greenwood-IT on VM419641F Phone: 023 80 986 954


Security Notification February 2024
This is to confirm that we are trialling a new Business Account with mettle. Invoices produced after September 1st, 2023 may therefore have different bank account details. The sort code will be 04-03-33 and the individual digits in the account number will total 33.
I have posted the same message on my Facebook page. If you have any concerns, please contact me.

NAVIGATE
  Home
  Troubleshooting
  Solutions
  Upgrades
  Cyber Essentials
  Antivirus
  Voice Over IP
  Offsite Backups
  Network Setup
  Starlink Setup
  Local Weather
  Local Ferries
  What's Hot
  About Us
  Privacy Policy
  Contact Us

Synology Partner

DrayTek DCNA Certified
Cyber Essentials Certified
 " I have used John on numerous technical projects that required tight turnaround times. John has delivered on time, to the specification and within budget, every time. "

  J. Turner

Like is on Facebook


Fasthosts Solutions Partner

Use OpenDNS

  Possibly not the most technically accurate document I've ever written, but I'm hoping it makes something very complex a little more understandable.

IP Addresses (IPv4 in particular)

Old Phone Call Router

You've probably seen an Internet Protocol Address (IP), and unless you're a real nerd, you've ignored it - but they are important :-) Think of an IP address as an internet phone number, it identifies your device, and so needs to be globally unique. The unique E164 format phone number, +442380986954, will only ring the phone on my desk in the same way that IP address 77.68.14.146 will only connect to this web server.

Unfortunately the length of these numbers restrict how many devices we can use (Which is why we renumbered all the London phones and added extra digits in 1995).An IP address in the format shown, can support just over 4 billion devices - current estimates suggest there are over 16 billion IP devices in use! Currently two solutions are in use, one if to upgrade to IPv6 address (they are horribly long and complex) or to implement Network Address Translation.

NAT - Network Address Translation

Web Server
Web Server
77.68.14.146

NAT Router
Home Router
44.210.77.73

Home Network
Home Network
192.168.0.0/24

Traditionally, many small businesses had their own small telephone exchanges in their office. This allowed external people to call in, and the call could then be passed to the correct telephone within the building. This allowed the business to have dozens of phones on desks, but perhaps only have one incoming phone number. This meant that businesses didn't have to publish the number of every desk, as the company operator would 'route' your call to the correct phone. This is exactly what your broadband router does, it has one public IP address (yours looks like it's 44.210.77.73) and it routes the various traffic to your device inside the building. When someone rings a phone number, or connects to your IP address, they have no idea how many extensions (employees) or computers you have. The router needs to just remember which traffic is destined for which device - this remembering and re-routing is the core NAT functionality.

So NAT explains who we can connect 16 billon devices to 4 billion routers today, but unfortunately with so many mobile devices (phones, cars etc) we are still in trouble. IPv6 was being discussed as the solution over 25years ago, but IPv4 is still everywhere. As another work around, telecoms carriers (mobile phone networks) had implemented NAT on their networks from day one. More recently, low-cost broadband providers have also started to implement this Carrier NAT solution to reduce costs end extend the life of the older equipment.

CGNAT - Carrier Grade NAT

Web Server
Web Server
77.68.14.146

NAT Box
Home Router
44.210.77.73

NAT Router
Home Router
172.10.23.189

Home Network
Home Network
192.168.0.0/24

So CGNAT is basically double-natting the traffic. This clearly works for web browsing, as you are reaching out from your device and each NAT router is remembering you asked for this traffic, so when I send this text back, it should get to the right viewer! However, what if I wanted to initiate a link to your machine? What if you run an email server or a CCTV camera system? From our current communications, I believe I'm talking to your router on 44.210.77.73 - but is this you or the carriers router in the local telephone exchange? The carrier router knows nothing about your home CCTV camera (or it shouldn't!) and so can't route my connection successfully. This is the main issue with CGNAT and causes problems for many businesses and home users who do more than basic web browsing and streaming.

Testing for CGNAT

If you're on any version of Windows, then it's very easy. We just need to ask your router if it's IP address matches who I think you are. Just start a CMD shell and type;

tracert -h 1 44.210.77.73

Microsoft Windows [Version 10.0.22621.1702]
(c) Microsoft Corporation. All rights reserved.

C:\Users\John>tracert -h 1 44.210.77.73

Tracing route to host44-210-77-73.yourprovider.com [44.210.77.73]
over a maximum of 1 hops:

  1     1 ms     1 ms     1 ms  host44-210-77-73.yourprovider.com [44.210.77.73]

Trace complete.

C:\Users\John>

If the line in red does not show your IP address, then you know you have a CGNAT situation.

If you do want to access various services remotely, then you may need to speak to your internet provider about getting a 'Public IP Address'.



Home | Troubleshooting | Solutions | Upgrades | Cyber Essentials | Antivirus | VoIP | Backups | Networks | Starlink | Weather | Ferries | What's Hot | About | Privacy | Contact
© 2005-2024 - John Greenwood - All Rights Reserved

fetid