CGNAT, ISPs, and the Luck of the Draw

April 18, 2026

Been down a rabbit hole this week reading through a thread about self-hosting and CGNAT, and honestly, it’s one of those topics that sits right at the intersection of “deeply nerdy” and “genuinely important infrastructure that affects real people.” Bear with me if you’re not in the IT world — I’ll try to make this relatable.

For the uninitiated, CGNAT (Carrier-Grade NAT) is basically your ISP hiding your connection behind a shared IP address. Think of it like living in an apartment block where everyone shares the same street address — great for the landlord who doesn’t have to manage individual addresses, not so great if you want people to actually find your specific door. For those of us who like to self-host services at home — a personal media server, a game server, a home automation dashboard — CGNAT is an absolute pain in the neck.

What struck me reading through the thread was just how wildly different the experience is depending on where you live and who your ISP is. Someone mentioned being with Leaptel or Aussie Broadband here on the NBN, and yeah, that tracks with my experience — the smaller, more customer-focused RSPs on the NBN network tend to actually treat you like an adult who might have a legitimate technical need. A 45-second phone call and you’re sorted. Meanwhile, someone else in the thread was being told they’d need a business contract — potentially thousands of dollars a month — just to get a public IP address. One person in Canada essentially got laughed off the phone.

There’s something deeply telling about this disparity. The technical barrier to removing CGNAT for a single customer is genuinely minimal. We’re talking about a configuration change. The real barrier is corporate policy, and corporate policy is almost always about extracting maximum revenue rather than serving customers well. When an ISP tells a home user they need a business plan to do something a competent ISP will do for free or a couple of dollars a month, that’s not a technical limitation — that’s a choice.

The IPv6 conversation in the thread was equally fascinating and frustrating. The irony that ISPs simultaneously claim there aren’t enough IPv4 addresses and that IPv6 is too complicated to roll out properly is the kind of logic that would get you laughed out of a first-year networking course. IPv6 has been “the future” for so long that it’s become a running joke. Someone in the thread made a great point that NAT has been so normalised over the past 30 years that not having it actually feels wrong to people, even though IPv6 with proper firewall rules is arguably cleaner and more logical.

My own situation here in Melbourne is pretty decent — I’m on a reasonable NBN plan and haven’t had to fight too hard for sane networking. But I’ve definitely been in the position of explaining to less technical family members why something isn’t working, and tracing it back to some ISP quirk that they have zero visibility into or control over. That’s the thing that gets me. Most people have no idea any of this exists. They just know their internet “doesn’t work properly” and they can’t figure out why.

The broader issue here is really about internet access as infrastructure. When your ability to participate fully in the networked world — to run your own services, to maintain some degree of technical sovereignty over your own data — depends entirely on the commercial whims of a telco, that’s a problem. Australia has had its own complicated journey with the NBN, and while it’s genuinely improved things for many people, the retail layer is still a mess of inconsistent policies and variable service quality.

The good news, and there is some, is that the self-hosting community is remarkably good at finding workarounds. Tailscale, WireGuard, cheap VPS instances, Cloudflare tunnels — there are paths through the maze even when your ISP is being obstructive. It shouldn’t require this level of technical gymnastics, but the community knowledge-sharing that happens in threads like the one I was reading gives me some hope. People helping each other navigate genuinely complex infrastructure, for free, out of sheer enthusiasm for making things work — that’s pretty good, actually.

And maybe the slow march toward IPv6 adoption, frustrating as it is, will eventually make a lot of this moot. Here’s hoping.