Broadband News

BT Retail in Carrier Grade NAT pilot

If you are a BT Total Option 1 Broadband customer and have been having issues where some services like Xbox Live have not been working, then it is possible you have been taking part in the Carrier Grade NAT pilot (CGNAT) that BT Retail is running.

"The number of IPv4 internet address worldwide is running out, meaning that all ISPs must come up with a solution to keep new fixed broadband customers connected until IPv6 addresses become widely adopted.

BT is introducing a technology called Carrier Grade Nat (CGNAT) to help address this issue, which means that certain customers will share an IP address with up to nine other customers. This is the same as the standard practice for mobile broadband connections, using smartphones and tablets today.

We have decided that we will pilot this new technology with our Option 1 Total Broadband customers who on average use the internet least. We believe they are the least likely group of customers to experience any issues or disruptions due to CGNAT, which can interfere with complex online activities like hosting servers at home. We do not think these customers will notice any difference at all in their broadband performance, but if any of these customers did have any resulting issues, we would be happy to restore their connection to an individual IP address.

BT is also working to introduce IPv6 internet addresses during 2013, but customers will need both IPv4 and IPv6 addresses for the foreseeable future."

BT Retail statement on Carrier Grade NAT pilot

Carrier Grade NAT means that an Internet connection gets a private range IP address, with the NAT hardware ran by the provider sharing the public IP address between a number of customers. This effectively means that people are behind a double NAT scenario, which breaks a number of services and also means that people wanting to run a small server or log into a network IP camera will find these are not accessible from outside their home network.

Plusnet was involved in a trial earlier in 2013 to look at the same thing. The suggestion is that while providers are getting ready to roll-out IPv6 they realise that many websites will still be running on IPv4 and therefore IPv4 is not going to vanish overnight.

BT has a FAQ on the Carrier Grade NAT to help with queries as the change is introduced to more Option 1 customers. The key to finding out whether you are already using the CG-NAT solution is to use a whois site that displays the Organistion that your public IP address is registered to, and if this is shown as CG-NAT then you are on the pilot already. If you are finding the CG-NAT to be a problem then by contacting BT support you can opt back to a public IP address for your connection.

Update 4th May To make it easier for those who want to opt out of the trial, this is the page to use to contact BT and request removal from the CG-NAT/IP Address Translation pilot.

Update 7th May We have double checked that the CG-NAT trial only affects Option 1 customers, and BT have confirmed this to be the case, there will be some BT employee's with Option 3 who are also on the trial. So if you are not on an Option 1 product and believe you affected by this CG-NAT/IP Sharing trial then do get in touch with us and we will investigate further.

Comments

Umm is this an enforced trial or do you have to sign up? It sounds like they are just "doing it" ?

  • GMAN99
  • over 4 years ago

Isn't this is low use package 10gig or something?

Sounds like they think the low use people won't be affected as they won't be doing "advanced" setups.

But still poor show from BT just putting people onto a trial without warning.

  • undecidedadrian
  • over 4 years ago

Just went and checked and it looks like its an opt-out roll out so people better go and opt-out before they get thrown onto it.

  • undecidedadrian
  • over 4 years ago

Another reason to steer clear

  • idf03
  • over 4 years ago

If you start trialing CGNAT before you trial IPv6, you're doing something wrong.

  • Kushan
  • over 4 years ago

Is CGNAT even technically an 'internet connection' anymore? :/

  • driz
  • over 4 years ago

BT running a trial without warning people first? Reminds me of the Phorm fiasco!

  • jelv
  • over 4 years ago

1. Any idea which private address range they are using?

2. How long before other fixed line ISPs have to follow suit?

  • mhc
  • over 4 years ago

driz:

As I understand it mobile phones use CGNAT - so I think that is does count as an "internet connection"

  • mdar5
  • over 4 years ago

I think the technically minded of us need to remember that most of the customers are probably prime candidates for a CGNAT. Why bother causing a fuss?

BT provide a broadband service, they still provide that under a CGNAT. If you suffer service degradation, then BT let's you opt-out, sounds fair.

IPv4 to IPv6 needs to be a graduated deployment and CGNAT's are needed to ensure IPV4 is sustainable whilst we make the transition.

  • mabibby
  • over 4 years ago

Agreed. It's a bit like all the bleating about NAT. Nearly every technical article has a statement about how it breaks the internet but in over a decade it's never caused me any grief.

Meh. Purists :D

  • AndrueC
  • over 4 years ago

But the TBB Quality won't work under CGNAT will it? Assuming there are others who use it even without fixed IP addresses.

Presumably this will not be used for business connections?

  • greenglide
  • over 4 years ago

Off the top of my head, CGNAT would break TBBQM however...

I assume that CGNAT won't be used for static addressing (not that residential BT customers can get that anyway) and TBBQM is not supported with dynamic addressing anyway. The fact it works because some ISPs have very sticky DHCP is neither here nor there.

  • AndrueC
  • over 4 years ago

(cont'd) I think that with CGNAT the thing TBBQM would ping would always be the virtual node. In there'd be no SPI that could be used to map the ports correctly. In fact I guess CGNAT breaks all connections that are initiated from external addresses.

Still - those services are unlikely to work with dynamic IP anyway unless they rely on something like DNS and a tool exists to keep the records updated.

  • AndrueC
  • over 4 years ago

The BQM is slightly moot with BT Retail, as the HomeHub does not respond the ICMP pings from the Internet anyway.

  • andrew
  • thinkbroadband staff
  • over 4 years ago

"the HomeHub does not respond the ICMP pings from the Internet"
- that would explain why they can't get IPv6 implemented - [cough] RFC 1981 [/cough]

  • gordslater
  • over 4 years ago

Not responding to ICMP is a security feature, many routers have this set-up

  • GMAN99
  • over 4 years ago

It appears that BT are following RFC6598 and using 100.64.0.0/10 for the CGN IP address ranges - The full RFC can be viewed here http://tools.ietf.org/html/rfc6598 - which is good in one sense, as in it shouldn't conflict with anybodies private IP ranges (eg VPN, etc), unless they've chosen to use the "Shared Address Space" incorrectly in the first place

  • aramsay
  • over 4 years ago

hmm, "security feature", that's what you often hear as a benefit of NAT. Ironic isn't it. So, I've sealed up my letterbox, refuse to tell couriers how big my max parcel size is and I won't answer the door- it won't have any effect on anyone here and improves security. Great idea

  • gordslater
  • over 4 years ago

Not sure why you are on your high horse, its a feature used to hide your router.

Its not a BT idea

  • GMAN99
  • over 4 years ago

Google up "icmp vulnerability"

  • GMAN99
  • over 4 years ago

ispreview have finally woken up to it too http://www.ispreview.co.uk/index.php/2013/05/uk-isp-bt-quietly-forces-cgnat-ipv4-internet-address-sharing-pilot.html

one of there comments implies that plusnet are doing it already

DanielM
May 3, 2013 at 2:17 pm

I have been using it on plusnet for some time now. not seen many problems, VPN works fine.

  • dogbark
  • over 4 years ago

Trust BT to hang on to old tech instead of encouraging a move to IPv6.

  • Going_Digital
  • over 4 years ago

Gman99 perhaps they should block TCP too as lots of vulnerabilities exist too.

  • andrew
  • thinkbroadband staff
  • over 4 years ago

The plusnet trial was announced in Jan rather than stumbled across.

  • andrew
  • thinkbroadband staff
  • over 4 years ago

This IPv4 should have been sorted out a a few years back if the larger ISPs have got off their backside and started to change to IPv6 then we would not have this problem and IPv 6 routers/modems would not have stayed at such a high price for so long.

the problem is now, we the paying public will suffer because of this, or the poor sods on Bt option one anyway.

  • zyborg47
  • over 4 years ago

Why is everyone getting in a strop about ICMP? Stuff like this is disabled in many Linksys routers (and other brands) by default

  • GMAN99
  • over 4 years ago

The problem with the move to ipv6 is that do we even know how much non compliant hardware is out there, both domestic and enterprise.

I for one would not like to tell an enterprise enviroment that they HAVE to move to this new hardware in this economic climate.

And all the ISP's that supply hardware will need to identify and swap theirs over.

This is a big project and I expect quite a lot of other countries are in the same boat.

  • undecidedadrian
  • over 4 years ago

@Andrew surely that is why we have hardware as well as software firewalls due to the amount of TCP etc exploits.

So hardware switchoff of ICMP has been a feature of routers for YEARS and now trying to turn it off gets a big warning box on my router.

  • undecidedadrian
  • over 4 years ago

ICMP is required for proper functioning of things such as PMTU, the problem is a little knowledge can be a bad thing. Just switching off all ICMP is generally a bad idea.

  • Going_Digital
  • over 4 years ago

Could this possibly cause problems with false file sharing accusation's being made?

  • Norest
  • over 4 years ago

Allowing your router to be visible to ping sweeping bots and then probed further for weaknesses also a bad thing, I'll take my chance with the possibility of a bit of fragmentation

  • GMAN99
  • over 4 years ago

The ICMP issue is a case of you as the use can do nothing about it apart from NOT use the Home Hub on BT Retail products.

  • andrew
  • thinkbroadband staff
  • over 4 years ago

Norest yes, but I expect it will be harder to share as well because the ISP is also nat'ing

  • GMAN99
  • over 4 years ago

Sadly it will make it more difficult for the banks to detect online fraud as well. Currently they have logs of all the IP address customers/fraudsters have logged into an account from and if necessary could track them down.
In future all they will have is the ISP's CGNAT IP address used probably by umpteen customers.
So they would have to 'request' the customer's details further from the ISP in question.

  • mdar5
  • over 4 years ago

I wonder if the courts would go as far as to allow the copyright holders to send letters to 10 people sharing the IP address of one person sharing copyrighted stuff on p2p.

  • oliver341
  • over 4 years ago

I have been put on this trial, with no consent from me. I can not forward any ports, even in a DMZ. Trying to get anyone in BT to get me off, and get a unique IP address back again has been a nightmare. I still can't use my FTP server, or remote desktop connection. This is awful. Something needs to done!!

  • danman7_200
  • over 4 years ago

I am on infinity option 2. They must be doing it on this package to!! Maybe I use to much upstream bandwidth and thats why they are doing it

  • danman7_200
  • over 4 years ago

A legend on the bt community pages just recommended where you can opt out. Fingers crossed this works!

https://bt.custhelp.com/app/contact_email/c/6434 w

  • danman7_200
  • over 4 years ago

The opt-out form can be accessed by the FAQ that was linked above.

I am not on the trial and I have already opted-out so they don't do so in the future.

  • undecidedadrian
  • over 4 years ago

I added a very visible link earlier today.

  • andrew
  • thinkbroadband staff
  • over 4 years ago

@zyborg: <IPv 6 routers/modems would not have stayed at such a high price for so long.>

I just bought one on Amazon for £55. A D-Link 645.

  • AndrueC
  • over 4 years ago

I am not surprised at this in the least... BT will ALWAYS use a plaster / band-aid / stopgap and will never do the correct thing. I would not be surprised if in a few years their whole network starts to fall apart from all the "fixes" rather than actually fixing things the correct way. 21CN was meant to be replacing every exchange. Has this gone to the wayside too?

  • vicdupreez
  • over 4 years ago

they all do this at some point and unless you're a business customer (as they get an static IP normally) i am say it should be opt in auto with an opt out (really they could of had no opt out but customers would of been leaving)

  • leexgx
  • over 4 years ago

(i) Yes PING (Echo Request) is part of ICMP, but ICMP is much more than PING. So indiscriminately blocking all ICMP is a bad idea.

(ii) Ignoring PINGs does not really "hide" your router. It is not a security feature, any more than "hiding" an SSID. Traceroute can use UDP rather than ICMP (by default even).

(iii) The routers of ISPs networks will respond to PINGs. They just don't prioritse it over doing their actual role (routing stuff)

(iv) if you have heard of things like PING floods or PING of death, you patch against those as with any vulnerability.

  • prlzx
  • over 4 years ago

I make sure it is enabled on all networks I am responsible for, particularly routers.

It is an essential diagnostic tool and I have cause to use it almost every working day, including provisioning new equipment.

  • prlzx
  • over 4 years ago

Post a comment

Login Register