Re: That's pretty much all it does
>NAT: it ain't a kludge, it's a vital security tool.
NO! NAT is an abomination. The very concept of NAT breaks so many protocols in unnecessary ways.
Duplicate addressing is a stupid thing to implement. Ignoring internet access, merging two medium-sized companies' private address space is a massively expensive project which can take years to complete.
For the classic usage of NAT, the logic of not having inbound sessions is just as easy to implement with IPv6 as it is with IPv4 NAT. You have a session state table and you block everything not initiated from one particular interface / IP range. Changing the IP address and port numbers are just an additional steps.
There is no belief that every endpoint _should_ be visible but there is a belief that making any endpoint visible when required should not be difficult.
I have a "fixed" wireless broadband connection on 5g with 70mb/s+ throughput. Before I had this "internet connection" I used to run a mail server for my company's domain. This is no longer possible because of CGNAT. I can't have an inbound mail connection and without an inbound connection for domain verification I can't get TLS certificates. There are no cables to my location and not a single ISP provides non-NAT'd wireless links because of the horribly mistaken belief that no endpoint needs to be publicly visible on the internet. The amount of spam coming through my new hosted provider is many times what I had before.
There are some "huh?" things in IPv6 which make packet tracing difficult. That was a mistake. However, the NDP multicast thing is basically what evpns pretty much have to retrofit to ipv4. It allows larger, flatter networks. I suspect with automation and SDN we'll end up pushing security policy to the endpoints in corporate networks and use ip networks to locate hosts geographically rather than as logical subdivisions.
The main issue is the additional cost of maintaining ipv6 and ipv4 requires vision. I think I'd be looking at moving things to IPv6 only where possible and keeping ipv4 at the edge. It may need a bit of effort to link up things which can't use ipv6, but its probably better to do that than trying to maintain two schemas throughout.