greenwood-IT on VM419641F Phone: 023 80 986 954


Security Notification April 2024
This is to confirm that we are trialling a new Business Account with mettle. Invoices produced after September 1st, 2023 may therefore have different bank account details. The sort code will be 04-03-33 and the individual digits in the account number will total 33.
I have posted the same message on my Facebook page. If you have any concerns, please contact me.

NAVIGATE
  Home
  Troubleshooting
  Solutions
  Upgrades
  Cyber Essentials
  Antivirus
  Voice Over IP
  Offsite Backups
  Network Setup
  Starlink Setup
  Local Weather
  Local Ferries
  What's Hot
  About Us
  Privacy Policy
  Contact Us

Synology Partner

DrayTek DCNA Certified
Cyber Essentials Certified
 " The smoothness of the exercise and result tend to hide the excellent work done by John. "

  Nick - Natwest

Like is on Facebook


Fasthosts Solutions Partner

Use OpenDNS

  Possibly not the most technically accurate document I've ever written, but I'm hoping it makes something very complex a little more understandable.

IP Addresses (IPv4 in particular)

Old Phone Call Router

You've probably seen an Internet Protocol Address (IP Addr), and unless you're a real nerd, you've ignored it - but they are important :-) Think of an IP address as an internet phone number, it identifies your device, and so needs to be globally unique. The unique E164 format phone number, +442380986954, will only ring the phone on my desk in the same way that IP address 77.68.14.146 will only connect to this web server.

Unfortunately the length of these numbers restrict how many devices we can use (Which is why we renumbered all the London phones and added extra digits in 1995). An IP address in the format shown, can support just over 4 billion devices - current estimates suggest there are over 16 billion IP devices in use! Currently two solutions are in use, one if to upgrade to IPv6 address (they are horribly long and complex) or to implement Network Address Translation (NAT).

NAT - Network Address Translation

My Web Server
Web Server
77.68.14.146
Your NAT Router
Home Router
52.14.85.76
Your Home Network
Home Network
192.168.0.0/24

Traditionally, many small businesses had their own small telephone exchanges in their office. This allowed external people to call in, and the call could then be passed to the correct telephone within the building. This allowed the business to have dozens of phones on desks, but perhaps only have one incoming phone number. This meant that businesses didn't have to publish the number of every desk, as the company operator would 'route' your call to the correct desk. This is exactly what your broadband router does, it has one public IP address (yours looks like it's 52.14.85.76) and it routes the various incoming traffic to your device inside the building. When someone rings a phone number, or connects to your IP address, they have no idea how many extensions (employees) or computers you have inside your building. The router needs to just remember which traffic is destined for which device - this remembering and re-routing is the core NAT functionality.

So NAT explains who we can connect 16 billon devices to 4 billion routers today, but unfortunately with so many mobile devices (phones, cars etc) we are still in trouble. IPv6 was proposed as the solution over 25-years ago, but IPv4 is still everywhere today. As another work around, telecoms carriers (mobile phone networks) had implemented NAT on their own networks from day one. More recently though, low-cost broadband providers have also started to implement this Carrier Grade NAT solution to reduce costs end extend the life of their older equipment.

CGNAT - Carrier Grade NAT

My Web Server
Web Server
77.68.14.146
Carriers NAT Box
Home Router
52.14.85.76
Your NAT Router
Home Router
172.10.23.189
Your Home Network
Home Network
192.168.0.0/24

So CGNAT is basically double-natting the traffic. This clearly works for web browsing, as you are reaching out from your device and each NAT router is remembering you asked for this traffic, so when I send this text back, it should get to the right computer! However, what if I wanted to initiate a link to your machine? What if you run an email server or a CCTV camera system? The two NAT routers have no 'memory' on how to get the informtion to the right target machine as there was no outgoing request a few seconds before.

From this current web browser session, I believe I'm talking to your router on 52.14.85.76 - but is this you or the carriers router in the local telephone exchange? The carrier router knows nothing about your computer (or it shouldn't!) and so it can't route my incoming data successfully. This is the main issue with CGNAT and causes problems for many businesses and home users who do more than basic web browsing and streaming.

Testing for CGNAT

If you're on any version of Windows, then it's very easy. We just need to ask your router if it's IP address matches who I think you are. Just start a CMD shell and type;

tracert -h 1 52.14.85.76

Microsoft Windows [Version 10.0.22621.1702]
(c) Microsoft Corporation. All rights reserved.

C:\Users\John>tracert -h 1 52.14.85.76

Tracing route to host52-14-85-76.yourprovider.com [52.14.85.76]
over a maximum of 1 hops:

  1     1 ms     1 ms     1 ms  host52-14-85-76.yourprovider.com [52.14.85.76]

Trace complete.

C:\Users\John>

If the line in red does not show your IP address, then you know you have a CGNAT situation.

If you do want to access various services remotely, then you will need to speak to your internet provider about getting a 'Public IP Address' - I can help.

Home | Troubleshooting | Solutions | Upgrades | Cyber Essentials | Antivirus | VoIP | Backups | Networks | Starlink | Weather | Ferries | What's Hot | About | Privacy | Contact
© 2005-2024 - John Greenwood - All Rights Reserved

fetid