Because the IP address the Roku is trying to reach is an IPv4 address. You can't just translate that to IPv6 and say "good luck little packet".

If you translate at the customers router that's fine and all, but now you have an IPv4 packet in an IPv6 packet, that IPv6 packet needs to get routed to a device that knows how to then turn it back into an IPv4 packet so that it can then go travel on the open internet like the electrons intended...

Once that IPv4 response come back, it needs to get translated back to IPv6, sent to the customers edge, which translates it back from IPv6 to IPv4 to send to the Roku device.

Oh, what a mess. I don’t like that at all.

I was assuming that there was some way to translate the IPv4 address of the server to an IPv6 one and process it that way, putting the burden of supporting IPv6 on the server side. I had no idea that Roku would actually need to be exposing an IPv4 server to handle these requests.

That makes sense then that the ISP would need some number of IPv4 addresses that it could use to communicate with IPv4 servers on behalf of IPv4 client devices.

Shame on Roku for perpetuating this problem.

The more usual reason why devices would be making an IPv4 request despite having an IPv6-supporting connection is precisely because the server doesn't support IPv6 - either the network it's on doesn't support it, or it's not configured for it, or more rarely the software on the other end doesn't have IPv6 support. The request can't just be translated into an IPv6 one because there's no way of knowing that the server even understands that, let alone what its associated IPv6 address is.

CG-NAT (NATing centrally at the ISP's internet edge) is cheaper/simpler than something like 464xlat (NATing v4 locally over v6) since you can do the former on 2 boxes instead of 20,000. That said the 2nd option is much cooler :).

464XLAT still requires IPv4 boxes on the edge to translate IPv6 traffic back to IPv4. Whether that is two boxes or 20,000, the same is true for other CG-NAT solutions. Someone somewhere is bearing the cost of translating.

Usually you need a special box at the consumer side to do 464XLAT, it's not something you can just ask your customer's Netgear to do and it's usually more expensive if you want to provide it as the customer's rented router. CG-NAT however looks completely normal to all gear (other than the particular numbers assigned) except the 2 edge boxes. It's the ultimate cost saving kludge.

Most modern OSes (I know for a fact Android, iOS, and Windows) support automatically doing the 4->6 translation on their side (as a matter of fact, some cellular networks in the US are ipv6 only).

I'm unsure if consumer routers would pass on the appropriate RA flag to tell the OS they need to do this in their default configuration however.

Well the devices that support 464xlat already support IPv6 by definition. CG-NAT/464XLAT+Client NAT at the gateway is for the devices like the Rokus that don't support IPv6 at all.

NAT64 doesn't work if the connection is made to a hardcoded IP(v4) address rather than DNS entry, and that's way more common than you'd think! Thus why 464XLAT and similar exist.

Absolutely but CG-NAT would be NAT444 (i.e. double NAT to dual stack) not NAT64. I mean they probably did try NAT64 based on the description of the botched 1st attempt but CG-NAT would have negated the need for NAT64 in the first place. Putting a x464 CLAT that can gateway/NAT the local network everywhere would definitely achieve the same functional goal though, just more ISP devices.