Carrier-Grade NAT Explained

Understanding CGNAT (100.64.0.0/10), how to identify it, and its impact on network services.

What is Carrier-Grade NAT?

Carrier-Grade NAT (CGNAT) is a large-scale NAT implementation used by ISPs to share a single public IPv4 address among multiple customers. It's also called Large Scale NAT (LSN) or NAT444. CGNAT became necessary due to IPv4 address exhaustion - there simply aren't enough public IPv4 addresses for every device to have its own.

Why Do ISPs Use CGNAT?

ISPs use CGNAT because: - IPv4 addresses are expensive and scarce - Customer demand for internet connectivity continues to grow - Each customer may have multiple devices needing internet access - Transitioning to IPv6 takes time and planning CGNAT allows ISPs to serve more customers with fewer public IPv4 addresses.

CGNAT Address Range

Shared Address Space

Range: 100.64.0.0/10

Full Range: 100.64.0.0 to 100.127.255.255

Total Addresses: 4,194,304 addresses

RFC: RFC 6598

Address Breakdown

Network BlockAvailable AddressesTypical Use
100.64.0.0/121,048,576Large ISP CGNAT pool
100.80.0.0/121,048,576Large ISP CGNAT pool
100.96.0.0/121,048,576Large ISP CGNAT pool
100.112.0.0/121,048,576Large ISP CGNAT pool

How CGNAT Works

CGNAT creates a two-layer NAT system

Two-Layer NAT System

LayerLocationInside AddressOutside AddressPurpose
Customer NATHome routerPrivate addresses (192.168.x.x, 10.x.x.x)CGNAT address (100.64.x.x)Translate devices to CGNAT address
Carrier NATISP equipmentCGNAT addresses (100.64.x.x)Public IPv4 addressesTranslate many customers to shared public IPs

Traffic Flow

  1. Device (192.168.1.100) sends packet to internet
  2. Home router NATs to CGNAT address (100.64.50.200)
  3. ISP CGNAT translates to public IP (203.0.113.1) with unique port
  4. Internet sees traffic from 203.0.113.1:45678
  5. Return traffic follows reverse path with port mapping

How to Spot CGNAT

Check WAN IP on Router
Description: Look at your router's WAN/Internet IP address
CGNAT Indicator: IP address in 100.64.0.0/10 range
Normal Indicator: Public IP address not in private ranges
Compare Router IP vs Public IP
Description: Check what the internet sees vs router WAN IP
CGNAT Indicator: Different addresses (router shows 100.64.x.x, internet sees public IP)
Normal Indicator: Same address (router and internet see same public IP)
Port Forwarding Behavior
Description: Try to set up port forwarding
CGNAT Indicator: Port forwarding doesn't work from internet
Normal Indicator: Port forwarding works normally
Online IP Detection
Description: Use whatismyipaddress.com and compare
CGNAT Indicator: Website shows different IP than router WAN IP
Normal Indicator: Website shows same IP as router WAN IP

Impact on Services

Negative Impacts

No Inbound Connections

Description: Cannot host servers or accept incoming connections

Affected Services: Web servers, Game servers, VPN servers, Remote access

Workaround: Use cloud services or VPN tunnels

Port Forwarding Broken

Description: Router port forwarding rules don't work from internet

Affected Services: Gaming consoles, Security cameras, Home automation

Workaround: Use UPnP alternatives or cloud-based solutions

Geolocation Issues

Description: Your location may appear incorrect online

Affected Services: Streaming services, Local search, Weather

Workaround: Contact service providers or use location services

Gaming Problems

Description: Multiplayer gaming may have connectivity issues

Affected Services: Console gaming, P2P games, Voice chat

Workaround: Use gaming VPN or contact ISP for gaming package

VPN Issues

Description: Some VPN protocols may not work properly

Affected Services: PPTP, L2TP, Some OpenVPN configs

Workaround: Use VPN protocols that work through NAT

Positive Aspects

  • Extends IPv4 address availability
  • Allows ISPs to serve more customers
  • Provides some security through address hiding
  • Reduces need for expensive IPv4 addresses
  • Enables ISPs to offer affordable internet service

Workarounds and Solutions

Request Public IP from ISP
Description: Ask ISP for dedicated public IP (usually costs extra)
Effectiveness: Complete solution
Cost: Usually $5-20/month additional
Use IPv6
Description: Enable IPv6 on router and devices
Effectiveness: Works for IPv6-enabled services
Cost: Free, but limited service support
VPN with Port Forwarding
Description: Use VPN service that provides port forwarding
Effectiveness: Good for specific services
Cost: VPN subscription fee
Reverse Proxy Services
Description: Use services like ngrok, Cloudflare Tunnel
Effectiveness: Good for web services
Cost: Varies, some free tiers available
Cloud Hosting
Description: Move services to cloud providers
Effectiveness: Complete solution for hosting
Cost: Ongoing cloud hosting fees

Troubleshooting Common Issues

Gaming Console NAT Type Strict

Cause: CGNAT prevents direct peer-to-peer connections

Diagnosis: Check console network settings for NAT type

Solution: Enable UPnP on router, consider gaming VPN, or request public IP

Security Cameras Not Accessible Remotely

Cause: CGNAT blocks inbound connections to cameras

Diagnosis: Port forwarding test fails from outside network

Solution: Use cloud-based camera service or VPN access

VPN Server Won't Accept Connections

Cause: CGNAT prevents inbound VPN connections

Diagnosis: VPN connections timeout or fail to establish

Solution: Use cloud VPN service or reverse VPN connection

Peer-to-Peer Applications Fail

Cause: Double NAT prevents P2P hole punching

Diagnosis: Applications report connectivity issues

Solution: Use relay servers or protocol-specific workarounds

Quick CGNAT Check

Steps to Check
  1. Check your router's WAN/Internet IP address
  2. If it starts with 100.64, you're behind CGNAT
  3. Compare with whatismyipaddress.com
  4. If different, confirms CGNAT deployment
What to Do Next
  • Test affected services (gaming, port forwarding)
  • Contact ISP about public IP availability and cost
  • Research workarounds for your specific needs
  • Consider IPv6 deployment if supported

Best Practices

  • Test your setup to confirm if you're behind CGNAT
  • Document affected services and plan workarounds
  • Consider IPv6 deployment as long-term solution
  • Evaluate cost of public IP vs workaround solutions
  • Use cloud services for hosting needs
  • Keep ISP contact info for escalating connectivity issues

ISP Perspective

Why ISPs Use CGNAT
CGNAT allows serving more customers with limited IPv4 space
Reduces IPv4 address costs for ISPs
Enables competitive pricing for internet service
Provides transition time for IPv6 deployment
Adds complexity to network troubleshooting
May require additional customer support for affected services
Understanding the Trade-off
CGNAT is a necessary compromise. It allows ISPs to provide affordable internet service during IPv4 exhaustion, but at the cost of some functionality. The long-term solution is IPv6 adoption.