What is CG-NAT and why do some operators use it?
CG-NAT or also known as Carrier-Grade NAT or Carrier-Grade Network Address Translation, is a technology that operators implement in their networks to save IPv4 addresses that are already exhausted. Due to the depletion of public IP addresses, operators have been providing private IP addressing in 3G / 4G and 5G networks for years, because normally in smartphones or tablets we are not going to host any type of server. However, for some years now they have also passed this CG-NAT technology to their fiber optic networks, providing customers with a specific private address that is not routable through the Internet, this means that we will not be able to access FTP servers, VPN or any other type of server that we have in our home.
Knowing if my operator has given me a public IP address or I am behind the CG-NAT is very important, especially for users who have a NAS server in their homes to host different servers, if we want to access a VPN server that we have in the local network, and other quite common uses such as setting up our own private cloud with Nextcloud. We will not be able to do all these uses, because the operator will provide our router with a private address within the range 100.64.0.0/10, therefore, even if we open ports on the router (port-forwarding or port forwarding) we will not we will have end-to-end connectivity.
Due to this private address reserved for CG-NAT of 100.64.0.0/10, the first IP address will go from 100.64.0.1 to 100.127.255.254, so we will have about 4 million private IP addresses that we can provide to our clients, however, it is normal to have smaller subnets with fewer clients sharing the same public IP address.
In the following diagram that we have made with the GNS3 program for network simulation, we can see how CG-NAT works. The router that we have in our home are any of the R1, R2, R3, R4, each of these routers are the ones that could be in your home, and the «CGN» router is the router of the operator that is doing NAT and sharing the same public IP address (188.8.131.52)
Although we carry out a “port-forwarding” in the domestic routers that we have at home, we will not be able to do this in the CGN router that belongs to the operator. For this reason, it is essential to know if our operator has me in CG-NAT or I have a public IP address to be able to access all the services of our home (FTP server, NAS, VPN and more).
How to know if my operator has me in CG-NAT or I have a public IP
We can know if our operator has provided us with a public IP address, or nevertheless, he has us behind a CG-NAT with several methods that we are going to explain in detail. Any of the methods that we are going to teach you next, will tell us if we have a public IP address, or, however, our operator has put us inside a CG-NAT. In addition, we could use one or more methods at a time without problems to verify for sure if we have public IP in our home or if we do not have it.
View the WAN IP address on the router
The first thing we have to do is access our home router, either one configured by you or the one provided by the Internet operator. You must access through your default gateway, normally you will access through http://192.168.1.1 or http://192.168.0.1Then you log in with the username and password you have (by default it is usually the user “admin” and the password “admin”).
A section will appear on the router’s status screen where it says «WAN IP Address«,«WAN IP»Or similar, that is, we have to look at what IP address the router’s Internet WAN interface is getting. In the following screenshot you can see a Digi connection using CG-NAT, as can be seen in the “IP Address” section.
To know if our IP address is public or is in CG-NAT, it is as simple as knowing if that IP address that the router indicates is within the range of CG-NAT or it has nothing to do with it. If the IP address is within the 100.64.0.0/10 subnet, that is, within the range 100.64.0.1 to 100.127.255.254, then we can ensure that we are in CG-NAT because this range belongs to this technology and is reserved.
Compare the WAN IP of the router with the public IP obtained on the Internet
Another very useful method to know if our IP address is in CG-NAT or we have a public IP, is to compare the «WAN IP Address» that appears in our router, with the public IP address that we can get through websites such as What is my ip. If the IP address indicated by this website is exactly the same as the one indicated by the WAN IP address of our router, then we can ensure that the operator has provided us with a public IP address and we are not within CG-NAT.
This method to find out if we are in CG-NAT or not is one of the simplest, since we will only have to compare the two IP addresses, without having to know if it is within the range of CG-NAT 100.64.0.0/10 as we have. explained above.
Make a traceroute or tracert to our public IP
Yes you enter the web page of What is my IP and the web tells you that your public IP address is 184.108.40.206, you open a command prompt in Windows (Windows key and put in the search engine “cmd” and press enter), and you put:
If the trace has 1 single hop, it means you have public IP, if it has 2 hops it means you are in CG-NAT. The reason for this is that to reach the public IP address, one of the hops will be on the home router, and the other jump (the second) will be on our operator’s CGN router.
- If we have a jump, we can ensure that the IP address is public and the router has it.
- If we have two jumps, we can ensure that we are in CG-NAT
We hope that with these steps you can find out easily and quickly if we are with public IP addressing or, on the contrary, you are under CG-NAT.