You don't want CGNAT if you can possibly avoid it. It's an absolute deal breaker if you want to host anything, but it can be detrimental to even the lightest of users.
Many users use p2p even if they don't realise it, for instance common chat applications like telegram are capable of direct p2p communications for lower latency voice/video calls, but will transparently fail back to routing through telegram's servers if p2p is not available.
Why you want to avoid Carrier Grade Network Address Translation (CGNAT)
When the Internet was designed, it was intended as a small research network used by the US military. It was designed so that every device connected to the network has a unique address and is able to communicate.
It was not intended for use on a global scale, so the original protocol developed for it has a finite number of addresses (4 billion), with many of these not even being usable due to design decisions that result in them being wasted or reserved for specific purposes. The end result, is that the legacy IPv4 protocol is not really suitable for a global network with billions of users.
In order to get around this limitation, Network Address Translation (NAT) was invented as a way to allow multiple devices to share a single address.
If you signed up for an internet connection 20 years ago you might have got a block of addresses for your devices, more recently you might only get one address and in some cases (CGNAT) you have to share an address with other users.
If each device has its own address, it becomes a part of the internet and has the capability of full two way communication with other devices on the global network.
If you have a single address, which is currently common for fixed line connections in developed countries, then this address will be assigned to your router which shares it between whatever other devices you have. Only the router really has full two-way communication, although the router can selectively enable inbound communication for devices behind it with limitations.
If you are behind CGNAT, you do not have your own address, you are not part of the Internet but are an outsider looking in.
So what does this mean for users?
In short, a CGNAT connection is inferior to a proper full routed connection.
The longer answer is, how much of a detriment CGNAT causes depends on what you’re using the connection for.
If you are only web browsing and reading email etc:
Performance:
When an ISP implements a network connection using routable addresses, the traffic will leave your router across your line, reach a router at the ISP which will then forward it through one or more other routers before it reaches its destination.
When they are using CGNAT, the traffic has to pass through an additional device - the CGNAT gateway, in addition to the routers. These devices are often expensive. This extra device reduces performance, but by how much will depends on the ISP. If they have invested in high end equipment with sufficient capacity to cover the users then the performance impact might be negligible. If they have under-specced the device, then the performance hit could be severe, but there will always be a performance detriment of some level.
Security measures:
The way the Internet was designed, one address equals one device, and this assumption is still used today. Many sites operate security measures which will restrict access when they detect potentially malicious or excessive traffic from a single address. The sites may block access entirely, might limit access, or they may force users to complete a captcha to provide they are not a piece of automated malicious code.
This causes two problems when combined with CGNAT, as a single address can now correspond to multiple actual users:
All it takes is for one user of the same ISP to do something malicious to a particular service, and all customers can be affected. One user doing something stupid, or one user who’s machine is infected with malware etc.
Because there are now multiple unique users coming from the same address, this could cause a large number of requests (ie lots of individual users) coming from the same address to be perceived as an attack and trigger a response.
Limitations:
As with the security measures above, some sites place limits based on the source address of users. For instance, many free download sites limit you to a fixed number of downloads per day. As the download is based on address, once the download quota has been consumed by one customer, other customers will no longer be able to download.
If you are trying to use peer to peer (p2p) protocols:
Peer to peer protocols are when users connect directly to each other, instead of through a centralised server.
Think of it like driving between two cities. Driving direct will almost always be the fastest route, while making a stop at a third city will be slower. The difference may be small if the third city is on the route between the start and end city, but the difference could be huge if the third city causes you to take a massive detour. Taking this route will also increase traffic congestion at the third city.
On the Internet, this centralised server may be in another country or even on another continent. The impact it will have on performance can vary significantly.
When using p2p protocols:
Users experience faster connections, both lower latency and higher throughput.
The operators of the intermediate servers experience less traffic, resulting in lower costs for them.
Everyone wins.
However, in order for p2p communications to work one party must be able to initiate the connection, and the other party must be able to receive the connection. When you are behind CGNAT you can only initiate connections, you cannot receive.
What this means is that you won’t be able to establish p2p connections with other users who are also behind CGNAT.
Some applications will simply fail to work, while others will prefer p2p, but if they are unable to establish a p2p connection they will fail over to operate in a degraded mode (ie using an intermediate server) with reduced performance.
Many applications use and benefit from p2p communication, including:
File downloading tools such as bittorrent, which are also used internally by some programs to download updates.
* Gaming - p2p connections have less lag, as well as reducing costs for the game operator, some games use p2p connections depending on what you’re playing.
* Voice/video calls - p2p communications allow for higher quality and less lag.
If you are trying to host services:
If you are trying to host any services which will be accessed from outside, either by yourself when you’re away from home, or by other people, then you simply can’t use CGNAT as it won’t work.
Many people want to run a VPN at home so they can access their home systems while outside. CGNAT makes this impossible.
Some people want to operate a personal web server or email server at home, again CGNAT makes this impossible.
There are workarounds in some cases, which involve using a server hosted elsewhere. Not only will this reduce performance, but you will either have to pay for the server, or sacrifice security/privacy by allowing someone else to operate such a server.
IPv6:
CGNAT is only applicable to legacy IPv4, there is a new protocol called IPv6 which has enough addresses to easily support more devices than will ever be manufactured. With IPv6, you can return to the way the Internet was supposed to work with every device having its own unique address.
Not everything supports IPv6 yet, but those things that do will benefit from having full connectivity with no NAT. Similarly, p2p communications will benefit if both parties have IPv6.
TL;DR
CGNAT is undesirable, you don’t want it if you have any alternative.
If you are only web browsing and you can put up with the performance reduction and inconvenience, you may be willing to accept CGNAT if it comes with a significant cost saving and the performance impact isn’t too harsh.
Otherwise, avoid any provider that uses CGNAT and opt for those that don’t whenever you have a choice.
Depending where you are, you might not have any alternative to CGNAT. Eventually due to address shortages, all providers will transition to CGNAT and there will no longer be any choice.
Wether you have CGNAT or not, you should always use a provider which offers IPv6. For any application or service which supports IPv6 you will not have to suffer the detrimental effects of CGNAT. The number of things supporting IPv6 is increasing all the time, at some point you may find everything you want to use is available over IPv6 so having CGNAT on IPv4 no longer presents a problem to you.