Skip Navigation

BT Retail in Carrier Grade NAT pilot
Friday 03 May 2013 11:45:03 by Andrew Ferguson

If you are a BT Total Option 1 Broadband customer and have been having issues where some services like Xbox Live have not been working, then it is possible you have been taking part in the Carrier Grade NAT pilot (CGNAT) that BT Retail is running.

"The number of IPv4 internet address worldwide is running out, meaning that all ISPs must come up with a solution to keep new fixed broadband customers connected until IPv6 addresses become widely adopted.

BT is introducing a technology called Carrier Grade Nat (CGNAT) to help address this issue, which means that certain customers will share an IP address with up to nine other customers. This is the same as the standard practice for mobile broadband connections, using smartphones and tablets today.

We have decided that we will pilot this new technology with our Option 1 Total Broadband customers who on average use the internet least. We believe they are the least likely group of customers to experience any issues or disruptions due to CGNAT, which can interfere with complex online activities like hosting servers at home. We do not think these customers will notice any difference at all in their broadband performance, but if any of these customers did have any resulting issues, we would be happy to restore their connection to an individual IP address.

BT is also working to introduce IPv6 internet addresses during 2013, but customers will need both IPv4 and IPv6 addresses for the foreseeable future."

BT Retail statement on Carrier Grade NAT pilot

Carrier Grade NAT means that an Internet connection gets a private range IP address, with the NAT hardware ran by the provider sharing the public IP address between a number of customers. This effectively means that people are behind a double NAT scenario, which breaks a number of services and also means that people wanting to run a small server or log into a network IP camera will find these are not accessible from outside their home network.

Plusnet was involved in a trial earlier in 2013 to look at the same thing. The suggestion is that while providers are getting ready to roll-out IPv6 they realise that many websites will still be running on IPv4 and therefore IPv4 is not going to vanish overnight.

BT has a FAQ on the Carrier Grade NAT to help with queries as the change is introduced to more Option 1 customers. The key to finding out whether you are already using the CG-NAT solution is to use a whois site that displays the Organistion that your public IP address is registered to, and if this is shown as CG-NAT then you are on the pilot already. If you are finding the CG-NAT to be a problem then by contacting BT support you can opt back to a public IP address for your connection.

Update 4th May To make it easier for those who want to opt out of the trial, this is the page to use to contact BT and request removal from the CG-NAT/IP Address Translation pilot.

Update 7th May We have double checked that the CG-NAT trial only affects Option 1 customers, and BT have confirmed this to be the case, there will be some BT employee's with Option 3 who are also on the trial. So if you are not on an Option 1 product and believe you affected by this CG-NAT/IP Sharing trial then do get in touch with us and we will investigate further.


Posted by GMAN99 over 4 years ago
Umm is this an enforced trial or do you have to sign up? It sounds like they are just "doing it" ?
Posted by undecidedadrian over 4 years ago
Isn't this is low use package 10gig or something?

Sounds like they think the low use people won't be affected as they won't be doing "advanced" setups.

But still poor show from BT just putting people onto a trial without warning.
Posted by undecidedadrian over 4 years ago
Just went and checked and it looks like its an opt-out roll out so people better go and opt-out before they get thrown onto it.
Posted by idf03 over 4 years ago
Another reason to steer clear
Posted by Kushan over 4 years ago
If you start trialing CGNAT before you trial IPv6, you're doing something wrong.
Posted by driz over 4 years ago
Is CGNAT even technically an 'internet connection' anymore? :/
Posted by jelv over 4 years ago
BT running a trial without warning people first? Reminds me of the Phorm fiasco!
Posted by mhc over 4 years ago
1. Any idea which private address range they are using?

2. How long before other fixed line ISPs have to follow suit?
Posted by mdar5 over 4 years ago

As I understand it mobile phones use CGNAT - so I think that is does count as an "internet connection"
Posted by mabibby over 4 years ago
I think the technically minded of us need to remember that most of the customers are probably prime candidates for a CGNAT. Why bother causing a fuss?

BT provide a broadband service, they still provide that under a CGNAT. If you suffer service degradation, then BT let's you opt-out, sounds fair.

IPv4 to IPv6 needs to be a graduated deployment and CGNAT's are needed to ensure IPV4 is sustainable whilst we make the transition.
Posted by AndrueC over 4 years ago
Agreed. It's a bit like all the bleating about NAT. Nearly every technical article has a statement about how it breaks the internet but in over a decade it's never caused me any grief.

Meh. Purists :D
Posted by greenglide over 4 years ago
But the TBB Quality won't work under CGNAT will it? Assuming there are others who use it even without fixed IP addresses.

Presumably this will not be used for business connections?
Posted by AndrueC over 4 years ago
Off the top of my head, CGNAT would break TBBQM however...

I assume that CGNAT won't be used for static addressing (not that residential BT customers can get that anyway) and TBBQM is not supported with dynamic addressing anyway. The fact it works because some ISPs have very sticky DHCP is neither here nor there.
Posted by AndrueC over 4 years ago
(cont'd) I think that with CGNAT the thing TBBQM would ping would always be the virtual node. In there'd be no SPI that could be used to map the ports correctly. In fact I guess CGNAT breaks all connections that are initiated from external addresses.

Still - those services are unlikely to work with dynamic IP anyway unless they rely on something like DNS and a tool exists to keep the records updated.
Posted by andrew (Favicon staff member) over 4 years ago
The BQM is slightly moot with BT Retail, as the HomeHub does not respond the ICMP pings from the Internet anyway.
Posted by gordslater over 4 years ago
"the HomeHub does not respond the ICMP pings from the Internet"
- that would explain why they can't get IPv6 implemented - [cough] RFC 1981 [/cough]
Posted by GMAN99 over 4 years ago
Not responding to ICMP is a security feature, many routers have this set-up
Posted by aramsay over 4 years ago
It appears that BT are following RFC6598 and using for the CGN IP address ranges - The full RFC can be viewed here - which is good in one sense, as in it shouldn't conflict with anybodies private IP ranges (eg VPN, etc), unless they've chosen to use the "Shared Address Space" incorrectly in the first place
Posted by gordslater over 4 years ago
hmm, "security feature", that's what you often hear as a benefit of NAT. Ironic isn't it. So, I've sealed up my letterbox, refuse to tell couriers how big my max parcel size is and I won't answer the door- it won't have any effect on anyone here and improves security. Great idea
Posted by GMAN99 over 4 years ago
Not sure why you are on your high horse, its a feature used to hide your router.

Its not a BT idea
Posted by GMAN99 over 4 years ago
Google up "icmp vulnerability"
Posted by dogbark over 4 years ago
ispreview have finally woken up to it too

one of there comments implies that plusnet are doing it already

May 3, 2013 at 2:17 pm

I have been using it on plusnet for some time now. not seen many problems, VPN works fine.
Posted by Going_Digital over 4 years ago
Trust BT to hang on to old tech instead of encouraging a move to IPv6.
Posted by andrew (Favicon staff member) over 4 years ago
Gman99 perhaps they should block TCP too as lots of vulnerabilities exist too.
Posted by andrew (Favicon staff member) over 4 years ago
The plusnet trial was announced in Jan rather than stumbled across.
Posted by zyborg47 over 4 years ago
This IPv4 should have been sorted out a a few years back if the larger ISPs have got off their backside and started to change to IPv6 then we would not have this problem and IPv 6 routers/modems would not have stayed at such a high price for so long.

the problem is now, we the paying public will suffer because of this, or the poor sods on Bt option one anyway.
Posted by GMAN99 over 4 years ago
Why is everyone getting in a strop about ICMP? Stuff like this is disabled in many Linksys routers (and other brands) by default
Posted by undecidedadrian over 4 years ago
The problem with the move to ipv6 is that do we even know how much non compliant hardware is out there, both domestic and enterprise.

I for one would not like to tell an enterprise enviroment that they HAVE to move to this new hardware in this economic climate.

And all the ISP's that supply hardware will need to identify and swap theirs over.

This is a big project and I expect quite a lot of other countries are in the same boat.
Posted by undecidedadrian over 4 years ago
@Andrew surely that is why we have hardware as well as software firewalls due to the amount of TCP etc exploits.

So hardware switchoff of ICMP has been a feature of routers for YEARS and now trying to turn it off gets a big warning box on my router.
Posted by Going_Digital over 4 years ago
ICMP is required for proper functioning of things such as PMTU, the problem is a little knowledge can be a bad thing. Just switching off all ICMP is generally a bad idea.
Posted by Norest over 4 years ago
Could this possibly cause problems with false file sharing accusation's being made?
Posted by GMAN99 over 4 years ago
Allowing your router to be visible to ping sweeping bots and then probed further for weaknesses also a bad thing, I'll take my chance with the possibility of a bit of fragmentation
Posted by andrew (Favicon staff member) over 4 years ago
The ICMP issue is a case of you as the use can do nothing about it apart from NOT use the Home Hub on BT Retail products.
Posted by GMAN99 over 4 years ago
Norest yes, but I expect it will be harder to share as well because the ISP is also nat'ing
Posted by mdar5 over 4 years ago
Sadly it will make it more difficult for the banks to detect online fraud as well. Currently they have logs of all the IP address customers/fraudsters have logged into an account from and if necessary could track them down.
In future all they will have is the ISP's CGNAT IP address used probably by umpteen customers.
So they would have to 'request' the customer's details further from the ISP in question.
Posted by oliver341 over 4 years ago
I wonder if the courts would go as far as to allow the copyright holders to send letters to 10 people sharing the IP address of one person sharing copyrighted stuff on p2p.
Posted by danman7_200 over 4 years ago
I have been put on this trial, with no consent from me. I can not forward any ports, even in a DMZ. Trying to get anyone in BT to get me off, and get a unique IP address back again has been a nightmare. I still can't use my FTP server, or remote desktop connection. This is awful. Something needs to done!!
Posted by danman7_200 over 4 years ago
I am on infinity option 2. They must be doing it on this package to!! Maybe I use to much upstream bandwidth and thats why they are doing it
Posted by danman7_200 over 4 years ago
A legend on the bt community pages just recommended where you can opt out. Fingers crossed this works! w
Posted by undecidedadrian over 4 years ago
The opt-out form can be accessed by the FAQ that was linked above.

I am not on the trial and I have already opted-out so they don't do so in the future.
Posted by andrew (Favicon staff member) over 4 years ago
I added a very visible link earlier today.
Posted by AndrueC over 4 years ago
@zyborg: <IPv 6 routers/modems would not have stayed at such a high price for so long.>

I just bought one on Amazon for £55. A D-Link 645.
Posted by vicdupreez over 4 years ago
I am not surprised at this in the least... BT will ALWAYS use a plaster / band-aid / stopgap and will never do the correct thing. I would not be surprised if in a few years their whole network starts to fall apart from all the "fixes" rather than actually fixing things the correct way. 21CN was meant to be replacing every exchange. Has this gone to the wayside too?
Posted by leexgx over 4 years ago
they all do this at some point and unless you're a business customer (as they get an static IP normally) i am say it should be opt in auto with an opt out (really they could of had no opt out but customers would of been leaving)
Posted by prlzx over 4 years ago
(i) Yes PING (Echo Request) is part of ICMP, but ICMP is much more than PING. So indiscriminately blocking all ICMP is a bad idea.

(ii) Ignoring PINGs does not really "hide" your router. It is not a security feature, any more than "hiding" an SSID. Traceroute can use UDP rather than ICMP (by default even).

(iii) The routers of ISPs networks will respond to PINGs. They just don't prioritse it over doing their actual role (routing stuff)

(iv) if you have heard of things like PING floods or PING of death, you patch against those as with any vulnerability.
Posted by prlzx over 4 years ago
I make sure it is enabled on all networks I am responsible for, particularly routers.

It is an essential diagnostic tool and I have cause to use it almost every working day, including provisioning new equipment.
You must be logged in to post comments. Click here to login.