Nintendo Switch w/NOK 5G21 Gateway

  • 25 July 2021
  • 2 replies


I was thrilled to change from my previous provider to T-Mobile’s internet. The speed is great. The service has been super reliable. Where I’m having trouble is on my Nintendo Switch. I can’t get visitors on my island on Animal Crossing. I can’t race against friends on Mario Kart. Virtually all online gaming functionality is useless. And I’m frustrated I haven’t been able to find a solution. I called support and they basically said there’s nothing they can do. Has anyone found any solution to this?!

2 replies

Userlevel 4
Badge +3

It basically boils down to an infrastructure problem TMO needs to fix on the other side of the modem first, and then updating the modem's firmware to properly enable/allow port forwarding to work.

EDIT: forgive me for the length of this post... it is a bit of a sore spot in the community, for obvious reasons like what you are experiencing.


The TLDR--gaming and IoT devices were NOT considered when they cobbled this service together.  It is really only designed for some of the most casual of users out there.  Unfortunately, the marketing and even their own reps do not make this distinction up front.  You MIGHT be able to get around some issues IF you can use a VPN with what you are doing... but success is limited due to issues with how things are managed.


Their network is IPv6 only.  Way too many devices and applications are designed with IPv4 with port assignments in mind.  While you can still assign ports with v6 addresses, the bigger problem is the reliance on v4 addressing.  You can't just "send" v4 addresses over v6 networks--the packets have to be altered on both ends of the v6 network for that network to carry the data back and forth to another v4 client (ie: some games trying to communicate with it's server via UDP protocol and v4 addressing).

TMO opted for an implementation of XLAT464 to handle the dual stack scenario that does not work for the peer-to-peer communication that many of these devices/applications depend on to function properly. While it works to get mostly all "stateful" v4 communications back and forth (you request outbound TCPIP connections that are established/tracked so they can transmit back to you), the "stateless" ones are broken. 

These are the types of connections that are not tracked at all... often UDP and not TCPIP, or otherwise inbound and unsolicited (you did not open a connection to them first--they are trying to reach out to you directly). These typically need a routing rule to forward such inbound traffic to a specific device, be that filtering by specific ports (set manually or via UPnP feature) or a DMZ rule that forwards all untracked/unassigned traffic to a particular device.

In theory, we should be able to get away with a DMZ rule on their modem to get around it--but their 464 implementation breaks things because of how they are filtering/shaping traffic.  It is behaving more like a "public" free VPN, or Carrier Grade NAT.  These can cause the public IP address to actually be used for multiple private users, so there is no 1 to 1 public address that can be paired to your modem or router's private IP in the usual fashion that would allow those peer communications to work properly. 

Communications MUST be initiated from your end first, and then the other end has to follow specific rules to reach back to you through that same connection for it to make sure it gets back to you properly.

Some have managed to get around it somewhat with a paid VPN service... but to get it work for things like game consoles it will require a VPN to run on your own router, which may narrow (or even void) your options considerably depending on specifics of your router.

And then there is the issue of the extra encapsulation for their 464 translation layer.  They have to use more space in the packet headers for their encapsulation, which reduces how much user data can go in each packet.  Instead of the more common 1500 byte client side MTU that leaves a 1460 byte MSS for user data, things get reduced to a 1420 MTU for the client, leaving only 1380 bytes for user data.  Some VPN's reduce this down to 1320 or less by default to avoid potential issues with their encapsulation--but not all of them.  So some are having issues getting VPN's to work properly... and not all allow the user to override the MTU or MSS values to fix it.

Basically... a LOT of people are getting hosed because TMO didn't have a clue of how people more often use their internet these days.  They are set up more for the extremely casual user... at best, a Netflix streamer and social media user.  Avid gamers certainly were NOT a consideration for this product... Heck, even the more casual gamer that likes the odd FPS game can get screwed by this system.



In other words, someone at T-Mobile needs to read this and fix it stat! LOL. Darn. That sucks. Well, looks like I’ll be going back to my previous provider for now. It is what it is.