Can someone explain a tracert to my own public IP?

networking ip router routing

I'm trying to learn about ip routing and I'm am trying to trace route my own public IP. I just searched my ip online and tried it. the results I got were

> tracert [my_public_ip]

1  <1ms   192.168.100.1
2   4ms   100.64.0.1
3   5ms   10.68.32.220
4   4ms   [my_public_ip]
5   *     Request timed out.
6   4ms   [my_public_ip]

Why am hitting my public IP twice with a router in between that drops the ICMP traceroute packets?

the first is obviously the gateway to my router but what is the second and 3rd IP addresses. they both look like they are private similar to my 192.168.100.* addresses. what are they?. I would expect my router to go reach my public IP immediately as it is my actual IP that my router uses. does NAT fit into this somewhere?

also in a regular traceroute to for example google.com why is it that you don't actually see your public IP as part of the routes. doesn't the packet cross your public IP during NAT?


Solution 1:

I would expect my router to go reach my public IP immediately as it is my actual IP that my router uses. does NAT fit into this somewhere?

This looks very much like CGNAT (as in "carrier-grade NAT").

If your ISP uses CGNAT, it means your router doesn't actually have the public IP address anymore – instead it only has private addresses on both sides. (Typically, the "WAN" side will then get an address from the 100.64.0.0/10 range – it's actually a private range that's specifically assigned for CGNAT purposes.)

Also, the CGNAT gateways used by your ISP often have a slightly more complex configuration... and sometimes they have really strange configurations. (Sometimes the only explanation available is "that's how the manufacturer of the CGNAT hardware decided to do it" or even "it made sense at the time".)

For example, even though they still do the job of NAT'ing between your router's address and your real public address, often it's done slightly differently for efficiency – the public addresses aren't actually assigned to the CGNAT gateway itself, but are kind of "virtual" addresses for lack of a better word, and as a result trying to traceroute them doesn't lead anywhere at all.

also in a regular traceroute to for example google.com why is it that you don't actually see your public IP as part of the routes. doesn't the packet cross your public IP during NAT?

Packets cross routers, not addresses. Typically, each router along the way will have multiple addresses – one for each interface – but still counts as 1 hop and will produce only one traceroute response in total.

(Usually the router will respond using an address from the interface that's facing you. So if you somehow traceroute in the opposite direction, the exact same routers will show up as having completely different IP addresses. This is not a guaranteed rule, however.)

So in a simple non-CGNAT scenario, your home router would have both a 192.168.x.x address (on the "LAN" interface) and your public address (on the "WAN" interface). But despite the two addresses it would generate just one traceroute response, which is usually from the 192.168.x.x address.

(Here's a semi-related diagram.)

Related

fsck: Options for most thorough disk check
Does it take longer to download a zipped file than an unzipped file?
Display messd up with weird characters in Gentoo after `cat` a binary file
cygwin + mintty + vim backspace problem
How to open the upper left context menu via keystroke (for PuTTY on Windows)
Generate html based on directory structure
Is there a simple UNIX command for finding out how many cores I have to work with?
How to reboot another Mac via Terminal?
Allowing a friend to connect over the internet to a Minecraft server I've hosted?
rsync complaining about `missing trailing-"` in a Bash script
Finding which partition on a particular disk is active from the command line
how to use vim to manage and send emails