Summary
- LACNIC mobile-broadband and CGNAT analysis asks how prepaid scale, rural fixed wireless, enterprise SIMs, port sharing and lawful logging convert IPv4 scarcity into operating cost.
- CGNAT can stretch address inventory, but it pushes cost into attribution, abuse handling, app compatibility, customer support, security exceptions and platform reputation.
- A credible registry ledger should preserve portability and market access so scarcity can be relieved through legitimate transfer and leasing rather than moralized rationing.
In mobile-first Latin America and the Caribbean, carrier-grade NAT is not a clever workaround at the edge of the network but an operating charge that reveals why scarce IPv4 is capital, why registry neutrality matters, and why the number-resource layer must remain a narrow ledger rather than a gatekeeper over how carriers serve users.
The complaint starts at the help desk
The economics of carrier-grade NAT rarely announce themselves as economics. They arrive as small failures in ordinary support channels. A prepaid mobile customer in a provincial city cannot open a banking app after topping up a data plan. A console gamer sees a strict-NAT warning and blames the handset hotspot. A rural fixed-wireless household cannot reach a camera at a shop because port forwarding on the home router changes nothing. A delivery company with a fleet of SIM-connected terminals finds that a mobile VPN works on some routes and fails on others. A customer-care representative sees only a consumer complaint: the Internet is slow, the app is broken, the operator is cheating.
Behind that complaint sits a public IPv4 identity shared by many users. The carrier has not given each subscriber a unique public address. It has placed thousands, sometimes far more, behind a pool of public IPv4 addresses and mapped private sessions outward through a translation layer. The packet still moves. The browser still opens most pages. Streaming services may work well enough. That is why CGNAT can look like a solved engineering problem when measured by average browsing success. But the hard cases expose the accounting ledger hidden inside the design.
For a mobile carrier, CGNAT is a rational response to scarcity. One public IPv4 address for every active mobile device would be economically and operationally absurd in many markets. Mobile networks have millions of SIMs, highly variable sessions, low average revenue per prepaid user, and bursts of demand at commuting hours, events, holidays and disasters. The operator must provide service with a finite supply of addresses that were distributed under historical conditions very different from current mobile scale. It therefore shares public addresses. The question is not whether this is understandable. It is what the sharing costs, who pays, and what role a regional registry should play in reducing or worsening that cost.
Latin America and the Caribbean make the problem sharper because mobile broadband is often the first and most important Internet access layer. In many households a phone, a hotspot or a fixed-wireless router is more practical than a fixed line. Prepaid plans are common. Rural coverage depends on radio economics. Island networks face small-market purchasing constraints and expensive upstream capacity. Enterprises use SIM fleets for point-of-sale terminals, logistics, security devices, field staff and backup access. These are not edge uses. They are part of the region's ordinary connectivity fabric.
The customer hears "NAT" as a support explanation, if the word is used at all. The carrier sees a balance-sheet compromise: buy or lease more public IPv4, conserve addresses through CGNAT, push IPv6 where practical, sell static public IPv4 as a premium product, segment enterprise APNs, or absorb the operational noise. The registry sits above this world as the public recordkeeper of scarce number resources. Its choices over uniqueness, transferability, holder rights, leasing recognition, record accuracy and portability influence the cost of every option. If it remains narrow, it can lower friction. If it moralizes scarcity, it turns a help-desk problem into a capital-control problem.
Shared identity is an operating cost, not a free trick
CGNAT converts public IPv4 scarcity into a set of internal ledgers. The first ledger is ports. A public IPv4 address has only so many transport-layer ports available for TCP and UDP sessions. In theory the number is large. In practice the usable pool is constrained by reserved ranges, per-subscriber fairness, protocol behavior, timeout settings, connection churn, memory limits, hardware capacity, lawful logging needs and the desire to avoid one heavy user consuming the pool. The operator is not simply sharing an address. It is allocating temporary slices of externally visible identity across many subscribers.
That allocation has economic consequences. A mobile user opening ordinary web pages may never notice. A handset running multiple apps, synchronizing cloud storage, maintaining messaging sessions, connecting to push services, checking maps, streaming video and tethering a laptop can create many short-lived flows. A gamer, a small business router, a home camera setup, a peer-to-peer app or a corporate VPN may require behavior that fits poorly with a dense translation pool. Each edge case consumes more engineering time than its share of revenue would suggest.
The second ledger is state. CGNAT devices must remember which internal subscriber, private address, source port and time interval correspond to which public address and public port. In a fixed broadband network this mapping can be complex. In mobile it becomes more dynamic. Subscribers attach and detach. Devices move. Sessions traverse packet gateways, mobile cores, policy platforms and sometimes separate enterprise APNs. A prepaid user may be identified differently across charging, radio, subscriber-management and care platforms. The NAT record must be useful after the event, not merely while the session is active.
The third ledger is reputation. External platforms do not see the internal subscriber. They see the public address. If several users behind the same address trigger fraud alerts, send spam, scrape a site, fail logins, create fake accounts or generate abuse complaints, the reputation cost can fall on the entire pool. A bank may ask more questions. A game platform may match players poorly or block sessions. A social-media platform may throttle signups. A content provider may present captchas. A merchant-risk engine may treat many unrelated customers as if they are suspiciously co-located. The carrier must then explain to individual users a penalty produced by shared public identity.
The fourth ledger is customer care. Every difficult application creates a ticket. Tickets are not cheap. A low-ARPU prepaid customer who calls repeatedly about a gaming or fintech failure can erase the margin of the plan. A rural household that needs a public address for remote access may require an upsell, a configuration change or a field explanation. A small enterprise with SIM routers may need static addressing, private APN design or VPN redesign. CGNAT therefore converts an address-saving measure into a support-cost distribution problem.
The translation layer saves capital by reducing the number of public IPv4 addresses needed per active subscriber. But it creates operational expenditure in logs, hardware, support, abuse handling, legal response, product segmentation and application compatibility. A carrier with strong tooling can manage that trade-off. A smaller operator may experience the same trade-off as permanent strain. The registry should understand this economic setting before assuming that address scarcity can be solved by exhortation or policy virtue.
Ports, sessions and the hidden price of scale
Mobile carrier scale changes the meaning of scarcity. A consumer broadband operator may think in households. A mobile operator thinks in SIMs, devices, sessions, radio cells, prepaid balances, roaming-like movements, enterprise fleets and momentary peaks. The pool of public IPv4 addresses must support not only current traffic but unpredictable bursts. A network that looks well-provisioned on a quiet afternoon can become stressed when a national match ends, a festival begins, a storm disrupts fixed networks, or a new app drives simultaneous connections from millions of handsets.
At that point the scarce item is not only the public address. It is the translation capacity attached to it. A public address divided among many subscribers requires careful port allocation. Operators may assign fixed port blocks, dynamic blocks, deterministic mappings or session-based allocations. Each method has a cost. Fixed blocks simplify attribution but waste unused ports. Dynamic allocation improves utilization but complicates logs. Deterministic mapping can reduce storage but constrains flexibility. Session-based models can scale efficiently but demand precise logging and fast lookup during investigations.
The trade-off is not abstract. If the operator allocates too many ports per subscriber, it needs more public addresses or reduces the number of users that can share each address. If it allocates too few, some applications break or appear flaky. If timeouts are too long, stale sessions consume capacity. If timeouts are too short, long-lived applications suffer. If the NAT platform is placed too centrally, failure domains grow. If it is distributed, logging and troubleshooting become more complicated. CGNAT engineering is a continuous economic optimization exercise disguised as packet handling.
For prepaid mobile markets the optimization is severe. A carrier may have many SIMs that generate small amounts of revenue, many inactive or intermittent users, and many price-sensitive customers who churn quickly. The operator cannot afford to over-provision scarce IPv4 identity for users who may buy only a small daily data pack. It therefore pushes more users behind fewer addresses, while trying to reserve better treatment for enterprise, high-value, fixed-wireless or static-IP products. The result is a hierarchy of public identity: ordinary mobile users share heavily; business customers pay for cleaner reachability; critical customers may receive dedicated arrangements.
This hierarchy is economically rational but socially visible. A richer customer can buy a plan, APN or fixed service that avoids some CGNAT pain. A poor customer cannot. A small rural business may discover that remote access, payment acceptance or a security camera requires an option outside the cheapest plan. The issue is not that every device deserves a unique public IPv4 address. That claim would ignore scarcity. The issue is that scarcity creates product tiers, and the cost of being placed in the lowest tier appears as compatibility friction rather than as a transparent line item.
For LACNIC-region carriers, the cost of public identity therefore affects retail design. A mobile plan is not only a bundle of gigabytes. It is a bundle of translation assumptions, port availability, reputation exposure, support pathways and escalation options. The more constrained the address base, the more tightly the carrier must ration the quality of public identity. This rationing can be done by engineering, price, customer type, geography or product class. Registry policy cannot make the underlying scarcity disappear. It can, however, influence whether carriers can acquire, lease, transfer and finance the address resources that reduce the pressure.
Logging turns translation into infrastructure
Lawful logging is where CGNAT stops being an internal engineering convenience and becomes institutional infrastructure. When an external party reports that an IP address was involved in a fraud attempt, copyright complaint, intrusion, harassment case, child-safety case, botnet command, credential stuffing campaign or financial crime, the public IPv4 address alone is not enough. If thousands of subscribers shared that address during the relevant period, the carrier needs a public port, timestamp, protocol and time zone precise enough to map the event to an internal subscriber session. Without those facts, attribution becomes guesswork.
The burden falls heavily on the operator. It must log enough data to answer lawful and abuse requests, retain it long enough to satisfy applicable obligations, protect it from misuse, secure access, control internal search, and explain when a request lacks the information required for identification. The more dense the CGNAT ratio, the more important the port and time data become. A request that says only "this public IP at 14:03" may be insufficient if the public address was shared. A request with the source port and precise timestamp may be actionable. A request using the wrong time zone can identify the wrong subscriber.
This is not merely a privacy issue or a law-enforcement issue. It is a cost issue. High-volume mobile networks generate enormous NAT events. Retaining every mapping in a searchable form requires storage, indexing, compression, security controls, audit trails and staff who understand the meaning of the logs. A carrier may try deterministic allocation to reduce logging volume, but deterministic approaches have their own engineering constraints. It may centralize logs, but centralization creates high-value data stores. It may shorten retention, but short retention can frustrate lawful process and abuse investigations. Every choice prices risk.
Customer-care staff also become part of the logging economy. If an external platform blocks a public address, the customer does not know the port mapping. If a government request arrives without a source port, legal staff may need to push back. If an abuse desk receives a complaint, it must decide whether it is specific enough to action. If a business customer needs proof that a transaction came from its SIM fleet, the operator may need a different logging product altogether. CGNAT thus creates several classes of evidence, each with a different requester, risk and cost.
Small carriers are especially exposed. A national mobile group can invest in lawful-intercept platforms, data-retention platforms, security teams and trained lawyers. A smaller mobile or fixed-wireless provider may use vendor appliances, limited storage and manual processes. Yet the external expectation can be similar: identify the subscriber, stop the abuse, preserve evidence and respond quickly. If registry policy makes public IPv4 harder to acquire or lease, the small carrier may be pushed into denser CGNAT ratios while lacking the controls that make dense translation safe.
This is why a narrow registry role matters even for abuse. The registry should maintain accurate holder and contact records so that reports reach the right operator. It should not pretend that the existence of abuse complaints gives it a mandate to police the operator's entire customer base or business model. Abuse handling downstream of CGNAT is a carrier, platform, law-enforcement and customer-contract problem. The registry can improve contactability and record accuracy. It should not turn complaint volume into a path for resource punishment unless a true registry function is at stake, such as fraud in the records or abandonment of contactability.
Abuse attribution is not the same as registry enforcement
CGNAT makes abuse attribution both more important and less straightforward. The external observer sees one public address. The carrier sees many subscribers, private addresses, ports, time windows, cell contexts, devices, NAT pools and product types. A platform may say the address attacked us. The carrier may answer that a port and exact timestamp are needed. The platform may not have captured the port. A police request may use local time while the carrier logs in UTC. An abuse report may aggregate events over hours, by which time the address has been shared by thousands of unrelated users. The result is not non-cooperation. It is ambiguity produced by address sharing.
That ambiguity creates pressure for overbroad responses. A platform can block the whole address. A merchant can treat all users behind that address as higher risk. A carrier can throttle or suspend a subscriber if it believes the mapping is reliable. A regulator can demand longer retention. A registry can be tempted to view repeated complaints against a holder as evidence of poor conduct. Each actor is solving a local problem. Together they can create collective punishment around a public identifier that no longer maps cleanly to one user.
The institutional boundary must be precise. A registry has a legitimate interest in knowing which organization holds a number resource and how it can be contacted. It can require a reachable abuse contact in a directory sense. It can publish clear public records and support correction. It can isolate disputes over holder identity. It can act against registry-record fraud. But it should not become the judge of whether a mobile carrier has resolved every abuse complaint to the satisfaction of every complainant. That would convert a narrow uniqueness ledger into an enforcement agency for the behavior of millions of users.
Such a conversion would be especially dangerous in mobile broadband. Carriers serve mass populations. They cannot guarantee that no subscriber will abuse a service. They can design processes, cooperate with valid requests, terminate accounts under contract, block malware and improve attribution. But if the registry layer treats abuse incidents as a lever over number-resource recognition, it creates an asymmetry. The carrier bears the customer, legal and operational burden; the registry holds the recognition lever; complainants may use registry escalation to gain leverage in disputes that belong elsewhere.
The same issue appears in private abuse and reputational engines. A large platform can block a CGNAT address because it sees fraud from that address. That may be rational for the platform. It is not proof that the carrier should lose resources, be denied transfers or face moral judgment from a registry. A fintech app may struggle with many customers behind a single public IP. That is a compatibility and risk-model problem, not a registry offense. A game service may dislike strict NAT behavior. That is an application design and carrier product issue, not a reason to redefine number-resource rights.
Running networks should be the discipline. If a rule improves contactability, evidence precision, fraud correction in the registry record or operational continuity, it belongs near the common layer. If a rule asks the registry to evaluate the substance of customer behavior behind a CGNAT pool, it moves beyond coordination. In mobile-first markets this distinction is not theoretical. It decides whether carriers face a predictable recordkeeping ledger or a second enforcement layer sitting above every support ticket and abuse complaint.
Apps price shared addresses in their own language
CGNAT is experienced differently by different application sectors. Gaming sees it as latency, matchmaking and inbound-connectivity friction. Fintech sees it as fraud risk, account clustering and unusual-login ambiguity. Enterprise security sees it as a break in allowlist logic. Messaging platforms see it as signup velocity and spam risk. Streaming services see it as geolocation and licensing anomalies. Customer-care teams see all of these as unrelated tickets. The economic commonality is that applications built around public IPv4 identity must adapt when that identity is shared at carrier scale.
Gaming is the visible case because users understand when the console says NAT is strict. Many multiplayer platforms prefer direct or semi-direct connectivity, stable mappings and predictable session behavior. CGNAT can force relay paths, prevent hosting, complicate voice chat or produce inconsistent experience across games. For a low-income customer using a handset hotspot, the fix may be unavailable. The carrier may offer no public IP option on prepaid mobile. The user blames the carrier, the game or the device. The underlying issue is scarce public identity rationed through a translation pool.
Fintech is more consequential. Financial apps and payment processors use IP signals as part of fraud models. A public address associated with many accounts, devices and failed logins can look suspicious, even if the underlying behavior is normal for a mobile carrier. In a dense CGNAT pool, an honest user may inherit the risk shadow of unrelated subscribers. Conversely, a fraudster may exploit address sharing to blur attribution. The platform can improve models by using device, behavior and account signals, but IP remains a cheap and common signal. That cheap signal becomes noisy under CGNAT.
Enterprise access is another pressure point. Many companies still depend on IP allowlists for administration portals, APIs, cloud dashboards, payment gateways or vendor portals. A mobile worker using an ordinary SIM may not have a stable public address. A SIM router in a vehicle may move through NAT pools. A field device may need to reach an enterprise VPN that expects more predictable network behavior. Mobile operators can sell enterprise APNs, static public IP, private addressing with dedicated gateways or managed VPN products, but each workaround creates product complexity and cost. The consumer Internet hides CGNAT. Enterprise operating requirements expose it.
The compatibility problem reaches rural and small-business uses. A shop owner wants to view a camera. A farm uses a sensor gateway. A clinic needs remote support for a device. A school uses a fixed-wireless router as its main connection. The household router may show port-forwarding options, but the public Internet never sees that router because it is behind the carrier's NAT. The customer thinks a feature is broken. The operator must either explain CGNAT, sell a public address option, deploy a relay service or accept churn.
These failures do not mean CGNAT is bad engineering. They mean shared identity creates externalities. Application providers, carriers and customers all adjust. Some adjustments are efficient. Others are expensive. The registry's responsibility is not to choose winners among gaming, fintech, enterprise or rural device models. Its responsibility is to keep number resources transferable, accurately recorded, securely controllable and portable enough that carriers can buy or lease the public identity they need for the product tiers their users actually require.
Mobile-first markets make scarcity regressive
The CGNAT burden is regressive because it falls hardest on users and operators with the least room to maneuver. A high-value enterprise customer can buy a managed mobile private network, static public addresses, a dedicated APN, a fixed circuit or professional integration. A wealthy urban household can switch providers or pay for fiber. A prepaid user, a rural school, a small shop or a cooperative wireless network may have only the standard mobile plan. When standard service is behind dense CGNAT, the poorest users are most likely to receive the lowest quality of public identity.
This does not make carriers villains. Mobile operators in the region face real constraints: spectrum costs, tower costs, backhaul, energy, theft, weather, terrain, regulatory obligations, currency risk, handset affordability and intense retail price competition. Prepaid economics are unforgiving. A carrier cannot allocate scarce public IPv4 addresses to every low-revenue SIM and remain rational. The question is whether the institutional environment helps operators reduce the CGNAT burden where it matters most or forces them into denser sharing and more support strain.
In mobile-first markets, a public IPv4 address is not merely a server-side asset. It is part of mass access quality. The customer may never request it by name, but it affects which applications work cleanly, how fraud engines treat the user, whether remote access is possible, how many captchas appear, whether a VPN is stable and how quickly a complaint can be investigated. Scarcity therefore shapes user experience through hidden technical allocation. The poorest user often pays in time, frustration and exclusion rather than in a visible address charge.
Small carriers face a related burden. A large mobile group can segment products: one NAT architecture for mass prepaid, another for postpaid, another for enterprise, another for fixed wireless, another for machine-to-machine devices. It can negotiate address leases, buy blocks, build logging platforms and absorb specialist staff. A smaller operator may have one or two network engineers carrying the translation, support and abuse burden. If policy friction makes lawful transfer or leasing of IPv4 harder, the smaller operator loses the very flexibility that could help it improve service.
This is where moralized scarcity becomes damaging. A registry or policy community may say that markets, leasing or address commercialization harm poorer regions. The mobile CGNAT case suggests the opposite risk. Poorer users and smaller operators need access to scarce public identity through predictable, low-friction mechanisms. They need addresses to move toward the networks and products where they reduce the most operational pain. Blocking liquidity does not create addresses. It preserves rationing by discretion, delay and insider capacity.
Price is not perfect, but it is legible. A carrier can compare the cost of leasing more IPv4 against the cost of support tickets, failed enterprise sales, reputational blocks, logging infrastructure and customer churn. It can choose where public identity has the highest value: enterprise SIM fleets, rural fixed-wireless lines, gaming plans, small-business services or high-risk fintech use cases. A registry that records transfers and protects uniqueness supports that calculation. A registry that asks whether the carrier's use is sufficiently virtuous adds uncertainty without improving the customer's connection.
Rural fixed wireless brings the issue home
Fixed-wireless access, or FWA, turns mobile-core address policy into a household problem. A customer buys a router, places it near a window, and treats the service like home broadband. The device may serve laptops, phones, cameras, smart TVs, school tablets, point-of-sale terminals and remote-work equipment. From the customer's perspective it is a fixed Internet line. From the operator's perspective it may be a mobile or wireless access product using CGNAT because the economics of rural coverage do not support abundant public IPv4 per premise.
The mismatch matters. Residential broadband customers often expect inbound reachability even if they do not know the term. They expect remote desktop tools, cameras, home automation, small servers, game hosting, peer-to-peer features, VPNs and troubleshooting tools to work. Many modern services use relays or cloud mediation, but not all. Some customers discover the limitation only after buying equipment. The support ticket then becomes a lesson in the difference between private router settings and public reachability.
Rural and island contexts make this more than an annoyance. Fixed-line alternatives may be weak or absent. A business may rely on wireless access for payments. A clinic may use it for remote administration. A school may use it for digital learning. A tourist accommodation may use it for cameras and booking tools. A farm may use it for monitoring. If CGNAT blocks a needed feature, switching may be impossible. The operator can sell a public IP add-on, but public addresses are scarce and must be rationed. The add-on becomes a local scarcity product layered on top of broadband access.
The carrier therefore faces a difficult retail question. Should public IPv4 be included in rural fixed-wireless plans, sold as a premium option, reserved for business tiers, or replaced by managed remote-access services? Each answer has distributional consequences. Including it raises cost or consumes address inventory. Selling it separately may exclude poorer users. Reserving it for business tiers may misclassify small households with real needs. Replacing it with managed relays may solve some applications but create dependency on another platform.
The registry does not decide this retail question and should not try. But its policy environment affects the carrier's menu. If the operator can lease or transfer additional IPv4 with low friction and reliable records, it can build more generous product tiers or targeted add-ons. If access to address supply is trapped in slow approvals, needs rhetoric or suspicion of leasing, the operator must squeeze more users behind CGNAT and explain the consequences one ticket at a time.
Rural broadband is often discussed through towers, spectrum and backhaul. Those matter. But address identity is also part of service quality. A rural fixed-wireless line behind CGNAT is not always equivalent to a fixed line with public reachability. In many cases it is good enough; in some it is not. The economics of that difference should be visible. Treating IPv4 scarcity as a moral problem to be supervised by registries hides the real trade-off from the people who live with it.
Enterprise SIM fleets expose the boundary
Enterprise mobile connectivity is where the CGNAT compromise collides with contractual expectations. A company buys hundreds or thousands of SIMs for vehicles, payment terminals, security devices, field tablets, backup routers, kiosks or industrial equipment. It does not want consumer broadband randomness. It wants predictable access, manageable logs, reliable VPN behavior, support escalation, device identity and sometimes a stable externally visible address. The carrier must decide whether to sell ordinary SIMs, a private APN, fixed public IPv4, private addressing with a managed tunnel, or a fully managed network service.
The cost structure differs from consumer access. The enterprise customer may pay more, but it also demands more. A fleet operator may need to prove which device sent which transaction. A retailer may need payment terminals to reach acquiring banks through known endpoints. A logistics company may need telemetry sessions to survive radio movement and NAT timeouts. A security company may need remote reachability for equipment. A public-sector customer may need audit logs. These requirements turn CGNAT from a background network choice into a contractual risk.
Carrier-grade NAT can still be part of the solution. Many enterprise devices initiate outbound sessions and do not need inbound reachability. Some VPN designs tolerate NAT well. Some customers prefer private mobile addressing because it reduces public exposure. But the carrier must be able to choose architecture based on the customer's real operating need, not on artificial scarcity worsened by registry friction. If public IPv4 is available only through costly or uncertain channels, the carrier may overuse translation even where a clearer public-identity product would reduce downstream risk.
Enterprise VPNs show the problem sharply. Many work over NAT, but not all implementations are equally forgiving. IPsec NAT traversal, SSL VPNs, always-on clients, split-tunnel policies, device posture checks and cloud security brokers can behave differently when many users share an address or when mappings change. A corporate security team may see many mobile workers exiting through the same IP and misread the pattern. A vendor portal may allow only a small set of source addresses. A mobile user may be told to try again on Wi-Fi, which is an admission that mobile identity is second-class.
For carriers, enterprise segmentation is a way to monetize scarcity constructively. Instead of pretending every SIM is equal, the operator can sell service levels: ordinary translated access for mass users, enhanced NAT pools for higher-reputation products, static addresses for devices that need them, private APNs for managed fleets, and dedicated logging for regulated customers. That is not abuse of number resources. It is rational product design under scarcity.
A registry acting as a narrow ledger should support this market by making address holdings, transfers, leases and contact records clear. It should not sit in judgment over whether a carrier's enterprise SIM architecture uses public IPv4, private addressing, CGNAT, leasing or resale in the morally preferred proportions. The operator bears the customer obligation. The operator should choose the product architecture. The registry should preserve the accuracy and portability of the underlying number-resource record.
IPv6 does not retire the bill
IPv6 is useful. Mobile networks can and do deploy it. Many handsets support it well. Some application paths work better when IPv6 is available natively. For new services, IPv6 can reduce pressure on public IPv4 in parts of the stack. A serious carrier should understand it and deploy it where the operational case is positive. But treating IPv6 as a complete escape from CGNAT economics misunderstands the mobile broadband market.
The first problem is compatibility. Users do not buy access to an IPv6-only world. They buy access to the Internet as they experience it: apps, sites, games, payment rails, enterprise portals, cameras, devices, content platforms and government services. Many of those paths still require IPv4 reachability somewhere. Even when a handset receives IPv6, the carrier often still maintains IPv4 service through CGNAT, translation mechanisms or dual-stack arrangements. The IPv4 bill does not disappear. It changes form.
The second problem is dual operation. Running IPv6 alongside IPv4 requires engineering, monitoring, security policy, customer support, device testing, vendor support, analytics and troubleshooting. Dual-stack is not free. Nor is NAT64 or any translation environment free. A carrier may reduce public IPv4 pressure, but it does not remove the need to support customers whose applications and counterparties still depend on IPv4. In the meantime, the operator pays for two worlds while earning revenue from one access product.
The third problem is customer invisibility. A user cannot easily distinguish an IPv6 success from an IPv4 fallback. If an app fails, the customer does not know whether the problem is DNS, IPv6 reachability, CGNAT, firewall policy, a broken VPN, a platform block or device software. Support must handle the ambiguity. For low-margin mobile products, ambiguity is expensive. It increases call time, escalations and field misinformation. An operator can educate staff, but education is another cost.
The fourth problem is capital. IPv4 has become scarce capital because it remains required for broad compatibility and revenue. A carrier that holds or can obtain public IPv4 has options. It can reduce CGNAT density, sell premium identity, support enterprise customers, improve reputation isolation, and reduce attribution ambiguity. A carrier that cannot obtain enough IPv4 must rely more heavily on translation and product workarounds. IPv6 may improve the engineering mix, but it does not negate the asset value of IPv4 in a world that still expects IPv4 reachability.
This is why policy rhetoric around IPv6 can become harmful if it is used to excuse registry control. A registry should not say, explicitly or implicitly, that carriers should accept CGNAT pain because IPv6 is the preferred moral future. Operators vote through deployed networks, customer tickets, capital budgets and working routes. Running-code primacy means that policy must respect what networks actually run, not what a room wishes they had already replaced.
The sound position is practical. Encourage IPv6 where it reduces cost and improves service. Do not use IPv6 as a reason to deny the economic reality of IPv4. Mobile carriers in LACNIC's region need both: the freedom to deploy IPv6 on operational grounds and the freedom to acquire, lease, transfer and monetize IPv4 as capital. Anything else turns transition language into a levy on the networks that carry the users.
Registry neutrality is a mobile-broadband issue
Registry neutrality can sound abstract until it is placed beside a mobile NAT pool. A narrow registry records who holds a resource, prevents duplicate claims, maintains accurate public contacts, supports routing-adjacent security, records transfers, preserves dispute information and keeps continuity services reliable. It does not decide whether a carrier has too many prepaid users behind one address. It does not decide whether enterprise SIMs deserve public IPv4. It does not decide whether leasing is morally inferior to ownership. It does not use address scarcity to supervise a retail broadband business.
That boundary is central for LACNIC because its region contains very different carrier models. Large national mobile groups, regional operators, rural wireless providers, island carriers, cooperative networks, enterprise-focused mobile virtual models and small ISPs all face different address constraints. A single moral vocabulary around scarcity cannot allocate public identity better than the operators who know their customers, radio networks, support costs and product margins. The registry's comparative advantage is not retail judgment. It is trustworthy recordkeeping.
The ledger-versus-gatekeeper distinction matters most when the resource becomes valuable. When IPv4 was abundant, an overbroad registry instinct could appear harmless because the economic stakes were low. Under scarcity, every record decision can affect capital. Transfer friction affects who can reduce CGNAT density. Leasing uncertainty affects whether idle addresses reach carriers that need them. Portability limits affect whether holders can discipline a failing registry relationship. Broad enforcement language affects whether operators treat the registry as a trusted recordkeeper or a latent threat.
Mobile broadband adds a customer layer to this capital story. If a carrier cannot obtain additional addresses, it may share more heavily. If it cannot rely on clean transfer records, it may postpone product improvements. If leasing is stigmatized, it may overbuild NAT infrastructure instead of renting scarce identity where it is most useful. If registry discretion is unpredictable, investors may discount address-dependent service plans. Eventually the cost reaches users as compatibility friction, higher prices, weaker support or fewer rural options.
Neutrality also protects the registry. A registry that remains narrow is useful to everyone, including those who disagree about markets. It can be trusted by carriers, customers, platforms, governments, banks and courts because it does not pretend to answer questions outside its competence. A registry that becomes a gatekeeper invites every actor to fight for influence over the gate. Abuse complainants, incumbents, policy insiders, governments, competitors and moral entrepreneurs will all try to convert registry leverage into their preferred outcome. The record then stops being boring. That is a failure.
The proper test is simple: does the rule protect uniqueness, accuracy, proof of control, contactability, security assertions, transfer legibility, dispute isolation or operational continuity? If yes, it may belong in the mandatory registry layer. If the rule instead judges customer geography, commercial structure, leasing, product tiering, CGNAT density, enterprise pricing or the virtue of mobile business models, it belongs elsewhere. Markets, contracts, telecom regulation, consumer protection, courts and carrier engineering can handle those questions. Mandate laundering begins when those questions are repackaged as number-resource validity, and the registry should not perform that conversion.
Leasing and transfer can lower CGNAT pressure
Leasing and transfer are not magic cures. A carrier with millions of users will not eliminate CGNAT merely by leasing a modest address block. Public IPv4 remains finite, demand is large, and mobile scale is unforgiving. But leasing and transfer can reduce pressure at the margins where pressure is most expensive: enterprise SIM fleets, fixed-wireless products, small-business add-ons, reputation-sensitive pools, rural services, payment terminals, gaming products, premium mobile broadband and lawful-attribution environments that benefit from lower sharing ratios.
The economic value of an additional address is not uniform. One public address assigned to a low-traffic NAT pool may have modest value. The same address used to support a high-revenue enterprise service, reduce support tickets for a fixed-wireless product, isolate a fintech-sensitive customer group or improve attribution for a regulated fleet may be worth much more. Markets help reveal that difference. A carrier willing to pay for leased or transferred IPv4 is showing where public identity reduces real cost or creates revenue.
Registry suspicion of leasing misunderstands this allocation function. Leasing can be abused through unclear authority, misleading records, bad contacts or disputes over control. Those are registry-relevant risks and should be addressed through accurate records, proof of control, contactability, transfer history, dispute flags and clear holder responsibility. But the fact that a resource is leased does not make it illegitimate. Leasing is how scarce assets move temporarily toward higher use without requiring permanent sale. It is common in capital-intensive industries because ownership and use do not always belong in the same entity.
For LACNIC-region mobile carriers, flexible access to IPv4 can be especially important because demand may be uneven. A carrier may need extra capacity for a product launch, an enterprise contract, a rural program, an acquisition integration or a migration away from older NAT platforms. Buying permanent address space may be too expensive or unnecessary. Leasing may match the risk better. A smaller operator may need public identity before it can prove the revenue case to finance a purchase. Leasing can bridge that gap.
Transfers also matter. Under scarcity, unused or underused resources should be able to move to networks that can put them to work. The registry's role is to make the transfer truthful: the transferor controls the resource, the transferee is recorded accurately, uniqueness is preserved, security data can be updated, public contacts remain usable, and any dispute is visible without destroying live networks. It should not ask whether mobile broadband is the most virtuous use of the block. The buyer's willingness to pay, and the customers it can serve, answer the economic question more honestly than a committee can.
Reducing CGNAT pressure through markets also improves accountability. If addresses have a transparent cost, carriers can price product choices. A public-IP add-on, enterprise APN or low-density NAT pool becomes a visible service decision. If registry policy suppresses liquidity, scarcity is still rationed, but less transparently: through delays, relationships, historical allocations, insider knowledge and dense translation. That is worse for poorer users and smaller carriers. They need a market they can enter, not a gate whose rules change when they arrive.
A thin ledger is not anti-abuse
The strongest objection to registry narrowness is that abuse is real. It is. Mobile broadband networks carry fraud, malware, harassment, spam, credential attacks and other harmful activity. CGNAT makes attribution harder. Victims need reachable contacts. Lawful authorities need reliable process. Platforms need a way to report patterns. Customers need carriers to act when accounts are compromised or devices are infected. A registry ledger that ignores contactability would be irresponsible.
But contactability is not the same as enforcement sovereignty. A thin ledger can be very strict about the things that belong to it. Holder records should be accurate. Abuse contacts should be reachable. Role contacts should not point to dead mailboxes. Transfers should not obscure responsibility. Disputed records should be flagged. Security assertions should be auditable. If a holder abandons all contactability, the registry may have a real record-integrity problem. None of that requires the registry to adjudicate the substance of every abuse allegation associated with a mobile NAT pool.
Indeed, overbroad enforcement can make abuse handling worse. If carriers fear that detailed disclosure of CGNAT realities will be used against their resource status, they may share less. If leasing arrangements are driven into ambiguity, abuse contacts become less clear. If record updates are treated as suspicious, stale data persists. If complaint volume becomes a reputational weapon, competitors and bad-faith complainants gain incentives to escalate. A non-punitive, accurate ledger is more likely to produce usable abuse channels than a registry that turns every complaint into potential discipline.
The operational solution to CGNAT abuse is layered. Platforms should capture source ports and precise timestamps when they complain about shared addresses. Carriers should maintain logs appropriate to their legal environment and product risk. Lawful authorities should understand that IP-only requests may be insufficient behind CGNAT. Enterprise customers should buy products with the attribution and identity features they require. Consumer applications should reduce reliance on IP as a single fraud signal. Registries should keep holder and contact data accurate. Each layer has a role. Confusing the layers increases cost without increasing truth.
This layered model is particularly important in Latin America and the Caribbean, where legal regimes, languages, enforcement practices and carrier sizes vary widely. A small operator should not be treated as non-cooperative because it cannot answer a vague complaint lacking port and time data. A large mobile group should not be allowed to hide behind CGNAT opacity when evidence is precise. The registry should not be the court for either case. It should ensure that the right operator can be found and that the public record does not lie.
Narrowness is therefore a form of discipline, not a retreat from responsibility. It says: keep the common layer honest; keep contacts alive; keep uniqueness intact; keep records portable; keep security state legible; do not convert the registry into police, prosecutor, market regulator and broadband product designer. In a CGNAT world, that discipline is what prevents the unavoidable complexity of mobile networks from being weaponized against the very operators that keep users connected.
Holder rights are customer-continuity rights
It is tempting to describe holder rights as an argument among companies. That misses the customer-continuity function. A carrier's right to rely on its number resources affects whether customers can keep working when products change, carriers merge, NAT platforms are upgraded, rural services expand, enterprise fleets migrate, or addresses are acquired to reduce translation density. If holders lack predictable rights, customers inherit uncertainty through service design.
Portability is the clearest example. If a resource holder cannot move its registration relationship away from a failing, captured or hostile registry environment, the resource is not fully portable capital. It is recognition trapped in a service region. For a mobile carrier, that lock-in matters even if packets keep flowing today. Investors, partners and enterprise customers must ask what happens if registry records become unreliable, if disputes affect resource status, if transfers are delayed, or if security assertions depend on an institution whose incentives have drifted. The risk may be low in ordinary periods. Capital prices tail risk before it arrives.
Holder rights also affect leasing and financing. A carrier that can rely on stable control can use addresses as part of product planning. A lessor with clear rights can make addresses available to carriers without pretending that use and ownership must be identical. A lender or investor can understand the asset more easily if the registry record describes reality rather than reserving broad discretion to reinterpret it. Clear rights reduce the cost of the address supply that can relieve CGNAT pressure.
The point is not that holders should be immune from fraud, dispute, court orders or accurate-record obligations. They should not. The point is that registry power should be proportionate to registry function. If a registry can impair a mobile carrier's address continuity because of broad policy judgments unrelated to uniqueness or record accuracy, the registry has acquired leverage over customers who never entered the policy room. The user behind the NAT pool pays for institutional overreach through worse service, fewer product options or higher prices.
This is the meaning of running-code primacy in mobile broadband. The running network is not an abstraction. It is the prepaid user, the rural router, the fleet SIM, the gaming session, the banking app, the school connection and the emergency backup link. Registry procedure should support these operational realities by making identifiers unique, records accurate and control verifiable. It should not override them to satisfy a theory of scarcity management.
For LACNIC, the constructive path is to treat holder rights as part of regional connectivity, not as a concession to address traders. Scarce IPv4 used in mobile broadband is productive capital. It helps carriers serve customers and reduce translation costs. A registry that protects holder continuity protects users indirectly. A registry that weakens holder rights in the name of community virtue weakens the operating base on which those users depend.
Number Resource Society is the positive alternative
The practical future is not a stronger gatekeeper. It is a more constrained common layer around number resources and a stronger society of holders around that layer. Number Resource Society offers that positive model: protect uniqueness, preserve holder rights, make records portable, make proof of control verifiable, separate registry administration from enforcement, and keep commercial decisions with the operators, contracts, markets and public-law institutions that actually bear the consequences.
For mobile broadband and CGNAT, the model is concrete. The common layer should answer narrow questions well. Who controls the resource? Is the claim unique? Is the record accurate? How can the holder be contacted? What security assertions are active? What transfers or leases are recorded? Is there a dispute? Can the state be exported, audited and relied upon if an incumbent institution fails? Those questions matter to carriers, platforms, customers, banks, courts and governments. They are enough to justify coordination.
The common layer should not decide whether a LACNIC-region carrier has used CGNAT too aggressively, whether prepaid users deserve public IPv4, whether enterprise SIM products are too profitable, whether leasing is morally suspect, whether rural fixed wireless should receive priority, or whether IPv6 deployment has been sufficiently enthusiastic. Those are not uniqueness questions. They are product, capital, regulatory and market questions. They require evidence from running networks, not legitimacy borrowed from a registry room.
Number Resource Society is also the correct answer to the abuse concern because it strengthens the record without expanding the throne. Holders that want rights must support accurate records, reliable contacts and evidence discipline. A portable ledger is not a hiding place. It is a way to make valid control and responsibility legible without giving one private institution the power to punish commercial behavior outside its mandate. That distinction is essential for mobile carriers whose customer scale will always generate incidents, disputes and complaints.
The model also aligns with IPv4 as capital. Scarcity should not be denied, moralized or trapped. It should be priced, transferred, leased, financed and deployed where it reduces the most operational friction. In mobile networks, that may mean fewer users per CGNAT address for sensitive products, cleaner identity for enterprise fleets, better public-IP options for rural fixed wireless, or temporary address supply during migrations. Markets will not solve every problem, but they will solve more than discretionary rationing by a registry that does not bear the customer's support ticket.
LACNIC's best contribution to this future is restraint. It should be boring in the most valuable sense: a reliable ledger of unique resources, accurate contacts, security state, transfers, disputes and continuity. The more boring the registry, the more room carriers have to solve mobile broadband problems in the open. The more dramatic the registry becomes, the more every NAT complaint, abuse ticket and address lease risks becoming a policy battlefield.
CGNAT will remain part of mobile broadband for a long time. IPv6 will grow where it makes sense. Public IPv4 will remain scarce and valuable. Users will keep judging the network by whether their apps, payments, games, VPNs and devices work. The institutional lesson is not that every subscriber needs a public address. It is that the scarcity of public identity must be governed by clear rights, market liquidity and a narrow ledger. The mobile customer may never know LACNIC's name. But the cost of registry neutrality, or its absence, will still reach that customer's phone.
Sources and further reading
These references provide the article's public doctrine and background context. They are used for institutional-economic framing, not for adopting any registry or official-sector narrative.
- Lu Heng, all notes index: https://heng.lu/all-notes/
- The Policy Mirror: https://heng.lu/the-policy-mirror/
- The Bill of Rights of Uniqueness Coordination: https://heng.lu/the-bill-of-rights-of-uniqueness-coordination/
- The Multi-Stakeholder Mirage: https://heng.lu/the-multi-stakeholder-mirage-how-the-multi-stakeholder-model-turned-attendance-into-mandate/
- The Registry Continuity Fallacy: https://heng.lu/the-registry-continuity-fallacy-protect-the-ledger-not-the-gatekeeper/
- Running-Code Primacy: https://heng.lu/running-code-primary-the-patch-needed-to-preserve-the-internet-original-design/
- The Poverty Penalty: https://heng.lu/the-poverty-penalty-how-the-rir-model-taxes-the-poor-while-calling-it-equality/
- Sovereignty inversion: https://heng.lu/from-double-extraction-to-sovereignty-inversion-how-nations-lose-sovereign-control-to-rirs-for-us100/
- Registry power and liability: https://heng.lu/on-when-registry-power-detaches-from-liability-why-the-present-rir-coordination-model-cannot-survive-in-its-current-form/
- Number resources are not political property: https://heng.lu/on-internet-number-resources-are-not-political-property/
- Thick RIR governance as double extraction: https://heng.lu/on-regional-internet-registries-thick-governance-turns-uniqueness-into-double-extraction/
- Registries must never become enforcers: https://heng.lu/why-registries-must-never-become-enforcers/
- RIR enforcement creep and IPv4 liquidity: https://heng.lu/on-why-rir-enforcement-creep-is-the-silent-killer-of-ipv4-liquidity-and-why-it-must-be-stopped/
- Cost structure of regional Internet registries: https://heng.lu/on-the-cost-structure-of-regional-internet-registries/
- Decentralising global IP address registration: https://heng.lu/on-decentralising-global-ip-address-registration-with-distributed-ledger-technology/
- Unlocking the hidden value of IPv4: https://heng.lu/unlocking-the-hidden-value-of-ipv4/
- Portability of number resources: https://heng.lu/on-portability-of-number-resources-and-the-icp-2-revision/
- Number Resource Society: https://nrs.help/
- BTW Media: https://btw.media/
- LARUS: https://larus.net/

