Sponsored Links

Sky Broadband starting to share IPv4 addresses between users

hants

Casual Member
I've been with Sky Broadband for a while, recently re-contracted (on FTTP) and was sent a new Sky Hub Max router (which I didn't need, but I've swapped it over from the old Sky router anyway).

As expected, got a change of WAN IP, so updated my ping monitor over at thinkbroadband and was confused why I wasn't getting any ping responses (100% packet loss). Checked the firewall on the new Sky Hub Max router which has an admin interface that is strangely hybrid - some things you can configure on the router, some things you have to configure via their app or the My Sky website.

In any case, in doing so, I spotted this information about my IPv4 WAN connection:
Screenshot 2024-06-11 at 07.10.11.webp

Screenshot 2024-06-11 at 07.10.17.webp


I've never heard of MAP-T (despite working in tech infra), so was curious. A quick google seems like it is an alternative to CGNAT. It seems that the IPv4 address will be shared across a number of different users (CPEs), and traffic is encapsulated into IPv6 traffic (IPv4 + port) before leaving the CPE router and handled entirely as IPv6 across Sky's core, and then only breaking out to IPv4 again (via the shared IPv4 address) at their border relay.

From what I've read, the IPv4 is shared by dividing up a portion of the IPv4 ports across a number of users of that IPv4 address. Which explains why ping to the CPE doesn't work since ICMP has no understanding on TCP ports...

I found this interesting presentation from Sky Italy (in English) which indicates they've been rolling it out over there for a while. I guess this has extended to the UK now.


Interestingly, I can affect the sharing ratio by defining port-forwarding configuration (via MySky) -- if you pick a large range of ports, your sharing ratio reduces (which makes sense). However, even when configuring a DMZ, I still end up on MAP-T albeit with a sharing ratio of 1:1 -- even in that scenario, the IPv4 address isn't really terminated on my router.

Map-T seems (from my little knowledge on it) to be a better solution than CGNAT since it allows for port-forwarding to be defined by the user, but is a big step away from having a dual-stack WAN-side of the CPE.
 
Surely this is something they've been slowy doing for some time now? given the amount of IPv4's left is merely nonexistant, I've noticed it for some time at least.
 
From what I've read, it seems like MAP-T is only supported in their most recent Hub Max, so I guess a gradual rollout since late last year when that was released, possibly more recently than that if the Hub supports non MAP-T connections too.

It's also the first of the big players (i.e. not the new entrant ISPs) that I've heard of that aren't assigning IPv4s to CPE/routers.
 
Sponsored Links
I've been with Sky Broadband for a while, recently re-contracted (on FTTP) and was sent a new Sky Hub Max router (which I didn't need, but I've swapped it over from the old Sky router anyway).

As expected, got a change of WAN IP, so updated my ping monitor over at thinkbroadband and was confused why I wasn't getting any ping responses (100% packet loss). Checked the firewall on the new Sky Hub Max router which has an admin interface that is strangely hybrid - some things you can configure on the router, some things you have to configure via their app or the My Sky website.

In any case, in doing so, I spotted this information about my IPv4 WAN connection:
View attachment 15050
View attachment 15051

I've never heard of MAP-T (despite working in tech infra), so was curious. A quick google seems like it is an alternative to CGNAT. It seems that the IPv4 address will be shared across a number of different users (CPEs), and traffic is encapsulated into IPv6 traffic (IPv4 + port) before leaving the CPE router and handled entirely as IPv6 across Sky's core, and then only breaking out to IPv4 again (via the shared IPv4 address) at their border relay.

From what I've read, the IPv4 is shared by dividing up a portion of the IPv4 ports across a number of users of that IPv4 address. Which explains why ping to the CPE doesn't work since ICMP has no understanding on TCP ports...

I found this interesting presentation from Sky Italy (in English) which indicates they've been rolling it out over there for a while. I guess this has extended to the UK now.


Interestingly, I can affect the sharing ratio by defining port-forwarding configuration (via MySky) -- if you pick a large range of ports, your sharing ratio reduces (which makes sense). However, even when configuring a DMZ, I still end up on MAP-T albeit with a sharing ratio of 1:1 -- even in that scenario, the IPv4 address isn't really terminated on my router.

Map-T seems (from my little knowledge on it) to be a better solution than CGNAT since it allows for port-forwarding to be defined by the user, but is a big step away from having a dual-stack WAN-side of the CPE.
Interesting, I wonder how this plays out with 3rd party equipment that isnt interacting with sky's systems. I suspect that might keep you on a non sharing platform.
 
Interesting, I haven't seen this before and MAP-T is a bit of a new one for me too. Seems like a good idea for an operator of Sky's size, but still seems as if it may share some of the caveats of CGNAT when you come to IPv4 sharing on the public internet side.
 
Map-T seems (from my little knowledge on it) to be a better solution than CGNAT since it allows for port-forwarding to be defined by the user
But only within the range of ports you've been assigned - which I presume means only one in 8 users will get the magic ports below 1024 (or perhaps they disable them for everyone, for fairness)
 
But only within the range of ports you've been assigned - which I presume means only one in 8 users will get the magic ports below 1024 (or perhaps they disable them for everyone, for fairness)

If I understand the OP correctly, if you assign more ports, then Sky dynamically gives you a bigger allocation, after he selected DMZ it went to 1:1 ratio.
 
Sponsored Links
Surely this is something they've been slowy doing for some time now? given the amount of IPv4's left is merely nonexistant, I've noticed it for some time at least.
Yes, but they have a huge ipv4 stash, likely don't need to get more, unless they've decided to sell some, which can be lucrative nowadays.
 
Sponsored Links
If I understand the OP correctly, if you assign more ports, then Sky dynamically gives you a bigger allocation, after he selected DMZ it went to 1:1 ratio.
Yup, it started out as 8:1 ratio, and when allocating individual ports, that ratio was unchanged. When I assigned bigger blocks of ports, "my" IPv4 dynamically changed as did the ratio, eventually getting a new IPv4 with a 1:1 ratio when DMZ was enabled. Even in the 1:1 ratio, the IPv4 was terminated on the Sky border relay and not directly on my router, although visibility of the IP allocated is shown on the router.
 
But only within the range of ports you've been assigned - which I presume means only one in 8 users will get the magic ports below 1024 (or perhaps they disable them for everyone, for fairness)
From what I could see, there wasn't any restriction on which ports I could port forward - that might be because there are few customers on MAP-T yet, or given how the IPv4 dynamically changes with blocks of allocated ports, I'd guess that if two customers on the same IPv4 want to port forward the same port, then one would get a new IPv4 automatically with that port (ports) free.
 
This map-t sounds like a reasonable solution compared to cgnat, also didn't know about it despite being in tech.
 
If it meant a user could effectively dynamically choose to have a 1:1 so they can host things, this is great - self service, 99% of users won't touch it, sounds like a great solution to me!
 
@hants - An interesting read in that PDF. It does sounds like CGNAT albeit a more sophisticated implementation. Do you have an IPv6 address as well? According to the PDF, the way MAP-T is implemented on Sky, it is an IPv6 first network so maybe you have a public routeable IPv6 address? This could solve your BQM issues.
 
Sponsored Links
At least sky have IPv6 working for pretty much all thier customers. Better than some which are CGNAT IPv4 only unless you pay extra.

Hopefully this will help drive ipv6 adoption for those use cases which need a no NAT connection.
 
@hants - An interesting read in that PDF. It does sounds like CGNAT albeit a more sophisticated implementation. Do you have an IPv6 address as well? According to the PDF, the way MAP-T is implemented on Sky, it is an IPv6 first network so maybe you have a public routeable IPv6 address? This could solve your BQM issues.
Yes, a public routable IPv6 address - and good point about the BQM, hadn't considered using that. Thanks.
 
I think if you connect a non-Sky router it will allocate you an IPv4 address, it just means the vast majority of their users who use the router they are sent and never touch a port forwarding entry don't take up address space that they don't absolutely have to use.
 
Top
Cheap BIG ISPs for 100Mbps+
Community Fibre UK ISP Logo
150Mbps
Gift: None
Virgin Media UK ISP Logo
Virgin Media £22.99
132Mbps
Gift: None
Vodafone UK ISP Logo
Vodafone £24.00 - 26.00
150Mbps
Gift: None
NOW UK ISP Logo
NOW £24.00
100Mbps
Gift: None
Plusnet UK ISP Logo
Plusnet £25.99
145Mbps
Gift: £50 Reward Card
Large Availability | View All
Cheapest ISPs for 100Mbps+
Gigaclear UK ISP Logo
Gigaclear £17.00
200Mbps
Gift: None
Community Fibre UK ISP Logo
150Mbps
Gift: None
Virgin Media UK ISP Logo
Virgin Media £22.99
132Mbps
Gift: None
Hey! Broadband UK ISP Logo
150Mbps
Gift: None
Youfibre UK ISP Logo
Youfibre £23.99
150Mbps
Gift: None
Large Availability | View All
Sponsored Links
The Top 15 Category Tags
  1. FTTP (6024)
  2. BT (3638)
  3. Politics (2720)
  4. Business (2439)
  5. Openreach (2405)
  6. Building Digital UK (2330)
  7. Mobile Broadband (2143)
  8. FTTC (2083)
  9. Statistics (1899)
  10. 4G (1813)
  11. Virgin Media (1762)
  12. Ofcom Regulation (1582)
  13. Fibre Optic (1467)
  14. Wireless Internet (1462)
  15. 5G (1404)
Sponsored

Copyright © 1999 to Present - ISPreview.co.uk - All Rights Reserved - Terms  ,  Privacy and Cookie Policy  ,  Links  ,  Website Rules