What is CG-NAT and in what cases can it be inconvenient to have it?

20 - May - 2025 - javier.garcia

Table of Contents

Many people do not know what CG-NAT is and whether they are using it to connect to the internet

Many factors are normally considered when contracting an internet service: connection speed, symmetry of speed, coverage, stability, technical support and, of course, price. However, there is one that could cause serious problems for some users if it is not taken into account and that often goes unnoticed: CG-NAT.

In this article, we explain what CG-NAT is, what the implications of using it are and how you can find out if your operator uses it to provide the service you have contracted.

1. What is CG-NAT?

CG-NAT is the abbreviation of the term Carrier Grade Network Address Translation. This is a tool for the design of IPv4 networks that allows the use of the same public IP for the connection of several private IPs simultaneously.

In other words, CG-NAT allows several clients to connect to the internet, sharing the same public IP, which is what identifies us as users on the network. But why is CG-NAT necessary for certain internet service providers?

This technique becomes indispensable from the moment the number of public IPv4s that can be used globally is limited. Given that this is the standard protocol today, many operators make use of this technology to be able to provide an internet connection to all their customers.

In this way, the lack of new public IPv4s can be mitigated until the IPv6 protocol is definitively implemented, the migration to which still constitutes a challenge for operators.

2. Disadvantages associated with the use of CG-NAT

Having gained a broad understanding of what CG-NAT is, it is natural to wonder what its use entails. Although most users will not experience any setbacks as a result of this tool, there may be cases in which the use of CG-NAT may cause certain inconveniences for certain customers.

2.1. Port forwarding

One of the disadvantages of using a connection with CG-NAT is the inability to open and redirect specific ports of the router since our device will not have a dedicated public IP. This prevents interaction with the local network from the internet and results in difficulties in being able to:

Playing online games and using P2P applications that require specific ports to be opened for access from outside the network. When using CG-NAT, it is very likely that in certain games, a warning will appear stating that NAT is strict or moderate, making it difficult to find rivals in online games.
Opening FTP, NAS, web or VPN servers. For example, if the user uses a server to access information stored on their computer remotely, they will not be able to do so with CG-NAT.
Controlling home automation devices. CG-NAT can sometimes make it difficult to connect and link with certain devices that require a public IP to function.

2.2. Increased latency

When using CG-NAT, it is common to experience a slight increase in latency. For the average user, this will not be an obstacle to enjoying a rewarding network experience. However, this increase in latency could become a real problem for customers who make intensive use of online games that are very demanding on the network connection.

2.3. Possible IP blocking

Another of the drawbacks that we must be aware of in order to understand in depth what CG-NAT is and what its implications are is the possible blocking of the public IP that has been assigned to us.

If another user with whom we share the public IP is restricted, for example, from accessing a certain website due to reprehensible behavior, we will not be able to access it either, since the server does not know that we are two different users.

CG-NAT, advantages and disadvantages

3. Advantages of using CG-NAT

What for many is a drawback, for others it can become a strategic advantage. The use of a connection with CG-NAT allows:

Enjoying greater security. Having difficulties opening specific ports provides greater protection against certain attacks. If we do not open any ports, the attack surface is zero since no application is directly exposed to the internet.
Blocking unwanted remote connections. Similarly, thanks to the limitations inherent in the use of CG-NAT, it is easier to prevent unauthorized access by a malicious actor to devices connected to the local network.

4. How can I tell if I’m using a connection with CG-NAT?

Once you know what CG-NAT is and what its use translates to, it’s time to ask yourself if there is any way to tell if this technology is being used to connect to the internet.
Fortunately, although it is usually unknown that a connection with CG-NAT is being used, it is very easy to find out for sure, and there are several ways to do it.

4.1. Checking the IP address on the router

The first thing to do is to access the router through the default gateway, which is usually done through the addresses http://192.168.1.1 or http://192.168.0.1.

After entering the appropriate credentials, look for a section that says, ‘WAN IP Address,’ ‘WAN IP’ or similar, where the IP address itself appears. If it is within the range 100.64.0.1 to 100.127.255.254, that is, within the subnet 100.64.0.0/10, we can be sure that our connection is working with CG-NAT.

4.2. Compare the router’s IP with the public IP

Another very convenient method to find out if CG-NAT is being used is to compare the IP obtained when accessing the router with another one that can be obtained by visiting pages such as What is my IP Adress. If the router’s IP matches exactly the one received on the web, we are not using a connection with CG-NAT. It’s that simple.

4.3. Perform a traceroute to the public IP

If, when visiting the website to find out the public IP, it appears as 150.150.150.150, it is necessary to resort to the command prompt if working with Windows or the terminal on a Mac.

Once open, type ‘tracert 150.150.150.150’, which will allow us to know the number of “hops” to reach the public IP. These are the steps that our connection must follow to go out to the internet, the first being the home router and the second being the operator’s CG-NAT router.

Therefore, if the trace has a single hop, we will not be using CG-NAT to connect to the internet. On the other hand, if two hops appear on the screen, we will know for sure that our connection is with CG-NAT.

4.4. Contacting the operator

Given that there are internet service providers that work with CG-NAT and others that do not, another option is to contact the operator directly to find out for sure. A call to the customer service department of our internet service provider will be enough to find out if our connection is with CG-NAT and if there is any way to stop using it.

5. How can I stop using CG-NAT?

Once we know what CG-NAT is, what its associated drawbacks are and that we are indeed using it, it is logical to consider doing away with it.

Fortunately, most operators that work with CG-NAT allow us to stop using it and assign us a fixed public IP without any problem. After a call to communicate the request, the service provider will allow us to leave the CG-NAT. In a matter of one or two days, the change will take effect.

Once we are notified that we are leaving the CG-NAT, we should turn off the router and wait a few minutes. When we turn it back on, our connection will no longer use this technology, and we can consider the process complete.

On the other hand, certain operators will impose a slight increase in the monthly fee to make this change. And finally, others will not be able to meet this demand. In those cases, the only solution would be to change providers.

Share this article

Facebook - Twitter - Linkedin