Complete Video Link: https://youtu.be/BGu2iGtn5u4
Complete Video Link in Nepali language: https://youtu.be/9aOb32Cz2m4
Evolution of IPv4 Allocation: From Direct Public IPs to CGNAT and the Road to IPv6
The way Internet Service Providers (ISPs) assign IP addresses has transformed dramatically over the years. These changes were driven by the scarcity of IPv4 addresses and the growing demand for affordable, scalable internet access.
We can divide this journey into three phases: direct allocation of public IPs, home NAT via routers, and carrier-grade NAT (CGNAT). Each phase affected how static and dynamic IPs worked, and each came with its own advantages and limitations.
Phase 1: Direct Public IPv4 Allocation
In the early days, ISPs assigned a unique public IPv4 address to each device.
Example: If one person had three phones and one laptop, they would receive four separate public IPs.
Every device was directly exposed to the internet.
Hosting services was simple — no NAT, no VPN, no port-forwarding needed.
Static vs Dynamic in Phase 1
Static Public IPs were very common initially. A device always had the same IP.
As demand grew, ISPs shifted to Dynamic Public IPs, which were leased temporarily and changed after reconnection or a set time.
Diagram: Phase 1
[Device 1] --> Public IP: 202.x.x.1
[Device 2] --> Public IP: 202.x.x.2
[Device 3] --> Public IP: 202.x.x.3
👉 Problem: Highly inefficient and costly. IPv4 exhaustion was unavoidable.
Phase 2: NAT with Home Router
To conserve IPv4 addresses, ISPs moved to a household-based model:
The ISP assigned one public IPv4 to the home router, that time it was called modem, now the router has modem and other features too.
The router distributed private IPs (192.168.x.x, 10.x.x.x, 172.16–31.x.x) to devices inside the home usually class C IP address.
The router performed Network Address Translation (NAT) to map private → public → internet.
When your device (phone, laptop, etc.) connects to the internet through your home Wi-Fi, it uses a private IP address (like 192.168.x.x). These private IPs work only inside your local network, not on the wider internet.
Your router does a job called Network Address Translation (NAT):
It takes your private IP address.
Maps it to your public IP address (the one your ISP gave your router).
Sends your traffic to the internet using that public IP.
On the internet, websites and apps can only understand the public IP, not your private one.
🔹 Example with apps
When you use social media apps (Facebook, Messenger, WhatsApp, Imo, etc.) to send messages, voice, or video calls:
Your phone → (private IP) → router → (NAT) → public IP → internet → app server.
Replies from the server come back to your public IP.
The router’s NAT keeps track of which private device requested it, and forwards it back to the right phone/laptop.
This translation process is why communication works smoothly — without NAT, the internet wouldn’t know how to reach your private IP inside your home.
⚡ In short: NAT is like the translator between your home’s private network and the global internet.
Benefits
Far more efficient use of IPv4.
Cheaper for both ISPs and customers.
Port forwarding worked, so users could host websites, game servers, or access CCTV remotely.
Static vs Dynamic in Phase 2
Dynamic Public IP was standard for most residential users (changes often).
Static Public IP was available at extra cost for businesses or home servers.
Diagram: Phase 2
[Device 1] 192.168.0.2 \
[Device 2] 192.168.0.3 ---> [Router] --> Public IP: 202.x.x.10 --> Internet
[Device 3] 192.168.0.4 /
👉 Result: More efficient, port forwarding possible, but IPv4 exhaustion still a looming problem.
Phase 3: CGNAT (Carrier-Grade NAT)
As populations grew and IPv4 became even scarcer, ISPs deployed Carrier-Grade NAT (CGNAT).
The ISP no longer gave each household a public IP.
Instead, the router receives a private IP (often 10.x.x.x or 100.64.0.0/10).
The ISP’s CGNAT server translates many customer private IPs into a shared public IP.
Real-World Example (Nepal)
A CGNet Huawei router might show a WAN IP like:
10.82.69.184
This is not a public IP, but an internal private address assigned by the ISP.
At the ISP’s CGNAT server, that private IP is mapped to a shared public IP, used by dozens or hundreds of other customers.
Why Port Forwarding Fails in CGNAT
Since multiple households share the same public IP, the ISP cannot open unique ports for each customer.
Port forwarding no longer works by default.
To host services, customers must use VPNs, tunnels, or pay for a dedicated static public IP.
Static vs Dynamic in Phase 3
ISPs buy blocks of static IPv4 addresses from upstream providers.
They use CGNAT to share these addresses dynamically among many customers.
To end users, this appears as a dynamic, shared public IP.
Customers can still pay extra for a real static public IP; in that case, the ISP bypasses CGNAT.
Diagram: Phase 3
[Device 1] 192.168.0.2 \
[Device 2] 192.168.0.3 ---> [Home Router: 10.82.69.184] ---> [ISP CGNAT] ---> Shared Public IP: 203.x.x.50 --> Internet
[Device 3] 192.168.0.4 /
👉 Result: Extremely efficient, but port forwarding is broken unless you buy a static IP or use tunnels.
Dynamic IP, Static IP, Public IP, Private IP — detailed explanation + diagrams
These four terms are the core of how devices get (and keep) addresses on a network. I’ll define each, show how they’re assigned and used, give examples and pros/cons, then show two clear diagrams: (A) Internet ↔ home network (public vs private) and (B) DHCP (dynamic) vs Static assignment.
Quick definitions (one-liners)
Public IP — an IP address that is globally routable on the Internet (unique on the public internet).
Private IP — an IP address used inside a local network (not routable on the public Internet; RFC1918 ranges).
Dynamic IP — an IP address that is assigned automatically and can change (leased, usually by DHCP).
Static IP — an IP address that does not change unless manually reconfigured (can be set on a device or reserved by DHCP).
1) Public IP (details)
What: A globally routable IPv4/IPv6 address assigned to a device or network by an ISP or an organization.
Where you see it: The address shown by “what is my IP?” or the address the ISP assigns to your modem/router’s WAN interface.
Example (documentation range): 198.51.100.10 (useful example address reserved for docs).
Uses: Web hosting, mail servers, VPN endpoints, remote access, NAT gateway for many devices.
Notes: With IPv4 scarcity, ISPs may give a dynamic public IPv4, or use CGNAT (customers share an ISP-side address). IPv6 provides plenty of public addresses.
2) Private IP (details)
What: Non-routable addresses used inside local area networks (LANs). Routers perform NAT (Network Address Translation) to map many private addresses to a public IP.
RFC1918 ranges (IPv4):
10.0.0.0/8 → 10.0.0.0 – 10.255.255.255
172.16.0.0/12 → 172.16.0.0 – 172.31.255.255
192.168.0.0/16 → 192.168.0.0 – 192.168.255.255
Examples: 192.168.1.5, 10.0.0.12
Uses: Home devices, office PCs, IoT — anything that only needs LAN/internet access via NAT.
Notes: Private IPs cannot be reached directly from the public internet without port forwarding / NAT traversal.
3) Dynamic IP (details)
Dynamic IP exists because of the limited number of IPv4 addresses available. If every user had a permanent static IP, the IPv4 pool would be exhausted quickly.
With Dynamic IP, the Internet Service Provider (ISP) assigns an available IP address to a device each time it connects to the network. When you turn off your router, mobile data, or disconnect from the internet, that IP is released back into the pool. The next time you reconnect—or when another user connects—the ISP can assign that same IP to someone else.
This is why you often get a different unique IPv4 address every time you restart your router or reconnect to the internet.
What: Address assigned automatically (usually by DHCP) for a limited time (lease). Could be a private IP on your LAN or a public IP assigned by your ISP.
How assigned: DHCP server (router for LAN devices; ISP DHCP for public WAN addresses). DHCP has lease time and renewal.
Example usage: Your phone gets 192.168.1.20 from your home router every time it connects; the router itself often gets a dynamic public IPv4 from the ISP.
Pros: Easy to manage, no manual setup, efficient address use.
Cons: Address can change — not ideal for hosting services unless you use dynamic DNS.
4) Static IP (details)
What: Address configured to remain the same over time. Can be set manually on a device or provided via DHCP reservation (static lease).
How assigned: Manual configuration (set IP, mask, gateway, DNS) or DHCP reservation keyed to device MAC.
Example usage: A local server with 192.168.1.10 static so port forwarding rules always hit it; a company buys a static public IP from their ISP for a mail or web server.
Pros: Predictable; good for servers, CCTV, VPN endpoints.
Cons: Requires management; public static IPv4 may cost extra.
DNS & Dynamic IP
If you have a dynamic public IP but need a stable name (for remote access or hosting), you can use Dynamic DNS (DDNS) services: a small client updates a domain name whenever the public IP changes. (Common when ISP gives dynamic public IP.)
Diagram A — Internet ↔ Home network (public vs private)
[Internet]
|
(public IP)
|
+-------------+
| ISP / | <- ISP assigns this public IP (dynamic or static)
| Backbone |
+-------------+
|
(public IP on your modem/router WAN)
Public IP: 198.51.100.10 <-- this is the router's WAN (public) address
|
+--------------------+
| Home Router / NAT |
| (DHCP server, NAT) |
+--------------------+
| | \
Private LAN: | | \
192.168.1.2 -> PC | 192.168.1.10 -> CCTV (static) 192.168.1.50 -> Phone (dhcp)
192.168.1.3 -> Phone
192.168.1.4 -> Laptop
(NAT) 192.168.x.x <--private IPs (RFC1918). Outbound connections are NATted to the public IP.
Explanation: the router has the public IP on the WAN side. Devices inside get private IPs and the router translates (NAT) their traffic to the single public IP. If the public IP is dynamic, that 198.51.100.10 value may change. If the public IP is static, it remains constant.
Diagram B — Dynamic (DHCP) vs Static assignment (device-level)
Scenario 1 — Dynamic (DHCP)
[Device] ---DHCPDISCOVER--> [Router/DHCP server]
[Router] ---DHCPOFFER-----> [Device]
[Device] ---DHCPREQUEST----> [Router]
[Router] ---DHCPACK--------> [Device]
Device receives: IP=192.168.1.50, mask=255.255.255.0, gateway=192.168.1.1, lease=24h
Scenario 2 — Static (manual)
[Admin sets on Device]
IP=192.168.1.10
Mask=255.255.255.0
Gateway=192.168.1.1
DNS=8.8.8.8
(No DHCP involved; address persists until changed)
DHCP reservation (best of both worlds):
On router: reserve 192.168.1.100 for device MAC AA:BB:CC:DD:EE:FF.
Router’s DHCP will always hand that device the same IP (device still uses DHCP), effectively making it "static" from the LAN admin point of view.
Short comparison table
How to check which you have
Find your device’s local/private IP:
Windows: ipconfig
Linux/macOS: ip addr or ifconfig
Find your public IP: visit a “what’s my IP” site or from terminal: curl ifconfig.me (or check router status page).
If your WAN IP is inside 100.64.0.0/10 (100.64.0.0–100.127.255.255) it may be CGNAT — meaning you do NOT have a unique public IPv4, and hosting services from your home is problematic.
Practical tips & common situations
Home servers / CCTV: give them a static private IP (or DHCP reservation) and set router port forwarding to that internal IP. If your public IP is dynamic, use DDNS.
When you can't host from home: If your ISP uses CGNAT or doesn't provide a public IPv4, request a public static IP or use a cloud-hosted relay/VPN.
Security: A public static IP is more exposed — secure services with firewalls and strong authentication. Private networks behind NAT add a layer of protection.
IPv6 note: IPv6 often gives globally reachable addresses to devices (so “public” becomes the norm). IPv6 also supports static and dynamic assignment (SLAAC, DHCPv6).
TL;DR (cheat-sheet)
Public IP = global address on Internet.
Private IP = local address inside your LAN (RFC1918).
Dynamic IP = assigned automatically (DHCP), can change.
Static IP = set to stay the same (manual or DHCP reservation).
How to ByPass CGNAT?
In the complete video, I have shown you with cloudflare service with domain and without domain so watch first that video.
And there are other Services also available, one thing I struggle was with DNS cache by Router assign by ISP. Your methods and everything would be correct but the dns name will not resolved because of DNS cache and it is one of the headache as ISP don't allow easily otherwise customer can use ports using third party services which creates more load on their servers that affect internet connectivity.Ngrok,LocalTunnel are also available option to bypass ISP CGNAT Server.
Yes 👍 — both Ngrok and LocalTunnel bypass your ISP’s DNS caching problems, because:
Your computer makes an outbound connection to Ngrok/LocalTunnel servers.
They give you a public URL on their own domain (ngrok.io or loca.lt).
Visitors connect to that URL, not to your ISP’s DNS.
So your ISP’s DNS cache doesn’t matter at all ✅
🔹 1. Ngrok (works on Windows, Linux, macOS)
Steps:
Download Ngrok
Go to: https://ngrok.com/download
Extract/install it.
Put ngrok binary in your PATH (so you can run ngrok command).
Create a free account
Sign up at ngrok.com.
Copy your Auth Token from the dashboard.
Connect your local machine to Ngrok
Run in terminal:
ngrok config add-authtoken YOUR_AUTH_TOKEN
Expose your localhost server
If your web app runs on port 8080:
ngrok http 8080
Get your public URL
Ngrok will show something like:
Forwarding https://abcd-1234.ngrok.io -> http://localhost:8080
Share that HTTPS URL with anyone.
🔹 2. LocalTunnel (open-source, Node.js based)
Steps:
Install Node.js (if not installed)
Download: https://nodejs.org/
Install LocalTunnel globally
npm install -g localtunnel
Expose your localhost server
If your app runs on port 3000:
lt --port 3000
Get your public URL
It will show something like:
your url is: https://yellow-dog-45.loca.lt
Share this URL.
Optional: custom subdomain (if available)
lt --port 3000 --subdomain myapp123
→ URL: https://myapp123.loca.lt
✅ Both work regardless of ISP DNS.
✅ Both are secure (they use HTTPS).
✅ Both free (Ngrok free plan rotates subdomains, LocalTunnel random each time).
Ngrok and LocalTunnel regarding persistent domain names:
🔹 Ngrok
Free plan → You only get random subdomains (like abcd-1234.ngrok.io). They change every time you restart the tunnel.
Paid plan (Starter or Pro) → You can reserve your own subdomain (e.g., myapp.ngrok.io) or even map a custom domain (e.g., app.mydomain.com).
💡 So persistent domain is NOT free with Ngrok.
🔹 LocalTunnel
Free, open-source → Always gives you a random subdomain (like https://blue-cat-45.loca.lt).
You can request a custom subdomain with:
lt --port 3000 --subdomain myapp123
→ https://myapp123.loca.lt
⚠️ But:
Subdomain may not always be available (first-come-first-serve).
It’s not guaranteed permanent — if the server restarts or someone else uses it, you can lose it.
✅ Answer:
With Ngrok, you need a paid plan for a persistent subdomain.
With LocalTunnel, you can try to request the same subdomain for free, but it’s not 100% reliable or permanent.
👉 If you really want a free permanent domain, you’d need to combine a free domain service (like DuckDNS, Freenom .tk, or your `.np domain**) with a tunnel/VPS.
You can also bind a DuckDNS free subdomain with Ngrok/LocalTunnel (so you always connect with the same domain).
Why We Need IPv6
CGNAT is only a temporary fix. The real long-term solution is IPv6, which provides a virtually limitless address space (2¹²⁸ addresses). With IPv6:
Every device can have its own globally unique IP again.
No need for NAT or CGNAT.
Port forwarding and peer-to-peer communication become simple.
How We Are Moving from IPv4 to IPv6
ISPs and networks are adopting IPv6 gradually using three main methods:
Dual Stack
Devices and networks run both IPv4 and IPv6 simultaneously.
Compatible with both old IPv4 services and new IPv6 services.
Common during the transition period.
Tunneling
Encapsulates IPv6 traffic inside IPv4 packets.
Useful when IPv6 networks must communicate across an IPv4-only backbone.
Example: 6to4, Teredo, GRE tunnels.
Translation
Converts IPv6 traffic into IPv4 (and vice versa).
Allows IPv6-only devices to reach IPv4 servers.
Example: NAT64/DNS64.
Conclusion
The evolution of IPv4 allocation can be summarized as:
Phase 1 (Direct Public IPs) → Every device got its own IP, often static, costly and inefficient.
Phase 2 (Home NAT) → Routers shared one public IP among household devices, port forwarding worked.
Phase 3 (CGNAT) → ISPs shared one public IP among many households, port forwarding broke, static IPs became premium.
Today, ISPs in Nepal (CGNet, WorldLink, Subisu, NTC, etc.) and around the world rely heavily on CGNAT. While it saves IPv4 space, it creates barriers for hosting and peer-to-peer access.
The true solution is IPv6. With IPv6, every device regains a unique public address, the internet becomes simpler again, and the limitations of IPv4 and CGNAT are finally removed.
Comments