CGNAT I Learnt

I was troubleshooting a friend’s PC few weeks ago when something caught my eye. I can’t recall why I looked up their IP address, but when I did, it caught my attention. It was similar to mine, digit for digit. This was unusual. As someone who often whitelists their IP on remote databases and servers, I’ve grown accustomed to the sequence and pattern of my own public IP. So how could their address be so similar to mine if we weren’t even on the same router?

That moment of curiosity led me down a rabbit hole.
The answer: CGNAT!

What is CGNAT?

Carrier-Grade NAT(CGNAT) is a networking technology that internet service providers use to stretch the limited pool of IPv4 addresses. Instead of assigning every customer a unique public IP, the ISP lets multiple households share a single one.

From the outside, that means both my friend and I were showing up on the internet with the same public IP, even though our routers were entirely separate.

In a perfect world, every router would get its own public IP. But because IPv4 addresses are running out, ISPs have resorted to sharing. If you’d like a quick refresher on IP addresses and why they matter, here’s a helpful Wikipedia article.

IPv4 vs IPv6: Why We Are Sharing IPs

To understand this, you need to know about the two main kinds of IP addresses in use today:

• IPv4: It uses a 32-bit system. Think of it as having 32 boxes, and each box can hold a number that’s either 0 or 1. When you line them all up, you can make about 4.3 billion unique combinations. Each of those combinations is one possible IP address. With billions of smartphones, laptops, smart TVs, and even smart fridges needing an IP, we’ve almost run out.

• IPv6: This is the modern solution. It uses a 128-bit system. Now imagine 128 boxes instead of 32. The number of unique combinations you can make is about 340 undecillion (yeah, that’s a real number I didn’t know existed either). Running out of IPV6 addresses is practically impossible.

The Disadvantages of CGNAT

• Privacy concerns: Since multiple people share the same public IP, any internet activity tied to that IP doesn’t clearly point to one person. This makes device fingerprinting (the tracking of unique details about your browser or device) look like the best invention the internet ever had.

• Port forwarding problems: Want to set up a cool homelab like the one you saw on YouTube? Or maybe host your personal blog on an old desktop computer? Good luck with that. Since you don’t actually control your public IP, you’re going to have to explore more technical workarounds.

• False restrictions: If someone else sharing your IP misbehaves online, services and websites might block the entire IP. Imagine losing access to Netflix or YouTube because a stranger who shares your IP violated their terms of use. (You wouldn’t be losing that much anyway, I could argue.)

Final Thoughts

For me, this leaves a question of whether ripping off customers by taking advantage of their limited technical knowledge is the norm in Kenya. Not long ago, I wrote about the dangers Telcos expose us to by reselling used phone numbers. Now, with CGNAT, our local ISPs are cutting costs by avoiding investing in IPv6 infrastructure.

The same pattern shows up with sellers of gadgets like laptops and phones, where most buyers don’t have the technical background to challenge what they’re being sold. In the end, you are paying more for less.

Categories: Privacy, Networking