There was a time where if you were running a website or needing to remote into your network a static IP address on your internet connection was essential.
In this blog we explore ways you can live without a static public ip address which can save you money and make your network more secure.
Static IP Address vs dynamic Vs CGNAT
An IP address is a unique number assigned to each device on a network think of it like your home address.
There are different versions of IP address the first of which came out in 1983 the most common used IPv4 which looks like
192.168.0.1
IPv4 has a max number of 4,294,967,296 address which may sound a lot but with the explosion of devices on the internet they have become exhausted and apart from Africa you can not acquire new IPv4 address from the IANA who register and distribute IP address.
IPv6 came out in 1995 to address this issue (excuse the pun) which increases the number of address to 3.403×1038
IPv6 address look like this
2001:db8:0:1234:0:567:8:1
Although IPv6 came out in 1995 IPv4 is still mainly used and supported.
In terms of IP address their are private IP address that are reserved for use on internal networks such as your home network usually something like
192.168.0.x
192.168.1.x
then you have a public IP address which is the one used to identify you on the internet.
This public IP address is assigned to you by your Internet Service Provider and is either done dynamically or set as a static.
A dynamic address is one that changes this can happen randomly depending on your ISP’s setup where as a static one means your public IP address does not change.
Some ISP’s offer both a IPv4 and IPv6 address.
Due to the IPv4 exhaustion increasingly ISP’s are turning to a mechanism called CGNAT which stands for Carrier Grade Network Address Translation.
CGNAT is a way for ISP’s to share one public IPv4 address with many customers this means your router will be assigned a private address by the ISP and sits behind an upstream router and you share your public IPv4 address with other customers.
This means doing things like port forwarding on your router is not possible as you do not have a direct route to the public IPv4 address.
Pros and Cons of having a Static IP address
Having a static public IP address can let you do the following:
- Host a website from your home or business onsite
- Host a gaming server
- Host a plex media server
- Allow a remote VPN to remote into your network when out and about
- Allow you to lock an external system to be accessible from your IP though whitelisting.
As you can see the main benefits of having a Static IP is to allow external access into your network as your IP address does not change it is easy to facilitate this.
There are some argument to be had that having a static IP can improve your internet experience and speed in particular with VOIP services although the difference in reality is negligible.
There are drawbacks to having a static IP one of the main ones is security.
Having the same external IP makes it easier to locate and identify you on the internet and having open inbound ports increase the risk of being hacked.
Search engines like Shodan and bots that scan the internet for open ports can make it trivial for criminals to find your IP address with any ports you have open inbound.
The location side of things is a double edged sawed on one hand having some websites and services be able to accurately pick up your location can be useful and save time but it also makes you easier to locate by criminals and tracked by advertisers and governments etc.
A static IP can in a lot of cases cost more for example an ISP may charge £4 per month more to have a Static IP and in some cases it may not even be possible to get one especially if using a mobile broadband solution.
Get away with not having a Static IP address
The good news is in a lot of cases you can get away without the need of a static IP address.
Cloudflare offer a service called Cloudflare Zero Trust which includes a free tier.
In the Zero trust their is a feature called Cloudflare Tunnels which is what allows you to do away with having inbound ports open.
It works by installing a service on a server onsite that you give internet access to Cloudflare then in the Cloudflare dashboard you can configure the tunnels in a number of ways.
You can add public hostnames if you already use Cloudflare to handle your websites DNS etc this replaces the DNS section and you can point any of your hostnames to an internal resource.
For example this website and my other websites are hosted on my own server at my home and using Cloudflare tunnel I can route fttppro.co.uk to the internal IP of my web server and specify the port.
This mean you no longer need to have port 443 open inbound as the traffic is routed outbound via the Cloudflare tunnel.
As well as having public websites routed though to your own web servers you can also use Cloudflare zero trust as a VPN back into your network.
Using the Cloudflare tunnel you can add private networks and then using the Cloudflare warp app on smart phone, laptop, tablet access these networks from anywhere with authentication handled by Cloudflare zero trust.
As its Zero trust you are able to configure access as you need down to application level.
Cloudflare Zero trust works fine with CGNAT too which means as long as you have outbound access to Cloudflare you can use it with any internet connection.
other similar services like tail scale are also available.
This covers the vast majority of use cases.
There will be some cases where not having a static IP makes it harder to impossible to configure certain services.
Site to Site VPN’s is one example while you can get away with having a dynamic on one end having dynamic address on both ends makes it more difficult though not impossible.
You could use Cloudflare tunnel to have a hostname such as vpn.fttppro.co.uk point to your VPN server and have the other site connect to this.
If you rely on services that whitelist your IP address in order to access them such as a SaaS service having an IP that changes can make this more difficult a dynamic DNS name that auto updates the IP can help in these cases.
Unless your running an enterprise and or have an edge case most people can now get away with not having a Static IP address which improves security and may save you some money.