Security Notification February 2024
" I have used John on numerous technical projects that required tight turnaround times. John has delivered on time, to the specification and within budget, every time. "
Possibly not the most technically accurate document I've ever written, but I'm hoping it makes something very complex a little more understandable.
IP Addresses (IPv4 in particular)
You've probably seen an Internet Protocol Address (IP), and unless you're a real nerd, you've ignored it - but they are important :-)
Think of an IP address as an internet phone number, it identifies your device, and so needs to be globally unique.
The unique E164 format phone number, +442380986954, will only ring the phone on my desk in the same way that IP address 188.8.131.52 will only connect to this web server.
NAT - Network Address Translation
Traditionally, many small businesses had their own small telephone exchanges in their office. This allowed external people to call in, and the call could then be passed to the correct telephone within the building.
This allowed the business to have dozens of phones on desks, but perhaps only have one incoming phone number. This meant that businesses didn't have to publish the number of every desk, as the company operator would 'route' your call to the correct phone.
This is exactly what your broadband router does, it has one public IP address (yours looks like it's 184.108.40.206) and it routes the various traffic to your device inside the building. When someone rings a phone number, or connects to your IP address, they have no idea how many extensions (employees) or computers you have.
The router needs to just remember which traffic is destined for which device - this remembering and re-routing is the core NAT functionality.
CGNAT - Carrier Grade NAT
So CGNAT is basically double-natting the traffic. This clearly works for web browsing, as you are reaching out from your device and each NAT router is remembering you asked for this traffic, so when I send this text back, it should get to the right viewer! However, what if I wanted to initiate a link to your machine? What if you run an email server or a CCTV camera system? From our current communications, I believe I'm talking to your router on 220.127.116.11 - but is this you or the carriers router in the local telephone exchange? The carrier router knows nothing about your home CCTV camera (or it shouldn't!) and so can't route my connection successfully. This is the main issue with CGNAT and causes problems for many businesses and home users who do more than basic web browsing and streaming.
Testing for CGNAT
If you're on any version of Windows, then it's very easy. We just need to ask your router if it's IP address matches who I think you are. Just start a CMD shell and type;
If the line in red does not show your IP address, then you know you have a CGNAT situation.
If you do want to access various services remotely, then you may need to speak to your internet provider about getting a 'Public IP Address'.