Carrier-Grade NAT Explained

Understanding CGNAT (100.64.0.0/10), how to identify it, and its impact on network services.

What is Carrier-Grade NAT?

Carrier-Grade NAT (CGNAT) is a large-scale NAT implementation used by ISPs to share a single public IPv4 address among multiple customers. It's also called Large Scale NAT (LSN) or NAT444. CGNAT became necessary due to IPv4 address exhaustion - there simply aren't enough public IPv4 addresses for every device to have its own.

Why Do ISPs Use CGNAT?

ISPs use CGNAT because: - IPv4 addresses are expensive and scarce - Customer demand for internet connectivity continues to grow - Each customer may have multiple devices needing internet access - Transitioning to IPv6 takes time and planning CGNAT allows ISPs to serve more customers with fewer public IPv4 addresses.

pages.cgnat.addressRange.title

pages.cgnat.addressRange.sharedSpace

pages.cgnat.addressRange.labels.range: 100.64.0.0/10

pages.cgnat.addressRange.labels.fullRange: 100.64.0.0 to 100.127.255.255

pages.cgnat.addressRange.labels.totalAddresses: 4,194,304 addresses

pages.cgnat.addressRange.labels.rfc: RFC 6598

pages.cgnat.addressRange.breakdown.title

pages.cgnat.addressRange.breakdown.headers.networkpages.cgnat.addressRange.breakdown.headers.addressespages.cgnat.addressRange.breakdown.headers.use
100.64.0.0/121,048,576Large ISP CGNAT pool
100.80.0.0/121,048,576Large ISP CGNAT pool
100.96.0.0/121,048,576Large ISP CGNAT pool
100.112.0.0/121,048,576Large ISP CGNAT pool

How CGNAT Works

CGNAT creates a two-layer NAT system

pages.cgnat.natSystem.title

pages.cgnat.natSystem.headers.layerpages.cgnat.natSystem.headers.locationpages.cgnat.natSystem.headers.insideAddresspages.cgnat.natSystem.headers.outsideAddresspages.cgnat.natSystem.headers.purpose
Customer NATHome routerPrivate addresses (192.168.x.x, 10.x.x.x)CGNAT address (100.64.x.x)Translate devices to CGNAT address
Carrier NATISP equipmentCGNAT addresses (100.64.x.x)Public IPv4 addressesTranslate many customers to shared public IPs

pages.cgnat.trafficFlow.title

  1. Device (192.168.1.100) sends packet to internet
  2. Home router NATs to CGNAT address (100.64.50.200)
  3. ISP CGNAT translates to public IP (203.0.113.1) with unique port
  4. Internet sees traffic from 203.0.113.1:45678
  5. Return traffic follows reverse path with port mapping

How to Spot CGNAT

Check WAN IP on Router
pages.cgnat.identification.labels.description: Look at your router's WAN/Internet IP address
pages.cgnat.identification.labels.cgnatIndicator: IP address in 100.64.0.0/10 range
pages.cgnat.identification.labels.normalIndicator: Public IP address not in private ranges
Compare Router IP vs Public IP
pages.cgnat.identification.labels.description: Check what the internet sees vs router WAN IP
pages.cgnat.identification.labels.cgnatIndicator: Different addresses (router shows 100.64.x.x, internet sees public IP)
pages.cgnat.identification.labels.normalIndicator: Same address (router and internet see same public IP)
Port Forwarding Behavior
pages.cgnat.identification.labels.description: Try to set up port forwarding
pages.cgnat.identification.labels.cgnatIndicator: Port forwarding doesn't work from internet
pages.cgnat.identification.labels.normalIndicator: Port forwarding works normally
Online IP Detection
pages.cgnat.identification.labels.description: Use whatismyipaddress.com and compare
pages.cgnat.identification.labels.cgnatIndicator: Website shows different IP than router WAN IP
pages.cgnat.identification.labels.normalIndicator: Website shows same IP as router WAN IP

pages.cgnat.impacts.title

pages.cgnat.impacts.negative.title

No Inbound Connections

pages.cgnat.impacts.negative.labels.description: Cannot host servers or accept incoming connections

pages.cgnat.impacts.negative.labels.affectedServices: Web servers, Game servers, VPN servers, Remote access

pages.cgnat.impacts.negative.labels.workaround: Use cloud services or VPN tunnels

Port Forwarding Broken

pages.cgnat.impacts.negative.labels.description: Router port forwarding rules don't work from internet

pages.cgnat.impacts.negative.labels.affectedServices: Gaming consoles, Security cameras, Home automation

pages.cgnat.impacts.negative.labels.workaround: Use UPnP alternatives or cloud-based solutions

Geolocation Issues

pages.cgnat.impacts.negative.labels.description: Your location may appear incorrect online

pages.cgnat.impacts.negative.labels.affectedServices: Streaming services, Local search, Weather

pages.cgnat.impacts.negative.labels.workaround: Contact service providers or use location services

Gaming Problems

pages.cgnat.impacts.negative.labels.description: Multiplayer gaming may have connectivity issues

pages.cgnat.impacts.negative.labels.affectedServices: Console gaming, P2P games, Voice chat

pages.cgnat.impacts.negative.labels.workaround: Use gaming VPN or contact ISP for gaming package

VPN Issues

pages.cgnat.impacts.negative.labels.description: Some VPN protocols may not work properly

pages.cgnat.impacts.negative.labels.affectedServices: PPTP, L2TP, Some OpenVPN configs

pages.cgnat.impacts.negative.labels.workaround: Use VPN protocols that work through NAT

pages.cgnat.impacts.positive.title

  • Extends IPv4 address availability
  • Allows ISPs to serve more customers
  • Provides some security through address hiding
  • Reduces need for expensive IPv4 addresses
  • Enables ISPs to offer affordable internet service

pages.cgnat.workarounds.title

Request Public IP from ISP
pages.cgnat.workarounds.labels.description: Ask ISP for dedicated public IP (usually costs extra)
pages.cgnat.workarounds.labels.effectiveness: Complete solution
pages.cgnat.workarounds.labels.cost: Usually $5-20/month additional
Use IPv6
pages.cgnat.workarounds.labels.description: Enable IPv6 on router and devices
pages.cgnat.workarounds.labels.effectiveness: Works for IPv6-enabled services
pages.cgnat.workarounds.labels.cost: Free, but limited service support
VPN with Port Forwarding
pages.cgnat.workarounds.labels.description: Use VPN service that provides port forwarding
pages.cgnat.workarounds.labels.effectiveness: Good for specific services
pages.cgnat.workarounds.labels.cost: VPN subscription fee
Reverse Proxy Services
pages.cgnat.workarounds.labels.description: Use services like ngrok, Cloudflare Tunnel
pages.cgnat.workarounds.labels.effectiveness: Good for web services
pages.cgnat.workarounds.labels.cost: Varies, some free tiers available
Cloud Hosting
pages.cgnat.workarounds.labels.description: Move services to cloud providers
pages.cgnat.workarounds.labels.effectiveness: Complete solution for hosting
pages.cgnat.workarounds.labels.cost: Ongoing cloud hosting fees

pages.cgnat.troubleshooting.title

Gaming Console NAT Type Strict

pages.cgnat.troubleshooting.labels.cause: CGNAT prevents direct peer-to-peer connections

pages.cgnat.troubleshooting.labels.diagnosis: Check console network settings for NAT type

pages.cgnat.troubleshooting.labels.solution: Enable UPnP on router, consider gaming VPN, or request public IP

Security Cameras Not Accessible Remotely

pages.cgnat.troubleshooting.labels.cause: CGNAT blocks inbound connections to cameras

pages.cgnat.troubleshooting.labels.diagnosis: Port forwarding test fails from outside network

pages.cgnat.troubleshooting.labels.solution: Use cloud-based camera service or VPN access

VPN Server Won't Accept Connections

pages.cgnat.troubleshooting.labels.cause: CGNAT prevents inbound VPN connections

pages.cgnat.troubleshooting.labels.diagnosis: VPN connections timeout or fail to establish

pages.cgnat.troubleshooting.labels.solution: Use cloud VPN service or reverse VPN connection

Peer-to-Peer Applications Fail

pages.cgnat.troubleshooting.labels.cause: Double NAT prevents P2P hole punching

pages.cgnat.troubleshooting.labels.diagnosis: Applications report connectivity issues

pages.cgnat.troubleshooting.labels.solution: Use relay servers or protocol-specific workarounds

pages.cgnat.quickCheck.title

pages.cgnat.quickCheck.stepsTitle
  1. Check your router's WAN/Internet IP address
  2. If it starts with 100.64, you're behind CGNAT
  3. Compare with whatismyipaddress.com
  4. If different, confirms CGNAT deployment
pages.cgnat.quickCheck.nextStepsTitle
  • Test affected services (gaming, port forwarding)
  • Contact ISP about public IP availability and cost
  • Research workarounds for your specific needs
  • Consider IPv6 deployment if supported

pages.cgnat.bestPractices.title

  • Test your setup to confirm if you're behind CGNAT
  • Document affected services and plan workarounds
  • Consider IPv6 deployment as long-term solution
  • Evaluate cost of public IP vs workaround solutions
  • Use cloud services for hosting needs
  • Keep ISP contact info for escalating connectivity issues

pages.cgnat.ispPerspective.title

pages.cgnat.ispPerspective.whyTitle
CGNAT allows serving more customers with limited IPv4 space
Reduces IPv4 address costs for ISPs
Enables competitive pricing for internet service
Provides transition time for IPv6 deployment
Adds complexity to network troubleshooting
May require additional customer support for affected services
pages.cgnat.ispPerspective.tradeoffTitle
pages.cgnat.ispPerspective.tradeoffDescription