When can I JUST use TM internet modem as ONLY a modem, in BRIDGE mode, with NO NAT, NO firewall, and frankly NO Wifi.

I just ordered the 5G home Internet hoping I too would be able to dump Spectrum. From the great information above, particularly regarding carrier grade NAT, I see I would have to totally revamp how I think about "internet facing" when it comes to my Pfsense WAN interface. I've depended on having a public IP on that box for IPSec purposes as well as some port forwarding. This will be a long and tricky road to finding ways that I can satisfy all my needs around this new architecture. This is especially the case since we (the customer) have no power in the upper layers. I hate working on my home internet because of this. Once you've been spoiled in the professional networking world where you can control everything from the public facing BGP routes of a company to a local workstation's RFC1918 address, it sucks to get stuck back into the "consumer" box. It sure would be nice to have that kind of power with my own home internet! I guess we're just going to have to collect our knowledge and work together to find new ways of accomplishing our goals within the bounds of new carrier tech which we cannot control. 😔

Bridge mode, double NAT and all the rest has been talked about her ad nauseum. We all know it sucks and T-Mobile is fully aware of our frustration. Just about every week a new user comes here to complain. The can is dumbed-down for sure. Designed for the non-technical plug and play.

For me it's an irritant but not worth staying with Spectrum. Not even close. Their constant price increases are offensive. Would never consider going back to that company. 

For $50 a month I get great speed, better than Spectrum was and reliable service. I'm in Dallas so I'm sure that helps. I've found workarounds for the port forwarding and the rest. Hopefully these limitations are temporary.

Sometimes I'm sorry I brought up a specific point or question.  "NAT" as I knew and defined it is obviously implemented simply, but only in simple implementations.  I searched for the terms, "XLAT/CGNAT" that you used, and learned I didn't have a clue what's going on in designing carrier level internet services.

First, I found an “old” 2016 Cisco article that clued me in on how little I knew:

https://www.cisco.com/c/en/us/td/docs/routers/crs/software/crs_r4-3/cg_nat/configuration/guide/cgnat_cg43crs/cgc43cgn.html

It turns out, TMO, starting from scratch is solving several problems that now face all providers.  One of them is the dearth and cost of carrier IP ranges.  According to this article, everyone eventually will be using these types of technology.  So, NAT as I knew it will no longer exist.  Similarly, although I love my hard drive based DVR since the days of Replay TV, it is a dead technology that will quickly be eliminated.  [At least I resisted long enough that skipping commercials while streaming became a real issue that had to be solved, or endured, rather than ignored.

The issue I guess I need to resolve is not the specific implementation TMO has today.  The criteria for how great will be determined simply by how committed TMO is to winning this market, and do they have the technical excellence to solve whatever issues arise while they get there.  Sure, it will have rough patches, but if they are committed, they will win.  If not, someone else will.

Picking the right company and technology is not a trivial exercise, and the stakes for a consumer are sometimes huge.  Legere's office himself saved my butt years ago before he was at TMO.  He was around when ATT came up with the brilliant idea of merging landline divisions with a cell company.  The result??  My first bill went from $60 to $1,200 in one month, and they only saw I hadn't paid.  No proof that I didn't owe, and had paid any bills could convince them to keep my cell phone on.  Why??  the merger forbid one company from accessing ANY of the billing records from the other.  So, when some moron merged the databases, some companies that owed millions, only had to pay my $60 bill.  IOW, it was so screwed up, no one could sort it out.  Legere's office saw it all, and at least would overrule the turn off orders immediately.  After a year, I got a full refund for the year.  I suspect experiences of stupidity like that is why and how he shook up not just TMO, but the whole cell industry.  In short, I bet big on him and his management about 15 years ago, and I'm happy to say it was the best decision I could have made.  I will be interested to see if TMO can fix and control everyone from Sprint, or horrible practices of Sprint will win, and ruin both companies.

Thanks for your detailed analysis, and it sounds to me like ALL next gen modems, including from the cable companies, must have the type of control built into them to build out a carrier based internet provider.  IOW, these design decisions are not accidentally created problems.  They are simply artifacts of the newer technology that we must all adapt to in the future, and eventually, it will work extremely well. 

Isn't TMO the only company that implemented using all the existing Wifi bandwidth for phone service??  THAT was revolutionary, and innovative solution that had huge benefits from both a technical and a business perspective.  Other companies either didn't follow, or did so slowly. 

I run my Asus off the Askey just like I did my Netgear modem when I was on Spectrum... auto Config options for the WAN and all picked things up just fine.

Even IPv6 Passthrough seems to work... somewhat.  At least my phone uses it fairly consistently.  Windoze stuff can be kinda squirrely when it comes to IPv6.

Our market got 5g up after the shortage hit for the Nokia modems, so we are still on the Askey LTE boxes.  Even while connecting things directly to their modem by wire or wifi, DMZ and port forwarding (via UPnP or manual rules) would NOT get around that double-NAT behavior.

That box's wifi is pretty lackluster though, so I disabled it and use my Asus instead.  Other than that, my network "worked" out the box just like it did on my Netgear did with Spectrum as far as getting the uplink to the internet.  Only caveat is the whole XLAT/CGNAT mess that breaks P2P and the like.

No changes were needed for my local network, since everything was already looking to my Asus as their gateway for DHCP and such.  I literally could just run the Asus to the TMO LAN 1 and reboot it to resolve things via DHCP.  I just went the extra bit to change the TMO subnet to match my Spectrum numbers and password so my existing shortcuts would work. We can actually turn off their firewall and all... basically making it behave as a dumb passthrough (just not an actual bridge mode).  But it makes no difference because of the screwy crud they are doing on the upper layers.

No matter how configured the Askey while wired directly to the TMO LAN 2, I couldn't get a fully open NAT for the PS4.  Best was NAT2, and things were just still broken because of TMO's topology.  Even using DMZ made no difference.  So I put it back on my Asus and just run their modem as a dumb device, basically.  So everything is still managed by my Asus, just as it was with Spectrum.

No matter what you do, things will still actually behave as a double-NAT scenario because of that xlat/CGN crud they are doing.

Dug around and figured out I could likely fix that with Windscribe VPN running on my Asus.  But even on annual plans, setting up their cheaper data center option to get a more static IP and up to 10 ports forwarded, it would be about the same cost after haggling with Spectrum for a discount each year.

If I get to the point I NEED that full functionality again, I will likely just flip back to Spectrum at that point IF TMO hasn't fixed their networks.  The extra cost won't bother me as much since it will also give me the benefit of better routing to reduce pings.

But for now... streaming and playing casually on the PS4... I am sticking with the cheaper TMO option to give Spectrum the 1-fingered salute for a while.

Then, my only question is this:  What does it take to equal the capability and setup parameters that my Spectrum Cable Modem / Router has? 

AFAIK, these modems I am using in several locations that I support are pure plug and play.  I could simply move my whole network to another city another cable modem with a similar set up and the only changes would be the IP and other Gateway settings for that one connection to the first device, which is MY firewall, INSIDE my LAN. 

464XLAT/CGNAT topology breaks all the use cases people are citing when asking for this change.

This approach, by design, is not there to provide typical dual stack functionality.  It basically cannot do it without specific care taken for additional translation/preservation of details needed to provide the desired NAT functionality.

Makes bridge mode/port forward options irrelevant  because it breaks everything in higher layers.

Even the older Askey LTE only model that provides most every typical router functionality (sans bridge mode) cannot resolve the issues.  Not even the DMZ option would resolve things properly.

Unsolicited inbound traffic is filtered/blocked at a higher layer, so packets never even make it to the modem in the first place.

Search on the terms bridge mode or port forward.  You will get a LOT of hits dating back a year or longer about this problem.

There have been hints/rumors/hearsay that changes to their stack MAY eventually come that could resolve issues, but nothing has been officially stated.

Until such time, about the only thing people can do is pay extra for third party workarounds, like perhaps a VPN service that supports P2P properly enough to allow you to assign specific ports to forward through that VPN.

OK -- Sounds good, but let me ask to confirm a few things:

-- I'm assuming then that your mesh router is providing the DHCP so that is the device that is handing out the IP's?  This is critical, since it was at least reported that the DHCP was limited to 20 dynamic IP's internally.  I assume then also, you are at least ignoring their WiFi and using only yours.

-- Someone else mentioned that it did NOT support IPv6 properly. Going forward this will be more of an issue than it is today.

-- Double NAT -- There are a few people I’ve heard that had significant issues, since this caused some services to be rerouted

-- Static IP's and port forwarding -- There are many reasons and situations where this is critical.  For instance, I've got some very old devices that I need to reach on demand, some from outside my network, on the internet.  If I can't predetermine the IP's for these devices, AND specify which ports and traffic is routed to them, then these devices will not work, or will be randomly unavailable.

-- Bridge Mode -- The reports that I heard that originally caused me to ask / report these issues, is that they said it would NOT support bridge mode.  This means that their device must first be configured, and then if you are "lucky" or brilliant, you can force your router to UN-do the TM router, and then apply it's own settings.   

-- How do you overcome the requirement for bridge mode?  I know in the past with several home WiFi routers that wanted to add their own NAT, DNS, and DHCP, if you didn't disable DHCP, DNS and enforce bridge mode, you just couldn't get your devices working properly, nor could you get these devices all on the same subnet.

Each problem I mentioned above have caused a lot of work to overcome at some point, which is why once you get everything set up, you really do not want to make any changes to your network.  Some problems are just virtually impossible to easily overcome.  Even today, I've got an old "WiFi CELL SPOT" with T-Mobile firmware.  It's a fine WiFi as long as I only use bridge mode, do not use their firewall, NAT, DNS, DHCP etc.  But, that firmware will NEVER EVER be updated by T-Mobile and the hardware vendor, NetGear.  But then, since they support BRIDGE mode, there's no problem, either.

REALLY, let me know, or someone else can report these issues.  The only reason I'm writing this is that I WANT to see this working easily and reliably.    

The t-mobile gateway is just a pass through device that connects to my mesh router setup by hard wire.  Connected to that, I have a hub for 1 Pc and 1 printer and wifi to 1 other printer, a photo scanner, a laptop, 2 ipads, 3 iphones, 2 smart tvs streaming multiple services, 3 echo devices, and several appliances.  We can be streaming on both tvs and using both ipads with no service issues.  I will say it depends on how close  you are to a tower.  We are about 2 miles away, line of sight.  I do not know the full details of your network, but it may be more than the t-mobile gateway was designed to handle.

Agree that is the perfect solution if all you are using internet for is a very limited number and type of device, and need zero configurations to enable other services.  For instance, my mother's setup is ONE WiFi connection to ONE computer, unless I'm visiting.  If that's the market TM is after, then fine.  But cord cutters are likely going to be connecting 20-30 devices, and then add thermostats for my AC and heat, all the new cameras, doorbells, garage door openers, sprinklers, my plumbing connections, and eventually toasters and my refrigerator.  Does TM really expect to make these types of customers happy??  Good luck with that, but it is NOT going to go well for TM if they try.

But, my point was that it is MORE difficult to provide settings, setup and especially tech support than it is to SIMPLY ENABLE PASS-THROUGH with a minimum of services and settings.  That way, there's a clear line of responsibility from them to me.  More importantly, TM can provide 100% of what I need at extremely low cost, and high reliability.

If they are going to maintain all the settings of my network, then they will very often need to send a networking expert out, since I generally have at least one device that isn't working properly.  Then sometimes the problem is setup, firmware on the device OR the WiFi, or physical cable, or sometimes it is my router setup.  Someone that has that capability to straighten out all my networking problems is going to cost TM at least $50 PER call, and most often, it will NOT be their problem.  In short, they'd be crazy to even want to try to provide that level of service.  NO internet provider that I know of today, provides that kind of service.

I've never had any need to even try to log into my Spectrum Modem.  Why would I ever need to??  regardless of what the problem is, assuming it is getting 115 VAC, a tech MUST come out to do the repairs to either the cable or a modem replacement.  The ONLY thing Spectrum ever has to do, is to read the logs, which tell them how many times it rebooted, what the signal level and bandwidth is now, and the history.  They can also see if it has DNS, DHCP to the first device, and even if it is connected properly to my hardware.  Then, they might send a tech out.  Most often they replace connectors on the cables, inside or outside my house, or sometimes the cable modem itself.  But, ALL of that troubleshooting is INSIDE the modem.  My only involvement might be to reboot it via power down, and to make sure it is still getting power.   If there's ANY OTHER network problem, it is MY SOLE responsibility and labor.

I have my T mobile gateway connected to my existing network with a Cat5 cable.  Works fine, current network provides all services, gateway just connects to tower.  T mobile internet app provides monitoring and settings.  Hope this helps.