Double NAT and CGNAT are both types of NAT technology which can cause significant issues for agents attempting to connect to the Dial Fusion system. Many mobile and cellular networks have used CGNAT for several years to support the growing number of devices on their networks. Recently, some residential ISPs have started to implement CGNAT as well.
NAT stands for Network Address Translation. This technology is employed by virtually all home and office routers to allow all of the devices behind the router to be able to reach the internet. All devices need an IP address to be able to access the internet, but it's not practical or secure to give each device a public IP address than can be reached from other internet devices. In this case, the router receives the public IP address from the ISP and uses that to send traffic to and from the internet, and the router provides a private IP address to each device connected to it. As the name implies, devices on the private network can only communicate with each other and not with the internet.
When transmitting data to and from the internet, the router translates the private IP address from the device to the public IP address used to reach the internet. The router also has to keep track of which device is supposed to receive the packet being returned from the internet. Because devices are not directly connected to the internet, the router also serves as a type of firewall which blocks incoming traffic from reaching the devices behind it, unless that traffic was specifically requested from a device connected to the router.
When agents are setup to use the Dial Fusion system, we setup a Zoiper softphone on the computer which connects to our servers and provides the audio path that agents use to communicate with customers. However, the Dial Fusion servers only see the public IP address of the router that the computer is connected to and not the private IP address behind the router. In most cases, Zoiper is able to automatically open a connection through the NAT and enable it to recieve the incoming call when the agent attempts to log in. Zoiper provides this information to our servers and ensures the call is routed to the right computer.
Double NAT is caused when there is another router placed in front of (acting as the internet connection of) the router that the agent's PC is connected to. When Zoiper attempts to open the connection through the first router's NAT, it is unaware of the second router that is in the way. Zoiper has no way to determine if the connection was opened successfully apart from receiving the call from the system when an agent logs in. There are a few causes of a double NAT scenario but one of the most common is if the customer is using their own router and not one provided by the ISP, but the ISP modem has not disabled its built in router. Disabling the router in the ISP modem and configuring it to use your own router is typically known as bridge mode.
CGNAT is a type of double NAT known as Carrier Grade NAT. This scenario is similar to a double NAT caused by a second router, but in this case the ISP is using NAT at an upstream router. The same issues with Double NAT are present in CGNAT scenarios as well.
If the agent's Zoiper is able to register to the server but isn't able to receive the incoming call from the system, this is a good indicator that a double NAT situation is occurring. This is not the only indicator however, and issues registering Zoiper may indicate a double NAT as well.
If the agent is using their own router and not the one provided by the ISP, the first check would be to contact the ISP and make sure the modem is placed into bridge mode. This disables the router built into the modem. If bridge mode is off and gets turned on, the modem will need to restart and all active internet connections will be temporarily disconnected. If the agent is not using their own router or if the ISP reports that bridge mode is already enabled, continue onto the next check.
The next check is to look at what public IP the router reports that it has. This can be accomplished by logging into the router and this information is usually displayed on the main status page of the router. If you see a public IP address starting with 192.168.x.x, 172.16.x.x through 172.31.x.x, or 10.x.x.x, this is indicative of a double NAT but not usually a CGNAT. If you see a public IP addres starting with 100.64.x.x through 100.127.x.x, you are likely behind a CGNAT. If you are using a regular residential or business internet connection and not a mobile network, contact your ISP to see if CGNAT can be disabled for your connection.
If both of these tests are still inconclusive, check your IP address at a public address checking website such as wimi.com. If the check website reports a different IP address than what your router shows as your public IP, some type of double NAT is in play and you may need to contact your ISP to resolve.
Finally, you can normally see a double NAT scenario by performing a traceroute to a public website on the internet. The first hop of the trace should show an IP address in either the 192.168.x.x, 172.x.x.x, or 10.x.x.x range. The second hop should be a drastically different address. If the second hop shows another address similar to the above, or shows an address between 100.64.x.x and 100.127.x.x, there is likely a double NAT involved. Performing a traceroute and intepreting the results is beyond the scope of this document.
If you have any additional questions, please contact your Dial Fusion account manager for more information.