HomeIP LookupCGNAT

CGNAT Addresses (RFC 6598)

You landed here because the address you looked up falls inside RFC 6598 shared address space — 100.64.0.0/10. This range was carved out in 2012 specifically so that ISPs could deploy Carrier-Grade NAT without colliding with any customer’s RFC 1918 home network. It is not globally unique, is not delegated to any operator, and has no public geolocation or WHOIS record.

Shared address space
100.64.0.0/10
4,194,304 addresses · RFC 6598

How to detect CGNAT

  • Check your WAN IP. Log in to your router and compare the WAN address to what ipctl.io/my-ip reports. If they differ, you are behind CGNAT.
  • Look for 100.64.x.x. If your router’s WAN interface shows an address in 100.64.0.0/10, your ISP is using CGNAT with the RFC 6598 shared-address space.
  • Traceroute. Run traceroute -n 1.1.1.1 — if the first hop is a 100.64.x.x address, that is your ISP’s CGNAT gateway.
  • Port forwarding fails. If you cannot forward ports even after configuring your router, CGNAT is the most common cause. IPv6 bypasses it entirely.

Frequently asked questions

What is CGNAT and why does 100.64.x.x look private?

Carrier-Grade NAT (CGNAT, also called large-scale NAT or LSN) is the technique ISPs use to share one public IPv4 address across many subscribers. It needs a block of addresses to hand out to customer CPE without colliding with the customer's own RFC 1918 LAN. 100.64.0.0/10 was carved out by RFC 6598 specifically for this purpose — it is not RFC 1918, it is 'shared address space', reserved so ISPs can use it between customer routers and the carrier NAT box without stepping on anyone's home network.

Can two customers share the same 100.64.x.x address?

Yes — inside a single ISP's CGNAT realm, the same 100.64.x.x address can appear on two different customer links. The carrier uses its NAT state table to disambiguate. That is also why CGNAT breaks a lot of inbound protocols (port forwarding, UPnP, many peer-to-peer games, self-hosted services): there is no unique public address to forward to.

Is 100.64.0.1 my router or my ISP?

It is almost always the WAN side of your home router or the ISP's CGNAT gateway on the other end. If your home router's WAN interface shows a 100.64.x.x address instead of a public IPv4, you are behind CGNAT. You can confirm by comparing your WAN IP to what ipctl.io or any 'what is my IP' tool reports — if they differ, you are being NATed twice (once at home, once at the carrier).

Is 100.64.0.0/10 the same as 10.0.0.0/8?

No. RFC 1918 allocated 10/8 for private enterprise networks. RFC 6598 allocated 100.64/10 for ISP shared use. They serve similar roles but have different filter rules: transit providers block 10/8 at every peering boundary, while 100.64/10 is allowed inside an ISP's own infrastructure but should still be filtered at the internet edge.

Why do some services break when I am behind CGNAT?

Inbound connections. If you run a game server, seedbox, smart-home hub, or any service that expects external users to reach you, CGNAT blocks them — there is no stable public port on the carrier NAT that maps back to your device, and the customer cannot configure port forwarding through the carrier NAT. IPv6 usually still works, so enabling IPv6 on your server is often the fix.

Related reading