Starlink CGNAT: A Comprehensive Guide

The following guide explores the Starlink CGNAT technology and its meaning for subscribers. IP addresses are dwindling, and the adoption of IPv6 addresses has been sluggish. 

This is due to several factors, including the high cost of upgrading current equipment. 

Additionally, IPv6 is not compatible with IPv4. It’s quite a conundrum. 

To overcome it and circumvent IP exhaustion, Carrier-Grade Network Address Translation (CGNAT) was introduced. 

Both Residential and Mobile/Roaming versions of Starlink use it. But how does this affect subscribers, and how does it differ from traditional NAT? 

What is CGNAT?

Every device connected to a network (local network or internet) has a unique IP address. We refer to IP addresses that devices use for the internet as public IP addresses.

There are a limited number of these IP addresses. So far, we’ve derived over 4 billion unique IP addresses from IPv4. 

While this may seem somewhat enough to accommodate the internet-connected sector of the global population, it isn’t. 

By the end of 2023, there were over 15 billion Internet-of-Things (IoT) connected devices. 

Each of these devices had an IP address. All these devices can’t have unique IP addresses.

Internet of Things (IoT) Devices

Internet of Things (IoT) Devices

We introduced CGNAT (or CGN), so internet service providers must switch to IPv6. 

They could preserve their public IPv4 infrastructure and addresses by processing subscriber traffic through their internal network.


CGNAT was first used to accommodate mobile carriers in the early 2000s. This is where the name originates from.   

How Does CGNAT Work

CGNAT allows ISPs to share a single public address with multiple customers. 

This is similar to how all the devices in your local area network (LAN) share one public address through a traditional NAT interface.


But how do ISPs like Starlink know which routers to connect to the internet? How do they know which data packets go where? 

CGNAT gives each router sharing a public IP address on the ISP’s network a unique, non-routable private IP address.

This IP address is only available to the CGNAT and WAN-facing router. Tradition NAT typically uses port mapping or forwarding

As you’ll see further down the guide, CGNAT can hinder port forwarding.   

Advantages of CGNAT

Why do ISPs such as Starlink use CGNAT? 

  • CGNAT tackles IPv4 exhaustion by reducing the number of required unique public addresses.
  • Since CGNAT supplies your router with a unique private IP address hidden from the rest of the internet, it’s far more secure. It can help prevent remote attacks from bad actors.
  • CGNAT allows ISPs to add more effective QoS controls and implement load balancing. In turn, this allows ISPs to control traffic and the data transfer speeds of subscribers on their network. It gives ISPs the ability to provide tiered lists and packages, enabling them to prioritize subscribers according to how much they pay. 

Disadvantages of CGNAT

While CGNAT addresses an important problem, it does present a few limitations. 

  • Because subscribers share a public IP address, it limits them from applications and services that require a unique one. For instance, trying to remotely connect to a computer or a device that connects to the internet via Starlink’s standard router isn’t possible – at least not directly. Furthermore, you can’t establish a site-to-site virtual private network (VPN) or effectively run a mail server that you can connect to remotely.  
  • CGNAT interferes with the functionality of DDNS, whose main purpose is to assign domain names. DDNS uses your unique public IP address to do this.
  • CGNAT also interferes with protocols and services such as voice over internet protocol (VoIP). It also makes it much more difficult to join and interact on game servers.
  • CGNAT has no port forwarding support. 
  • It may restrict you from accessing certain websites, or it may impair your connection speed to said sites.
  • CGNAT also interferes with peer-to-peer (P2P) file sharing.
  • You cannot host a remote server on CGNAT because all devices on its network share a single public IP address.
  • CGNAT limits port forwarding. 

Ultimately, CGNAT adds another NAT layer, which decreases flexibility and interferes with certain services and protocols. 

For instance, with the increasing popularity of smart homes, more subscribers want to be able to interface and control their devices remotely. 

This can be impossible if you don’t have a fixed unique IP address assigned to your main router or gateway. 

Fortunately, you can overcome some of the limitations that CGNAT imposes.

Smart Home Screen     

Smart Home Screen     

How to Overcome Starlink’s CGNAT Limitations

The best (and possibly easiest) solution would be to use Starlink Business. 

In addition to offering superior equipment and faster speeds, Starlink Business offers static IP addresses to users. 

However, this may not be financially feasible for most subscribers.     

Alternatively, you can simply wait for Starlink to upgrade its infrastructure and move to IPv6. 

This may not be too far in the distance as Starlink began running beta trials in late 2022. 

They continued to do so in 2023 when some carefully selected users in certain regions were given IPv6 addresses.

Hand Drawing Internet Protocol Versions

Hand Drawing Internet Protocol Versions

Nevertheless, you may not have the patience to wait all that long. If that’s the case, you can use a tunnel or access service to circumvent Starlink’s CGNAT restrictions. You can add port forwarding and broadcast some of your private devices by using tools such as:

All these services differ feature-wise. Some are free, while others are paid. 

Installation is typically straightforward, and they provide you with enough comprehensive documentation to make configuring and running them easier.

Alternatively, you can also set up a VPN. This will require you to bypass Starlink’s router. 

For this to work, you’ll need an official Starlink Ethernet Adaptor and third-party router. 

If your third-party/aftermarket router has IPv6 capabilities, you can also use a static IPv6 address as your public IP address.         

Aftermarket Router

Conclusion

While Starlink’s CGNAT attempts to address a very important issue, it may not be worth it for some users. 

Especially those looking to use Starlink for gaming. Everyday internet users may not experience any issues with CGNAT.

 Users that require a more stable internet service should elect to use cable (if available). 

It’s important to remember that Starlink isn’t the only ISP that utilizes CGNAT. Nearly all mobile carriers do. 

As such, if you live in a rural area, using a network with CGNAT is inevitable. 

But as we mentioned, you can bypass it, and Starlink may start rolling out IPv6 addresses very soon. Thus, you’re not completely stuck.