IP Addresses (IPv4 in particular)

You've probably seen an Internet Protocol Address (IP Addr), and unless you're a real nerd, you've ignored it - but they are important :-) Think of an IP address as an internet phone number, it identifies your device, and so needs to be globally unique. The unique E164 format phone number, +442380986954, will only ring the phone on my desk in the same way that IP address 77.68.14.146 will only connect to this web server.

Unfortunately the length of these numbers restrict how many devices we can use (Which is why we renumbered all the London phones and added extra digits in 1995). An IP address in the format shown, can support just over 4 billion devices - current estimates suggest there are over 16 billion IP devices in use! Currently two solutions are in use, one if to upgrade to IPv6 address (they are horribly long and complex) or to implement Network Address Translation (NAT).

NAT - Network Address Translation

My Web Server 77.68.14.146

Your NAT Router 18.116.89.8

Your Home Network 192.168.0.0/24

Traditionally, many small businesses had their own small telephone exchanges in their office. This allowed external people to call in, and the call could then be passed to the correct telephone within the building. This allowed the business to have dozens of phones on desks, but perhaps only have one incoming phone number. This meant that businesses didn't have to publish the number of every desk, as the company operator would 'route' your call to the correct desk. This is exactly what your broadband router does, it has one public IP address (yours looks like it's 18.116.89.8) and it routes the various incoming traffic to your device inside the building. When someone rings a phone number, or connects to your IP address, they have no idea how many extensions (employees) or computers you have inside your building. The router needs to just remember which traffic is destined for which device - this remembering and re-routing is the core NAT functionality.

So NAT explains who we can connect 16 billon devices to 4 billion routers today, but unfortunately with so many mobile devices (phones, cars etc) we are still in trouble. IPv6 was proposed as the solution over 25-years ago, but IPv4 is still everywhere today. As another work around, telecoms carriers (mobile phone networks) had implemented NAT on their own networks from day one. More recently though, low-cost broadband providers have also started to implement this Carrier Grade NAT solution to reduce costs end extend the life of their older equipment.

CGNAT - Carrier Grade NAT

My Web Server 77.68.14.146

Carriers NAT Box 18.116.89.8

Your NAT Router 172.10.23.189

Your Home Network 192.168.0.0/24

So CGNAT is basically double-natting the traffic. This clearly works for web browsing, as you are reaching out from your device and each NAT router is remembering you asked for this traffic, so when I send this text back, it should get to the right computer! However, what if I wanted to initiate a link to your machine? What if you run an email server or a CCTV camera system? The two NAT routers have no 'memory' on how to get the informtion to the right target machine as there was no outgoing request a few seconds before.

From this current web browser session, I believe I'm talking to your router on 18.116.89.8 - but is this you or the carriers router in the local telephone exchange? The carrier router knows nothing about your computer (or it shouldn't!) and so it can't route my incoming data successfully. This is the main issue with CGNAT and causes problems for many businesses and home users who do more than basic web browsing and streaming.

Testing for CGNAT

If you're on any version of Windows, then it's very easy. We just need to ask your router if it's IP address matches who I think you are. Just start a CMD shell and type;

tracert -h 1 18.116.89.8  [Copy to Clipboard]

Microsoft Windows [Version 10.0.22621.1702] (c) Microsoft Corporation. All rights reserved. C:\Users\John>tracert -h 1 18.116.89.8 Tracing route to host18-116-89-8.yourprovider.com [18.116.89.8] over a maximum of 1 hops:   1     1 ms     1 ms     1 ms  host18-116-89-8.yourprovider.com [18.116.89.8] Trace complete. C:\Users\John>

If the line in red does not show your IP address, then you know you have a CGNAT situation.

If you do want to access various services remotely, then you will need to speak to your internet provider about getting a 'Public IP Address' - I can help.