CGNAT Explained: Why You Share a Public IP
With IPv4 addresses exhausted, many ISPs no longer give each subscriber a unique public IP. Instead they use Carrier-Grade NAT (CGNAT) — a second layer of NAT inside the provider's network that maps hundreds or thousands of customers onto a shared pool of public IPv4 addresses.
Two layers of NAT
Your device (192.168.0.x)
→ home router NAT → ISP CGN (100.64.0.0/10) → public IPv4 (shared)
The 100.64.0.0/10 range (RFC 6598) is reserved specifically for the ISP-side address between your router and the CGN. If the IP your router gets via DHCP is in 100.64.x.x, you are behind CGNAT.
What it breaks
| Symptom | Cause |
|---|---|
| Port forwarding doesn't work | You don't own the public IP |
| Inbound game/server hosting fails | No stable inbound mapping |
| Some IP allowlists block you | You share an IP with strangers |
| Geolocation is fuzzy | The public IP serves a whole region |
What helps
IPv6 sidesteps CGNAT entirely by giving every device a real address — see IPv6 vs IPv4. Otherwise you can ask your ISP for a static/public IPv4 (often paid), or use a relay/VPN for inbound access. The address shown on our home page is the shared public IP, which is why it may not match what your router displays. Background: public vs private IP.
Note: CGNAT is why "my IP changed" and "someone else's abuse got my IP blocked" are increasingly common on consumer and mobile networks.