How can a DSL gateway have an IP address outside of the router's network?

Solution 1:

First of all, gateway addressing has nothing to do with CGNAT. Only the router's own address (which is still public in this case) would be affected by it, but the gateway IP address being private doesn't imply CGNAT in any way.

I don't understand how the gateway can have an address like 10.20.17.1, which is a private address, not on the same segment as the router itself. Is this something magic about DSL?

Multiple IP networks can actually share a layer-2 segment, so an address being "not on the same IP subnet" does not imply "not on the same segment" at all. An address could be out-of-subnet but still on-link.

So although your gateway is on a different IP network, it can still be on the same L2 segment (and indeed is on the same segment, because if it weren't, you couldn't use it as a gateway).

(In addition, IP doesn't care about whether an address is private or not. There is no technical difference between the two, and it's valid to mix both kinds on the same network. Private addresses are only made special through IANA policy and ISP practices.)

But the actual "magic" is that it doesn't really matter whether a gateway is within your subnet or not. Any gateway address is possible as long as the OS knows how to map it to the corresponding layer-2 address (e.g. MAC address), as ultimately it's only the gateway's L2 address, not the IP address, that goes in packets.

So in the case of an out-of-subnet gateway, the OS just needs to be told to disregard the subnet mask and expect the address to be on-link (on-segment) regardless.

Doing so is not DSL-specific at all; although it is more common with DSL due to many ISPs using PPPoE – and that's a whole separate topic below – but it applies to any network type, and you could have the same configuration on standard Ethernet.

For example, having an off-subnet gateway is actually somewhat common on server datacenters (which might have dozens of disjoint public IP ranges on the same segment), and is very common on IPv6 (where auto-configuration always uses a private 'fe80:…' gateway address).


There's one more thing to note: in your case, there is no real "segment" as such. But this is nothing DSL-specific – it comes from the fact that your connection uses PPP.

Usually DSL is used in "Ethernet emulation" mode, in which case it works just like an Ethernet segment, with the DSL part being invisible to IP. But many ISPs choose to provide the IP service (the actual Internet access) not directly over that Ethernet, but through a PPP tunnel, PPPoE (PPP over Ethernet) in your case. (PPP itself isn't DSL-specific, either – it can go over a wide variety of transports.)

With PPP you have a point-to-point interface, which works rather differently from "broadcast" interfaces such as Ethernet. There is no layer-2 addressing on a PPP link (as there's only one possible layer-2 destination anyway), which means there's no distinction between addresses that are "on-link" or "same segment" and those which aren't.

In other words, your subnet mask and route gateways become mostly irrelevant when dealing with an PPP interface. (The gateway of a route is used to choose the layer-2 destination, e.g. Ethernet destination MAC, but there's no such thing in PPP.) As long as the packet is sent over the PPP interface, it'll get to the other end anyway.

This means the gateway address provided via PPP's configuration process is largely just for show, and it is not at all uncommon to see point-to-point links with mismatching host and gateway addressing. Indeed, because there's no distinction between on-link and off-link with PPP, the default route will work equally well even if it has no gateway at all.

Solution 2:

You're doing PPPoE (Point-to-Point Protocol over Ethernet) over DSL. The gateway is the PPP server. It is always on the same PPP link as your PPP client, simply by definition of what a PPP link is. Your UI isn't showing you the subnet mask for your WAN PPP link, but it's always 255.255.255.255 for PPP links, because point-to-point links always have exactly two hosts; the PPP client and the PPP server. Anything the PPP client transmits on the PPP link can only go to the PPP server, and vice-versa. So you don't need a broadcast address or a network address or room in the subnet for other host addresses, because it's not a multi-way shared link, it's a point-to-point link.