All operators provide their customers with a wireless router to have an Internet connection, both via cable and via Wi-Fi, however, many users decide to buy a neutral router or a powerful Wi-Fi Mesh system , which provides us with a large quantity. configuration options, and with such important services as VPN servers, FTP servers, the possibility of configuring advanced parental controls, etc. Today in this article we are going to explain the importance of the router or Wi-Fi Mesh system that we buy having the public IP.
The first thing we should know is that the routers have two or more interfaces, one interface corresponds to the WAN of the Internet , that is, the physical and logical port through which we go to the Internet. Depending on the operator we have, it will use PPPoE or DHCP mainly, in this port it is normally where we have the public IP that the operator provides us, so that we can open TCP / UDP ports without any problem, to access our servers from the Internet web, FTP, VPN etc. Currently in Spain, FTTH operators use the 802.1Q standard to access the Internet, this means that we will have to incorporate a VLAN ID in the router configuration.
Although there are operators that use the CG-NAT technology , and therefore, the routers of the clients do not have the public IP, most of the operators allow to “leave” this CG-NAT to be able to open ports without any problem. We must remember that CG-NAT is a technology that allows a public IP to be shared by several clients of the operators, and each client will have a private IP that is not routable through the Internet, for this reason, if we are behind the CG- NAT, we will not be able to open ports on our router, since we do not have the public IP ourselves, but a router of the operator itself that is responsible for doing the translation of addresses.
The other interface that we have in routers is LAN and WiFi , where we connect the different devices, and the router automatically provides us with a private IP. This local network interface allows the interconnection of different devices without the need to go to the Internet, all traffic remains on the local network itself. Regardless if we have four or more Ethernet ports, or if we have simultaneous dual-band Wi-Fi or simultaneous triple-band Wi-Fi, everything stays on the local home network.
The routers use NAT technology so that with a public IP on the WAN, we can connect hundreds of devices on the LAN and that all of them can use the Internet simultaneously and without any problem. NAT is responsible for translating the public IP address into a private IP address and vice versa, making use of the different TCP / UDP ports. Thanks to NAT, we can surf the Internet or do any task with a single public IP address, with the corresponding savings in public IP addressing.
Why is it important that our neutral router has the public IP of the ISP?
All of us have suffered the wired and Wi-Fi performance of the operators routers , and not only that, but they have a firmware that you hardly have advanced configuration options (firewall configuration, use FTP, DLNA, VPN, advanced QoS servers, Parental control). In addition, Wi-Fi Mesh systems are becoming popular today to cover our entire home with wireless connectivity, and if we move around our home, the devices will automatically connect to the best node (the closest or the one with the least charge). . Thanks to Wi-Fi roaming between nodes with 802.11k / v / r standards, we can go from one node to another without a cut in the Wi-Fi connection, the same happens with band steering , now we can have a single SSID in our home. , and that the router automatically places us in the 5GHz band (faster) or in the 2.4GHz band (more range), in such a way that we do not care about the band where we connect.
If we intend to buy a Wi-Fi Mesh system or a high-performance neutral router, it is essential to configure the operator’s router so that it “passes” this public IP to the equipment you buy . There are many users who connect the WAN port of the neutral router or Wi-Fi Mesh system to the LAN port of the operator router, and they do not obtain a public IP but a private IP from the local network of the operator router, because they have not correctly configured the ISP router. In this article we are not going to go into how to do this configuration on the different routers of the operators, since depending on the operator and the router of the operator that we have, it is done in one way or another.
This configuration of passing the public IP to the router that we put behind, is called “bridge” or “bridge”, and is that the only thing that the router will do is act as ONT, passing the data frames, but it will not do the function of router nor NAT. The routers of the easiest operators to carry out this action are those of Movistar, O2, Másmóvil, Yoigo and Pepephone , since they have routers that do allow you to configure this specific option in their web configuration interface, so we recommend these operators if you are going to buy a router or a high performance Wi-Fi Mesh system.
Higher performance, the operator router acts as ONT exclusively
When we configure our operator’s router in “bridge” mode it will only act as ONT, passing the frames (link layer) through its ports, it does not have to do the job of routing the packets nor does it do the NAT functionality. In this way, we will not have any type of bottleneck in the operator’s router, and we will be able to squeeze our high-speed FTTH connection to the maximum.
If you are a basic user who only surfs the Internet and uses smartphones, you will not notice it too much, but it is very common to find problems if we use the operator’s router with P2P programs. P2P programs establish a large number of TCP connections simultaneously, to connect with the different «peers» that download or upload data, so the performance of the entire local network is affected by this, and the operator’s router could even be blocked completely, and we would have to stop or limit the downloads, and even restart it to get it working properly again.
We will not have double NAT problems
If the public IP has the router of the operator, we must remember that this router does the function of NAT to translate the public IP address to private, and vice versa. If we connect another router in the LAN using its Internet WAN port, until we reach the connected device we will have “double NAT”, that is, one NAT is done by the operator’s router, and the second NAT is done by the router or Wi-Fi system Fi Mesh that we have bought. This double NAT is the worst thing there can be , because all network traffic will be limited by the operator’s router, especially if you use P2P programs you will notice it. In addition, with double NAT we will have to do double port forwarding, that is, we will have to open a certain port in the operator’s router to the private IP of the WAN of the neutral router that you buy, and then in the neutral router you will have to do a port forwarding to the corresponding device.
Another option is to open the DMZ on the operator’s router to the private IP of the neutral router , in this way, we will be forwarding all the TCP and UDP ports except those that we have explicitly open. However, we will have to go through its NAT and the performance you will get will not be good.
In case of double NAT, we will not be able to use Dynamic DNS services of the neutral router, since it will detect that the WAN IP is a private IP, and therefore it is not routable through the Internet, so we will depend on the services DDNS of the operator router.
Possibility of configuring QoS and that it works correctly
One of the most outstanding characteristics of a neutral router or a high-performance Wi-Fi Mesh system is the possibility of configuring QoS to prioritize some computers over others, or some Internet services over others. Having the public IP in the router that you buy, you will be able to use QoS and you will have a great user experience, however, if we do not have the public IP in the router, we will depend on what the operator’s router does when doing NAT , so it is very possible that what we “have gained” by QoS, we lose for the double NAT we have.
Services like FTP, VPN, Nextcloud, and NAS access are accessible by port forwarding
If the neutral router or Wi-Fi Mesh system you buy has FTP and VPN servers, you will not have to do any port forwarding, since the team itself will be in charge of configuring NAT internally. In case you have it on a NAS server, then you will have to do port forwarding, but only on the neutral router or Wi-Fi Mesh system, where we have the public IP address.
As you have seen, configuring the operator router in bridge or bridge mode, and that the neutral router or Wi-Fi Mesh system that we buy has the public IP is the best thing you can do to have the best possible performance, so We strongly recommend that you always have your network in this way. It is also very important to choose an operator that allows this possibility, since not all allow it, and even if they allow it, we could “lose” VoIP, so we have to see the different scenarios, but it is clear that putting it in bridge mode And putting a router behind it has a lot of advantages.
