If you are a BT Total Option 1 Broadband customer and have been having
issues where some services like Xbox Live have not been working, then it is
possible you have been taking part in the Carrier Grade NAT pilot (CGNAT) that
BT Retail is running.
“The number of IPv4 internet address worldwide is running out, meaning that
all ISPs must come up with a solution to keep new fixed broadband customers
connected until IPv6 addresses become widely adopted.BT is introducing a technology called Carrier Grade Nat (CGNAT) to help
address this issue, which means that certain customers will share an IP address
with up to nine other customers. This is the same as the standard practice for
mobile broadband connections, using smartphones and tablets today.We have decided that we will pilot this new technology with our Option 1
Total Broadband customers who on average use the internet least. We believe
they are the least likely group of customers to experience any issues or
disruptions due to CGNAT, which can interfere with complex online activities
like hosting servers at home. We do not think these customers will notice any
difference at all in their broadband performance, but if any of these customers
did have any resulting issues, we would be happy to restore their connection to
an individual IP address.BT is also working to introduce IPv6 internet addresses during 2013, but
customers will need both IPv4 and IPv6 addresses for the foreseeable
future.”BT Retail statement on Carrier Grade NAT pilot
Carrier Grade NAT means that an Internet connection gets a private range IP
address, with the NAT hardware ran by the provider sharing the public IP
address between a number of customers. This effectively means that people are
behind a double NAT scenario, which breaks a number of services and also means
that people wanting to run a small server or log into a network IP camera will
find these are not accessible from outside their home network.
Plusnet was involved in a trial earlier in 2013 to look at the same thing. The
suggestion is that while providers are getting ready to roll-out IPv6 they
realise that many websites will still be running on IPv4 and therefore IPv4 is
not going to vanish overnight.
BT has a FAQ on the Carrier Grade NAT to help with queries as the change is
introduced to more Option 1 customers. The key to finding out whether you are
already using the CG-NAT solution is to use a whois site that displays the
Organistion that your public IP address is registered to, and if this is shown
as CG-NAT then you are on the pilot already. If you are finding the CG-NAT to
be a problem then by contacting BT support you can opt back to a public IP
address for your connection.
Update 4th May To make it easier for those who want to opt
out of the trial, this is the page to use to contact BT and request removal from
the CG-NAT/IP Address Translation pilot.
Update 7th May We have double checked that the CG-NAT trial
only affects Option 1 customers, and BT have confirmed this to be the case,
there will be some BT employee’s with Option 3 who are also on the trial. So if
you are not on an Option 1 product and believe you affected by this CG-NAT/IP
Sharing trial then do get in touch with us and we will investigate further.
Test your broadband speed
Follow us on X for the latest broadband news 
Umm is this an enforced trial or do you have to sign up? It sounds like they are just “doing it” ?
Isn’t this is low use package 10gig or something?
Sounds like they think the low use people won’t be affected as they won’t be doing “advanced” setups.
But still poor show from BT just putting people onto a trial without warning.
Just went and checked and it looks like its an opt-out roll out so people better go and opt-out before they get thrown onto it.
Another reason to steer clear
If you start trialing CGNAT before you trial IPv6, you’re doing something wrong.
Is CGNAT even technically an ‘internet connection’ anymore? :/
BT running a trial without warning people first? Reminds me of the Phorm fiasco!
1. Any idea which private address range they are using?
2. How long before other fixed line ISPs have to follow suit?
driz:
As I understand it mobile phones use CGNAT – so I think that is does count as an “internet connection”
I think the technically minded of us need to remember that most of the customers are probably prime candidates for a CGNAT. Why bother causing a fuss?
BT provide a broadband service, they still provide that under a CGNAT. If you suffer service degradation, then BT let’s you opt-out, sounds fair.
IPv4 to IPv6 needs to be a graduated deployment and CGNAT’s are needed to ensure IPV4 is sustainable whilst we make the transition.
Agreed. It’s a bit like all the bleating about NAT. Nearly every technical article has a statement about how it breaks the internet but in over a decade it’s never caused me any grief.
Meh. Purists 😀
But the TBB Quality won’t work under CGNAT will it? Assuming there are others who use it even without fixed IP addresses.
Presumably this will not be used for business connections?
Off the top of my head, CGNAT would break TBBQM however…
I assume that CGNAT won’t be used for static addressing (not that residential BT customers can get that anyway) and TBBQM is not supported with dynamic addressing anyway. The fact it works because some ISPs have very sticky DHCP is neither here nor there.
(cont’d) I think that with CGNAT the thing TBBQM would ping would always be the virtual node. In there’d be no SPI that could be used to map the ports correctly. In fact I guess CGNAT breaks all connections that are initiated from external addresses.
Still – those services are unlikely to work with dynamic IP anyway unless they rely on something like DNS and a tool exists to keep the records updated.
The BQM is slightly moot with BT Retail, as the HomeHub does not respond the ICMP pings from the Internet anyway.
“the HomeHub does not respond the ICMP pings from the Internet”
– that would explain why they can’t get IPv6 implemented – [cough] RFC 1981 [/cough]
Not responding to ICMP is a security feature, many routers have this set-up
It appears that BT are following RFC6598 and using 100.64.0.0/10 for the CGN IP address ranges – The full RFC can be viewed here http://tools.ietf.org/html/rfc6598 – which is good in one sense, as in it shouldn’t conflict with anybodies private IP ranges (eg VPN, etc), unless they’ve chosen to use the “Shared Address Space” incorrectly in the first place
hmm, “security feature”, that’s what you often hear as a benefit of NAT. Ironic isn’t it. So, I’ve sealed up my letterbox, refuse to tell couriers how big my max parcel size is and I won’t answer the door- it won’t have any effect on anyone here and improves security. Great idea
Not sure why you are on your high horse, its a feature used to hide your router.
Its not a BT idea
Google up “icmp vulnerability”
ispreview have finally woken up to it too http://www.ispreview.co.uk/index.php/2013/05/uk-isp-bt-quietly-forces-cgnat-ipv4-internet-address-sharing-pilot.html
one of there comments implies that plusnet are doing it already
DanielM
May 3, 2013 at 2:17 pm
I have been using it on plusnet for some time now. not seen many problems, VPN works fine.
Trust BT to hang on to old tech instead of encouraging a move to IPv6.
Gman99 perhaps they should block TCP too as lots of vulnerabilities exist too.
The plusnet trial was announced in Jan rather than stumbled across.
This IPv4 should have been sorted out a a few years back if the larger ISPs have got off their backside and started to change to IPv6 then we would not have this problem and IPv 6 routers/modems would not have stayed at such a high price for so long.
the problem is now, we the paying public will suffer because of this, or the poor sods on Bt option one anyway.
Why is everyone getting in a strop about ICMP? Stuff like this is disabled in many Linksys routers (and other brands) by default
The problem with the move to ipv6 is that do we even know how much non compliant hardware is out there, both domestic and enterprise.
I for one would not like to tell an enterprise enviroment that they HAVE to move to this new hardware in this economic climate.
And all the ISP’s that supply hardware will need to identify and swap theirs over.
This is a big project and I expect quite a lot of other countries are in the same boat.
@Andrew surely that is why we have hardware as well as software firewalls due to the amount of TCP etc exploits.
So hardware switchoff of ICMP has been a feature of routers for YEARS and now trying to turn it off gets a big warning box on my router.
ICMP is required for proper functioning of things such as PMTU, the problem is a little knowledge can be a bad thing. Just switching off all ICMP is generally a bad idea.
Could this possibly cause problems with false file sharing accusation’s being made?
Allowing your router to be visible to ping sweeping bots and then probed further for weaknesses also a bad thing, I’ll take my chance with the possibility of a bit of fragmentation
The ICMP issue is a case of you as the use can do nothing about it apart from NOT use the Home Hub on BT Retail products.
Norest yes, but I expect it will be harder to share as well because the ISP is also nat’ing
Sadly it will make it more difficult for the banks to detect online fraud as well. Currently they have logs of all the IP address customers/fraudsters have logged into an account from and if necessary could track them down.
In future all they will have is the ISP’s CGNAT IP address used probably by umpteen customers.
So they would have to ‘request’ the customer’s details further from the ISP in question.
I wonder if the courts would go as far as to allow the copyright holders to send letters to 10 people sharing the IP address of one person sharing copyrighted stuff on p2p.
I have been put on this trial, with no consent from me. I can not forward any ports, even in a DMZ. Trying to get anyone in BT to get me off, and get a unique IP address back again has been a nightmare. I still can’t use my FTP server, or remote desktop connection. This is awful. Something needs to done!!
I am on infinity option 2. They must be doing it on this package to!! Maybe I use to much upstream bandwidth and thats why they are doing it
A legend on the bt community pages just recommended where you can opt out. Fingers crossed this works!
https://bt.custhelp.com/app/contact_email/c/6434 w
The opt-out form can be accessed by the FAQ that was linked above.
I am not on the trial and I have already opted-out so they don’t do so in the future.
I added a very visible link earlier today.
@zyborg:
I just bought one on Amazon for £55. A D-Link 645.
I am not surprised at this in the least… BT will ALWAYS use a plaster / band-aid / stopgap and will never do the correct thing. I would not be surprised if in a few years their whole network starts to fall apart from all the “fixes” rather than actually fixing things the correct way. 21CN was meant to be replacing every exchange. Has this gone to the wayside too?
they all do this at some point and unless you’re a business customer (as they get an static IP normally) i am say it should be opt in auto with an opt out (really they could of had no opt out but customers would of been leaving)
(i) Yes PING (Echo Request) is part of ICMP, but ICMP is much more than PING. So indiscriminately blocking all ICMP is a bad idea.
(ii) Ignoring PINGs does not really “hide” your router. It is not a security feature, any more than “hiding” an SSID. Traceroute can use UDP rather than ICMP (by default even).
(iii) The routers of ISPs networks will respond to PINGs. They just don’t prioritse it over doing their actual role (routing stuff)
(iv) if you have heard of things like PING floods or PING of death, you patch against those as with any vulnerability.
I make sure it is enabled on all networks I am responsible for, particularly routers.
It is an essential diagnostic tool and I have cause to use it almost every working day, including provisioning new equipment.