CGNAT, which stands for Carrier Grade NAT, is a technology designed to transition addresses considered large-scale, that is, when a large number of sources are converted into available IP addresses, which are in transition.

Thus, there are some specific advantages in its use, such as the possibility of recording the conversion of these addresses. This annotation is performed through a LOG.

Other than that, other possibilities are the conversion of source and destination TCP ports, and the translation of addresses registered in IPv4 and IPv6, using CGNAT directly on the router that is on the border between the operators.

Therefore, the use of CGNAT was only possible due to the application, previously, of NAT (Network Address Translation), a technology constantly used by operators to convert private to public IP addresses.

In this way, the IP address number is saved, providing for the use, by two or more people, of an IP address of public origin. This avoids running out of available IP addresses and generates savings.

The advent of new means of accessing the internet, through the use of clouds, smartphones and tablets (not counting the internet of things), led to a rapid exhaustion of IP addresses, forcing the market to increase the price of commercialized addresses.

With that in mind, we prepared the text below for you to know exactly what a CGNAT connection is, its main particularities, possible problems and of course: know exactly how to configure it. Keep going and have a good read!

After all, what is CGNAT?

Carrier Grade NAT, also known by the acronym CGNAT, is a large technology created to help the procedures of telecom operators that are in a critical state due to IPv4 address unavailability.

In this way, CGNAT makes use of the NAT application directly on the operator's network that faces the problem of unavailability, causing the company's customer to reach a private address before the user sees any error signal.

Basically, the role of CGNAT is to generate sharing an external IP address (also called public) between multiple local IP addresses (which are nothing less than private addresses).

To explain in more detail: the NAT protocol used directly on a user's or a company's router allows about 4.29 billion connected devices to the internet, through 32-bit logical addresses.

Endereços IP

However, the internet no longer has IPv4 numbers available for allocation, so these positions will be occupied simultaneously, leading to the total exhaustion of these numbers.

From this need, operators began to apply NAT directly on their networks, which gave rise to CGNAT. With that, this technology (or “gambiarra”) made possible a improvement in the availability of addresses for customers.

As it is considered an intermediary layer between the internet network and the user, CGNAT makes it possible to assign the same public IPv4 address to different private connections at the same time.

In this way, each user is directed through different ports, allowing operators to manage, in a longer time, old IP addresses, until the completion of the IPv4 to IPv6 conversion.

By the way, in our Anlix Connection series, on our YouTube channel, we already had an interesting debate about the scarcity of IPv4 addresses and the real need for IPv6: do we really need it? Check it out in the video:

Problems and advantages of CGNAT

The connection made over the internet is point-to-point, that is, each user has their own IP address, which is easily identified. When CGNAT is applied, users are conditioned to use the same IPv4 address, which can bring some risks.

The CGNAT connection, depending on its use, may interfere with some services that the user will use constantly, such as streaming and online games, among others that require the use of a unique address.

Therefore, these services are programmed to use only a single port (or a set of ports) and, because of this configuration, they can generate conflicts in networks that use the CGNAT connection.

A solution to this disadvantage is to use in your operation or acquire CPEs that have the Flashbox Solution🇧🇷 That's because with Flashbox, CPEs already come with IPv6 enabled by default and your provider would not need to invest in CGNAT boxes with high cost and that bring with them risks.


However, the sharing of IPs that the CGNAT connection provides also has a security layer that helps to make it difficult to identify this audience. Thus, in cases of possible invasions, the CGNAT guarantees the protection of those who use it.

However, if the user wants other protection measures, it is possible to rely on software and devices intended for this, such as Anlix's Flashbox solution 🇧🇷 It offers secure possibilities to prevent intrusion and security breaches.

If you want to know a little more about the advantages of Anlix solutions for your internet provider, fill out this quick form below to sign up and start testing!

Where did you find out about Anlix solutions? *
Authorization to send content *