Which Internet operators in Spain use CG-NAT in their connections

What is the CGN or CG-NAT of the operators?

When it began to be seen that IPv4 addressing was running out, technologies such as NAT (Network Address Translation) appeared that allow having a public IP address shared with dozens or hundreds of computers on the same local network. All the routers that we currently have do NAT of the public IP address, allowing dozens of computers on the local network to connect successfully to the Internet and saving a large number of public IPv4 addresses.

CG-NAT is a large-scale NAT, it is a technology that allows the operator to provide a private IPv4 address in the WAN of each router that the client has at home, that is, we will have a double NAT to go out to the Internet, the first we will have it in our router with the usual addressing, and later we will have a NAT at the operator level. This allows the operator that with a single public IPv4 address, to be able to provide service up to 32 or 64 clients generally, in this way, he will be saving a large number of public IP addresses.

In the following scheme you can see perfectly how an architecture with CG-NAT works:

In mobile broadband networks, operators have used this technology for many years, because in our smartphone we receive a private IP address and not directly a public IPv4 address that can be routed on the Internet. However, CGN technology in residential connections has quite serious drawbacks, and that is that we will not be able to open ports on our router, because they simply will not work. By having a second NAT at the network level, it does not matter that we open the ports or use the DMZ, because we will continue to be behind the NAT of the operator. So if you use any services that need to open ports, CGN just won’t work for you.

Why is it important to know if I have CG-NAT?

For a residential user it is very important to know if our operator has put us into the CG-NAT , in order to know if we are going to be able to open ports or are we going to have big problems with it. If as a home user you use your Internet connection to access services from the Internet to within your local network, with CGN you will not be able to do so. For example, if you try to use any of these services:

• Web server to access your page from the Internet.
• FTP or FTPES server to access your files and folders from anywhere, just by having an Internet connection.
• SSH server to remotely manage your server or your router.
• VPN server to connect to the Internet safely when we are connected to a WiFi network, or simply to remotely access your local network as if you were physically there.
• Reverse proxy to access different web services within your local network.

None of them will work for you, because for them to work it is completely necessary to open one or several ports in the NAT of the router , to redirect the packets properly to the server that is listening on the same device or on several devices. Of course, you will also have problems when playing certain online games, because many of them require us to open one or more ports for the equipment to function properly, so in these cases you will also have problems using your Internet connection.

There are very common services in home networks such as video surveillance with IP cameras , in this case you will not have problems because most manufacturers such as D-Link, EZVIZ, Xiaomi or TP-Link have services in the Cloud, and the connection with this IP camera is done over reverse connections, and we will never connect directly to them, so there is no need to have a public IPv4 address.

Other aspects that should concern us about being in CG-NAT are:

• More connection latency : in many cases the latency when using CGN is somewhat higher in comparison, since we depend on the traffic and NAT of other connected users. Latency in games is very important, so you must take it into account.
• Blocks on websites or limitations : if other users who have the same IP address as us have downloaded in bulk from MEGA or Google, we will also be affected because we are sharing the same public IP address.

In the case of crimes on the Internet, even if we share the IP address with other users, the operator will always keep a record of all connections, so we will be very easily identifiable in the face of possible crimes.

How to know if my operator has CGN

To find out if your operator has you within CG-NAT, it can be done in several ways, but the easiest is to get into your router and check what IP address we have on the Internet WAN. If this IP address corresponds to the public IP address of your connection then you will not be inside CG-NAT, this means that the Internet WAN port of your router has a public IP address that is routable on the Internet.

In the event that this WAN IP address does not correspond to the public IP, and, in addition, that router IP begins with “100.XXX”, it means that you are within CG-NAT, so you will have all the problems that we have described above about opening the ports and hosting different services. Our recommendation is that you choose an Internet operator that does not use CG-NAT, or at least allows you to get out of this completely free of charge, because there are some operators that will charge you extra on the bill for providing a public IP address.

Operators in Spain that use CG-NAT

Knowing which Internet operators in Spain use CG-NAT is very important, because we must choose Internet operators that do not use this technology, or at least, that allow us to get out of it easily and quickly, without having to wait too long. time or have to pay more.

Másmóvil Group: Másmóvil, Yoigo and Pepephone

This was the first operator to incorporate this technology into its FTTH networks, as we informed you in this article as soon as we discovered it. All the brands of the Masmóvil Group such as Masmóvil, Yoigo or Pepephone make use of this technology by default.

The Masmóvil Group allows you to leave the CGN whenever the client requests it, either by phone, email, or a direct message on the social networks of the different operators. If you have contracted your Internet connection with any of these companies and you need to host services on your local network, such as the services that we have indicated before, then you will need a public IP address for everything to work properly.

In our experience, it takes the operator 24-48 hours to make the change, and we will need to restart the router in most cases.

Orange Group: Orange and Jazztel

These operators do not use CG-NAT in their connections, but they are using DS-Lite technology in their networks, to provide Internet connectivity both with the IPv6 protocol and also with the IPv4 protocol. In the IPv4 part they do use CG-NAT and not a public IP address directly, but they use a protocol called PCP that allows the central router that does CG-NAT to open certain ports, so we should not have many problems if we want to host services in our home.

In order to open the ports, we will simply have to open the ports as we would normally do in a Livebox router, and automatically the PCP protocol will act to open the ports. Of course, the port to open cannot be the typical 80 or 443, among others, but will be random ports, so the solution is not entirely good if you intend to host web servers or a reverse proxy that you access via HTTPS. Old customers of these carriers may still maintain a public IP address.

Fi Network

This operator compulsorily uses CGN in its connections, so you will not be able to pay an extra to go out or ask for it, because they simply do not provide Internet connections without CG-NAT. If you use this operator, you will only be able to use reverse connections to be able to access local network services, using a service like Zero-Tier is a valid option that works really well, and you will not have the inconvenience of CG-NAT, but you will have to know that you will not be able to connect to your services directly, you should always go through Zero-Tier or similar services.

We hope that very soon Fi Network customers will have the opportunity to obtain a public IP address outside of CG-NAT.

Digi

This operator does use CG-NAT in its networks to save public IPv4 addressing, in addition, this operator does not allow you to leave the CGN for free, you will have to pay €1 more per month to enjoy all the advantages of having a public IP address in your home connection. Generally Digi assigns about 32 clients for each public IP address, very basic home users should have no problem because they will not host any services, however, we must take into account that some online games require a public IP address and open ports.

It is also true that the vast majority of Internet users do not need a public IP address because they continually use reverse connections without them knowing it, but if you are going to host any service or play certain games, then it is absolutely necessary to leave CGN.

Movistar and O2: CGN free

The Movistar and O2 operators are the only ones that are completely free of CG-NAT or CGN, in these operators we do not have the possibility of using this technology, they will always provide us with a public IPv4 address, so we will not have any problem hosting our services, such as a web or FTP server, nor to play, since we can open ports on the router without problems.

As you can see, many operators in Spain currently use CG-NAT in their networks because public IPv4 addresses are completely exhausted, and they are trying to continue providing service without the need to buy addresses from other operators or companies that they have. Choosing the right carrier without CG-NAT, or at least having the ability to exit CGN is critical.