Small and medium-block pricing continues to trend slightly downward, narrowing the gap with large-block pricing, which appears to be leveling off. While pricing remains in flux, volume and demand are strong, and we expect the market to remain healthy as we head into 2026.
Supply pressure continues to drive the larger block prices down despite continued strong demand (although note that the significantly lower /16+ pricing was impacted by larger package sales in October). Smaller block prices continue to remain steady.
IPv4 transfers are now an important part of digital infrastructure management. Yet each transaction is still governed by complex regional policies that change over time. For buyers and sellers, understanding these frameworks determines whether a transfer proceeds smoothly or stalls in review. Understanding compliance policies and how they differ by region is important in completing transfers efficiently.
Every IPv4 transaction follows policies set by the Regional Internet Registries (RIRs), which govern address allocation and transfer approval. These registries include ARIN, RIPE NCC, APNIC, LACNIC, and AFRINIC. Each operates its own governance model, documentation standards, and verification process. For example:
For organizations that operate across multiple markets, regulatory awareness is not optional. Consistent alignment with each region’s policy framework helps avoid transfer delays and supports legal certainty throughout the process.
Most Regional Internet Registries (RIRs) evaluate transfers by verifying ownership, confirming justification of need, and validating documentation accuracy. Missing or outdated records can stop a transfer before completion.
Common verification requirements include:
For buyers, incomplete justification or conflicting registration data often prompt compliance reviews. For sellers, inconsistencies in WHOIS or RPKI data can extend verification cycles or result in denial. Maintaining accurate, unified ownership records is now a baseline requirement for due diligence in all IPv4 transactions
Delays in IPv4 transfers often stem from inconsistent data and misaligned documentation rather than policy complexity. When registry information does not match internal records, even a small discrepancy can halt progress. The following issues appear most frequently during the transfer process:
Each of these barriers adds cost and uncertainty to an already time-sensitive process. Organizations can avoid most setbacks by performing pre-transfer compliance checks, verifying registry records, and maintaining consistent documentation before initiating a transaction.
IPv4 address transfers are not governed by a single global authority. Each Regional Internet Registry (RIR) enforces its own verification, documentation, and approval process. For organizations active in multiple markets, these variations can directly impact transaction timelines, eligibility, and even pricing. Understanding the current requirements across regions helps buyers and sellers anticipate regulatory hurdles before initiating a transfer.
| Registry | Transfer Requirements and Rules | Notes / Additional Constraints |
| ARIN | Requires documented justification of need, legal entity validation, and officer attestation for all specified transfers. Also enforces a 12-month “hold” rule: the source organization cannot have received IPv4 space from ARIN in the previous year, except in merger or acquisition cases. | Among the most stringent RIRs. Inter-RIR transfers are limited to regions with reciprocal policies. |
| RIPE NCC | Does not require justification of need but mandates clear documentation and a signed transfer agreement. Inter-RIR transfers require mutual approval between RIPE and the partner RIR. | Favored for its transparency and efficiency in cross-region transfers, particularly with ARIN and APNIC. |
| APNIC | Accepts both intra- and inter-RIR transfers, provided the partner registry has a compatible policy. Recipients must submit a usage plan demonstrating need. Certain blocks, such as 103/8, are restricted from transfer for five years after allocation. | Operates as a flexible bridge between RIPE and ARIN regions, though documentation standards remain strict. |
| LACNIC / AFRINIC | Maintain smaller, more tightly controlled transfer markets. AFRINIC currently prohibits inter-region transfers, while LACNIC permits them under limited, policy-specific conditions. | Oversight is strong but market activity remains relatively low compared to ARIN, RIPE, and APNIC regions. |
While each registry’s procedures differ, the underlying goals are the same: prevent fraud, preserve address integrity, and maintain traceable ownership records. For organizations conducting inter-RIR transactions, working with an intermediary who understands the administrative, technical, and timing nuances of each registry can prevent unnecessary delays and ensure transfers remain compliant from start to finish.
IPv4 transfers involve multiple moving parts, including documentation, registry review, payment coordination, and verification across systems that rarely align perfectly. Even small discrepancies in ownership data or missing forms can stall a transaction for weeks. Professional IPv4 brokers bridge these gaps by managing both the administrative and technical aspects of transfers, reducing exposure to error and delay.
A qualified broker typically provides services such as:
Working with a broker who specializes in compliance and policy alignment minimizes administrative risk and shortens transaction timelines. For organizations managing large address portfolios or operating across regions, these partnerships provide both legal assurance and operational efficiency, keeping transfers on schedule and within policy boundaries.
IPv4 scarcity continues to shape the IPv4 transfer landscape. Regional Internet Registries are adapting their policies to reinforce accountability and discourage misuse. For organizations that buy, sell, or lease address space, these evolving standards make compliance an ongoing responsibility rather than a one-time requirement.
Recent trends from 2024 to 2025 show a clear movement toward tighter oversight and validation across all active RIRs:
Organizations holding IPv4 assets should regularly review their allocations, validate contact information, and maintain accurate RPKI and WHOIS data. Staying aligned with registry expectations reduces the risk of compliance reviews delaying a transaction and ensures continued eligibility for future transfers.
Sustained compliance is not just an administrative task; it directly protects the market value of IPv4 assets and speeds up transfer approvals. Organizations that treat compliance as part of daily operations, rather than a reactive process, are far less likely to face costly delays or disputes.
Key practices that support ongoing audit readiness include:
RIRs are nonprofit organizations that manage IP address allocation and transfer approval within specific regions. The five global RIRs are ARIN, RIPE NCC, APNIC, LACNIC, and AFRINIC.
Each RIR develops its own policy framework based on regional governance and member consensus. Differences affect documentation, justification of need, and approval timelines.
Common causes include mismatched WHOIS data, incomplete ownership records, or missing transfer documentation. These can often be prevented through pre-transfer audits.
While not required, working with a broker experienced in regional policy helps avoid compliance errors, reduces delays, and provides escrow support for secure transactions.
October 14, 2025
ARIN distributed IPv4 addresses to 587 organizations on Friday, 10 October 2025. 421 organizations remain on its Waiting List. The organization waiting longest joined in June 2023. The next distribution from the waiting list will happen in early January 2026.
ARIN warns that future distributions depends “entirely upon the order, size, and quantity of IPv4 address blocks that ARIN receives and places back into its IPv4 inventory.” This means that organizational plans have to be very flexible as the wait could be 18 months but could be 30 or more.
Over 200 of the organziations on the list would accept a /24. These sell for just over $7,500 on the open market and can be leased from just over $100/month.
While the IPv4 market is somewhat global, the situation is similar elsewhere. LACNIC has over 1,700 organizations on its list and the RIPE NCC has 875 on its list. LACNIC estimates that its list will be cleared in 2034. The first on the RIPE NCC’s list has been waiting almost 18 months.
Unlike ARIN and LACNIC, the RIPE NCC only distributes /24s. But for all RIRs the addresses come from members who go out of business, so the rate of return and redistribution cannot be predicted.
APNIC does not run an IPv4 Waiting List.
Steady demand coupled with strong supply keep prices and volume steady as we head into the 4th quarter of 2025.
Traditional manual, spreadsheet-based provisioning struggles to keep up with the rapid growth of devices and the dynamic nature of modern networks. Relying on vendor-specific network elements creates inefficiencies, increases error rates, and limits scalability.
In contrast, an automated network provisioning platform simplifies and integrates the entire provisioning process, including:
By automating each step, networks can dynamically deploy new services and manage devices in real-time while enforcing custom policies for efficiency and security.
A modern network provisioning platform provides a comprehensive suite of automation tools that help service providers:
Automation dramatically reduces the time network administrators and IT teams spend on IP address management, subnet assignment, and device configuration. This frees up staff for higher-value tasks.
By eliminating manual processes, automated provisioning significantly decreases address assignment and configuration errors, improving service reliability.
Human errors account for 97% of network outages, with 45% of professionals reporting frequent disruptions. Automation prevents misconfigurations, reduces downtime, and improves network performance.
A unified control platform integrates DHCP and DNS provisioning, allowing administrators to:
Automation removes the need for specialized training and enables a single technician to manage network provisioning tasks without requiring multiple teams or departments. DevOps integration tasks can also be eased via the creation and sharing of API workflows, with no code necessary
An automated provisioning system provides:
Tracking and auditing help ensure compliance with industry standards and IT governance policies. 79% of network professionals prefer continuous verification and automated compliance reporting in their network solutions.
Discover and map all network-attached, IP-enabled devices automatically, improving visibility and customer service mapping.
A modern provisioning platform supports dynamic IPv6 addressing, dual-stacking, and subnet allocation management while ensuring compatibility with legacy environments.
Gain complete network visibility for optimization and policy-based configurations, rather than relying on fragmented operational decisions.
By automating network provisioning, organizations can:
Lower operational costs by:
With lower costs, faster service deployment, and increased reliability, businesses can drive more profitable growth and support scalable network expansion.
As network complexity continues to increase, manual processes are no longer sustainable. Automation is essential for:
Modernizing network provisioning isn’t just an upgrade—it’s a necessity. With the right network automation tools, organizations can reduce complexity, improve security, and enhance overall network performance.
For more information on how automated provisioning can transform your network, contact us today.
An IPAM, or IP Address Management, is a software tool used by network administrators to plan, track, and manage all the IP addresses on a network. Think of it as a central database, dashboard, and control panel for all of a network’s IP addresses, subnets, and associated data. It is also the underlying tool for additional network services. For instance, an IPAM is used to deploy the functionality of DHCP (Dynamic Host Configuration Protocol) and DNS (Domain Name System) services as a single, cohesive platform, making it much easier to manage the intricate web of network addresses.
Many network administrators use spreadsheets to track IP addresses. While this approach can work reasonably well and at apparently low cost for small, static networks, it quickly becomes unmanageable as networks grow in size and complexity. Spreadsheets are prone to human error, lack real-time updates, and make it difficult to troubleshoot and diagnose network issues. An IPAM solves these problems by providing a centralized, automated, and accurate way to manage your IP address space.
One of the primary purposes of an IPAM is to provide a unified view (known as a single pane of glass) for all IP address-related tasks. Instead of moving among different tools and multiple spreadsheets, administrators can see the entire IP address landscape of a network in one place. This includes:
Subnet Management: IPAM tools allow you to visualize and manage your IP subnets, showing which addresses are in use, which are available, and which are reserved.
IP Address Tracking: You can see which device is using which IP address, when it was assigned, and who assigned it. This is invaluable for auditing and troubleshooting.
Device Inventory: An IPAM can keep a detailed inventory of all devices on the network, including their hostnames, MAC addresses, and assigned IP addresses.
An IPAM is a dynamic and automated system. Unlike a spreadsheet that requires manual input of all activity and includes no automated output, IPAMs integrate directly with existing DHCP and DNS servers.
DHCP Integration: When a device requests an IP address from a DHCP server, the IPAM can automatically assign the address and update its database accordingly. This ensures that the IPAM is always in sync with a network’s real-time state. If a device releases an IP, the IPAM knows it’s now available. This prevents IP address conflicts and ensures optimal use of address space.
DNS Integration: IPAMs work hand-in-hand with DNS to ensure that hostnames and IP addresses are correctly mapped. When an IP address is assigned to a device in the IPAM, the system can automatically create the corresponding DNS record (A record for IPv4, AAAA record for IPv6). This eliminates the need to manually update DNS records, a common source of errors.
Managing an IP address is a multi-step process. An IPAM helps you manage the entire lifecycle, from planning to retirement.
Planning: Before a new subnet is deployed or an IP assigned, an IPAM helps plan the entire address space. It enables the creation of subnets, reserves ranges for specific purposes (like servers or printers), and ensures there is enough available addresses for future growth.
Provisioning: When a new device is added to the network, the IPAM automates the assignment of an IP address and the creation of the necessary DNS records. This streamlines the onboarding process and reduces the time it takes to get a new device online.
Auditing and Reporting: IPAM tools provide detailed logs and reports on IP address usage, changes, and assignments. This is crucial for security audits, compliance, and troubleshooting. When necessary, administrators or auditors can see who made a change, when it was made, and what the change was.
This is perhaps the biggest advantage of an IPAM. Manual IP address management is a tedious process. When managed manually, it’s easy to make mistakes such as assigning the same IP address to multiple devices. This leads to IP conflicts, which can cause devices to lose network connectivity and are a major headache to troubleshoot. An IPAM prevents these conflicts by ensuring that each IP address is assigned only once.
An IPAM can be a powerful security tool. By tracking every device and its IP address, you have a clear picture of who is on your network. If you notice an unknown device, you can quickly identify its IP address and take action. Some advanced IPAM tools can even integrate with security systems to automatically block or quarantine unauthorized devices.
Network administrators spend a great deal of time on routine tasks like IP address assignment, troubleshooting, and reporting. An IPAM automates many of these tasks, freeing up valuable time for more strategic initiatives. This leads to increased productivity and a more efficient IT team.
As an organization grows, so does its network. Manual methods simply don’t scale well, especially in fast-growing environments. An IPAM is designed to handle thousands, even millions, of IP addresses. It provides the tools and structure needed to manage a large, complex network with accurately and efficiently.
Many industries have strict compliance requirements that mandate detailed tracking of network resources. An IPAM provides the necessary audit trails and reports needed to prove that a network is being managed in a secure and compliant manner. This can be crucial for passing security audits and avoiding fines.
Let’s imagine a common network problem and see how an IPAM would solve it.
Problem: A user reports they can’t access the internet. An administrator notices a red flag in their monitoring system: an IP address conflict. Two different devices are trying to use the same IP address.
Manual Approach: The administrator must check spreadsheets to find out which device is supposed to have a particular IP. Then they’d have to log in to the DHCP server to see which device was assigned it. Next, they must try to figure out how the second device got it (maybe a static IP was set manually?). This whole process can take a lot of time, and the network is down for the user the entire time.
IPAM Approach: An administrator opens their IPAM dashboard. The system immediately flags the IP conflict. The operator can see a detailed history of the IP address, including which device was originally assigned to it and when. The IPAM can diosplay the MAC address of the device causing the conflict. So, the admin can then quickly identify the rogue device and either remove it from the network or assign it a new IP address. This entire process can be completed in minutes, not hours.
An IPAM is no longer a luxury—it’s a necessity. It provides the visibility, automation, and control administrators need to effectively manage IP address space, reduce errors, enhance security, and improve overall operational efficiency.
Volume continues to be robust. Prices of most block sizes held steady, except for the “medium-sized” blocks (/17 – /19), which inched down a bit to come closer to the large block prices.
Pricing of small and medium sized blocks remained flat, while large blocks are still slowly declining. It seems that the lower pricing is a result of continued supply build-up. Conversely, we had significantly more transactions in July (98) than our monthly average of (73), a 32% increase – indicating a continuing increase in demand.
Modern networks have evolved beyond manual tracking and static documentation. Relying on manually updated addressing spreadsheets – regardless of their familiarity and accessibility – introduces significant risks. Manual tracking for network data is prone to input errors, data conversion issues, and insufficient data integrity controls, making it unsuitable as the primary source of data or the foundation of a network management strategy.
Today’s network teams must operate with complex environments under ever-evolving conditions managing hybrid infrastructure, cloud-native applications, and shifting workloads. These interconnected systems often require several administrators and may experience outages or inefficiencies due to outdated or incorrect control data. To address this, a consistent, over-arching repository or control is needed to maintain consistency. A unified and reliable control system – a Network Source of Truth (NSoT) – offers the stability required to manage that complexity. By centralizing network knowledge in a validated, authoritative system, organizations regain operational control, prevent errors, and build scalable automation.
A network source of truth functions as a centralized repository that holds validated data about an organization’s network infrastructure. General-purpose configuration management databases (CMDBs) often become unreliable due to stale or incomplete inputs, risking outages and requiring additional effort to realign configurations and resolve data errors. An NSoT avoids these problems by providing authoritative data that automation tools, provisioning systems, and monitoring platforms rely on as the definitive version of network state.
This repository includes device inventory, IP address allocations (typically managed through integrated IPAM functionality), DNS records, topology relationships, and configuration data. Its value comes from both its scope and its real-time accuracy. An authoritative system that captures both intended configurations and the real-time operational state of the network forms the core of a trusted automation framework.
Today’s networks demand consistency across every layer. A single outdated route or misaligned IP record can redirect traffic incorrectly, expose unmanaged assets, or stall a deployment. An NSoT minimizes these risks by acting as a single validation point that captures the true state of the infrastructure, both intended and actual.
The impact of a reliable NSoT appears in three core operational areas:
Network automation initiatives often stall when they lack a single, trusted dataset. Establishing a source of truth that reflects both intent and state provides the foundation required for scalable, policy-driven automation.
An effective NSoT must both store data and reflect the current network state. It also needs to support direct access by other systems and automation tools. These foundational capabilities define a mature NSoT:
When integrated with orchestration platforms, an NSoT becomes the operational source for provisioning, validation, and change enforcement. In a typical automation flow, the NSoT supports the following provisioning steps, either directly or through integration with orchestration tools:
During change management, an NSoT enables policy enforcement. It validates whether a proposed change respects predefined rules and can flag discrepancies against the known network state before deployment proceeds.
Maintaining accuracy in a source of truth is not straightforward. It requires constant synchronization between the live infrastructure and the recorded data. Common challenges include:
Organizations should design their NSoT for continuous synchronization to ensure data accuracy across rapidly changing environments. This means implementing mechanisms that capture changes as they happen and reflect them in the source of truth without delay. Event-driven updates allow systems to push changes as they occur, reducing lag and eliminating the need for periodic polling. SNMP trap monitoring and syslog ingestion capture configuration changes directly from devices, while cloud-native APIs expose real-time state data from virtual infrastructure. Scheduled reconciliation jobs compare current system configurations against the intended network state, flagging discrepancies for resolution.
A DDI-enabled source of truth, one that unifies IP address management (IPAM), DNS, and DHCP under a single framework, plays a pivotal role in this process. It eliminates silos between core network services, enabling consistent address allocation, dynamic lease tracking, and authoritative naming resolution. When these components operate as a cohesive system, network teams gain the visibility and responsiveness needed to support automation, reduce configuration drift, and manage scale effectively.
Selecting an NSoT platform depends on your technical team’s skills, desired integration level, and the complexity of your environment. Generally, organizations adopt one of two primary approaches to implementing an NSoT:
Key evaluation criteria include:
1. Define Your Network’s “Desired State” (Intent):
What should the network look like in its intended form? This step often proves the most complex, as it involves defining desired state across multiple layers such as IP address allocations, routing paths, VLAN assignments, access control lists, device roles, and service dependencies. It moves beyond documenting what currently exists to specifying the exact conditions the network must maintain to operate reliably and securely.
2. Identify and Centralize Data Sources:
Where does your current network data reside, including both existing configurations and any documentation that reflects intended state? It’s often scattered across spreadsheets, tribal knowledge, monitoring tools, existing IPAM/CMDBs, and even device configurations themselves. The goal is to bring this disparate data into a centralized, structured system.
3. Choose Your NSoT Platform/Tools:
This is where your platform choice becomes central. The NSoT may consist of a single platform or an integrated stack of tools that manage and expose structured network data. In many cases, the NSoT includes DDI systems such as IPAM, DNS, and DHCP as foundational components, all tied together through an API-first architecture that enables automation and interoperability.
4. Populate the NSoT (Initial Data Ingestion):
This can be a significant effort, depending on your current data sources and location. Multiple approaches exist:
5. Implement Version Control and Change Management:
An NSoT is not static – network changes are constant. Just like code, network configurations and data models should be version-controlled (e.g., Git). This allows you to track changes, see who made them, and roll back if necessary. Integrate the NSoT into your change management process to ensure compliance and mitigate the risk of unplanned changes. Ideally, all changes should be proposed, reviewed, and approved under a standardized framework.
An NSoT supports more than operational cleanliness. It drives automation, reduces failure risk, and accelerates business outcomes. Organizations that unify their infrastructure data in a trusted, live system avoid the pitfalls of configuration drift, duplicated records, and automation failures.
Centralized network visibility allows engineering teams to work confidently, knowing their systems reflect reality. For teams still managing network state in disparate tools or spreadsheets, now is the time to establish a reliable source of truth and build operational workflows around it.
ReView is a free IP address audit tool developed for IPv4.Global by our ProVision team. It gives service providers, enterprises, and network teams an accurate, actionable snapshot of IP utilization, without the overhead of a full IPAM deployment or complex onboarding.
Whether you’re planning renumbering, preparing for an address sale, or untangling legacy network sprawl, ReView brings structure and insight to your IPv4 assets.
ReView was created to fix a growing problem: most organizations don’t have a clear picture of how their IP address space is actually being used. Between inherited address blocks from mergers, patchwork subnetting, multiple IPAM systems, and inconsistent recordkeeping, it’s easy to lose visibility. That lack of clarity leads to bloated infrastructure, inefficient routing, compliance risks, and, perhaps most critically, lost revenue opportunities from underutilized IPv4 assets. ReView bridges this gap by offering a fast, secure, and no-cost way to audit your address space and uncover what’s really happening across your network.
Over time, even well-managed networks accumulate inefficiencies:
ReView helps surface these issues so you can clean up, consolidate, and plan smarter, without committing to a full platform transition.
ReView performs a deep scan of your environment, combining routing data, config files, SNMP, and more to generate a comprehensive, visual IP utilization report. It flags inefficient address use, potential renumbering candidates, and blocks that can be consolidated or monetized. You get a customized snapshot of your IP inventory, including:
All of this happens locally, ReView is not a cloud-based tool, so your sensitive data stays in your control.
The result: a clear, visual map of your address space with highlights on overprovisioned, unused, or inefficient blocks, including recommendations for renumbering and consolidation.
ReView isn’t just a scanner, it’s designed for modern, mixed-network environments. Whether you’re running routers, switches, firewalls, DHCP, DNS servers, or managing cloud IP space across AWS, Azure, or VMware, ReView integrates seamlessly with your reality. It works with:
You can run ReView entirely offline or allow limited read-only access for deeper analysis, depending on your comfort level and compliance needs.
Whether you’re dealing with internal audits or prepping for IPv4 asset divestment, ReView fits into your workflow, not the other way around.
The benefits of an IP address audit with ReView go far beyond clean reports. Organizations use ReView to:
In short, ReView gives you clarity, and the data needed to act with confidence.
IPv4 addresses aren’t just technical assets—they’re financial ones. ReView helps you identify hidden address blocks within your network that may no longer be needed or can be aggregated and sold. With continued global demand for IPv4 and limited availability, organizations are turning unused space into six-figure windfalls. ReView doesn’t just show you what’s inefficient—it helps you find what’s valuable.
And since IPv4.Global is the market leader in IPv4 brokerage, we make the next step seamless. Our team can assist you in validating, listing, and securely selling unneeded space with confidence.
ReView is free to use. Just submit your name, company, and email, and you’ll receive a download link for your OS of choice (Windows, macOS, or Linux). Run the app locally and follow the in-app prompts to begin your scan.
Business operations in today’s economy are increasingly dependent on cloud-native platforms and software-as-a-service (SaaS) infrastructure because they offer scalability, agility, and a broader geographic reach. The IPv4 protocol is crucial for these cloud-centric networks to remain online, especially for SaaS and cloud companies, which need their services to be available 24/7 for their global customers relying on the protocol.
High-growth SaaS and cloud companies rely heavily on IPv4 for their core operations. Hence, the idea that IPv4 will become obsolete and replaced by IPv4 anytime soon is a misconception. As a result, these companies cannot afford to overlook their IPv4 strategy. With flexible IP resource acquisition and management options, such as IPv4 leasing, SaaS and cloud companies can meet their customers’ needs and remain competitive in the marketplace.
It starts with understanding the similarities and differences between IPv4 and IPv6 as they apply to the unique business operations at SaaS and cloud companies.
IPv4 was designed for a different world than the one we now occupy. By design, its configuration accommodates 4.3 billion unique IP addresses. While these were sufficient in the internet’s early days, this supply proved unsustainable as connected digital expansion skyrocketed. Increased adoption of internet-connected mobile devices, Internet of Things (IoT) appliances, and cloud environments consumed the limited address pools available worldwide, resulting in IPv4 exhaustion.
By 2020, the Regional Internet Registries (RIRs) had exhausted their IPv4 allocations or were rationing them, creating a market of scarcity, competition, and escalating prices.
For growing internet-connected companies, this type of scarcity creates cost pressure: they need to invest significant capital to acquire sufficient IP addresses. This typically involves reallocating funds from critical areas like developing and refining the platform, increasing headcount, or exploring market differentiation strategies.
Without the necessary IPv4 resources, these companies face operational limitations, such as scaling into new markets more slowly or insufficient performance from secure, but higher-latency communication systems communicating with clients or globally distributed teams.
However, SaaS growth sometimes requires access to clean, reliable IPv4 blocks without bottlenecks like hefty upfront ownership costs or transfer delays.
Typically, SaaS companies scale in parallel with customer demand, the pace of which can be unpredictable, depending on extrinsic factors like industry shifts or sudden changes to global economies. These companies need a reliable IP address supply to support customers signing on to their platforms globally or optimize latency in new, high-demand regions.
Public, cloud-native IPs refer to IP addresses dynamically assigned by a cloud provider and shared within its infrastructure pool. These IPs often lack exclusivity, which increases the risk of cross-tenant reputation issues, intermittent availability, and limited control over security configurations. There’s also limited transparency into the origin and reputation of the dynamic IP addresses, making it difficult to control a consistent user experience and ensure regulatory compliance. In contrast, dedicated or leased (static) IPv4 addresses give companies full administrative oversight and traceability.
Additionally, SaaS providers must ensure IP continuity across service tiers, data centers, and geographic regions to maintain reliable connectivity. Without dependable, traceable IPs, customer-facing applications may experience performance shortfalls or increased support tickets, negatively impacting the user experience and the provider’s reputation.
However, SaaS scalability is critical to maximizing user experience and uptime. That means SaaS companies need greater control over IP address management to minimize instances of conflicts. They also require assurance of a clean IP reputation before deploying IP address blocks to networks that handle must-have customer data.
IP strategy is important when using cloud infrastructure. While cloud infrastructure offers increased flexibility, companies should actively and strategically handle IP compliance and security. For instance, cloud IPs are often subject to shared reputational risks, especially when one customer’s IP abuse results in blocklisting, impacting other customers on the same subnet.
Although big players that offer cloud IP services, such as Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP), make IPs easier to access, they handle provisioning differently. For example, AWS charges customers for Elastic IPs when they are not associated with a running instance, which can drive up long-term costs. Microsoft Azure restricts the number of IP addresses available based on the region and the type of subscription, potentially delaying deployments. Google Cloud Platform allows for global IP allocations, but the availability of those addresses may be limited depending on the location and network configuration.
The hidden costs and complications of relying solely on cloud-assigned IPs create challenges that SaaS and cloud companies should consider when comparing acquisition of addresses as analternative.
SaaS and cloud companies cannot rely on IPv6 alone because much of the internet’s infrastructure—including customer networks, third-party APIs, and legacy systems—still defaults to IPv4. Full reliance on IPv6 would result in missed connections, degraded service quality, and compatibility issues with users or services still bound to IPv4. To maintain global reach and a consistent customer experience, IPv4 remains essential.
IPv6 adoption is still slow globally. As of early 2025, about 45 percent of Google users access services via IPv6. Many corporate networks still default to IPv4 because their legacy systems were designed to run on this protocol. Transitioning to IPv6 requires significant time and resource investments that compete with other pressing business-critical requirements.
Considering the extensive infrastructure upgrades and reconfigurations required to deploy IPv6, many organizations would rather rely on IPv4’s immediate compatibility, lower overhead, and proven performance. IPv4 also offers a greater reach and is more straightforward to operate. While IPv6 may be a feasible option in the long term, IPv4 comes in handy when SaaS companies need short-term IP resources to fulfill their business objectives.
IPv4 leasing is a strategic alternative to buying IP addresses, especially for growing or flexible networks. By leasing IPv4 resources, SaaS and cloud companies don’t have to exhaust their capital expenditure budgets and can quickly scale operations on demand. An IPv4 lease also provides rapid access to the addresses without waiting for RIR approval.
From an operational standpoint, leasing enables SaaS companies to integrate dedicated IPs into their development pipelines and network automation infrastructure to ensure consistent provisioning while minimizing human error. Doing so helps these companies retain control of the IP resources while managing costs.
Some IPv4 leasing best practices for SaaS and cloud companies to consider include:
Dual-stack deployment, which provides simultaneous support for IPv4 and IPv6, is becoming the norm. This approach ensures that SaaS and cloud services remain fully accessible to all users, regardless of network protocol, while enabling a seamless transition to IPv6. Instead of choosing between legacy compatibility and future scalability, dual-stack architectures allow companies to benefit from continued IPv4 reliability and the growing IPv6 reach.
Hybrid IP models are particularly effective in environments with complex traffic patterns or global user bases. They streamline user experiences across legacy and modern networks and enable smooth IPv6 deployments without risking service interruptions. For example, newer deployments in well-supported IPv6 regions can take advantage of simplified routing and better performance, while legacy systems operate securely on IPv4.
Ultimately, businesses need to balance IPv4 reliability with IPv6 readiness. That involves proactively managing IP addresses through routine audits, tracking address utilization in real time, and automating provisioning via IP address management (IPAM) tools. These strategies can minimize service disruption and maintain consistent performance—regardless of how or where customers connect to SaaS and cloud platforms.
Amid rapid innovation, IPv4 remains the backbone for many networks, helping SaaS and cloud companies scale quickly without compromising security and service disruptions. Regardless of which protocol these companies prefer to integrate into their networks, IPv4 scarcity will continue to drive cost volatility in the market. IPv4 leasing remains a strategic workaround for companies to acquire much-needed IP resources cost-effectively and flexibly.
IPv6 is not yet universally supported, meaning IPv4 remains essential. To stay prepared for the IPv4-to-IPv6 transition—before growth forces a rethink, SaaS and cloud companies should audit their IP usage, evaluate their cloud infrastructure, and align on a reasonable address acquisition strategy.
Whether your organization is expanding to new regions, launching new services, or simply optimizing your stack, a robust IPv4 leasing model delivers the flexibility and resilience needed to compete at scale. Our team at IPv4.Global has significant expertise in facilitating thousands of IPv4 transactions, enabling businesses to acquire the IP resources they need quickly and efficiently.
Contact us to learn more about IPv4 leasing for SaaS and cloud companies.
When we click on a link for a website, we expect to be taken there. We rely on the reliability and speed of the entire system to provide that service. For a variety of nefarious – and often inexplicable – reasons some internet denizens use huge amounts of computer-generated traffic to overwhelm websites. These are known as denial-of-service (DoS) attacks. The perpetrators’ motives hardly matter. The damage potential is high, including the complete shut-down of websites and online services. Protecting against those huge traffic flows is just one of the reasons website operators choose to have Content Delivery Networks (CDNs) host their sites.
CDNs run a geographically distributed network of servers to deliver content to internet users. In addition to protection against DoS attacks, CDNs provide users with faster load times, greater overall reliability, and general security. They are particularly popular among streaming services, ecommerce platforms, and some SaaS providers.
One way CDNs and cloud networks protect the sites they host is to use CAPTCHAs to distinguish human users from DoS or other bot traffic. CAPTCHAs try to identify humans by measuring something a computer cannot do. Examples include detecting pictures of bicycles, solving an arithmetic problem, moving a jigsaw piece to complete a puzzle, or just clicking a button in a human way.
CDNs run a geographically distributed network of servers to deliver content to internet users. In addition to protection against DoS attacks, CDNs provide users with faster load times, greater overall reliability, and general security. They are particularly popular among streaming services, ecommerce platforms, and some SaaS providers.
One way CDNs and cloud networks protect the sites they host is to use CAPTCHAs to distinguish human users from DoS or other bot traffic. CAPTCHAs try to identify humans by measuring something a computer cannot do. Examples include detecting pictures of bicycles, solving an arithmetic problem, moving a jigsaw piece to complete a puzzle, or just clicking a button in a human way.
Example of a Cloudflare CAPTCHA protecting a South African tech news website
Another safeguard is rate limiting. It is a mechanism that limits the rate of service, or the frequency of requests by a user. It is put in place to restrict the number of requests from a client within a small timeframe, protecting the system from automated, very rapid bot requests associated with denial-of-service attacks.
Users dislike CAPTCHAs and rate limiting as they interrupt the journey to and use of a website. At best, they slow users down. At worst, they deny users access to a website because they have a disability that doesn’t let them solve the CAPTCHA.
But these are the tools CDNs have had available to them. Up until now. They’ve relied on these techniques because they don’t know much about the intended distribution of users across each network. Since the audience is unknown the dangerous among them can’t be identified in any useful way.
The Challenge of Classifying Users
The owners of a website want as much legitimate traffic as possible. The CDNs hosting the site wants to filter attack traffic as it adds cost to them without adding revenue. Users don’t want their legitimate traffic misclassified as harmful or dangerous because it means their experience is less good. But characterizing a user upon arrival at a website is more difficult than it might seem.
Many companies have hundreds of users behind a small NAT prefix. While some access networks have only one subscriber per IPv4 address or IPv6 prefix, others put many subscribers behind each unique IPv4 address. This maximizes the utility of a small number of IP addresses but disguises the number of users with access to them. These access providers rely on Carrier Grade NAT, also known as Large Scale NAT. It’s a technique where many subscriber NATs sit behind a NAT run by the ISP.
For hosts trying to control access, knowing what lies behind an individual IP address would allow characterizing the number and kind of users of it. So, if CDNs knew how other networks distribute users across the IP address space, they could use that information to challenge fewer people with a CAPTCHA. Website owners would be happy at turning away fewer legitimate users. They don’t want to expose the website to attack traffic but also don’t want the cost of serving the site in a way that generates attack traffic or adds cost. And users would be happy to get faster access to a website.
The good news is that internet engineers have developed a new information-sharing format to meet the CDNs’ needs. It uses the same method that’s proven successful for geolocation information. Each network operator (like ISPs) can choose to publish a small, structured data file and link to it from their entry in the RIR’s or NIR’s database.
By sharing information about how users are distributed across their network, they can let CDNs know how much traffic to expect from each IP address or IP prefix. A company NAT might deliver hundreds of users while a domestic residence should only provide a handful.
If it were universally adopted and maintained, this simple approach would mean that CDNs could make better-informed and more-nuanced decisions. And that means fewer CAPTCHAs and less rate limiting.
Of course, some users put their traffic through consumer VPNs and similar services, like iCloud Private Relay. These users probably won’t see these benefits. These services are designed to hide the originating IP address. They blend many users’ traffic behind a few IP addresses, undoing the benefit of the data sharing.
The Plan
The standard has not yet been published as an RFC, the final stage of development. But draft-ietf-opsawg-prefix-lengths, the document the format was agreed in, is ready for deployment. The RFC Editor will publish it soon.
The first step of deployment is to update the RIR and NIR databases with a new attribute – a line in the record – allowing the network operators to link to their data file. Then, the network operators can start publishing this data. Finally, the CDNs can start using the data, improving everyone’s experience.
The RIPE NCC is one of the five RIRs and the software it develops for the RIPE Database is also used by AFRINIC and APNIC. That means that one small change can deliver support in two-thirds of the RIRs. Fortunately, they have already committed to adding support.
The new attribute will be called “prefixlen:”. Networks will be able to use it to publish the HTTPS URL of their data file. This attribute will be returned by default when people query the database and will be available in bulk data downloads.
Network operators will publish a simple Comma Separated Values file. It only has three pieces of information about parts of a network:
There are only three columns, which means just two commas per line. For a very small network with just one IPv4 and one IPv6 prefix, only two lines might be needed. For larger networks with many allocations and a variety of customer and product types, there could be many lines.
Two lines from an example Prefix Length file, with annotations
Small networks could probably handwrite the file and publish it anywhere that’s easy for them to change it. It doesn’t have to be on their corporate website. They could publish it on GitHub or a similar site that is highly available and free or inexpensive to use.
It is 2025 and security is a concern. So, while this format does not require a digital signature, it is supported. The digital signature would be tied back to the RPKI certificate for the network’s IP addresses.
Signed data is more trustworthy. But it requires extra steps from publishers and the CDNs who would process the data. So signing is optional. Nonetheless, it is likely to become increasingly important as the internet becomes more important and threats increase.
While the simple format means that this file could be compiled and published by a human, that leaves a door open to typing errors and delayed publication. This is exactly the sort of feature that could be automated by an IP Address Management system. We are likely to see them add support for Prefix Length files soon.
Prices slightly eased in June, continuing to reflect strong supply. Average price per address for /16 blocks fell below $20 for the first time since 2019, when prices had been steadily rising since we started publishing data in 2015. The fall in prices isn’t due to lack of demand but seems to be caused by a large supply of addresses available for sale.
The initial IPv6 specification was published at the end of 1995. As we approach its 30th anniversary, it’s worth looking at how much it differs from IPv4 in both design and implementation. For network operators considering adding IPv6, the question is, “Is there too little difference to bother and if so, why change?” Or, alternatively, “Is there too great a technical difference and so a change is too daunting?”
When internet engineers realized that IPv4 would run out, they slowed the runout process by developing technologies to use it more efficiently. One of these technologies was Classless Inter-Domain Routing (CIDR) pronounced “cider”. This standardized the idea of different size networks in routing, so the number of addresses on any network segment could vary.
A CIDR chart showing a wide range of IPv4 network prefixes.
For instance, a company that gets 512 IPv4 addresses, a /23, might cut the block up into lots of small networks. Some could be just eight addresses, while one could be a /24, or 256 addresses.
512 IPv4 addresses are cut up for two LANS. 128 addresses remain unused.
Internet networks are staffed around the clock, just like electricity or telephone networks. Nothing happens on an ideal night. But managers don’t want technicians doing mental arithmetic to work out which addresses are in a particular prefix when a problem needs to be fixed. Variable size networks require this. That can confuse the people on the night shift. Of course, there are tools to help people, but that doesn’t mean people won’t make mistakes.
ipcount is a command line tool for working out where variable length IP prefixes start and end.
IPv6 doesn’t have this problem. All IPv6 subnets – the addresses used on a LAN – have the same size. They are always a /64 – about 18 quintillion addresses. The exception to this is the links for connecting routing devices. These just have two addresses, a /127.
Orange shows the network portion of the address, yellow shows the host portion. Green shows the full address.
This doesn’t mean anyone gets only a /64. In fact, access providers are encouraged to make sure that all subscribers get multiple /64s. It is common for residential users to get 256 /64 subnets – a /56. Business users normally get 65,536 /64s – a /48.
Users don’t worry about configuring addresses on devices. We can move from place to place and get an IP address automatically.
Dynamic address configuration is the ability for a device to join a network and get an IP address automatically. The alternative would be a manual address assignment and manual configuration. It is done one way in IPv4: DHCP. This is a protocol for soliciting and getting an IPv4 address for a defined period of time. When the address is configured, it comes with other information, like where to get the current time and where to send DNS queries. DNS is the protocol for turning a name like ipv4.global into an address, like 23.185.0.4.
IPv6 has two mechanisms for address configuration. SLAAC is Stateless Address Auto-configuration. It doesn’t require network infrastructure beyond the router, which makes it ideal for unmanaged networks. The connecting device just needs to learn the network prefix, which will always be a /64. It can then create an address using information it knows about itself, like the hardware number for its network interface.
But DHCP has been adapted for IPv6 as DHCPv6. It does the same sort of thing as IPv4’s DHCP but is not universally supported. For instance, Android and ChromeOS still don’t support DHCPv6. They are outliers but used so widely that network administrators must design around them.
Privacy was not considered important when people first started using networked computers because most of the use was for professional purposes. But the dramatic reduction in the cost of computing means that most people in the world now have some form of internet access and tracking them is relatively cheap. A determined and competent observer will almost always be able to track internet users. But privacy focused internet engineers have worked on ways to make that tracking harder in IPv6.
IPv6 addresses have two parts. The network part changes when a device moves networks, say from a home to a cafe. But the host part was originally defined as the hardware address of the network interface. That made tracking a user very easy because hardware addresses only change when the hardware changes, so most operating systems now generate a new random host part at least once a day.
IPv4 doesn’t have this freedom. There are very few addresses and treating addresses as single use expendable is impossible. But the widespread deployment of Network Address Translation (NAT) and Carrier Grade NAT (CGNAT) means that most users don’t get a globally unique address anyway.
Most IPv4 users get private IPv4 addresses, which are only unique on that network. All the devices on that network share a globally unique IPv4 address. Sometimes, that address is not unique but behind another translator: the CGNAT.
These technologies end up mixing lots of users’ traffic through a single unique address. Anyone tracking them needs to use some other identifier. Often, this will be a web cookie.
None of these technologies can provide perfect privacy. It is probably impossible to use the internet without leaving traces that a determined adversary can find and analyze. But these technologies all smudge or blur the link between network identity and personal identity. In combination with other technologies that can be controlled by device owners, they give people more control over their own privacy.
William Gibson has noted that the future is “just not evenly distributed yet.” The same can be said about IPv6. While IPv4 is ubiquitous where there is internet access, IPv6 deployment varies widely. Google and the Internet Society see India with almost 75 percent adoption, the US at 50 percent, and several African countries with under one percent adoption.
The truth is that no matter where you are in the world, deploying a new network requires some IPv4 address space.
.
IPv4 is still the dominant version of the Internet Protocol, 30 years after the initial IPv6 standard was published. Is IPv4’s resilience based on a performance benefit? Are the paths taken by IPv6 longer or shorter than IPv4? Is there more latency on IPv6 connections? Is deploying IPv6 going to give a performance advantage to users or the businesses that serve them?
Data is sent over the network in packets. The packets are like a postal letter and the packet headers are like the envelope. They provide information about the sender, the recipient, and some other important details.
Envelope showing sender, destination, and processing franks
IPv6 addresses are longer than IPv4 addresses: 128-bits versus 32-bits. But IPv6 packet headers are simpler and that means less processing by the network infrastructure.
IPv4 and IPv6 packet headers, by Mro, CC BY-SA 3.0
The IPv4 packet header varies in length from 20 to 60 bytes. The IPv6 header is always 40 bytes. The fixed length reduces the computation load for network components. But IPv4 packet headers can be smaller.
Because most network devices are specialized for handling IP packets, there is very little difference between IPv4 and IPv6 packet performance. Where there is a difference, it can depend on the nature of the traffic going over a network.
Geoff Huston, APNIC’s Chief Scientist, has been measuring the internet for over 20 years. One of the measurements he’s been taking is the average AS path length. An AS, or Autonomous System, is a network managing its own internet access. In general, that means networks that connect to two or more other networks, rather than relying on a single network for internet access. An AS path is the route data takes when it goes from source to destination. It’s a bit like flying from Hawaii to Frankfurt and passing through Los Angeles and New York.
On average, an IPv6 packet passes through just over 4.8 ASs, while an IPv4 packet passes through just over 5.2. These numbers are very similar and the differences are so small as to have very little impact.
The AS path length is sometimes referred to as the diameter of the internet. It has remained remarkably stable for about 20 years.
AS path length could have an impact on reliability but if everything is working, people care about latency. That is the time it takes for data to get from its source to its destination.
The IPv6 Matrix project has been measuring this with ping data for 14 years. They have been measuring the difference between IPv4 and IPv6. Their chart shows a significant difference in 2011 and 2012 but that has narrowed. Since 2017, there has been very little difference – although these longitudinal measurements are made from five, relatively rich, western-hemisphere countries.
They also have a data table showing measurements for 46 countries. This shows an average IPv6 ping time of 90ms and an average IPv4 ping time of 140ms.
While that difference is proportionally significant, does it mean that IPv4 performance is inferior? No. If real world experience were so much worse with IPv4, organizations would have sped up their IPv6 adoption programs.
We can be relatively sure that IPv4 performance isn’t actually worse than IPv6 because almost half of the world’ biggest websites aren’t available over IPv6.
In October 2023, the Internet Society noted that almost half of the top 1,000 websites were available over IPv6. In March 2025, W3Techs, a web survey company, measured 56 percent, using a similar methodology. That’s relatively little growth in 18 months.
This could tell us that the operators of almost half of the top 1,000 websites don’t think they need IPv6. Or it could tell us that adding it can be hard in some cases and it won’t happen quickly because there isn’t a huge performance advantage.
A consequence is that anyone building a new network needs some IPv4 addresses as well as IPv6 addresses. But the IPv4 free pool has been exhausted for years.
IPv4.Global operates the world’s most transparent IPv4 marketplace. We’ve brokered transactions that transferred over 72 million addresses. We can help you find the addresses you need.
Policies are designed to achieve goals. Both IPv4 and IPv6 share four common policy goals. They are designed to ensure that internet users have IP addresses, can use them, and network operators can coordinate with each other when there are technical problems. The four common goals are:
But IPv6 has an extra goal and a decider. It’s worth looking at them to understand the different challenges these two versions of the Internet Protocol bring to organizations and the engineers running networks.
Those common goals were formulated for IPv4. And IPv4 – a 32-bit address space – is pretty small. It has just 4.3 billion addresses, fewer than one for each person on Earth.
IPv6 is much bigger. It has a 128-bit address space, giving 340 undecillion addresses. People struggle to understand such a number, much less the concept of addresses available in that quantity. But those extra addresses bring problems as well as solutions, so the policy goals need to be expanded.
A new goal is minimized overhead, which means fewer requests for more addresses. But aggregation is held out as particularly important in IPv6 policy because of the potential impact on routing.
Networks share information about how to get from one place on the internet to another. They use the Border Gateway Protocol, or BGP, to share these internet routes. Networks share their view of the addresses they know about and routes available to get to them. In early 2025 there are about 220,000 IPv6 routes on the internet and just over 1 million IPv4 routes.
On the internet, a route is the path taken between two networks. Networks announce the blocks of IP addresses they have to the networks they directly connect with. Those announcements are passed on the other networks. But a block of IP addresses can be announced as a whole – the aggregate – or broken up into pieces, called “more specifics.” About half of all BGP announcements are more specific announcements. This is often done to get traffic to take particular routes and is called traffic engineering.
But IPv6 is vastly larger than IPv4. That means disaggregation – announcing a block of IP addresses in multiple parts – could lead to a much larger number of routes. And every route adds cost to other networks.
As networks change their connections to each other, connected networks must recalculate their view of the internet. Some will lose access to a network prefix, others will see it through a different network connection. More routes means more recalculations. If the number grows faster, the replacement cycle for network equipment has to speed up to use faster processors. And that can make internet access more expensive for everyone.
So, encouraging the allocation of fewer, larger blocks of IPv6 address space is advantageous in reducing the number of internet routes. This keeps costs down.
This goal is marked out as being particularly important in all five RIRs’ policy documents.
Internet engineers realized that IPv4 address space was running out in 1992. By 1996, the expectation was that the registry would allocate a block of addresses that would be half used in a year. You could come back for more when you had just a fifth left. But IPv6 is different. There’s no shortage of addresses, so there is a policy goal of reducing the number of times a network operator will need to return to the pool.
Each time an organization needs more addresses they must prepare an application, which must be reviewed by the registry. The RIR must take a decision on whether to allocate addresses, and if so, how many. That’s a burden on everyone and pushes up costs.
IPv4 policies had a “slow start” built in to avoid the risk of allocating a large block of addresses that would never be used. That risk does not exist in IPv6. Despite about half of all internet traffic using IPv6 and some huge allocations, less than two percent of the IPv6 space has been allocated. So, the RIR communities – engineers, regulators, and business representatives – decided against a slow start mechanism for IPv6 allocations.
A single policy choice can support both these goals.
That choice was a generous initial allocation. It is large enough to meet most organizations’ foreseeable needs. That means no complex assessment of the organization’s network plans.
It also means that organizations will always be able to announce a single block of addresses, instead of a collection of different blocks. They might cut up their block sometimes. But if the need for that goes away, it can be put back together again.
The RIRs make generous minimum allocations. They all allocate at least a /32 without assessing the requestor’s needs. The RIPE NCC allocates up to a /29 on request. A /32 is enough for up to 2 million residential customers and a /29 is eight times larger.
What’s more, they all allocate much larger blocks when a need is demonstrated. For instance, ARIN has allocated a /16 to a large finance company. That’s 65,536 times larger than the minimum. And more than 50 organizations have got /24s, that’s 256 times the minimum.
Whether you run IPv6 or IPv4, you’ll need to manage your addresses. ReView is a free tool from IPv4.Global working with 6connect that can do just that. It can help you inventory your addresses, so you can be sure you are in control of your assets.
If you need IPv4 addresses, you’ll probably need to go to the market. IPv4.Global’s auction platform is the most transparent marketplace available. We can help you find the addresses you need, and we can connect you with experts who can make your addresses meet your business needs.
Each device or service on any network is useful only when it can exchange data with others on the same network. The processes that occur locally, on a specific device, are important. But networks exist in order to convey requests from one place to another and receive responses in return. Much like the telephone system.
The internet’s phone system has rules, of course, that describe the ways in which devices locate and communicate with one another. The systems that have been developed are known as Internet Protocols or IP. IP is responsible for addressing and routing packets between computers on a network. It is the foundation of internet communication, allowing networks worldwide to interconnect regardless of their underlying hardware.
There are about four billion IPv4 (Internet Protocol version 4) address and many, many times more IPv6 addresses (about 340 undecillion). These are either numeric (like 192.168.1.1) or alpha-numeric combinations of numbers and letters (2001:db8:85a3:8d3:1319:8a2e:370:7348). Given the many websites, services, etc. on the internet it is unreasonable for everyday people to recall numbers of this sort. Imagine trying to remember the phone numbers of everyone in your contacts list instead of only their names. Pretty difficult. The internet presents the same challenge.
When you connect to websites, your computer doesn’t actually understand names like “google.com” or “facebook.com.” Behind the scenes, devices locate one another and exchange data using IP addresses. These work like digital phone numbers.
But just as we prefer to use names instead of memorizing phone numbers, we find it much easier to remember “amazon.com” than “176.32.103.205.” That’s where DNS comes in.
DNS stands for Domain Name System. Think of it as the internet’s phonebook or translator – it uses the human-friendly website names we type into a browser to convert those names to the numerical IP addresses computers need to communicate with each other. Without DNS, you’d need to memorize strings of numbers to visit any website.
The DNS system has two main components that work together to make your internet experience seamless:
A DNS resolver is like a helpful librarian or detective. When you type a website address into your browser, your computer asks a resolver, “Do you know where to find amazon.com?” The resolver’s job is to find the answer for you.
Your internet service provider (like Comcast or AT&T) typically provides a DNS resolver, though you can also choose to use others like Google’s (8.8.8.8) or Cloudflare’s (1.1.1.1).
Resolvers work in two main ways:
Resolvers also save time by remembering recent lookups. If you visited Twitter an hour ago, your resolver remembers its IP address and doesn’t need to search again when you return.
While resolvers do the searching, DNS authorities (or authoritative nameservers) are the keepers of the official records. If DNS resolvers are detectives, authorities are like government record offices – they maintain the official, definitive information about an address.
For any domain, there’s at least one authoritative server that has the official answer about what IP address that domain should point to. These authorities store their information in “zone files” that contain different types of records:
When you buy a domain name and want to point it to your website, you’re actually updating these records on your domain’s authoritative nameserver.
When you type “www.example.com” into your browser, here’s what happens behind the scenes (usually within milliseconds):
Since the mid-1990s, network experts have recognized the importance of keeping DNS resolvers separate from authoritative servers. Initially, this was about network resilience – if an authoritative server gets attacked, resolvers can still function for other domains.
Today, there are two additional critical reasons:
Many organizations maintain two different DNS views:
This is similar to having a private contact list for family and a public one for business. Your company printer doesn’t need to be accessible to the whole internet.
This approach also helps with mobile devices like laptops. Your IT team might use descriptive internal names that help with troubleshooting, while keeping those details hidden from the outside world.
While standard DNS converts names to IP addresses, reverse DNS does the opposite – it finds the domain name associated with an IP address.
Think of it like caller ID. When you get a call, your phone doesn’t just show the number – it displays the name of who’s calling (assuming the identity isn’t blocked). Similarly, reverse DNS helps identify who’s behind an IP address.
This works through special records called PTR (Pointer) records. For the IPv4 address 192.0.2.1, a reverse lookup would search for 1.2.0.192.in-addr.arpa in the DNS system.
Reverse DNS is particularly important for email. When you receive an email, your mail server often checks if the sending server’s IP address properly matches its claimed domain name. If not, the email might be marked as spam. It’s like verifying that a caller is really who they claim to be.
Many legitimate email servers won’t even accept messages from servers without proper reverse DNS setup – it’s that important for preventing spam and phishing!
With a growing demand for IPv4 addresses in the hosting industry, providers face challenges obtaining the IP resources they need to scale their services and remain competitive without investing significant capital in purchasing IP addresses. IPv4 leasing provides a suitable alternative for these companies to acquire more addresses to support their private, shared, or virtualized hosting services.
Unlike the upfront investments required for IPv4 purchases, IP address leasing is often more cost-effective and flexible. It allows hosting providers to expand their operations efficiently while avoiding the complexities associated with IPv4 ownership, such as additional network management overhead and regulatory compliance obligations.
Identifying strategic ways to lease IP addresses can help optimize business operations.
The global scarcity of IPv4 addresses increases the competition for these resources while driving up the costs of purchasing them. However, leasing IPs allows hosting companies to expand their services without heavy capital investments.
For instance, the average IP address price in 2024 was in the low-to-mid $30s, suggesting the estimated cost of acquiring 100,000 addresses would be at least $3 million. However, leases typically cost less than $5 per address per year, meaning a hosting provider could save more by leasing IPv4 addresses than purchasing them upfront.
Besides being a cost-effective alternative to purchasing IPv4 addresses, leasing makes it easier for hosting providers to navigate IPv4 market uncertainty while remaining financially flexible. Hosting providers can test new service improvements or expand into different markets without locking their capital into a single IPv4 purchase transaction.
Leasing simplifies budgeting and reduces financial strain on these companies, especially when they need additional IPv4 addresses urgently.
By leasing IPv4 addresses, hosting providers can lower costs while optimizing their operational efficiency for long-term growth.
IPv4 leasing reduces hosting providers’ upfront capital expenditure, freeing up resources for infrastructure improvements. To stay ahead of the competition, these companies need to invest in critical hardware, software, and network system upgrades or repairs. For instance, a hosting provider looking to expand its data centers can allocate smaller portions of its budget to IPv4 addresses while maximizing the budget available for hiring and training staff at these centers.
As IPv4 market prices fluctuate, hosting providers can shield themselves from long-term financial risks by leasing these addresses based on their anticipated needs. When hosting companies scale their business operations, they can incrementally lease small batches of IP addresses instead of making large investments.
Leasing IP addresses also helps hosting providers to scale on demand, as they can sign leases for IPv4 resources as needed. Instead of purchasing large IP blocks that may go unused, companies can lease IPs in smaller quantities that align with their current business operations, reducing unnecessary expenses.
The scalability benefits of IPv4 leasing make it attractive to companies that offer VPS, cloud hosting, and dedicated server solutions, whose demand varies based on customer-specific needs. In these instances, leasing enables these hosting providers to avoid over-committing to customers if they have limited IP resources or infrastructure bandwidth to satisfy those obligations.
When hosting providers lease IP addresses from a reputable company, they have increased confidence that these addresses are clean, vetted, and high-quality, reducing blocklisting risks. Partnering with a reputable IP leasing provider can help hosting companies access IP addresses with a strong reputation, avoiding network security issues that can compromise the availability of hosting services to customers.
While IPv4 leasing is beneficial to hosting providers, they need to know which best practices can streamline the entire leasing process.
Hosting providers can maximize the benefits of IP leases by choosing the right leasing provider. It’s important to exercise due diligence and evaluate the reputatins of the IPs the provider has previously leased out, confirming they are free from potential misuse.
The terms of a lease arrangement should also align with a hosting provider’s needs to avoid unexpected conflicts. For example, it’s essential to check whether a leasing provider offers flexible lease terms, bulk leasing options, and the ability to scale up or down as required without being locked into rigid contracts.
Likewise, hosting companies need to evaluate the level of support they will receive from leasing providers. Specifically, add-on services like IP integration, troubleshooting, or automation can streamline the leasing process and maximize IPv4 utilization throughout the lease term.
Integrating leased IPs into various types of hosting infrastructure, including VPS, dedicated servers, or cloud environments, requires careful planning and strategic allocation. In most instances, tracking IP usage at these servers can help optimize IP address assignment and allocation to prevent conflicts and maximize utilization. Failure to do so can result in imbalanced resource distribution across high-traffic vs. low-traffic servers.
Beyond tracking IPv4 usage, automating leased IP integration into existing networks can reduce human errors that may result in IP conflicts. From an IT or network administration standpoint, automated IP management streamlines network management processes for hosting providers and helps their IT teams work more efficiently to support customers’ needs.
Hosting providers can strategically manage their leased IPv4 addresses by:
Hosting companies can decide whether to lease or buy IPv4 addresses based on three key considerations:
Completing an IPv4 purchase requires a significant upfront capital investment, depending on how many IP addresses a hosting provider acquires. Besides the cost of the IP addresses, IPv4 purchases include additional legal and transfer fees. Once the addresses are purchased, companies must invest in managing the IP resources and the networks to which they are deployed.
On the other hand, leasing allows hosting companies to scale up/down as needed without being locked into a purchase—making it a more cost-effective, financially flexible option for acquiring IPv4 addresses.
Unlike one-time IPv4 purchases that can be financially risky in a volatile market, leasing can minimize risk, especially when a hosting company has limited operating capital. Most leasing agreements include support for managing the leased IPs, reducing the additional overhead burden on the hosting companies. Combined, these factors make IPv4 leases more ideal than purchases.
Based on market trends, IPv4 leasing is a smart long-term strategy for companies like hosting providers that deal with fluctuating customer demand. These companies can partner with an IP leasing broker to anticipate peak demand and strategize when to start the leasing process to acquire additional IP addresses to meet that demand.
However, it’s essential for hosting providers to understand IPv4 market shifts and how they impact leasing decisions. That’s where the expert advice of an IPv4 marketplace expert like IPv4.Global can help guide future leasing decisions.
Despite the industry-wide transition to IPv6, IPv4 is still essential to hosting providers. Many businesses still rely on their legacy IPv4 network infrastructure, suggesting its continued relevance in the foreseeable future. Leasing IPv4 addresses allows hosting providers to expand their offerings to meet customers’ diverse hosting needs while maintaining operational efficiency and financial flexibility.
As the demand for IPv4 addresses continues to grow amidst global scarcity, leasing will remain a go-to strategy for hosting companies looking to scale their services.
By partnering with a trusted leasing provider like IPv4.Global, these companies can secure the IP resources they need as customers’ demands shift and market prices fluctuate. IPv4.Global’s team of experts also offers guidance on best practices for IP management, enabling hosting providers to remain competitive and achieve their long-term business goals.
IBM’s PC, introduced in 1981, weighed 30 lbs. Plus the weight of the monitor. Network administrators and users were happy with statically configured IP addresses as moving equipment was hard work. So, one machine, one IP address that did not change: static.
The devices in our pockets are now far more powerful and travel along with us. In the cloud, virtual machines are spun up and down as needed. And, of course, these virtual devices all need to get addresses to use the networks to which they connect. This is where the Dynamic Host Configuration Protocol (DHCP) comes in. It delivers addresses on demand – and more.
DHCP (Dynamic Host Configuration Protocol) is a network management protocol used to automatically assign IP addresses and other configuration parameters to devices on a network. DHCP eliminates the need for manual IP configuration and more.
In a static IP environment, the device announces itself with its IP address. When a machine is dynamically configured, the device requests an IPv4 address from the network and as long as it has enough addresses available, the machine is provided one along with the other information it needs. And the network and device both do this without users having to know how to configure their devices. No manual user intervention required.
Routers, the devices that connect different parts of the network, often handle DHCP locally. But many organizations want to manage DHCP centrally. The router relays the request to the central server and gets authorization to assign an address from the correct pool. As with other protocols developed in the early days of the internet, DHCP assumed that users and network operators are trustworthy. We now have extensive best practices for security DHCP and associated services.
In most cases, the core configuration details will include:
IPv4 addresses are assigned for a fixed period, known as a lease. Leases must be renewed when they expire or the address goes back into the pool when the user disconnects from it. This is why airports generally have very short lease periods of 15 to 30 minutes. In contrast, an office might use a lease period of two days or more.
When DHCP servers run out of IP addresses, new devices cannot use the network. That’s why DHCP servers provide statistics to IPAM systems, like ProVision. An IPAM can alert an administrator when address pools, like the one used for DHCP cross a usage threshold. For instance, if usage grows to more than 80 percent, it might be time to increase the size of the pool. IPAMs can also show you trends, so you know if you’re seeing a temporary spike or sustained growth. Admins can then make an informed management decision as to how to best manage a network.
The DNS resolver information is important as most internet services are known by names. For instance, IPv4.Global is the DNS name (universal resource locator) for this website and it lives at the IP address 23.185.0.4. The resolver converts a name, into an IP address (23.185.0.4). If this alpha numeric URL weren’t provided, most users wouldn’t be able to use the network as they’d be unliikely to recall the IP address. DNS translates one into the other.
Many networks have private names for things like printers, which they don’t want accessed from the internet. This can be achieved by serving a private view of DNS names inside the network. These names are not available to internet users. This kind of configuration is often called split horizon DNS.
An internal DNS resolver can be an important service for many businesses. Those that don’t have private services and don’t want to run a DNS resolver often provide the address of a public open DNS resolver.
The time server is also important. Computers are surprisingly bad at keeping time. They need to regularly get the time from an accurate clock on the network. This isn’t just for the convenience of having the time on your screen. It is part of protecting users against attacks where a message is intercepted and repeated by a man-in-the-middle. This is a kind of attack where a malicious observer intercepts communications between two parties and can then impersonate one of them.
For a network on a growing business, it is worth checking IP address usage with an IPAM tool like ProVision. It can help identify areas that have more addresses than they need, and the areas that could run out soon.
Strong supply in /16 and larger blocks has continued downward pressure on prices for those blocks. Some of those sellers have split their blocks into smaller pieces, which has caused medium block prices to slide a bit.
Years ago, an organization’s infrastructure could run off a laptop without anyone noticing. Complexity and risk intruded on such simplicity. In addition, the crucial role of computing in business made technical operations not only important but vital. So, reliability and security became obvious business concerns for any growing organization. Plus, some businesses now face fines and regulatory action for downtime. So resilient data infrastructure is critically important.
That resilience can be implemented in multiple ways. Instead of just one machine running all aspects of the data warehouse service, a cluster might be used. And because administrators need to perform maintenance on clusters, multiple clusters might be required to ensure 24/7 availability. Those clusters must be managed and connected.
A whole service often must be replicated on different sites. This is important if an organization operates over large distances. It is also an important part of managing risk and making data infrastructure resilient.
An organization’s needs will dictate the data warehouse design selected. Fast internet access and distributed workforces mean that many organizations are deploying data warehouses in the cloud. But others choose to keep some or all of their data warehouse needs on-premise.
Data warehouses are more than just a database. They are a centralized set of systems used for reporting and analyzing data. They are key to business intelligence systems. They store current and historical data in ways that are optimized for analysis by managers.
Getting data from various sources into a data warehouse often involves a process known as Extract, Transform, and Load (ETL). Broadly speaking, it is used to get and clean data from a variety of sources, often in multiple formats, and include it in a database. For instance, medical data might be summarized by location, day or week, and age, among other factors.
Data Warehouse and Data Mart overview by MarsJson published under CC BY-SA 4.0
That raw data is stored in what is often known as a data lake. This is the data that feeds into ETL and then ends up in data marts, where users access it. The raw data can be in almost any format: for instance, CSV, JSON, XML, or raw binary data.
There can be multiple data lakes feeding the ETL processes. For instance, a retail operation might analyze data supplied by financial partners, warehousing and logistics partners, and store-in-store retail partners, as well as owned retail locations.
The processed data is presented to consumers or other uses in data marts. They are generally focused on a specific area of analysis. Often, each department will own and manage its own data mart.
Because they are so much more than just a simple database, they need more resources. Typically, they are deployed on clusters of machines – often virtual machines. Often, there will be an active cluster and a backup cluster.
Clusters can replicate elements of service to provide resilience if one fails or is removed from service for maintenance. And clusters need to be connected together and to each other, which means assigning IP addresses to the network infrastructure as well as the VMs. Oracle’s smallest cluster design requires 17 IPv4 addresses. That means using a /27 – a block of 32 IPv4 addresses. They also present designs for backup subnets. The largest design they can support uses a /16 – 65,536 IPv4 addresses.
Cloud providers offer their services in different regions. You can use two or more regions to add resilience to your data warehouse service. Resilient multi-region architectures are possible.
But not all the IP addresses need to be globally unique. Service addresses that provide access to data need to be globally unique. Often, these will be assigned to frontend systems like load balancers. The systems supporting the public frontend only need locally unique, private addresses.
You don’t have to go all-in for either cloud or for on-premises today. That includes data warehousing. Cloud can be cheaper while on-premises can give you more control and lower some risks.
A hybrid approach can be used to manage cost, availability, and risk in a way that aligns with your business needs. For instance, sensitive data can be kept on premises, or processed into less sensitive data. Cloud services can be used for other parts of your data warehouse.
Success depends on understanding what you need to get out of the data warehouse and the risks you must manage. A key part of that will be an understanding of the regulations that must be complied with, in particular any data sovereignty requirements that exist now and are being considered for the future.
Think Tank Europa worries that “the balance between competitiveness and sovereignty in tech could shift fast” because “Europe could make unprecedented moves to free itself from dependencies if they become choking.” Organizations with operations in the EU should consider this risk.
Knowing how to run on-premises services could be a useful skill to retain.
In today’s cloud-driven environment, IPv4 address management is often overlooked when discussing data security and regulatory compliance. However, managing the ownership and control of IP addresses is pivotal to achieving cloud data compliance.
IP ownership extends beyond technical and administrative management. As businesses increasingly lease IP blocks, expand into hybrid-cloud environments, or handle sensitive customer data, it’s critical for them to clearly define their path to fulfilling regulatory obligations across frameworks like GDPR and SOC 2. By leasing or owning IPv4 space, businesses can shift their risk profiles and regulatory posture, requiring proactive investment in IPv4 management to minimize the impact of security risks.
There are two important frameworks for security compliance. The Service Organization Control 2 (SOC 2) Trust Services Criteria is an auditing process that is intended to demonstrate the trustworthiness of those with control of sensitive data. It ws developed by the American Institute of Certified Public Accountants (AICPA). SOC 2 is based on the Trust Services Criteria (TSC), which includes security, availability, process integrity, and privacy. It is not a legal framework but is a certification that may providers seek to satisfy the privacy and security concerns of users.
The General Data Protection Regulation (GDPR) is the European Union’s data protection regulation protocol that is directed at protecting the privacy and security of personal information. The law establishes guidelines on how organizations can collect, store, and process personal information. It’s considered the strongest privacy and security law in the world. GDPR applies to any entity that processes personal information from or about individuals in the EU, even if the entity is not located in the EU.
Per the GDPR, an IP address is categorized as personal data, which means an IP address used to identify an individual directly or indirectly falls under GDPR protection. As such, IP address logging, storage, and processing must be handled with the same precautions as any other type of personally identifiable information (PII).
For instance, if a cloud service logs a user’s IP address during an active session, it must inform the users of the logging via transparent policies. Likewise, businesses need to define how long they retain IP logs and justify that retention under the GDPR’s purpose limitation principle.
When tracking IP addresses for reasons beyond basic service delivery, GDPR IP compliance requires businesses to obtain explicit user consent. Although anonymizing or hashing IP addresses can mitigate privacy and security risks, companies must exercise caution around IP address usage and consent to avoid non-compliance violations.
From an IP address personal data standpoint, whenever a cloud service provider stores, processes, or transfers an IP record, it becomes subject to GDPR’s consent, transparency, and data minimization standards.
In the context of IPv4 address management, the GDPR’s key principles include:
The GDPR also requires cloud providers to establish clearly defined data processing agreements (DPAs) with their customers and spell out exactly how IP address data is handled, stored, and transferred, including access logging, breach notifications, and recordkeeping obligations. [EU GDPR. Data Processing Agreement (DPA).]
Companies operating in the cloud can rely on cloud IP management tools to document their processes for controlling IP allocation and establish a clear audit trail to mitigate GDPR non-compliance risks. Effective GDPR IP compliance ultimately involves a combination of technical controls, such as IP management platforms, and legal safeguards like clear DPAs.
While the GDPR focuses on data privacy, SOC 2 aims to improve data security and operational integrity. Developed by the AICPA, SOC 2 evaluates whether service providers meet the five Trust Services Criteria:
When it comes to effective IP ownership and management, compliance with SOC 2 for cloud service providers entails:
Centralized IP tracking and management platforms make it easier to maintain accurate records, configure firewall rules, and demonstrate due diligence during SOC 2 audits. Passing a SOC 2 audit requires companies to show how they control system access and monitor interactions to ensure clean, well-managed IPv4 records.
Therefore, proper SOC 2 IP ownership isn’t just good hygiene—it’s essential to meeting the standard’s audit requirements and proving a company’s commitment to safeguarding data security, availability, integrity, confidentiality, and privacy.
As IPv4 leasing becomes popular, companies need to understand how leasing vs. owning IP address blocks can impact GDPR or SOC 2 compliance.
Although leasing IPv4 addresses offers flexibility and lower upfront costs, it can create unclear ownership boundaries. Compliance becomes challenging without defining responsibility for logging and monitoring activities or jurisdiction management for leased IPs that are deployed across regulatory boundaries. Similarly, companies that lease IPv4 addresses must know who handles incident response if an IP is linked to unauthorized activity.
In GDPR and SOC 2 contexts, a lack of clear IP ownership can result in audit failures, especially if there are impending privacy and security risks to sensitive data. Regulators expect businesses to demonstrate control over the personal data they collect from customers, and leased IPs can undermine this requirement if operational control is improperly documented.
From a GDPR compliance perspective, purchasing dedicated IPv4 blocks can help companies exercise better geographic IPv4 management by ensuring leased IPs stay within the EU. Owning IP addresses also enables businesses to simplify governance and audit trail management. Organizations operating in highly regulated industries or managing significant amounts of sensitive data are better off purchasing dedicated IP addresses to ensure maximum continuity and security and streamline compliance management.
Traditional spreadsheets or manual tracking systems no longer meet the demands of cloud-scale IP address management. These systems introduce risks such as missing or duplicate entries, poor audit traceability, and limited visibility into IP usage.
However, IP address management (IPAM) platforms support automation, logging, and access control, enabling businesses to automate allocation, track utilization, and enforce governance of IPv4 controls. These IPAM solutions can also integrate with cloud management infrastructure to simplify compliance with frameworks like GDPR and SOC 2.
Key features to look for in a cloud-friendly IPAM solution include:
To achieve year-round compliance, cloud companies need to optimize their IPv4 address management by:
IPv4 ownership and management are essential to meeting the data privacy and security obligations of frameworks like the EU GDPR and SOC 2. Proactive investment in IP visibility and control is necessary to implement a broader compliance strategy as it reduces the risk of GDPR fines and audit findings, supports faster, more confident cloud expansion, and builds customer trust by demonstrating security maturity.
Organizations that manage IP address ownership properly are better positioned to adapt to new standards, such as evolving EU data privacy laws or emerging U.S. privacy and security frameworks.
Here’s a short checklist to get started turning IPAM into a compliance checklist:
As the only transparent, public IPv4 marketplace that ensures buyers and sellers get the most value for their transactions, IPv4.Global’s team of experts can help you streamline your IP address management to achieve compliance with GDPR and SOC 2. Whether you’re looking to purchase these addresses for the long term or lease them temporarily, we can guide you on the path to fully compliant IPv4 management.
Contact us to learn more about managing IP address ownership for GDPR and SOC 2 compliance.
The internet’s rapid expansion has resulted in significant demand for IPv4 addresses worldwide. Although the global supply of these addresses is exhausted, many businesses still rely on IPv4 resources to expand their digital infrastructure, maintain continuity, or scale competitively. As these businesses slowly transition to newer IPv6 address blocks, IPv4 remains relevant, especially for organizations where some or all of the network infrastructure runs on the IPv4 protocol.
When acquiring IPv4 resources, businesses need to understand the buying process, starting with address valuation in the marketplace, transferring address ownership upon purchase, and ultimately integrating these addresses into existing networks. The IPv4 marketplace is competitive, and businesses with adequate knowledge for navigating these purchases can compete more effectively.
IPv4 address scarcity has contributed to market competition, pushing companies to actively seek out address blocks and purchase them as soon as they become available.
Although IPv6 is more widely adopted, the IPv4-to-IPv6 transition has been slow, forcing many companies to rely on IPv4 addresses to maintain their network uptime. Many legacy systems and applications also still require these address blocks, making it necessary for businesses to retain a sufficient IPv4 supply.
Most IT teams and network administrators are also familiar with IPv4 management since they have worked with these addresses for decades. Companies expanding internationally often require additional IPv4 addresses to establish network infrastructure in different regions.
The high demand for IPv4 addresses has driven up prices, making IPv4 acquisition a potential investment opportunity and boosting the appeal of owning these assets versus leasing them. As IPv4 addresses become more valuable, businesses increasingly explore efficient acquisition strategies to support their growth and expansion.
Here are the key steps to completing an IPv4 purchase:
Before deciding whether it’s the right time to acquire IPv4 addresses, businesses should assess specific requirements such as:
With the help of a trusted, reputable IPv4 broker, businesses can quickly and efficiently navigate the process of acquiring IP address blocks.
An IPv4 broker is essential for facilitating IP address transactions, ensuring regulatory compliance with regional internet registry (RIR) policies, and reducing the potential risks businesses typically encounter when purchasing IP assets. Additionally, an IP marketplace broker has access to verified sellers, reducing the potential for fraudulent address block acquisitions.
RIRs such as the American Registry for Internet Numbers (ARIN), Réseaux IP Européens Network Coordination Centre (RIPE NCC), and Asia-Pacific Network Coordination Centre (APNIC) oversee the distribution and management of IPv4 addresses in their respective regions. Businesses must familiarize themselves with the unique requirements outlined by the RIRs responsible for the areas in which they are conducting IPv4 transactions.
These regulations will likely vary across RIRs. For instance, ARIN requires businesses to document their justification for an IPv4 acquisition, whereas APNIC stipulates specific compatibility policies for intra- and inter-regional transfers.
As with any other financial transaction, companies looking to buy IPv4 addresses must provide certain documents to RIRs before finalizing the acquisition.
Depending on the RIR and the requested documentation, businesses will likely need to:
Brokers facilitate secure, compliant transactions, making them very valuable in any IPv4 purchase. For instance, a broker has the infrastructure and resources to identify IPv4 addresses for sale in a competitive market and can quickly verify the seller’s reputation and legitimacy. Upon identifying ideal address blocks, the broker can help navigate seller negotiations and compile the necessary documentation to complete the transaction.
Although some businesses handle IP address purchases themselves, they risk running into legal, compliance, and operational issues during or after the purchase.
Using broker services for IPv4 acquisitions offers several benefits:
When choosing a reputable IPv4 broker, organizations should look for one with significant industry experience and an understanding of the IP address market, which constantly evolves with unexpected shifts in address block supply and demand. Another key factor to evaluate is an IPv4 broker’s ongoing supply of available blocks, which is crucial if the broker is likely to become a long-term partner for navigating IP block transactions.
Factors that influence IP address pricing include:
IP address marketplaces determine IPv4 valuation based on the above factors. However, the fair market value can change with variations in economic conditions, adoption of IPv6 technology, or rapid network expansion in specific industries. For example, the demand for larger IPv4 address blocks increased in 2022, likely due to post-pandemic economic recovery, and that in turn drew more sellers into the market.
Buyers can find several online tools and strategies to estimate the cost of buying IPv4 addresses. However, these may not be up-to-date or factor in market-specific nuances. The only large transaction platform that reports on IPv4 transfers live, including prices is IPv4.Global. It’s prior sales reporting is live.
When buying IPv4 addresses, businesses must be aware of potential risks:
A great place to start is observing market trends, such as pricing, demand, and future outlook. When market conditions are favorable, investing in IPv4 addresses can provide a business that relies heavily on these resources with long-term value.
However, before completing these transactions, businesses should evaluate their long-term needs, balance sheets, and industry trends.
In some cases, leasing may be a better alternative than an upfront IPv4 purchase. Leasing offers short-term flexibility, which benefits fast-growing organizations whose network needs change quickly, especially during early expansion phases. On the other hand, buying IPv4 addresses provides more control to buyers who can monetize these blocks in the long term.
By understanding the buying process, working with reputable brokers, and staying informed about market conditions, businesses can secure the IPv4 addresses they need while minimizing operational risks and maximizing long-term value.
Our team of experts at IPv4.Global has significant experience facilitating IP address transactions, even in the most competitive markets. Whether you’re interested in learning more about valuing IPv4 addresses, navigating RIR compliance much faster, or finding suitable address blocks, our team can provide the guidance and IPv4 broker services you need.
Contact us to learn more about buying IPv4 addresses.
Networks can provide both IPv4 and IPv6 services over the same links. To do so, a network and devices need both an IPv4 and an IPv6 network stack. This is known as dual stack operations. But dual stack can never be a solution to IPv4 scarcity because, while it deploys IPv6, it requires IPv4. There are only 4.3 billion IPv4 addresses and over 8 billion people on Earth. IPv4 is a scarce resource, so internet engineers developed IPv6. IPv6 is very similar to IPv4 but vastly bigger.
Nonetheless, there are networks and services without IPv6 connections to the internet. And anyone providing internet access needs to provide access to these IPv4-only sites.
IPv6 Mostly gives your users both IPv4 and IPv6 access. It minimizes the amount of IPv4 address space you need, which is cost effective. And it provides a solid service in most situations. It is great for networks that cannot control the devices or applications used by users.
Until IPv6 is a default, some IPv4 is necessary. That’s why there are websites tracking major web services without IPv6.
IPv6 Mostly lets devices use IPv6 whenever possible. For web traffic, IPv6 is prioritized using a protocol called Happy Eyeballs. When it is not possible, there is a path that supports IPv4. But because IPv4 addresses are more expensive, they are only used when required.
There are two key features in an IPv6 Mostly network: NAT64 and 464XLAT. They are technologies for connecting devices on IPv6 networks with IPv4-only communication partners, like a website or a video conference connection.
NAT64 is used when a DNS name is IPv4-only. 464XLAT is used where there is no DNS name.
NAT64 is similar to the IPv4 NAT systems that we are all familiar with. The key difference is that IPv4 NAT just rewrites the address fields in the IPv4 packet header. On the way out it replaces the internal address with a gateway address, and on the way back it replaces the gateway address with the internal address.
NAT64 has to do more than that as IPv4 and IPv6 packet headers have different structures. For instance, IPv4 packets have a Packet ID field which numbers the packets. IPv6, in contrast, has an explicit flow label field. So NAT64 is really taking the data section of the IPv4 packet and putting it in a new IPv6 packet, instead of just adjusting the contents of fields in a packet header.
Simplified IPv4 data packet rewritten to simplified IPv6 data packet for NAT64
While an IPv4 NAT can do a one-to-one address mapping, that is never possible with NAT64. A single IPv6 subnet is 32-times larger than the whole IPv4 space. So, NAT64 devices must either use an algorithm to map IPv4 and IPv6 addresses, or must hold state in memory for active sessions. So, NAT64 is similar to IPv4 NAT’s Port Address Translation or NAT Overload.
NAT64 works with DNS64. When the DNS64 system is asked for the IP address of an IPv4-only service it responds with an IPv6 address. The IPv4 address of the destination is embedded in the IPv6 address. The NAT64 uses this encoding so that it knows how to write the IPv4 packet headers, inserting the correct IPv4 destination address.
NAT64 was standardized in 2011.
But as NAT64 relies on DNS it won’t work for services that embed IPv4 addresses in communications. These are typically peer-to-peer protocols that don’t rely on a client-server relationship. WebRTC, the protocol used for video conferencing, is one example of this. But IPv4-only and IPv6-only devices cannot be directly connected. They need an intermediary.
464XLAT is the tool that fills this gap. It has two parts: the customer side translator is called a CLAT and the provider side translator is called a PLAT. The CLAT often exists on a device, like a phone. macOS has one that is activated by default when two conditions are met. Not all popular devices have native support. Microsoft has committed to developing a CLAT for Windows – but it doesn’t have it yet.
But enterprise networking devices offer CLATs and popular open source router software, OpenWRT has had CLAT support since 2018.
There is a limitation. NAT64 works by creating a special DNS answer that offers an IPv6 address instead of the IPv4 address offered by the actual service. This works as long as the DNS record for the IPv4-only service is not signed with DNSSEC, or the client does not try to validate a DNSSEC signature.
DNSSEC is a technology that lets clients check the answer they get has not been changed by someone not authorized by the service owner. It does this by signing the answer with a digital certificate.
If the DNS record is signed with DNSSEC and the client tries to validate the answer from the DNS64, it will get an error. This is because the digital signature will be for the original answer and not the rewritten answer provided by the DNS.
A rewritten DNS answer that was signed with DNSSEC will fail validation checks
The Internet Society measures DNSSEC validation rate of just over one-third. DNSSEC is a theoretical problem in IPv6 Mostly but the low takeup means it’s unlikely to be a problem in most situations.
RIPE meetings are held twice a year. They bring about 800 people from all over the world to a conference center for a week and they have been running IPv6 Mostly for a while.
It’s a challenging environment. The meeting organizers don’t have control over the devices connected to the network. And the attendees are heavy users, often bringing multiple personal and work devices.
Despite these challenges, IPv6 Mostly has been pretty successful. The main issue seen at RIPE 89 in November 2024 was associated with VPNs. The VPN client tried to connect to an IPv4 address. This was achieved via the CLAT. But as soon as the connection was established, the client killed the IPv6 connection.
Anyone building a new network should consider IPv6 Mostly as a cost efficient approach to providing access to the whole internet. IPv6 is plentiful and inexpensive. For instance, ARIN’s lowest fee tier provides a /40 of IPv6 and up to three ASNs for under $300 a year. That includes their registration fees for a /24 – 256 IPv4 addresses. But its waiting list for IPv4 space takes almost two years – and they can’t guarantee how long it will take.
A faster approach to getting IPv4 is to lease or buy. If you are undecided about which approach to take, try this IPv4 Calculator.
IPv6 Mostly is not hard and can be done with free, open source or commercial tools. But getting help from someone who’s done it before lowers the pressure. We’ve brokered over 5,400 transactions, so we know how to make things go smoothly for everyone. And we can connect you with any technical expertise you need for your implementation.
The available supply of IPv4 addresses (that were not distributed to users) was exhausted over ten years ago. In anticipation of that exhaustion a new protocol was developed: IPv6. This version of the networking essential is formatted to provide nearly infinite supply and at no cost. No cost, that is, to acquire them. Implementation is another matter. Still, adoption of IPv6 has been slow, with the older format retaining about half the current levels of use, worldwide.
Markets for IPv4 addresses have been developed and large numbers of these addresses move from unused holders of them to new owners who are in need of them. About 40 million IPv4 addresses are bought and sold every year, plus many more change hands in transfers involved in mergers and acquisitions.
Because these assets are far from free, businesses and organizations that rely on IPv4 addresses use technologies to extend the usefulness of them. Carrier grade Network Address Translation (CG-NAT, CGN, or just NAT) is deployed to extend the utility of the IPv4 addresses they have. Of course, these technologies have their limits and costs.
Many organizations use private IPv4 addressing. This allows the same address to be used in multiple private (walled-off) environments. But even this isn’t adequate in very large networks. Mobile carriers, cloud providers, and worldwide user-base platforms like Facebook and LinkedIn have migrated to IPv6 internally because it provides flexibility, better performance, and cost savings.
Any organization when considering either an internal or external network (or both) that are growing should consider migrating to IPv6.
That said, the question revolving around nearly-complete IPv6 transition is a matter of when, not if. From this comes the next obvious question: how? Luckily, one doesn’t have to be a pioneer to succeed in this. Methods have been developed and there is a log of experience is process-design to help.
With a structured approach, the transition to IPv6 isn’t a herculean effort. The key is having a clear plan in place—ensuring long-term growth and compatibility as the internet landscape evolves.
A dual-stack IP model, or dual-stack networking, describes a network configuration both IPv4 and IPv6 protocols are supported. In a dual-stack environment, devices and servers simultaneously support both, allowing for communication among devices using either protocol.
For almost all networks contemplating use of IPv6, a dual-stack approach is likely. This allows for a gradual addition of IPv6 monitoring and use, allowing networks time to test and repair as the transition occurs. An entirely new network might contemplate an IPv6-only environment, but transitioning all at once introduces a lot of peril.
Note that IPv4 continues to function as designed. It is in wide demand and important for public-facing organizations that may have users relying solely on it. But there are circumstances where “currently adequate” isn’t ideal and may not be nearly enough.
For example, the cloud has moved use elsewhere for many companies. Those using managed service providers (MSPs) may only need a small block of external IPv4 addresses in any one facility. However, the key factor is their use of cloud resources.
Cloud providers, like Amazon and Azure, charge for leasing IPv4 addresses. Often by the hour and usually about half a cent per hour per address. For those with heavy cloud use, these costs can rise quickly and substantially. In fact, the burden of these costs has led to increased purchaser demand for IPv4 addresses as the outlay for acquiring them. But these costs are relatively high, either way.
The stopgap of private address space can also develop usability problems. This frequently happens when two entities merge, either through acquisition or some other device. When this occurs the private address space of each frequently overlap. Both companies discover they are using the same private address space, leading to address conflicts when integrating networks.
Network expansion is also a reason to consider IPv6. As networks grow organically, they often become difficult to manage. Inefficiencies develop. To support growth, it’s best to design an IPv6-based network from the ground up – one that is more streamlined, scalable and capable of accommodating growth plans.
Transitioning to IPv6 isn’t quick, but it’s also not as daunting as one might think. The key to successful addition of IPv6 to an existing network or moving to complete adoption in an IPv6-only environment is to follow a well-tested process:
IPv6 adoption has obvious cost benefits. It can drive business growth and improve performance. IPv6 is often a bit faster than IPv4 because some mobile networks optimize for it.
Organizations should understand their the long-term costs of growing while depending solely on IPv4. There is also the consideration of the technical requirements of maintaining an IPv4 network versus migrating to IPv6. The key is making a careful, informed decision. Develop a plan for transitioning now, preparing for the future, or optimizing an existing IPv4 strategy to meet business needs over time.
Amid ongoing IPv4 scarcity, the global demand for IP address space continues to grow rapidly, with the increased use of mobile devices, cloud computing, SaaS expansion, and the proliferation of Internet of Things (IoT) appliances. The exhaustion of available IPv4 space from Regional Internet Registries (RIRs) has created a highly competitive secondary market where prices fluctuate and purchases require significant capital investments.
However, many companies are unprepared to part with such capital, making IPv4 leasing a strategic, flexible alternative to purchasing blocks outright. Leasing IP blocks allows companies to gain reliable, scalable, and compliant access to address space without committing to hefty capital costs or lengthy acquisition timelines. Below, we’ll explore the core benefits of IPv4 leasing and how leased IPs help lessees expand their networks.
Upfront IPv4 purchases typically require significant capital.
Today, the average IPv4 price is between $20 and $30, suggesting that a company looking to acquire 10,000 addresses would need to part with at about $250,000 in upfront capital, depending on the desired block size. Such costs can be prohibitive for startups and mid-market companies trying to scale or expand globally.
IPv4 leasing avoids these high acquisition costs and allows businesses to pay only for what they need during a specific lease term. By lowering the financial commitment to acquire critical IPv4 resources, companies can redirect those funds to high-impact areas like R&D, customer acquisition, infrastructure optimization, and product development.
For instance, companies that offer cloud-based services can boost their cloud network security, while SaaS providers can refine the quality of the software they develop.
Owning IP space locks companies into fixed asset management, but leasing enables dynamic scaling in response to real-time infrastructure and business needs.
Leasing makes it easier for businesses to optimize IP space usage based on operational workload or customer demand, align IP provisioning with project timelines, and support temporary deployment instances, such as seasonal traffic surges or proof-of-concept releases.
By supporting dynamic usage, scalable IP leasing offers benefits to companies with varying operational needs:
Rather than being tied to static ownership, IP lessees can quickly and flexibly adapt as their infrastructure and operations evolve.
Buying IPv4 addresses and transferring ownership sometimes takes weeks because of processes like due diligence, legal documentation, RIR coordination, and proper routing. When businesses need to launch services or expand quickly, these delays can result in missed opportunities.
IPv4 leasing enables companies to access ready-to-use IP address blocks much faster, creating a significant advantage for startups, DevOps teams, or IT leaders who need to make quick decisions about new service or product deployments. With the help of a trusted IPv4 marketplace broker, businesses can access verified, clean IP blocks, reducing the risk and complexity involved in acquiring much-needed IPv4 space.
If an address block was previously used for spam or phishing activities and is currently blocklisted, email deliverability, search engine optimization (SEO), and firewall security can be compromised. Businesses need to work with trusted IP leasing providers, who can vet and maintain block hygiene by rigorously vetting and monitoring their blocks to ensure they remain clean and reputable at all times.
Such reputable IP leasing providers maintain relationships with major RIRs, monitor blacklists, and conduct due diligence on any blocks they acquire to ensure lessees can protect their network integrity, improve email deliverability, and minimize the need to repair compromised IPv4 reputations.
As cloud and network infrastructure become more globally distributed, leasing enables access to regional IP blocks, supporting CDN, geotargeting, and regulatory requirements. With localized routing, companies can deliver content faster to specific audiences, making geotargeted advertising easier to handle. These companies can also ensure data stays within national boundaries to comply with regulations like the European Union’s GDPR.
Through geographically diverse IP addresses, leasing allows companies to acquire space from multiple regions or RIRs without establishing separate legal entities or incurring international transfer costs. This is helpful for several applications:
Global IPv4 leasing helps businesses extend their presence in different markets while simplifying the strategy in multiple regions with varying customer needs or regulatory requirements. It also supports experimenting with new markets without over-committing resources.
For example, a cloud storage provider operating across Europe and North America may lease blocks tied to EU and U.S. jurisdictions to maintain clear data boundaries. Similarly, a video streaming service may lease IPs closer to its largest user bases to ensure faster content delivery and better customer experiences.
IPv6 adoption may be growing rapidly, but the world still relies heavily on IPv4. Full IPv6 compatibility is likely decades away because many legacy applications continue to run exclusively on IPv4 infrastructure. Global internet traffic remains predominantly IPv4-based, and many Internet Service Providers (ISPs), enterprises, and service providers have yet to fully implement IPv6.
During the IPv4-to-IPv6 transition, leasing offers a temporary but strategic solution, particularly if the leased IPs are used to implement dual-stack deployments. With dual-stack infrastructure, developers can maintain IPv4 and IPv6 compatibility across diverse systems and avoid infrastructure rewrites while improving IPv6 readiness.
Leased IPv4 addresses allow organizations to scale, test, and secure their services without committing to permanent IPv4 acquisitions. This flexibility is essential for hybrid environments, where some systems support IPv6 while others do not. Likewise, organizations looking to modernize their legacy system infrastructure can use temporary IPv4 solutions to maintain network performance and reliability without investing significant capital.
Ultimately, leasing supports a flexible transition, allowing organizations to evolve at their own pace while maintaining full-service availability across both protocol stacks.
The benefits of IPv4 leasing go beyond short-term convenience, as lessees can achieve the speed, scale, and control they need while remaining compliant with various regulations. For companies whose infrastructure and operational needs are constantly evolving, that may look like improved network security, optimized global service delivery, lower financial risk, and regulatory readiness for GDPR, SOC 2, and other frameworks.
Leasing is a forward-looking strategy that empowers businesses to stay agile, competitive, and scalable—especially in dynamic industries like SaaS, hosting, and telecom. Whether you’re a hosting provider serving millions of customers, a telecom expanding into new countries, or a SaaS startup scaling your platform globally, IP leasing offers the infrastructure to help you sustain rapid growth.
Therefore, organizations need to evaluate their current IP resource planning against leasing opportunities. For instance, it’s important to assess whether existing resources are agile enough to meet anticipated customer demand. Could leasing free up some capital and reduce the complexity of network management?
As data-driven enterprises scale across multi-cloud and hybrid-cloud environments, they need reliable, high-performance, and secure connectivity. Whether their platforms synchronize data across on-premises and public cloud systems or ensure uninterrupted access to large-scale cloud or multi-cloud systems, companies in the data infrastructure space require dedicated IPv4 addresses.
Data warehouses and cloud storage providers, such as Snowflake, MongoDB, and BigQuery, face challenges managing hybrid-cloud environments and enforcing security. Shared IP address pools and dynamic address assignments can introduce security, latency, and compliance risks that may impact service availability. However, IPv4 leasing and ownership help address these challenges by providing greater control over IP management.
Faced with global IPv4 exhaustion, market volatility, and complex hybrid-cloud deployments, it’s vital for these organizations to strategically secure and manage dedicated IPv4 addresses to sustain business growth and service quality.
IPv4 demand continues to grow in industries that rely heavily on data warehousing and cloud storage, mainly due to the business-critical need for near-universal and 24/7 service availability and compliance requirements.
Since IPv4 address pools available via Regional Internet Registries (RIRs) were exhausted years ago, companies must now obtain the IP addresses they need through secondary markets, such as direct purchases or leasing agreements. As such, cloud-native solutions are not enough to meet the global demand. Cloud providers must rethink how they allocate and manage IPv4 addresses to serve customers who require dedicated IP space for network connectivity.
IPv4 scarcity also means data infrastructure providers must navigate routing complexity when using private addresses that overlap with public ones. Using network address translation (NAT) to resolve the IPv4 shortage can increase latency and impact customers’ user experience, especially when processing larger volumes of data across multiple regions.
Leading data infrastructure platforms offer insights into how dedicated IPv4 strategies are implemented across hybrid environments:
Snowflake uses dedicated IP address blocks to ensure consistent network identity across geographic regions and supports private connectivity via AWS Private Link and Azure Private Link. These private connectivity features allow enterprise customers to route traffic over private infrastructure instead of the public internet, enhancing data privacy and application performance.
Dedicated IPs make it easier for organizations to configure granular access controls through IP allowlists and maintain zero-trust architectures, where network traffic is treated as untrusted by default.
MongoDB Atlas, the cloud-based version of the popular database, supports secure hybrid deployments across on-premises and public cloud environments. Here, dedicated IPs help establish secure peering relationships and direct network tunnels.
They reduce the risk of address overlap, streamline IP-based access rules, and simplify auditing and visibility into traffic flows across cloud environments. When data replication and backup are involved, such consistency maintains service uptime and data integrity across regions.
Google BigQuery handles vast datasets distributed across global regions, which requires compliance with privacy regulations like the European Union’s General Data Protection Regulation (GDPR). To ensure performance and regulatory alignment, BigQuery uses static IP assignments to enable consistent access and location-aware IP address management, regardless of customers’ geographic locations.
IPv4 costs and customer demand for data infrastructure are rising, posing a key question for data warehouse and cloud storage providers: should they lease IPv4 addresses for flexibility and speed or buy them outright for long-term control and cost stability?
Lower upfront costs make leasing ideal for startups or fast-growing cloud platforms that need to allocate capital elsewhere, such as investing in infrastructure development or expanding into new markets.
Additionally, on-demand scalability enables these companies to quickly respond to usage spikes or onboard new customers without committing to long-term IP address ownership. IPv4 leasing also reduces the administrative burden associated with RIR engagement, making IP acquisition quicker in fast-changing environments.
On the other hand, purchasing IPv4 addresses can provide greater value for mature organizations with predictable infrastructure needs. Owning the rights to IP address blocks means long-term control over resource planning without depending on lease renewals or being surprised by pricing fluctuations.
The upside to investing in IPv4 resources is that they are digital assets. In the future, these address blocks may have significant resale value due to appreciation.
Evaluating whether leasing or buying IPv4 addresses is the right fit for an organization is crucial. If data infrastructure is growing quickly, leasing may be the ideal option. However, if a provider operates in a highly regulated industry where security and compliance are critical, purchasing IPs for the long term is beneficial.
Some providers adopt a hybrid strategy, which involves purchasing specific quantities of IP address blocks for foundational infrastructure while using leased blocks to experiment with deployments in new geographies or support dynamic workloads like data migration.
When operating in hybrid environments, such as on-premises and in the cloud, reliable IP addresses enhance performance and security. Specifically, in cloud and hybrid-cloud deployments, dynamic assignments or reliance on NAT can introduce vulnerabilities and performance inconsistencies that put critical services at risk.
Dedicated IPv4 addresses streamline network security management by providing a consistent set of trackable endpoints across a network. This reduces the risk of IP blocklisting or reputation contamination while supporting high network and service availability. Predefined routing and failover paths improve performance and minimize redundancy, resulting in fewer IP conflicts.
Relying on dedicated IPv4 addresses is especially important when bridging on-prem to cloud integrations, such as using VPNs to link legacy data centers to cloud databases like Snowflake or BigQuery. Dedicated IPs provide greater control over security perimeters and network traffic flow in these environments.
They also facilitate data transfer optimization, allowing platform teams to define efficient, direct routes for large-scale replication while maintaining strict separation from public or untrusted networks.
Whether a business leases or owns IPv4 space, effective management is critical. IP conflicts, misallocations, and underutilization can lead to service disruptions, unnecessary expenses, and compliance violations.
Best practices for IPv4 resource management include:
Data infrastructure providers can use IPAM tools to allocate, track, and manage IP resources throughout their lifecycle. Modern IPAM platforms integrate with cloud APIs to enable automated provisioning during deployment and deprovisioning when resources are no longer needed. IPAM also supports subnet planning and role-based access controls, streamlining coordination between IT and security teams and preventing unauthorized modifications.
Conducting frequent audits helps confirm that IP allocations match actual usage and identifies unused or misconfigured addresses.
Audits ensure that dormant IPs are identified and reallocated to maximize the return on investment (ROI) with leasing or purchasing IPv4 address blocks. They also support compliance initiatives by providing documentation for regulatory frameworks. With routine audits, businesses can quickly detect services deployed outside of defined internal security policies.
Tools that flag abnormal behavior, such as unauthorized IP assignments, sudden traffic spikes, or attempted access to restricted zones, are essential in dynamic, multi-cloud infrastructure used for data storage. These systems should integrate with network firewalls and other security infrastructure to automate incident responses, enforce policy controls, and provide historical logs for audits or forensic analysis.
While today’s data infrastructure landscape involves automation, elasticity, and fast scalability, businesses still need to invest in dedicated IPv4 address strategies. Data infrastructure is becoming more security-driven, and the need for stable, predictable networks has increased.
Platforms like Snowflake, MongoDB, and BigQuery are examples of the role played by dedicated IPs in driving the connectivity, performance, and trust that customers expect from data warehouses and cloud providers. Whether through leasing or purchase, securing IPv4 resources remains a strategic advantage for companies that offer essential data services.
With the help of a reputable IPv4 broker like IPv4.Global, you can evaluate your current IP needs and explore leasing or purchasing options to support secure, scalable growth. Beyond brokering thousands of IPv4 transactions since 2014, our team of experts can advise on practical strategies for IP resource management, such as routine audits.
Most organizations need their data architecture to be demonstrably reliable. In other words, it doesn’t just need to work, it needs to be auditable, e.g. SOC2, HIPAA, FedRAMP. That could be an internal audit or one conducted by a specialist IT audit firm. The important thing is that the organization understands what is working well and where improvements are needed.
But the growth of cloud systems means that organizations cannot see or touch the equipment providing all or some of their data services.
Cloud data architectures can be both reliable and auditable. And they offer features that meet the needs of very demanding organizations. Features like Bring Your Own IP Addresses, can help organizations achieve the reliability and auditability requirements.
IDC has reported that between “50% and 70% of cloud buyers want the ability to control where their data resides and increasingly their digital infrastructure as well.”
Sometimes that means keeping the most important or confidential data on organization owned and managed hardware. In other cases, that means a multi-cloud strategy to control the physical location of particular kinds of data.
Data sovereignty is becoming increasingly important. Some organizations need to be able to demonstrate that the data they manage stays within the borders of the jurisdiction in which it was generated. Many countries have laws governing data generated or collected within their borders.
Compliance could be done by retaining some kinds of data private systems, instead of cloud. For instance, a system might choose to keep a data lake on premises and only push processed, summarized, anonymized data to data marts located in the cloud.
Or it could mean using different cloud providers in different regions.
Whichever strategy is right for an organization, the components of your system will be identified with DNS names and IP addresses. DNS names are the human-friendly identifiers for computers. They can point at one or more IP addresses. For instance, ipv4.global is the DNS name pointing at the IPv4 address 23.185.0.4.
A database cluster is likely to use lots of addresses. For instance, Oracle’s addressing plan template for running on AWS uses:
Other databases, like Snowflake, MongoDB, and BigQuery, have similar IP addressing needs.
Not all of these addresses need to be globally unique to make the service work. But other approaches might require extra work to demonstrate that a configuration meets regulatory requirements when using private IPv4 addresses on a cloud network.
IP address management systems (IPAMs) can manage cloud-deployed IP addresses as well as on premises deployments. But using an IPAM means having some control over your addresses. Dynamically assigned addresses can present a variety of challenges when using an IPAM.
An IPAM, like ReView, can be used to manage private IP addresses, like those defined in RFC 1918 and RFC 4193. But none can guarantee that different private IPv4 assignments will occur in each region or cloud. Using the same IP addresses in a private network on different cloud instances won’t break anything but it can complicate configuration management – especially firewall configuration – and so troubleshooting and audit.
Managing a configuration with duplicate private IPv4 address ranges, NAT, and ssh or VPN tunnels is complex. If the unique IPv4 addresses are dynamic, the tunnel endpoints can change. And if you need to offer an API, even internally, a dynamic IPv4 address makes changing DNS names for the API important.
Monitoring, recording, and auditing dynamic IPv4 addresses requires additional systems and logs. A new IPv4 address with a poor reputation could result in access denials or client trust issues.
Owned addresses lower the risk of service interruptions and ensure a network can meet contractual SLAs with clients.
While any IP address can be configured on any machine, there is a difference between addresses offered by a cloud provider and addresses that are leased or owned by an organization using cloud services.
| Cloud provided | Leased or owned | |
| Stability | Dynamic addresses are cheaper but static addresses, like Elastic IP, are expensive. | You control stability. |
| Reputation | You can’t manage the reputation of cloud provided IP addresses. Research shows that cloud IP address reputation can have sustained bad reputation for many days. | You can check reputation before you buy and fix any problems that get you listed on reputation block lists. |
| Price | Expect to pay over $40 per year per address. | Expect to pay slightly more than $30 per year per address, or lease from $0.25 per address per month per address. |
Blanche Dubois might have “depended on the kindness of strangers” but it didn’t work out well for her. Taking control of addressing needs can improve outcomes for organizations buying cloud computing services, too.
Controlling addresses will let a network:
Without configuration and reputation related service incidents an administrator can reduce SLA issues and improve the experience for your customers and partners.
A data services provider managing large-scale data ingestion pipelines across Snowflake and on-prem clusters ran into repeated issues:
Leasing IPv4 space from IPv4.Global allowed them to:
We help cloud-first and hybrid infrastructure teams secure IPv4 space that works across:
We can secure blocks as small as 256 IPv4 addresses – a /24 – and as large as the market has to offer.
The per-address charges levied by cloud providers will not be dropping. But the price of IPv4 addresses on the market has gone down in the last year. Now is the time to buy and transform a cost into an asset.
Contact our team. Our experts can guide you through the purchase or lease process, and using your new addresses on cloud platforms.
When we help you with your IPv4 address needs, we’re helping you achieve your business goals more easily.
The prices of large IPv4 address blocks (/16 and larger) have declined substantially, with prices down from highs in the $50s per IP in early 2024 to below pre-Covid levels around $20/IP. This dramatic price drop has reversed the spread between large and small blocks, with large blocks now trading at a significant discount to smaller blocks. This change was dramatic during 2024 and the downward trend of prices for large blocks has continued into 2025. While the price drop has a significant negative impact on large block holders, it creates opportunities that were unthinkable only months ago.
Despite price volatility, the market is quite active. IPv4.Global’s marketplace is seeing increased sales and registration activity, both from small block buyers continuing to fill their need for space as well as opportunistic buyers of larger blocks. Nothing leads us to believe there is less overall demand for IPv4 addresses than when prices were higher. Rather, a more cautious approach to buying by larger buyers has caused many of the large sellers to place more supply into the market, leading to price competition.
Worldwide trends and publicly available data confirm the overall pattern of buying and selling that is occurring on the IPv4.Global marketplace.
Small Blocks: A combined tally of all transfer logs, worldwide, tells an interesting story: Since 2020, the worldwide market in blocks smaller than /16 has been very stable, with 10-12 million addresses changing hands annually. During Q1 of 2025 the pace of these sales was in line with that expectation: 3.1 million addresses were transferred. Perhaps in response to a small but meaningful decline in prices among this range of blocks, an uptick in April sales suggests a banner year in transfers: perhaps 20% above the norm.
Large Blocks: At the same time, it appears that dramatically lower large block prices are attracting some opportunistic buyers. But lower prices do not appear to increase long-term demand. At most it pulls demand forward and it is likely that – overall – IPv4 transfers will be at about normal levels, albeit at much lower prices than in 2020-2023. The abundance of supply and dramatically lower prices are clearly attracting buyers, at least in the short term.
The world’s largest market, IPv4.Global, currently offers more blocks of every size than any other source. There are a larger number of sellers listing addresses than at any time in the past, offering blocks and combinations of blocks in great variety. In addition, the IPv4.Global leasing hub now offers more addresses than ever before.
It is possible that worldwide economic conditions are prompting fund-raising via address sales. Sellers who have been on the sidelines may now be eager to monetize their unused assets in fear of a continuing fall in prices. Sellers are entertaining lower offers from potential buyers at numbers that would have seemed impossible just months ago. Low priced listings are appearing on the IPv4.Global marketplace, and they are getting purchased quickly. Interested parties can set up Alerts on our platform and can also add our IPv4 Pricing Ticker to their browsers to stay on top of this opportunistic market.
As the world’s largest IPv4 marketplace, IPv4.Global transfers and reports on the largest number of buyers and sellers anywhere. Our services include individual client matching, hearing the needs of buyers and finding sellers who fulfill those needs. In fact, connecting a buyer with the addresses that meet their requirements is IPv4.Global’s secret sauce. Our services respond to the requests from buyers in all RIRs in need of virtually any combination of address blocks.
If you don’t see what you want on our marketplace, get in touch. We’ll search for what you need.
IPv4 prices continue to inch down, while volume remains steady. The gap between large and small blocks continues to grow as well. Significant supply flowing into the market has contributed to the price drop. As that surplus works through the market, prices may not continue to decline.
An influx of /16 supply has driven prices for large blocks lower. This is an excellent opportunity for opportunistic buyers. Sellers may consider the arbitrage opportunity of selling their space in smaller blocks, but with strong supply across the board, there is no guarantee of fast sales.
Access networks connect end-user devices, such as computers, smartphones and tablets, to a wide area network (WAN), such as the internet. Such networks can save IPv4 addresses by sharing a unique address among many users. This is commonly known as Network Address Translation or NAT. It is one of the ways networks connect more users than they have addresses. NAT manages this feat by mapping the addresses inside a private network to a single public IP address and translating internal and external addresses on the fly.
But access networks are only part of the picture. User access is temporary and intermittent. Websites are usually available 24/7 and many have constant, heavy use where latency is frequently an issue. So, web hosting companies also need addresses for websites that have entirely different requirements from those needed for end users.
Tim Berners-Lee developed the foundations of the web at CERN in 1989. At the time, there was no concern about IPv4 depletion, so the protocol, HTTP/1.0 used one IPv4 address for each domain name, like home.cern.
This original design of name-based website domains – to map one name to a single IP address – made the process quite straightforward. DNS services distributed throughout the system executed the translation from one to the other so people could use words, not numbers in locating a website.
In the early days of internet access, dial-up was all that was available to most users. People would connect, collect and send mail, then disconnect to save money on phone charges. Buying a domain name and hosting it on a dedicated server was too expensive for most people.
And most people were connecting to the internet for fun, not to achieve a business goal. If they wanted to publish something, it was because they had something to say and not because they needed to establish a brand.
When market differentiation based on dial-up speed was hard, ISPs tried it with packages of services. These included access to Usenet, an early form of group discussion, and web hosting.
In 1996, Demon Internet, a popular ISP in the UK, started including web hosting in the bundle for its dial-up users. It dubbed this its homepages service and used account names in the URL that was included with its service. So, a user whose dial-up account was “example” could have www.example.demon.co.uk for their website. This structure was to set up a subdomain for the individual user’s website. This meant that Demon needed one IPv4 address for each site it hosted.
A similar but critically different service could have been provided by establishing a directory for the website, like this: www.demon.co.uk/example. Geocities used this solution. Because Geocities, and similar services, put account names in the directory path, they did not need one IPv4 address per customer.
The clear issue at hand was the need for one IPv4 address per website if a simple, direct name-based system was to go into heavy use. This realization coincided with the suspected shortage of these very addresses.
Internet engineers had started to realize that IPv4 would run out by 1992. In fact, they had thought the runout would happen by 1995. Instead, networks had started other moves towards reducing demand for IPv4 addresses, including:
An IPv4 address for each of its dial-up users’ bundled sites was seen as extravagant by some.
By 2000, technology had advanced. A new version of HTTP, the protocol for website access, had been agreed: HTTP/1.1. This upgrade to HTTP/1.0 supported name-based virtual hosting. That meant that multiple domain names could be hosted on a single IPv4 address.
This innovation was spurred by the growth in website hosting. There were about 16,000 domain names registered in 1992 but almost 27 million by the end of 2000. Most domain names have a website. Had this trend continued without name based-virtual hosting being developed and supported, the central pool of IPv4 addresses would have been depleted years earlier.
While HTTP/1.1 as a protocol supported name-based virtual hosting, it needed two groups of people to deploy it before it could have much impact. First, the hosting operators needed to upgrade their web hosting software. Then, the users needed browsers that supported it. But this was at a time where web browsers were distributed on disks and CD-ROMs because dial-up speeds were too slow to download regular upgrades. The upgrade cycle for user software was slow.
Netscape Communicator Complete 4.7, published at the Internet Archive by wossman.
But that wasn’t all. Any site doing things like processing card payments would need a unique IPv4 address because the certificates used for secure, HTTPS connections required a unique IPv4 address.
And the web wasn’t just the web. FTP, the File Transfer Protocol, was still an important way of distributing files. Each FTP site needed its own IP address. It’s only in the last couple of years that major browsers have removed support for FTP.
A computer logging into an FTP server and transferring a file, Brent Jones, CC BY-SA 3.0
As recently as 2002, RIPE’s policy merely “strongly encouraged” name-based virtual hosting. HTTPS was the major barrier. Web commerce was growing and people were starting to recognize the need to use HTTPS when sharing usernames and passwords on the web.
HTTP/1.1 helped but it hadn’t solved the problem. The engineers needed to improve Transport Layer Security (TLS), the protocol that encrypts internet communication for the web, email, instant messaging and more. That came in 2003 when Server Name Indication (SNI) was developed to let the server know the DNS name of the server the client wanted to communicate with. One IPv4 address per HTTPS site was no longer necessary. A web server could host hundreds of sites, each with their own TLS certificate, on a single IPv4 address.
This was a gamechanger. But the browser vendors had to support it and the IT departments running fleets of computers had to upgrade their web browsers.
Internet Explorer on Windows XP never supported SNI. Internet Explorer had more than half of the browser market until 2011. Even in 2014, the year support for Windows XP ended, as many as four percent of users were reported as using Internet Explorer on Windows XP.
The last of the top-level IPv4 allocations were made in February 2011. That event triggered soft landing policies that reduced the amount of IPv4 space networks could get. That started to make providing support for older browsers more expensive.
Independent web hosting providers still exist. But a huge part of the market uses Content Delivery Networks (CDN) now. They take the website as close as possible to its users. The content owner publishes on a server that only the CDN knows about, with the CDN doing everything else.
CDNs have developed a technology called Encrypted Client Hello (ECH). It hides the DNS name inside the encrypted session with the CDN. In combination with the encrypted DNS services CDNs operate, this could mean that network administrators cannot see which websites their users are visiting.
That’s a challenge for corporate and educational environments. There are ways to continue enforcing those policies despite this change. But they will require organizations to use browser controls or enforce use of a filtering DNS resolver.
While change is a constant, the pace is now much faster. Lots of software is either web services or updated weekly. Network administrators need to evaluate the impact of these external changes on their organization.
At the most basic level, a public IP address is a unique numerical identifier assigned to a device connected to the Internet. Since it is unique, an IP address enables the identification and communication among devices worldwide. The format of these numbers is simple. There are about 4 billion of them possible within the prescribed system.
That underlying system, the Internet Protocol (IP) suite, was developed as a simple alternative to the complex Open Systems Interconnect protocols of the late 1970s. It has matured to meet the needs of today’s organizations with two versions, private addresses, shared addresses, and multiple types of Network Address Translation (NAT). The first widely-used IP protocol is the fourth one developed: IPv4 (Internet Protocol version 4).
IPv4 is used both as a global identifier and as location labels within closed systems. As such, some addresses from among the four-plus billion created were set aside for this local use. Since they are local, they can be used in multiple systems so long as they do not communicate outside their private network. They are re-usable. Thus, IPv4’s private addresses are only unique on their local network. When a device with a private address needs to connect with an address on the internet, the data packets it creates are rewritten to come from the local network’s router’s globally unique address. Multiple users and devices can be behind each unique address.
NAT or Network Address Translation is the technology that presides between a private network and the broader internet.
Not all NATs are the same. NAT wasn’t standardized, so each vendor has their own implementation and they don’t all do the same thing. In fact, even the terminology isn’t consistent.
NATs for home and office networks can be grouped into three broad categories.
None of these approaches is a firewall. While they can be components in a comprehensive security approach, they are just tools and do not provide security on their own.
NATs used by access networks are generally known as Carrier Grade NAT (CGNAT) or Large Scale NAT. They are used to serve more subscribers than the provider has unique IPv4 addresses for. They use a special shared block of 4 million IPv4 addresses. These are mapped to a small block of globally unique IPv4 addresses.
The ratio varies but 25 subscribers per unique IPv4 address is common.
Most organizations require their users to authenticate with two factors. But when users have administrative access to important systems, more factors can be required and checked. Some examples include:
In combination, these are known as Multi-Factor Authentication. For instance, an ordinary user working from home, might need to access corporate resources via a VPN and authenticate with a password and second factor, like a TOTP code, a physical token, or a Passkey.
But the access granted to privileged users often requires additional factors in a security policy.
Some organizations require privileged access to originate from a static, or fixed, IPv4 address at their home and not a dynamic address. A similar, but less strict rule, is to geolocate the IP address and not allow access from the wrong city or country. That helps reduce the possibility of stolen credentials being used elsewhere.
Access providers advertise fixed IPv4 addresses when selling to network administrators
Privileged users might be assigned a static IP address, from a separate pool, by the VPN. Only allowing administrative access from that pool of addresses limits who can make changes and simplifies auditing changes.
Some organizations only allow changes at specific times. They limit external access to privileged systems outside those windows.
Privileged users often get static IPv4 addresses from a specific pool so access to the management interfaces of key systems can be restricted. One way of doing this is using Access Control Lists based on IP address.
IP Address Management (IPAM) systems are a part of this set of controls. They set out how addresses are assigned in your network and can be connected to systems that record actual assignment and use.
Configuring controls for accessing privileged systems is only helpful if their effectiveness is reviewed and areas for improvement are identified as the world changes.
Logs must be kept so you know that privileged users are only connecting from specific addresses or locations, and are assigned addresses from a specific pool. Similarly, administrative changes should be logged and compared against change control logs.
Evaluating logs against policies and testing the effectiveness of security controls is an important part of assessing the effectiveness of security policies.
The demand for IPv4 addresses in the cybersecurity industry continues to grow, yet these addresses remain scarce worldwide. IPv4 leasing has become a reliable solution to address this scarcity, allowing organizations to acquire these resources under flexible lease terms. By leasing IP addresses, cybersecurity companies can scale quickly, optimize their security operations, and invest capital in pressing operational demands rather than locking it in an IPv4 purchase.
Beyond the cost and operational benefits of IPv4 leasing for cybersecurity companies, these leases reduce the bottlenecks associated with completing IPv4 purchases. Whether a cybersecurity company is growing and acquiring customers or is more established and ramping up operations, leasing IPv4 addresses is an attractive option to resolve IP scarcity issues.
With IPv4 leasing, a lessor who owns the rights to IPv4 addresses lends those rights to a lessee, who can then use these addresses to meet their network demands. Unlike an IPv4 purchase, where a buyer purchases and owns the rights to the said IPv4 addresses, leasing temporarily transfers those rights to the lessee, after which the rights are relinquished back to the lessor at the end of the lease term.
IPv4 leasing helps cybersecurity companies control their risk by allowing them to temporarily use a pool of addresses without being locked into a purchase. This flexible IP address management enables these companies to scale their network operations as they onboard more customers.
For instance, a cybersecurity company that operates a cloud-based service can determine how many more addresses to lease in the upcoming year based on the previous year’s demand. If the company anticipates higher customer demand, it can lease additional addresses to meet that demand,
Here’s how IP address leasing benefits the cybersecurity industry:
Companies that lease IPv4 addresses realize cost savings because of reduced upfront capital expenditure. For cybersecurity companies, cost-effective IP solutions provide financial flexibility to invest in advancing security infrastructure, fine-tuning operations, or hiring a highly skilled workforce that can deliver more value to customers.
From a logistical perspective, leasing involves fewer overhead costs than an IPv4 purchase. With an IPv4 lease, a cybersecurity firm can avoid paying IP address registration or transfer fees.
IPv4 leasing provides cybersecurity firms with scalable IP resources, allowing them to expand their operations on demand. As cybersecurity needs evolve, these companies can quickly adapt and invest in leasing additional IPv4 space or divesting unused IPs if customer demand for security services wanes.
The flexibility benefits of IP leasing enable cybersecurity companies to take on clients with different security service needs and bandwidth requirements. For example, some customers’ assets may be fully on-premise or cloud-based, while others are hybrid. The IP space required to manage security operations for these unique deployments will vary, making IP leasing a favorable option for acquiring the additional IPv4 space needed.
Cybersecurity companies need clean IPs because customers trust these companies to protect their sensitive data or digital environments. Therefore, cybersecurity firms must conduct sufficient due diligence to ensure every address they add to their networks for customer-facing operations is reputable and free from malicious activity.
Fortunately, leasing provides access to reputable IP addresses, allowing cybersecurity companies to tackle their customers’ security concerns.
Addresses acquired via IPv4 purchases sometimes have a history of mismanagement, posing risks like blacklisted IPs or IP spoofing. IPv4 leasing can mitigate these risks, offering cybersecurity companies peace of mind as they acquire IPv4 space to facilitate the security services they handle for customers.
Some lessors lease their IPv4 addresses over subnets, which improves traffic flows through the network and makes them more stable. Cybersecurity companies can then control the potential risks to their networks and offer customers more value from the security services they purchase.
Let’s break down practical ways cybersecurity companies can implement IPv4 leasing while offering security services to customers:
In general, cybersecurity companies should conduct sufficient due diligence before signing up for an IPv4 lease. Crucial steps include:
After leasing IP addresses, cybersecurity companies still need to protect these assets’ reputations by regularly monitoring networks to detect signs of malicious activity. These companies can conduct ongoing network audits to identify IP conflicts or unauthorized devices connected to the network. Additionally, these audits can reveal rogue DHCP servers that might interfere with IP address allocation, creating potential intrusion risks.
Ensuring compliance with IPv4 leasing agreements also helps cybersecurity providers avoid unexpected fines or penalties. It all starts with documenting every process stipulated by the IPv4 leasing agreement, whether tracking IP address assignments across the network or recording audit logs to ensure information is available should it be requested.
Although each cybersecurity company has unique needs, IPv4 leasing offers an opportunity to streamline security operations and help these companies offer their customers increased value. The common themes observed in the success stories below provide insights into benefits like improved operations and cost efficiency.
Faced with IPv4 exhaustion, a cybersecurity company resorted to expanding its IPv4 address space using Network Address Translation (NAT), enabling more devices on its network to connect to private IP addresses. However, NATs risk network security, require upgrades when deploying non-NAT friendly applications, and add complexities to IPv4 sharing.
A workaround to using NAT is to migrate to IPv6, which is costly for companies whose infrastructure runs primarily on the IPv4 protocol. Although some organizations implement dual-stack configurations during the IPv4-to-IPv6 transition, these complex configurations may require additional overhead support to administer the network effectively.
IPv4 leasing solved these infrastructure hurdles and allowed the cybersecurity company to acquire the IP space needed to scale operations. The company saved on unexpected IPv6 upgrades while mitigating the network security risks associated with IPv4 sharing via NAT.
From a cost-efficiency perspective, IPv4 leasing enables cybersecurity companies to move faster when expanding their business operations. A cybersecurity firm had just signed a lucrative, two-year contract to manage security services for a well-funded mid-stage company. However, the firm required additional IP addresses to handle its client’s cloud and on-prem security.
If the cybersecurity firm were to purchase these IPs, the entire process could span weeks or months because of lengthy legal, regulatory, and due diligence processes. The firm was also uncertain about a contract extension and wanted to avoid the burden of managing the unused IP space if the contract was not renewed.
The most feasible option was to lease these addresses and shop for them globally. Here, the assistance of a trusted IPv4 broker who understands market dynamics and can identify reputable IP lessors can streamline the leasing process.
Companies in the cybersecurity industry benefit from IPv4 leasing by obtaining cost-effective, scalable IP solutions to meet the growing demand for security services. By leasing IP addresses instead of purchasing them outright, these companies can scale their operations up or down, depending on market conditions. When faced with IP address scarcity, leasing is a viable solution, especially when sourcing IP resources from a trusted IPv4 marketplace like IPv4.Global.
Cybersecurity companies should explore reputable IPv4 leasing providers to enhance their security operations. At IPv4.Global, our team has handled 4,300+ transactions since 2014 and brokered the sale of 66+ million IP addresses. We understand the unique needs of different types of lessees and can help you find clean addresses that fit best within your cybersecurity infrastructure.
IPv4 addresses are scarce globally, there’s still an ever-present demand for scalable, cost-effective IP address solutions from telecommunications companies (telcos) and Internet service providers (ISPs). Rather than purchasing IP addresses to meet this demand, telcos can strategically lease them from organizations with surplus IP inventory.
IPv4 leasing is flexible and cost-effective for telcos that don’t have significant capital to invest in IP addresses immediately. By leasing IPv4 addresses, telcos can also quickly access the IP space they need to meet customers’ internet bandwidth needs.
Although IPv6 is increasingly adopted globally, IPv4 addresses remain essential because most network infrastructure was designed to run on IPv4 protocols. For instance, some companies invested heavily in large-scale IPv4-based servers and networking solutions to support their internet usage, so transitioning to IPv6 is costly.
Beyond IPv4 compatibility concerns, most technical support staff, such as IT technicians, working at organizations today were trained to manage infrastructure running on IPv4 protocols and are still catching up to IPv6.
It’s also expensive to acquire IPv4 addresses outright. In 2024, the average price of IPv4 addresses was in the low-to-mid $30s, meaning a telco that acquired 100,000 addresses for internet expansion would require at least $ 3 million in cash to do so. Completing IPv4 asset purchases also involves significant due diligence and regulatory compliance, which can be cumbersome for an organization with limited resources.
However, leasing provides telcos with scalable IP address resources to support network growth. As telcos anticipate higher customer demand, they can adjust their telecom network expansion strategies accordingly, leasing the appropriate quantities they need without committing to an upfront purchase.
IPv4 leasing provides financial and operational benefits for telcos, enabling them to scale their operations flexibly and cost-effectively:
Purchasing IPv4 addresses requires significant upfront capital expenditure, unlikeIPv4 leasing, where companies can shop for lease terms with affordable monthly rates. Instead of locking capital in an IPv4 purchase, telcos can allocate some of their budgeted funds toward critical infrastructure and service improvements.
For instance, if the IP addresses will only be used in the short term, it’s more feasible for a telco to spend less than $1 per address monthly via an IPv4 lease than $30 on an upfront IPv4 purchase. While the lease spend does not count as an investment toward the IPv4 assets, the financial flexibility and cash availability allow telcos to focus on growing other aspects of their business operations.
IPv4 leasing also enables telecoms to source only the IP addresses they need, scaling up or down as required. As demand for IPv4 addresses fluctuates due to seasonal traffic spikes or expanding customer bases, it’s much easier to modify an IPv4 lease than sell unused IP addresses or purchase additional ones.
Telcos expanding into new regions can also lease IPv4 addresses to understand how these markets respond without committing to IP resource purchases. For example, telcos that deliver broadband to unreached or underreached regions can lease IP addresses to avoid under- or over-purchasing IPv4 assets to expand internet service to customers in these regions.
On average, it takes longer to purchase IPv4 addresses than to lease them. During the wait time, market pricing can change dramatically. IPv4 leasing allows telcos to acquire IP addresses quickly, avoiding market price volatility. As such, these telecom providers can roll out services in new regions without delays.
If telcos anticipate higher demand than expected midway through a broadband expansion project, they can quickly lease additional IPv4 addresses to meet the unforeseen demand. However, if the telcos were to purchase these addresses, the acquisition and subsequent deployment would likely take much longer.
Optimizing telecom operations with IP address leasing is more feasible than purchasing the addresses because telcos can obtain IP assets from different geographic regions. Amidst a competitive global IPv4 market, telcos can work with an experienced IPv4 marketplace broker to find organizations willing to lease their unused IP addresses at market-friendly pricing.
In some ways, IPv4 leasing can reduce the compliance burdens associated with IPv4 acquisition in different markets. For instance, each Regional Internet Registry (RIR) stipulates regulations that organizations within that region must adhere to after they purchase or lease IP addresses. However, these regulations vary by region, meaning lessees may be required to comply with fewer rules in some markets than others.
In a competitive IPv4 market, sellers are unlikely to lower their sale prices because they understand these addresses are in demand globally. However, organizations that lease their IPv4 addresses instead of selling them are more likely to offer flexible payment models.
Telecom operators can capitalize on the cost savings available through IPv4 leasing, reducing the financial strain of competing with other well-funded companies on upfront purchases. By leasing IP addresses, telcos can also mitigate IPv4 scarcity effects by securing short-term leases, which helps save capital to finance other long-term operational demands.
Below are some practical ways IPv4 leasing benefits telecom providers:
Leasing IPv4 addresses enables telcos to support growing 5G infrastructure needs, especially when handling significant customer demand for 5G networks. For instance, telcos operating in semi-urban areas needing 5G expansion can lease the IP addresses to meet that demand without purchasing these addresses.
Telcos offering cloud and hosting solutions benefit from flexible IP address leasing models, which allow them to provide internet expansion services to growing organizations like startups. Today, remote startups can choose to host their services and store their data on the cloud, but they need reliable, trusted connections. By leasing IPv4 addresses to meet that demand, telcos can create opportunities to expand their offerings.
IPv4 leasing allows ISPs to scale services without investing heavily in IP purchases. By leasing IP addresses, ISPs can also access them much faster, reducing the concerns associated with market volatility. When an ISP obtains a lucrative internet expansion contract, leasing IP addresses simplifies the process of acquiring the necessary IP resources to complete the project successfully.
Although IPv4 leasing provides telcos with many benefits, it’s also challenging. Here’s how telcos can navigate common challenges associated with IPv4 leases:
When leasing IPv4 addresses in a global market, it can be challenging to identify reputable IP address sources. Telcos must avoid blacklisted or compromised IP addresses that are associated with spam or malicious activity. Once these addresses are added to a telco’s network, they can damage the reputation of other IP addresses, impacting future leases or sales of IPv4 addresses.
With the help of a trusted IPv4 marketplace broker, telcos can find reputable IP lessors hassle-free.
IPv4 leasing also requires telcos to comply with regional and industry-specific regulations and avoid unexpected fines or penalties. Each RIR stipulates requirements for handling IP resources to prevent potential misuse. However, these requirements can vary from one region to another.
For example, some RIRs oblige organizations to audit their IP address holdings frequently to identify malicious network activity that could damage IP reputation. Telcos are expected to conduct these audits as part of their compliance activities. Therefore, telecom providers must maintain proper documentation and contractual agreements throughout their IPv4 lease cycles to avoid regulatory issues.
Despite IPv6 adoption, IPv4 leasing remains essential to companies like telecom providers that frequently expand their IP resources to satisfy customer demand. As such, IPv4 leasing will continue to support telecom infrastructure growth and digital transformation. Instead of investing heavily in IPv4 purchases, telcos can explore leasing as a cost-effective and scalable solution.
It’s unlikely that the entire industry will shift to IPv6 immediately, which means there are still many opportunities for telcos to offer IPv4 connections to customers globally. Partnering with reputable IPv4 brokers like IPv4.Global enables telecom providers to access cost-effective IP address solutions quickly without the bottlenecks of completing these purchases.
A Guide to Eligibility and Requirements
The Broadband Equity, Access, and Deployment (BEAD) Program was established to offer broadband expansion grants to states across America, helping them expand high-speed internet access to their populations. This funding is critical because it helps bridge the digital divide by financing broadband infrastructure in unserved and underserved areas.
Approximately $42.45 billion has been allocated to the BEAD Program, providing significant capital for broadband expansion. However, states, local governments, Internet Service Providers (ISPs), and other potential applicants need to understand the eligibility requirements for receiving these allocated BEAD funds. What’s more, these organizations must identify potential bottlenecks to their BEAD applications and address them before starting the application process to prevent unforeseen delays.
The BEAD Program is administered by the National Telecommunications and Information Administration (NTIA), which advises the President on policy surrounding information, telecommunications, and other tech-related matters. The NTIA was established to improve connectivity by supporting universal high-speed internet access and ensuring the internet drives innovation and economic growth.
Applicants eligible for BEAD funding include:
Currently, all 56 eligible entities that submitted an initial proposal to the NTIA have received funding approval. However, only 26 entities have started selecting service providers to implement the broadband expansion, and only three states—Delaware, Louisiana, and Nevada—have distributed any of their allocated funds to service providers.
The BEAD Program funds partnerships between eligible entities, communities, and stakeholders (such as ISPs and other broadband providers). These funds can be used to plan high-speed internet deployment via data collection, research surveys, and training. They can also support internet deployment in unserved or underserved regions, as well as workforce development to ensure workers are fully trained to deploy internet services in these regions.
NTIA broadband funding is allocated as follows:
Here, “high cost” refers to the cost of deploying broadband internet, based on factors unique to each region, including:
The list of entities eligible to receive funding includes:
The criteria for BEAD funds eligibility include:
Eligible entities for BEAD funding receive allocated funds based on boundaries determined by the Federal Communication Commission (FC) Broadband DATA Maps. Allocations are the total of:
Although BEAD funding is allocated to recipients (states), these entities can designate subgrantees, such as local organizations, ISPs, and cooperatives, to handle broadband deployment. The BEAD Program requires states to select subgrantees via fair, open, and competitive processes, ensuring the appropriate providers deliver internet service to unserved and underserved regions.
The BEAD program speed requirements for unserved and underserved broadband areas include:
The BEAD funding application process involves multiple stages:
Within 180 days of receiving a Notice of Available Amounts, states can submit an Initial Proposal to describe key processes like subgrantee selection. Upon receiving approval of their Initial Proposals, states may receive their remaining funds within 12 months. However, this timeline isn’t always accurate because of delays in processing funds for disbursement.
Although every state has made progress in submitting proposals for BEAD funding, approvals have been delayed. Funds from state-level grant programs are rolled out slowly, adding bottlenecks to broadband deployment in underserved and unserved regions. Additionally, regulatory challenges related to state compliance issues and NTIA oversight hurdles contribute to BEAD funding delays.
Unfortunately, these delays affect rural broadband expansion and increase costs for ISPs to deploy the appropriate infrastructure for reliable high-speed internet. States are already well-positioned for speedy implementation of their proposed broadband deployment activities, especially after collecting data from their local communities and selecting subgrantees who can successfully implement BEAD five-year action plans.
All eligible entities and subgrantees that have applied or are currently applying for some level of BEAD funding need to stay updated on state-level BEAD announcements and application deadlines. As federal funding remains uncertain, acting quickly on these updates can speed up broadband deployment and enable ISPs to participate in these long-term expansion projects.
For those organizations preparing to apply for BEAD funding, it might be useful to form partnerships and secure the necessary documentation for these applications. The BEAD Program comprises multiple compliance requirements that must be met before organizations proceed to the next cycle in their application process.
States also need to ensure that their BEAD subprograms meet the connectivity needs outlined in their proposals. This means implementing the right amount of oversight to achieve the completion of complex requirements, such as digital equity.
In the long term, BEAD funding will help improve broadband accessibility and digital equity across the U.S. As the world becomes increasingly digital, there’s a pressing need to reduce the divide between communities that can easily access high-speed internet and those that cannot. That’s where states can step in to partner with organizations like ISPs to deploy broadband to unserved and underserved regions.
Organizations looking to stay ahead of BEAD updates can rely on IPv4.Global as a trusted source of information. IPv4.Global’s team of experts has successfully handled the sale of millions of IPv4 addresses and has significant experience managing processes like IP address transfers.
March 11, 2024
IPv4.Global is the world’s largest IPv4 brokerage. The company has assisted in the transfer of over 72 million addresses, generating over $1.5 billion for clients. Over 5,400 blocks have transferred. Among the many pioneering features of IPv4.Global’s online and private services is its transparency. Unique among IP marketplaces, the company posts realtime data describing its platform transactions. RIR, block size and final price is posted as each sale occurs, anonymously, of course.
The Prior Sales page on the brokerage platform includes loads of customizable views of worldwide market transactions. The home page at IPv4.Global has included a live “ticker” of completed recent transactions for years. For the alert and interested, it is a steady source of market data.
Now, a Chrome browser extension of this ticker is available for free download. You can retrieve the extension, install it and watch the happenings of the market regardless of the website you are on. The extension includes custom features in terms of location and size on your browser and links directly to the IPv4.Global marketplace if something scrolls by that interests you.
The Chrome browser extension is available here: IPv4 Chrome Ticker.
March 9, 2024
IPv4.Global is launching a first-of-its kind loan facility backed by the borrower’s IPv4 addresses as collateral. With IPv4.Global’s innovative IPv4 collateral lending product, the asset itself is the collateral. Customers can leverage their IPv4 addresses as collateral against a loan, securing needed funding while still having access to – and full use of – their IPv4 assets.
IPv4.Global’s new, unique solution allows customers to raise capital needed to expand their operations while continuing to use their IP addresses for core services, ensuring seamless growth.
Previously, Cogent issued $206 million in notes, backed by the revenue generated from leasing their IP addresses. This collateral for these loans came from the leases on the addresses with the assets themselves as backup. This was possible since Cogent was among the first internet service providers (ISPs) to lease their addresses independently of internet access. As a result, they had already established a substantial revenue stream from these leases, allowing them to borrow against that anticipated revenue.
IPv4.Global’s offering does not use a revenue stream from leases as collateral and so none are required. The addresses themselves are the collateral.
IPv4 addresses are rarely included in traditional collateral packages. Leveraging this asset, therefore, is unlikely to involve any existing capital structure participants.
This is the latest example of how IPv4.Global continues to innovate and reshape the landscape. Having successfully implemented our lending program for a data center operator, allowing them to grow their cloud business, we are the first and only company lending against IPv4 addresses today.
How Slow Allocation is Impacting Broadband Expansion and IPv4 Demand
Across the United States, many households—especially those in rural and underserved areas—cannot access reliable high-speed internet. As the world becomes increasingly digital, with many transactions occurring over the internet, lacking access to a basic broadband connection puts these households at a disadvantage.
That’s precisely why the Broadband Equity, Access, and Deployment (BEAD) program was created at the end of 2021, and tens of billions of dollars were set aside to expand broadband access to unreached regions. However, the excitement around the BEAD program is dampened by growing concerns surrounding the slow allocation of BEAD funds, which could potentially delay broadband expansion efforts.
Towards the end of 2021, the Infrastructure Investment and Jobs Act (IIJA) was enacted, driving the development of initiatives like BEAD. $42.45 billion of federal grant funds were allocated to BEAD to support broadband expansion to unreached regions in the United States.
In mid-2023, President Biden announced that individual states were allocated funds to implement their broadband infrastructure under the BEAD program. Each state was required to submit its proposal to the National Telecommunications and Information Administration (NTIA), which administers the BEAD program and oversees the distribution of allocated funds.
For states to be eligible for BEAD funding, they needed to meet two sets of requirements.
First, they had to demonstrate their compliance with cybersecurity risk management requirements, including:
States also needed to demonstrate they could manage supply chain risks via compliance with:
Each state applying for BEAD funding was also required to prove the implementation of supply chain risk management controls.
Despite the excitement around the BEAD announcements and state proposal submissions, the approval process for state proposals has been delayed. In addition to these processing delays, complex compliance regulations have increased bureaucratic roadblocks, forcing states to experience further delays in receiving their allocated funds. It’s likely that differences in state-by-state approvals will result in varied timelines for broadband expansion. Although states like Louisiana have already progressed through BEAD approval, they are still experiencing delays with approving broadband mapping and selecting suitable carriers to handle infrastructure deployment.
From a logistical standpoint, it’s challenging to map out areas eligible for broadband. Typically, estimations about broadband access in unreached or underreached regions are based on data provided by broadband companies, which isn’t always accurate. For instance, census changes may not be accounted for as the demographics in these regions evolve. Complexities like terrain or thick vegetation may also impact the actual number of households listed with broadband access.
As of January 2025, a White House memo was released ordering a widespread funding freeze on federal grants and loans. Although additional guidance was issued stating that “any program that provides direct benefits to Americans is explicitly excluded from the pause,” the memo’s wording was vague, making it hard to determine which funding is at risk of being halted.
The funding freeze exacerbates concerns about further delays in broadband infrastructure deployment, creating uncertainty for Internet Service Providers (ISPs), local governments, and investors. Unforeseen legal and regulatory hurdles may also increase the delays in issuing funds to states.
However, some states, such as Louisiana, Nevada, and Delaware, have already received upfront portions of their allocated BEAD funds. With most states at some stage within the BEAD funding approval process, it remains unclear how the entire process will play out.
Ultimately, delayed funding affects broadband deployment in unserved and underserved communities. That’s because a program like BEAD funds partnerships between states, communities, and stakeholder organizations to develop the appropriate infrastructure to extend high-speed internet to these communities.
For ISPs and network providers who depend on BEAD funding to run their infrastructure projects, funding cuts limit any progress these organizations can make toward expanding broadband access to unserved or underserved regions.
For instance, these companies cannot procure the equipment needed to complete a multi-year project because these delays contribute to rising materials, labor, and permitting costs. When dealing with uncertain funding, it’s challenging for any organization to draft budgets with key items like worker salaries, especially for long-term projects like broadband deployment and maintenance of the deployed infrastructure.
Unfortunately, these delays contribute to the risk of rural and low-income communities being left behind in the digital economy. As transactions become increasingly digital, economic and technological disparities might arise between populations with immediate broadband access and those without such access.
As broadband networks expand, the need for IPv4 addresses also increases. These addresses are already scarce globally, creating competition for the limited pools available. When large broadband expansion projects, such as those funded by BEAD, are delayed, the demand and pricing for IPv4 addresses fluctuate.
Technologies like carrier-grade network address translation (NAT) (CGNAT) can help manage IPv4 scarcity during broadband expansion by enabling organizations to temporarily share public IPv4 addresses, conserving the limited pools of these addresses. When ISPs use CGNAT, they can assign the same public IPv4 address to several customers, allowing multiple private IP addresses to connect to a single public one.
Whereas traditional NAT technology is used at a smaller scale for public IP address sharing in home or office networks, ISPs typically use CGNAT for larger-scale applications that involve hundreds of thousands to millions of customers. CGNAT applications are handy for ISPs and other network providers looking to shift toward IPv6 as a long-term option, especially for new broadband deployments.
While some states have already received some of their allocated BEAD funding, the next steps for the remaining states remain uncertain. Many of these states were on track to receive funds in 2025 and 2026. However, in anticipation of additional delays, states may need to adjust aspects of their programs if funding is reduced.
Another strategy for states to consider is sourcing alternative technologies that are less expensive for broadband deployment than fiber, such as low earth orbit satellite broadband service. States like Louisiana have already allocated some of their BEAD funds to procuring services from these providers.
In light of these changes, industry leaders are highlighting the need for streamlined processes to accelerate fund distribution and a push for greater transparency and accountability in BEAD implementation. That’s crucial because many communities across the U.S. risk a lack of internet access without federal funding to support broadband deployment.
It’s also important for lawmakers and other government stakeholders to implement policy changes that improve efficiency in future broadband initiatives. Based on the history of the BEAD program and the recent funding freeze, it’s important to find ways to support states in meeting their broadband goals amidst continuous uncertainty.
Although many states anticipated BEAD funding would help support broadband expansion to meet the needs of unserved or underserved regions, delays in issuing these funds have impacted the progress of those expansion efforts. However, IPv4 demand continues to soar globally, with high competition for the already limited pools of IPv4 addresses available.
It’s critical to address bureaucratic and regulatory hurdles that contribute to these funding delays because of the risk of communities being left behind in an increasingly digital world. Unfortunately, there’s still uncertainty about the future of BEAD funding since federal funding for many programs that depend on government aid was frozen in early 2025.
Legislators and industry stakeholders can support the goal of providing universal broadband access across the U.S. by pushing for timely fund allocation to programs like BEAD. Beyond advocating for favorable policies, these stakeholders can identify relevant solutions to enable ISPs and other providers to deploy broadband quickly to rural areas where communities need reliable internet access.
As IPv4 marketplace experts, the team at IPv4.Global understands the importance of expanding internet access to areas where it’s most needed. IPv4 scarcity still affects many organizations and communities worldwide, requiring them to rely on various strategies to acquire the IP addresses they need to stay connected to the internet.
Prices are very stable, and far below one-time highs. The spread of pricing is significant; a 30% difference between low and high is common. Bargain hunting buyers have opportunities in this market, at any size.
February 27, 2024
The UK government wants to introduce an IP address suspension order.
The order, part of the draft Crime and Policing Bill, is designed to combat serious crime by requiring networks to stop passing data to and from those addresses. They could only run up to a year and be granted if the address is used for serious crime.
They could only be granted if doing so is, “necessary and proportionate.”
If passed as drafted, these orders would be an extra tool for police to use. The notes published alongside the bill state that the current voluntary arrangements will “continue to be the first port of call.” But these only work inside of the UK.
This law will allow for court orders that can be enforced internationally through Mutual Legal Assistance treaties. These can be slow but should be effective in Europe and other parts of the world as the bill starts with a statement that it is compatible with the European Convention on Human Rights.
Other governments have not had time to respond since its first reading on 25 February. Its second reading is scheduled for 10 March.
March 17, 2025
APNIC 59 was held in Petaling Jaya, Malaysia on February 19th to February 27th of 2025.
Prop-162: WHOIS Privacy – Did not reach consensus
Prop-162 proposes removing email addresses, phone numbers, and physical addresses from bulk WHOIS data to enhance the privacy of APNIC members. The goal is to prevent third parties from misusing this information for non-networking purposes, such as marketing, while ensuring legitimate access remains available through APNIC-controlled WHOIS services. The proposal argues that this change would reduce unwanted communications without negatively affecting resource holders.
Following community feedback, the proposal was updated in Version 2, released on February 10th. This version provides more detail on technical changes, enforcement mechanisms, and transparency measures while maintaining the original objective of removing contact details from bulk WHOIS. This was the version presented during APNIC 59 in Petaling Jaya, Malaysia.
During APNIC 59, community feedback was generally supportive of Prop-162, with some recommendations for improvement. Suggestions included allowing resource holders to opt in to sharing limited contact details instead of full removal and clarifying which WHOIS objects would be affected. Concerns were raised about the potential impact on legitimate research, as access restrictions would require clear criteria for defining legitimate users. Despite overall support, the proposal did not reach consensus.
prop-163: Enhancing WHOIS Transparency and Efficiency Through Referral Server Implementation – No consensus call
Prop-163 aims to improve the accuracy and efficiency of WHOIS queries within APNIC by implementing WHOIS Referral Server support. The proposal seeks to address challenges such as inconsistent query results after resource transfers, difficulties in querying NIR second-level allocations, and limited visibility into downstream allocations. By enabling automatic redirection of WHOIS queries to the appropriate RIR database and improving access to NIR and downstream allocation information, it intends to enhance transparency and streamline query processes. The proposal also acknowledges potential challenges, including implementation costs and technical compatibility issues across different systems.
During discussions at APNIC 59, community members debated whether RDAP, which already supports referral functionality, could serve as an alternative, questioning the necessity of the proposed changes. Concerns were raised about the accuracy of referred WHOIS data, as maintaining up-to-date information ultimately depends on RIRs and APNIC. Some suggested breaking the proposal into two separate initiatives: one ensuring NIR data remains updated in APNIC’s WHOIS and another focusing on inter-RIR WHOIS referrals, which may require additional considerations. Additionally, it was noted that NIRs had not been directly consulted. Due to the discrepancies between the version of the proposal on the mailing list and the version presented to the community, a consensus call could not be made. The proposal must be formally relisted on the mailing list before further progress can be made.
by Leo Vegoda
We regularly meet with people at conferences, Network Operator Group events, and Regional Internet Registry (RIR) meetings around the world. This is one of the ways we learn what our clients need.
At a recent event, one of our team members met an IPv4 address owner who had tried and failed to sell his unused addresses with another facilitator. (This broker is a competitor of IPv4.Global.) He told us the transaction was stopped at the final step. His business had agreed to a sale with a buyer, but their broker hadn’t noticed a policy restricting transfer of those addresses. The transaction was rejected by the RIR. The seller was understandably upset to learn their transaction had been rejected at the last moment.
Our processes are built to avoid this problem.
Everyone wants to convert a successful negotiation into a transaction. No one wants a third party, like a bank or an RIR, to derail the transaction.
Sellers want to know they can sell what they own. Usually, the addresses are properly registered to them and there is no policy reason they cannot be transferred. Buyers want to know that they can buy. Most buyers qualify for the addresses and can become the registrant. Clearly, both need certainty regarding the transaction when they enter into it. Everyone wants a guarantee they will get what has been agreed upon.
In the world of IPv4 address transfers, “due diligence” is a process where steps are taken to ensure all regulatory and legal requirements are fulfilled in buying, selling, and transferring IPv4 addresses. A crucial element of this process is qualifying buyers and sellers in advance. Our process includes making sure:
We can also help you check and repair the reputation of IPv4 addresses and update their listing in geolocation services. That ensures the addresses have maximum utility and value.
When the above hurdles to a transfer are cleared, an escrow process is required in completing that process. Escrow, performed by escrow.com or from our own service, ensures buyers get their addresses and sellers get paid. Our clients get a discount on standard escrow fees.
We know our process works because we’ve brokered over 4,300 transactions. These successful transfers involved than 66 million IPv4 addresses worth over $1.4 billion.
by Leo Vegoda
A LAN is a Local Area Network and a WAN is a Wide Area Network. These terms of art refer to the geographical radius of a network.
Often a WAN will connect branches to a head office. For instance, a head office might be connected to branch offices or shops through a WAN.
Fig: A hub and spoke network where LANs are connected with WAN links
LAN cabling and protocols are designed to be inexpensive and serve compact campuses of up to 50,000 people. The popular and inexpensive Category 5e network cable standard, for instance, has a maximum segment length of 100 meters (330 feet). WiFi and similar radio networks have a similar radius but its reach varies depending on the materials it must travel through. Heavy rain, stone walls, and foil-backed drywall can all impede radio signals.
WANs generally run over fiber networks. Signals can often travel 30km before they need to be repeated. This makes them more expensive. In many jurisdictions, operators will need to be licensed. Radio WAN links are also possible when there is an uninterrupted line of sight between sites. Operating radio links often requires a specific license.
IP networks can run over all sorts of underlying networks. But the cost of sending data over a WAN means that most operators try to keep traffic local. And a robust design can keep a local network running when the WAN link is lost.
For instance, a head office might be connected to branches through WANs but have local work stored locally. Synchronizing changes could both reduce network traffic and mean that local services can run when a WAN link goes down. This improves resilience and can lower data transfer costs.
So, most organizations prefer a local network at each site. But whether sites only have WAN links or also have their own internet connections, they will need some IP addresses. These organizations need to record which addresses are used and where, so the network can be configured and maintained. This applies for both private addresses with NAT, and unique addresses.
This information is also important for IT audits, like those required for processing payments.
IP Address Management (IPAM) tools can help you track what addresses you have, where they are, and when they are used.
In some cases, building WAN links could be the best approach. But for most organizations, the choice is between buying dedicated WAN links from a local carrier and using various internet VPN technologies to link sites together.
Carrier is an industry term for a provider of high-capacity links used by subsidiary or subscriber networks. Most carriers will present WAN links over Ethernet, so you can plug them into your existing equipment. But many will also sell fibers or wavelengths – like a radio frequency – over those fibers. Organizations that need very high-capacity links might want to investigate buying these less-managed services.
The less complete the service an organization buys is the more opportunity it has to customize its needs. But this comes at the cost of cost. On one hand, buying a service is an operational cost. Owned equipment involves the need to buy, manage, secure, and eventually replace some or all of it.
If you have an internet connection at each site, you could avoid all of this by connecting sites with a VPN service. This is a different kind of service from consumer VPNs. Instead of getting access to offshore streaming content, these VPNs provide a secure connection between sites.
These can be advantageous when no single carrier serves all the locations in questioun. It can be a quick, cheap way to get started but it can be tough to scale. With a lot of sites, using VPNs instead of WAN links could mean complex configuration and routing.
Data centers generally have certain carriers “on net”. Office landlords will generally share this information, and it will often be in a directory in the lobby.
Another approach is to look at carriers in an interconnection database, like PeeringDB. One can search for companies that list themselves as carrier, or a search for data centers and check to see which carriers serve them is possible.
A PeeringDB search for carriers in Singapore
Building LANs has become cheaper because so many devices only need WiFi. WiFi is cheaper to deploy because it requires less equipment and cabling. And where cabling is needed, Power over Ethernet allows devices to get both direct current power and IP network connectivity through a single copper cable. Again, this can cut some cost from LAN deployments by lowering the overall equipment requirement.
Engineers have put a lot of effort into removing the configuration complexity from small networks. They called this “zeroconf” and the protocols they developed are well supported for home and small office networks. Larger LANs still require expert design and equipment vendors offer certifications for their architects.
Rising demand has led to slightly higher prices in several block sizes. It’s important to note that there is more price variation in each range than averages alone can reveal: the average price was low-to-mid $30s, but January prices included sales from $28 to $48 per address. See Prior Sales for full details.
by Leo Vegoda
Independent networks identify themselves to one another with unique AS Numbers (ASNs). The IP addresses on a network further identify the individual devices there. These two types of number are vital in getting data to the right place on the internet. Every node is uniquely identified.
In order for those connections to happen, networks must know the paths to other networks and the addresses they contain. So, networks “announce” themselves to other networks and publish their intentions in public databases so other networks can identify mistakes and protect against them . These databases are shared resources.
Sometimes people configure the wrong IP addresses on their network and tell other internet networks they are a legitimate destination for those addresses. Then data is sent to the wrong place. RPKI, the Resource Public Key Infrastructure, is a technology that associates digital certificates with IP addresses and AS Numbers. It helps reduce the impact of this kind of accidental misconfiguration. RPKI is the name applied to the set of services. A variety of digital objects are created, published, and validated in an RPKI service.
One of these is a Route Origin Authorization (ROA). It is the digital certificate that confirms which ASN should be originating the addresses. Other networks use that ROA when deciding which routing announcements to accept.
In a similar but different use case, Cloud providers offering Bring Your Own IP (BYOIP) services often use the ROA to check that anyone providing their own IP addresses are entitled to use them.
RPKI is both more and less than the Internet Routing Registry (IRR). The IRR is a collection of 18 databases where networks can publish policies of the addresses they use and where they use them. They can publish large, complex policies in the Routing Policy Specification Language (RPSL).
Most IRR databases validate user claims to some extent and remove outdated entries. But policies published in the IRR are claims or promises. For instance, a statement that your ASN announces a specific block of IP addresses in one place and not another. RPSL supports complex policies, allowing network operators to filter announcements based on policy. And it is easy to make a mistake or miss a detail when changing the policy. In contrast, the claims made in a ROA can be validated or rejected because they use a hierarchy of digital certificates. But RPKI ROAs are simple claims without the detail available in the IRR.
An ROA is a digital certificate that ties a block of IP addresses to an AS Number. AS Numbers identify networks in a similar way to how an IP address identifies a device. The ROA is the digital object confirming that a network can use some addresses.
If you have a contract with a Regional Internet Registry (RIR) for your IP addresses, you can use its RPKI service. All the RIRs have web portals that let you create and publish ROAs. You can also have the RIRs delegate RPKI management to you. That means running your own Certification Authority, which is a significant commitment. This is useful if you have resources from more than one RIR. For instance, you might have an AS Number from RIPE NCC but IP addresses from RIPE NCC and ARIN.
If you don’t have a contract, or if you got your IP addresses from a network with IP addresses from before the formation of the RIRs, you might not have access to RPKI services.
RPKI ROAs aren’t used to dynamically check internet routing announcements as they change. Instead, networks use RPKI ROAs alongside other information to build filters that are updated on a schedule, often once every day.
In the context of RPKI an internet route can only have three statuses. If there is no ROA the status will always be unknown. This is not bad and is likely to be the status of newly created networks that are getting themselves up and running. Routes with an unknown status do not need to be rejected.
Internet routes that match a ROA are said to be valid and they are obviously good. Internet routes that do not match a ROAs, for instance addresses originating from the wrong ASN, do not validate and will come back with an invalid status.
NIST, the US government’s standardization agency, monitors RPKI deployment. It reports that over half of unique prefixes (IP address block) and AS Number pairs have valid RPKI ROAs. Just under half of pairs have an unknown status.
Only half of one percent have an invalid status and a few of these are deliberately broken test networks used by organizations running internet measurement experiments.
The low proportion of invalid pairs is a tribute to the simplicity of creating RPKI objects in the RIR portals.
RPKI only makes a difference if network operators validate. Creating the digital certificates but not checking them just adds cost. It doesn’t improve security. But not all network operators have to validate for those that do to make a difference. Industry consolidation means that if a few big networks validate, their outsized impact makes a difference for everyone.
So, when global players validate RPKI ROAs, it pushes the industry to improve.
It is hard to measure the proportion of networks that are validating. But APNIC has measured the impact on users, which is a slightly different thing. Their measurements show that about one in five users is behind a network that discards RPKI invalid routes. In other words, four in five users are not protected.
Should you validate? Unless you connect other networks to the internet, it is probably not useful. And if you only connect a few networks to the internet, you might validate the routes they advertise to you in a different way.
Meanwhile, European IXP operators are working on a proposal to achieve similar aims by reducing the number of IRR databases in use. Improvements to the IRR and RPKI are both approaches to achieving the same goal of a more reliable internet infrastructure.
Whether you choose to validate or not, creating and publishing an RPKI ROA and IRR entry is useful. The RIRs will help you do this. You can also use third-party tools to check, like NLNOG’s IRR Explorer to check that you have everything configured properly. They check that the IRR and RPKI records match each other and BGP, the routing protocol used to connect internet networks.
Fig: NLNLOG’s IRR Explorer Report for the RIPE NCC’s Network
by Leo Vegoda
For organizations with lots of client and server computing devices, taking control of their own internet connectivity can bring advantages. It can lower costs and improve performance. In particular, peering can improve connectivity to other local networks, including content networks with a local presence. But what does ‘taking control’ really mean?
It’s a bit like office space. Some organizations choose fully managed offices and others buy or rent space, managing some or all of it themselves. Buying internet connectivity – known as transit – is the fully managed option. Peering means taking responsibility for managing some of your organization’s internet connectivity.
In general, a transit provider will come to your location and give you full internet access. They can provide everything with just one contractual relationship. In contrast, peering is likely to mean paying for a circuit to a data center hosting an Internet Exchange Point (IXP) and then paying to connect to the IXP. You’ll need to manage multiple relationships, contracts, and some extra equipment.
You can mix and match. It is common to peer with other local networks and some content providers, while buying transit to get access to distant networks.
Peering has two meanings. From a business perspective, peering networks connect as equals. They trade access to each other’s downstream customers without charge. In contrast, transit is a commercial arrangement for internet access. In BGP, the network protocol that connects internet networks, neighboring networks are called peers. So, in a technical sense a BGP peer can be an upstream transit network.
But the internet is constantly changing, so that connectivity needs to be managed. If internet connectivity is a convenience but not essential, you probably don’t need to peer. But if you need to improve uptime, performance, or manage costs, peering could be one way to achieve your goals.
Almost all organizations continue to buy some transit because peering is used to access nearby networks. As most networks are based in a city, country, or continent, they will need to buy transit to reach the rest of the world. Only a handful of global internet networks do not buy transit. That’s because these very large networks peer with other very large networks. They sell services but don’t buy them. Lumen is one example – CAIDA ranks them as having the most reach at the time of writing. Sometimes, these networks call themselves Tier 1 networks.
Networks peer to reduce latency, improve resilience, and manage cost.
Latency is the time it takes for a data packet to get from sender to receiver. For instance, data from London should get to Amsterdam in under 10ms. But the same data would take about 80ms to get from London to Boston.
Directly connecting to local networks can improve the experience for users by shortening the path data takes. This is important for highly interactive services like gaming, VoIP and video conferencing. They need low latency connections to avoid poor user experience from data taking a longer route than needed. They try to peer with many networks to keep traffic local.
Resilience is the ability to continue offering a service when a part of the network fails. This is both important during scheduled maintenance windows and when fibers or other equipment fail.
Peering can improve resilience. There can be multiple routes between any two places on the internet. One might be preferred because it is cheaper or shorter. But having multiple internet routes is no different from being able to choose between multiple airlines when flying to another city. Any single link, like a transit connection, can go down. But with multiple connections, a network can retain significant connectivity.
For instance, a network buying transit from an upstream in the NIKHEF data center in Amsterdam could also peer at multiple IXPs based there. When a transit link goes down for planned maintenance, they could connect to hundreds of networks through AMS-IX and dozens through Asteroid.
This can be important for networks whose users need to exchange data locally. For instance, local businesses, banks, and other financial services networks might need to peer to eliminate a single point of failure at a transit provider.
The cost of peering can vary but it is often cheaper than buying transit when your organization has its own IT team. This is partly because you are taking on responsibilities like buying network equipment and placing it in data centers to peer with other networks.
An IXP is a physical infrastructure for exchanging internet traffic between three or more networks. Three is the minimum number because two is just a point-to-point link.
IXPs are based in data centers, also known as interconnection facilities. Some IXPs are distributed across several data centers in the city they serve. Some IXPs are run by the data centers themselves as an added value service for customer networks.
PeeringDB data for Seattle, WA shown in Google Earth Pro from its daily KMZ dataset.
This means that connecting networks can make a single connection to the IXP and have access to many networks. The alternative would be to connect to each of the other networks separately. That requires a lot of configuration and constant maintenance as networks move around.
IXPs have made the configuration requirements for peering very simple through their route servers. This multilateral peering lets networks peer with the routeserver and so get access to all the peering networks’ routes with a single configuration entry.
Of course, it is possible to make multiple connections to the IXP and to use it to peer directly – bilateral peering – with another network as well as getting their routes via the route server.
Some IXPs include some rack space in their membership fees. Others don’t charge at all because they are volunteer projects. The wide variety in pricing and business models reflects history and development models. Some IXPs grew as neutral, non-profit organizations in the 1990s, others offer an internal IXP as an added value offer for a data center. Sometimes, people create an IXP to keep traffic local and encourage economic and network growth in that community.
The key price is for a port – connection – on the peering LAN. In 2021, Euro-IX, the European organization for IXPs, published a report showing an average price of €485 per month for a 1 Gb/s port. Port prices go down, so 2024’s average price is likely to be lower.
There are multiple databases supporting interconnection. Two of the main databases are PeeringDB and IXPDB. PeeringDB’s database focuses on user supplied data while IXPDB gets its data from IXPs. PeeringDB, in contrast, lets connecting networks decide what information they want to share. That means, they can choose to have the IXPs they connect to contribute technical configuration about them, like the IP addresses they use to connect to the peering LAN.
LINX’s PeeringDB entry shows the IP address and ASN of connecting networks
Both support publication of data in a JSON file, generated by the IXP, that can be used to automate configuration.
PeeringDB’s website makes it easy to find IXPs, networks, carriers, and more.
Some networks arrange bilateral peering and private network interconnects, often called PNIs, over mail. Others, like Google, have peering websites. Some, like Cloudflare and Meta, will require you to authenticate using your PeeringDB account. This is because they want to get configuration information from PeeringDB.
Peering with Cloudflare requires authentication with your PeeringDB account
Euro-IX has developed the Peering Toolbox, a free online training course for networks that want to learn more about BGP and peering. It explains a lot of what you need to do and how to do it but doesn’t discuss tools for managing peering relationships.
One option worth looking at is 6Connect’s ProVision platform. It automates complicated network provisioning workflows and contains a Peering Manager for one-click configuration. It takes the technical challenge out of peering and simplifies network management.
by IPv4.Global Staff
Organizations are not static.
It is common for universities and commercial organizations to merge with others or buy and sell divisions. They adapt their shape to meet the needs and opportunities of the time. When changes of these kinds occur, the IP addresses organizations use need to be transferred to the new legal entity, whatever shape it may take.
Companies have always been engaged in M&A activity. But IPv4 addresses have only been treated as an asset in the last 20 years. So, older sale and merger agreements often did not specifically mention IP addresses. In some cases, this can lead to surprises. Chief among them is the realization that long-ignored (if partially deployed and used) assets are owned but not registered as such. They keep on working, officially registered to a company that has long ago disappeared. One such tangled tale of a lost chain of title saga is that of Synoptek. But there are many, many such situations.
In order for company management to address the complex issues surrounding IPv4 address assets before, during, and after M&A, it’s a good idea to have an overview of the technology.
Devices of any kind that communicate on the internet must have a unique identifier so that data can come to and go from it. Unlike a radio or TV, communications are specific to and from a particular device. Computers and phones have these identifiers. So do the computers that host websites.
Websites like this one are generally known by their domain name. (IPv4.Global) But they can also be thought of as being at a unique address, the internet protocol number identifying the computer on which they operate. Our website is https://ipv4.global. But to access the site, that domain name is converted to a series of numbers. Those numbers, Internet Protocol identifiers, direct traffic to and from sources and destinations of data on the internet. 23.185.0.4, the address for ipv4.global, is an IPv4 address. IPv4 is the first version of the Internet Protocol to be deployed in production. It is still the version that is most widely used today.
There are 4.3 billion IPv4 addresses in total. Just 3.7 billion are available for ordinary internet use. The others are reserved for special protocols and use of private networks.
The internet and IPv4 were both developed when computers were expensive. Because they were expensive and new, there weren’t many of them and so the nearly four billion addresses in the IPv4 protocol seemed like more than enough. Ever. In fact, there was a surplus. This meant IPv4 addresses didn’t have any monetary value as there was no shortage. The important thing was that they were unique. If two different organizations were using the same addresses, traffic would go to the wrong places. This could lead to confusion and security problems.
Today, IPv4 addresses are scarce and computing is cheap. There are more than twice as many people as IPv4 addresses. And every smartphone and server uses IP addresses. As do many doorbells and refrigerators!
The engineers that developed the protocols for connecting networks used a computing shortcut to make routing decisions easier and cheaper. It would be easier if all the address blocks of the same size came from the same part of the address space.
So, they cut up the addresses into three classes:
IPv4’s Historic Classful Structure, now superseded with CIDR. Class D and E were reserved for multicast and Future Use.
The outcome was that universities and companies with a few thousand networked computers were assigned Class Bs without charge. Years later many have not used all the addresses they were assigned. Meanwhile, those addresses are now worth between $30 and $50 each.
A whole Class B, now known as a /16, can sell for over $3 million on the transfer market. Whether you sell unused addresses or not, they need to be properly managed because they are valuable assets.
In the very early days of the internet, all the names and numbers were assigned by one person: Jon Postel. He wrote them down in a paper notebook. He was later joined by Joyce Reynolds and they started publishing regular lists of what had been assigned.
As the internet grew, some of the routine work was contracted away. But by the end of the 1990s, the internet was a global phenomenon and the people running networks in Europe, Latin America, the Asia Pacific, and Africa wanted registries nearer to them.
One reason was the cost of international data traffic. There were still relatively few trans-oceanic cables and they were expensive to use. Another was customer service. It’s nice to be able to speak on the phone with someone in your own time zone. And each region has different issues to manage. Each region could have slightly different policies, accommodating regional needs.
There are five Regional Internet Registries (RIRs). They each have a roughly continental region and are not-for-profit membership organizations. They act as neutral stewards of a common resource. The policies they implement are developed by volunteer communities.
The Five Regional Internet Registries, map published by the NRO under a CC-BY-SA license
A part of the work of officially transferring addresses is letting the Regional Internet Registry know about the organizational change. Each RIR has its own policy and process for managing these business procedures. These policies reflect the needs of the legal system used in each region. They can also vary based on other considerations of the community in that part of the world.
There are several countries in the APNIC and LACNIC regions with National Internet Registries (NIR). An NIR is an organization under the umbrella of a regional Internet registry (RIR). with These provide the same services as an RIR but are confined to a single nation. Users in an NIR have the added convenience of using the same legal system, currency, and (usually) language.
All the RIRs and NIRs perform due diligence evaluations of the documents describing the M&A. They want to make sure that the documents are genuine. When they are presented with fraudulent documents they make police reports.
One example of this is the United States’ prosecution of Amir Golestan. ARIN worked with the prosecutors and gave evidence at the trial. In 2023, Golestan was jailed for five years.
An IP Address Manager (IPAM) is a tool that specializes in managing IP addresses. It is common for smaller organizations to rely on an Excel spreadsheet or text file to manage IP addresses. It’s a false economy for larger organizations.
They key advantages of an IPAM over a spreadsheet are:
Most organizations will have some unique IPv4 addresses and use private addresses internally. It is important to make sure that unique addresses you use are properly registered to your organization. Even when IP addresses are used internally, they can be disclosed in some packet headers, DNS entries, or routing leaks.
With an accurate view of the addresses deployed on the merged networks, management can make informed decisions about what to change.
IPv4 is still the most widely deployed version of the Internet Protocol, despite being specified in 1981. The Internet Society’s Pulse technology deployment index puts its deployment status at 38 percent in mid-2024.
It is being deployed more widely and is the future.
Engineers thought IPv6 would become the dominant version of the Internet Protocol much more quickly. There are engineering advantages to IPv6 but IPv4 works and spending money on deploying it before it is required is often seen as wasteful.
The largest networks have all deployed IPv6. Meta, Apple, Google, Microsoft, Amazon, Cloudflare, Akamai – they have all done IPv6 for years. They deployed it because they or their customers ran out of IPv4. The same is true for the very large cell phone networks.
Deploying IPv6 alongside IPv4 on smaller networks is practical and cost effective.
One example is the temporary networks used for technical conferences. The RIPE NCC uses an “IPv6 Mostly” network for its RIPE meetings. IPv4 addresses are only assigned as required and only 16 percent of connected devices needed an IPv4 address. When addresses cost between $30 and $50 each, that’s a significant saving.
When Jon Postel published the IPv4 specification in 1981 it was what Douglas Adams would call “exciting and revolutionary.” But the revolutionaries won and each part of the internet must now be managed, or risk being attacked or stolen.
It’s important to keep track of IP addresses in an IPAM. Regular network scans should be used to identify rogue devices and undocumented or unapproved changes.
All unique addresses should be properly registered in your RIR’s database. This means:
You should also make sure your access to the RIR’s customer portal is properly protected.
You should make sure your unique addresses are properly registered in the Internet Routing Registry (IRR). Use the RIR’s IRR database. It doesn’t cost anything extra and is the preferred IRR choice when you have access.
You can also choose to apply a digital certificate to your addresses. RPKI lets networks use standard cryptographic signatures to confirm the link between your addresses and the network routing them on the internet.
You can manage all of this from the RIR’s customer portal. But it’s reassuring to have experts confirm that you’ve done it right. The NLNOG IRR Explorer will show you whether there are any inconsistencies in your registrations.
NLNOG IRR Explorer shows that the RIPE NCC has properly configured its routing policy and RPKI
January 20, 2025
The internet has grown organically from a cooperative lab experiment into economic infrastructure. In the early days, configuration mistakes were an annoyance, but not much more. Today a mistake can cost organizations money, enable security threats, and degrade reputations.
A crucial configuration problem occurs when a networks claims they are the right destination for someone else’s IP addresses. When this happens, the legitimate network can lose traffic and the mistaken – or worse miscreant – network can be overwhelmed. That’s what happened when Pakistan Telecom claimed to be the right destination for YouTube’s IP addresses in 2008.
To address such issues, internet engineers created databases where networks publish computer readable policies describing the addresses they announce. These records describe where addresses are announced them and to which other networks. This information can be used to create filters that minimize outages arising from misconfigurations.
RPKI is the Resource Public Key Infrastructure. It’s an X.509 digital certificate hierarchy for IP addresses and AS Numbers (ASNs) run by the five RIRs. In other words, networks can publish a link between the identifier for their network – an ASN – and their IP addresses. They do this with RPKI Route Origin Authorizations (ROAs) – a digital object linking the two. Other networks can then validate that claim with software and build filters that protect against accidental claims.
In January 2025 the US government ordered its civilian agencies to deploy RPKI. And it has ordered them to buy services from network operators that use RPKI data to filter out bogus claims to IP addresses. The key requirements in the order are:
Not all IP address assignments are registered at the RIRs. Some older networks have large blocks of address space from the early days of the internet. But their customers won’t have access to RPKI services with IP addresses from these networks.
Agencies using addresses from them will need to get addresses from the market.
And some US government agencies have offices overseas because their missions are international. They will need to make sure their addresses are registered with the RIR for that region.
This is not the first time the US government has used policy to promote an internet security technology. In 2008 it ordered its agencies to deploy DNSSEC. Two years later, just over a third had done so and the latest measurements show that about 20 percent of .gov domains still aren’t signed with DNSSEC.
There were two key problems with getting agencies to implement DNSSEC and this new order attempts to resolve them.
Signing DNS records with a digital certificate – and that’s what DNSSEC does – doesn’t add any security if no one checks those signatures. And if anyone makes a mistake generating those signatures, then users of validating DNS resolvers cannot access the service using the DNS name. That’s exactly what happened when Comcast checked NASA’s DNSSEC signatures, found that they didn’t validate, and so denied its users access to their website.
Comcast had done the right thing. NASA had made a mistake. But Comcast’s customers were angry. Comcast took on risk by being an early adopter of DNSSEC validation. And it is still an outlier with only about 30 percent of users protected.
By urging its agencies to use their purchasing power to push for RPKI Route Origin Validation, this order has more chance of success. That is because the risk of being an early adopter is balanced by government spending and the knowledge that other providers will also be making the same changes.
It also comes at a time where internet security improvements are taken more seriously. The last quarter has seen unencrypted telephone communications hacked and claims of interference with subsea cables. So, while this executive order does a better job of creating incentives, the executives it is aimed at are more likely to see the benefit than the people holding those offices 15 years ago.
by Leo Vegoda
IP addresses are the numerical identifiers used by network interfaces on IP networks. Organizations often run many instances in cloud computing environments. Elastic IP addresses are the unique IPv4 addresses that can be switched among the network interfaces on your AWS instances. Rapidly remapping IP addresses like this can help you keep services up, even when individual instances aren’t available.
Elastic IP addresses are IPv4 addresses that are permanently reserved for your AWS account, so they won’t be used by anyone else when you’re not using them. They are ideal for service addresses. You can put them in the DNS and use them in TLS certificates, while moving them to the cloud instances you want to run live services.
The Elastic IP service is only needed for IPv4 because there is a limited pool. There is no shortage of IPv6, so your VPC (Virtual Private Cloud) can just use IPv6 addresses as you’d use them elsewhere. AWS charges for IPv4 addresses they supply but does not charge for IPv6 addresses.
Cloud computing services use three main kinds of IPv4 addresses.
The first is private addresses, which are only locally unique. That means network interfaces using private addresses are not directly accessible over the internet. They are used for communication between instances in the same VPC. They are allocated using DHCP.
Of course, you can connect to them through an intermediate host with a globally unique address. That means, private IP addresses can provide backend services that don’t need full internet access. For instance, a website might use a database with a private IP address. And AWS sells a NAT gateway product, which gives your instances internet access but stops external services initiating a connection with them.
The next kind of address is a globally unique address. These come from a pool of dynamically assigned addresses. While you could use these addresses for public services, the address is released back to the pool when the instance stops. There’s no guarantee of getting the same address again.
These addresses cannot be converted to Elastic IP addresses.
AWS’s Elastic IP addresses are statically assigned to your account. You retain them even when they are not in use. This makes them ideal as service addresses. You get five IP addresses by default when enabling Elastic IP addresses. You can request an additional quota if you need more addresses but AWS recommends only using Elastic IP addresses for public services. Inter-instance communications should use DNS names, not IP addresses.
You can use your own IP addresses, through their BYOIP service. If you choose to use your own IP addresses you will need to demonstrate your control of the addresses by creating an RPKI ROA at your RIR. Some holders of legacy IP addresses won’t have access to ROA services. This mostly affects addresses allocated before ARIN was established in 1998.
As of January 2024, AWS charges $0.005 per IPv4 address per hour, whether attached to a service or not. That’s $43.80 per year. So, if you aren’t using your own addresses, it’s important to be careful with Elastic IP addresses as you’re incurring costs, even if you don’t use the addresses.
If you only need a few resolvable names for public services, Elastic IP is probably a cost-efficient choice. But it is worth noting that the addresses are linked to a service region. You can’t use the same address over multiple regions or move it between regions.
You can connect IPAMs, like ReView to AWS so you can monitor your use of IP addresses and manage costs effectively.
If you need to distribute load over multiple instances, or lambdas, you might need a load balancer. AWS offers servers different load balancer products and these can be a good way to both optimize the number of IPv4 addresses you need and to improve service resilience. The load balancer has a single IPv4 address and passes connections to the resources you place behind it.
Dynamic DNS is sometimes used as an alternative to Elastic IP. When considering it, it’s important to consider more than just cost. AWS notes that it could be a useful approach when you have many instances that aren’t behind a load balancer and you want to use your own DNS names. You can do it with self-managed DNS, or their Route 53 product. But this approach requires a bit more management from you and adds additional complexity.
by Leo Vegoda
Most networks distinguish between abuse of the network and abuse that is carried out over the network. Abuse of the network degrades its service in some way. Abuse carried out over the network relies on it working properly. Networks can often prevent or reduce abuse of the network itself. But abuse carried out over the network, like banking fraud, must be investigated by law enforcement.
One of the first network abuse investigations focused on people who had gained access to Prince Philip’s email account in 1985. This is an example of abuse carried out over the network and was executed, according to the perpetrator, as a protest against bad security measures. The Prince’s email account, on BT’s private Prestel service, was probably unused and included only unread birthday greetings for Princess Diana. The failed prosecution under fraud law led to the Computer Misuse Act.
Another newsworthy network abuse event was the Morris Worm from 1988, named after its creator Robert Tappan Morris. This was a self-replicating program that used insecure software and the internet. It disabled the machines it infected. This is an example of abusing the network itself. Paul Graham, who went on to co-found Viaweb with Morris, claims that Morris wanted “simply to see if it could be done. If it had worked as intended, it would have been barely noticeable.” Morris was convicted under the 1986 Computer Fraud and Abuse Act.
These early abuse events were carried out with youthful enthusiasm and without malice. They didn’t cause serious social damage because relatively few important services relied on computers. The consequences of abuse are higher now. Clearly, this is because the internet is a mature infrastructure relied on by business, government, and healthcare.
Organizations can configure any IP addresses onto their networks. In most cases, organizations only want to configure their own addresses. But typos can lead to your addresses being used on someone else’s network. When that happens, traffic intended for you might go to them. Losing traffic you want is obviously bad. But this kind of error can also cause major outages if too much traffic is sent to the wrong place.
If the issue is a mistake, the organization getting the extra traffic will want to fix things as quickly as possible. One example of this is from 2008, when Pakistan Telecom misconfigured a filter that was supposed to stop access to YouTube from inside Pakistan. Instead, much of the world’s YouTube traffic was sent to Pakistan Telecom. The flood of traffic overwhelmed Pakistan Telecom and the issue was resolved in about an hour.
Smaller networks might not notice events like these if they happen outside of normal business hours. But there are monitoring services that can alert you to this kind of hijack. Some specialized services have very low costs, while others both charge and offer more.
One way to help everyone is to filter claims about addresses based on the IRR and RPKI. Both approaches help you tell other networks which IP addresses are yours. Those networks can then reject other networks’ claims to route your IP addresses. Tools to process IRR and RPKI data are freely available and well maintained.
A more malicious kind of address hijack relates to the registration itself. In these cases, the hijacker will try to update the (official, Regional Internet Registry) registration so that they can use or sell the addresses. The approaches used by miscreants and the defenses employed by the RIRs have been evolving for 20 years.
Hijackers have previously used approaches like:
Hijackers have refined their approaches as the RIRs have improved their due diligence checks of any new registration. As a result, this kind of attack has become harder to pull off. Nonetheless, RIRs occasionally need to revert transfers based on fraudulent documentation. Even a temporary hijack can disrupt an organization’s internet access. That could enable other kinds of attack, damaging both finances and reputation.
You can protect your addresses by regularly reviewing the information held on your organization by the RIR. Make sure that the company name and contact information are current. And make sure abuse reports are received and acted on.
Pakistan Telecom noticed its misconfiguration immediately because it received so much internet traffic. The sheer volume of unexpected traffic overwhelmed their network. It was a self-inflicted Denial of Service (DoS) because they lost the ability to use their network for its intended purpose.
Many DoS attacks don’t come from a single source. They are known as Distributed Denial of Service (DDoS) attacks. Often these are possible because network operators have not implemented reverse path filters. These filters stop a network sending packets with a foreign – inaccurate – source address. The attack is called IP Source Address Spoofing and allows a single source to send great numbers of messages that appear to come from multiple sources.
Deploying IP source address filters has been best practice, published as BCP 38, for over 25 years.
BCP 38 filters: The router rejects the packet coming from the laptop when its origin IP address does not match the assigned address
The impact on other networks can be severe. One small packet can generate a very large response. If a malicious actor can trigger a lot of those packets to be sent using IP addresses from the victim’s network they can overwhelm it. One way they do this is with DNS, the internet’s naming system. A small query can trigger a large answer, so this is called a DNS Amplification Attack.
For instance, a single DNS query might use 64-bytes. That query could result in a response 50 times larger, sent to a victim network. Bad actors often control large networks of machines, including things like home ccTV systems. Companies that sell DDoS protection services describe under 500Mb/s as “relatively small” – and these are the overwhelming majority. But the attack only needs to be just big enough to overwhelm the victim’s network. A small fraction of attacks are between 10Gb/s and 100Gb/s.
Impacts start with poor performance in online gaming. They extend into increased costs for IP transit and DDoS protection services. Ultimately, this kind of attack can make a network unreachable.
DoS and DDoS attacks are illegal. But criminal businesses have been selling them for years. They claim that they are for ‘stress testing’ networks. Law enforcement has investigated these services. They have taken their domain names and charged the operators with crimes.
The US and other governments have also responded with new regulations to improve the security of the devices whose security has been breached. But that’s only half of the solution. Why don’t networks deploy BCP 38 filters, though?
One possible reason is that the organization bearing the costs doesn’t get the benefits. The service provider networks charge based on usage. DDoS traffic carried over their network gets counted when calculating invoices.
Another is that some network operators use older equipment in places where filtering is needed. Many networks continue to use older equipment as long as possible. They want to avoid the capital cost and operational disruption of replacing equipment. Older equipment will struggle to apply filters for large amounts of traffic.
The industry has developed a program to address this. MANRS, the Mutually Agreed Norms for Routing Security, is an initiative to encourage security improvements. It requires participating networks to deploy BCP 38 filters. But there are under 1,000 members of the MANRS Networks program and tens of thousands of networks on the internet.
DNS can be abused in other ways. Two of the most prominent are changes to DNS answers, often called DNS lies. DNS lies can send innocent users, and lots of traffic, to the wrong place.
One method of attack is to change the answers given by the authoritative server. This disrupts the network by sending traffic to the wrong place. It is hard to do as it requires significant access to the target’s network. Standard monitoring tools should detect this kind of attack.
Another approach is to poison the answers in the DNS resolvers that get DNS answers for users on a network. This is called cache poisoning, or the Kaminsky attack, named after security researcher Dan Kaminsky. It is harder for domain owners to detect as only a small fraction of users will get the DNS lie.
One protection against DNS lies is DNSSEC. This relies on the operator of the DNS zone signing their answers with a digital certificate. Users, or the DNS resolver they rely on, must then validate those answers. With DNSSEC in place, a DNS lie is obvious and can be rejected.
ICANN requires gTLDs, like .com or .org to be signed with DNSSEC. ccTLDs, like .fr and .uk, set their own policies. Only two-thirds have chosen to sign so far. The Internet Society measures just a third of resolvers or users validating the signatures. That’s probably because under six percent of .com domains are signed with DNSSEC.
Another reason that most DNS resolvers don’t validate DNSSEC is the complaints they get when the signer makes a mistake. One example is when NASA broke its own DNSSEC configuration. Comcast, a large ISP, was validating DNSSEC and that meant its users couldn’t find NASA’s network. Comcast users were angry.
Securing domains and DNS is clearly hard, detailed work. It’s important to get things right from the registrar to the resolver. One way to do that is to outsource it to a specialist brand protection domain registrar. Companies like these specialize in protecting brands and their intellectual property.
If you’d like to validate DNSSEC to add some extra security to your own system, you can run DNSSEC-Trigger on most operating systems. You cannot run it on phones or tablets.
While the law varies between jurisdictions, most agree on a core of what is illegal. ‘Bulletproof hosting’ companies outside these rules, and host content that legitimate businesses won’t touch. Their description comes from the idea these hosts are immune from criticism and control because they operate outside stringent laws controlling their use and content.
Specifically, they host:
Botnets are groups of internet-connected devices whose security has been breached. This puts the device in the control of a third-party. Botnets are widely used for DDoS attacks and sending spam. Botnet controllers tell the compromised devices what to do.
Bulletproof hosters tend to operate outside of rule of law jurisdictions. For instance, the Russian Business Network is based in St Petersburg, Russia. One way they keep content available is by placing it on otherwise legitimate websites they have hacked. The content is not linked to from the hosting website, only the illegal website.
This increases cost for the actual hoster and might add some legal risk if they are held responsible for serving up illegal content.
One way to keep your users safe from bulletproof hosters is to filter based on a reliable reputation list. One example is the Spamhaus DROP list. It’s freely available to everyone as a public service.
Unsolicited Commercial Email (UCE) is often called spam. The first unsolicited commercial advertisement is thought to have been sent to over 5,000 Usenet discussion groups. It advertised Green Card lottery services. Laurence Canter claims the spam brought in between $100,000 and $200,000 in 1994 at almost no cost to him and his partner.
UCE can both overwhelm mail services and fill up people’s mailboxes. Both network operators and users hate it because the low cost of sending means there’s no incentive to carefully target offers to appropriate prospects.
Most mail and access contracts now forbid sending spam. In contrast, the large mail providers have reciprocal relationships with email marketing services. The key change since the early 1990s is the opportunity to reliably unsubscribe from email marketing messages.
Message with prominent unsubscribe link.
The key objections to spam in the 1990s and early 2000s were abuse of resources and the inability to unsubscribe. Laws like the CAN-SPAM Act and GDPR, and the professionalization of internet marketing, have changed things. People can now choose to sign up for email marketing knowing that unsubscribe requests will be honored.
If you need to send marketing messages or transactional email, find a company that will help you obey the laws relevant to your business. If you are worried about too much incoming spam, find a reputation list that works for you.
Most networks have a person or team responsible for responding to abuse issues. Whether caused by their users or affecting their network they must be addressed. The RIPE NCC runs and publishes free webinars on setting up an Abuse Desk. This webinar is a good free introduction to this subject.
Many network operators have an Incident Response Team. They centralize responsibility for preventing, detecting, and resolving security incidents. Incident Response Teams share experience through FIRST, the Forum of Incident Response and Security Teams.
Strong fourth quarter sales have only reinforced the current price stability in the market averages. If /16 prices fall below smaller blocks, sellers will sell subnets, driving overall prices down. Buyers with fresh budget for the new year could instead push prices back up. Demand remains especially strong in North America, providing pricing support for blocks in ARIN.
Average prices for all block sizes have converged in the low $30s per address. Averages don’t tell the whole story: see the scatter chart to see how widely prices can vary, even among comparable blocks.
Prices have stabilized for all block sizes, with a little normal variation month to month, while volume of sales continues to increase. A period of stability is no guarantee that supply or demand will remain the same.
by Lee Howard
In the first three quarters of 2024, ARIN continued to outpace the other RIRs in both sourcing and receiving addresses. The Internet was invented in North America, so there were more of the old classful address allocations (Class A, Class B) in the ARIN region. One buyer in the ARIN region consistently buys about half of all addresses, explaining much of the dominance of ARIN as a destination region.
Anecdotally, home users in the ARIN region expect to be assigned a public IPv4 address. In much of the rest of the world, the Internet is mobile, with Network Address Translation (NAT) sharing few addresses among many users. Therefore, there is more demand for IPv4 addresses in some regions than others, even when comparing those with similar populations.
ARIN is on pace to source fewer addresses in 2024 (24MM) compared to 2022 (37MM) and 2023 (30MM). RIPE receives more addresses than it sources, but this is primarily due to one multinational using its RIPE NCC account to receive addresses rather than into its ARIN or APNIC accounts. There are several possible reasons for this transfer policy, including RIPE’s fees (€1800 + €75 per assignment) compared to ARIN’s fees ($67,200 for a /10-/8), or RIPE’s less-strict policy on demonstration of need.
2024 Transfers YTD, generated by SankeyDiagram.net
The above diagram shows 2024 transfers. Compare these flows to transfers over all time, below. More addresses have gone to RIPE in 2024 than usual, due to the large buyer mentioned above. Also, the ARIN to APNIC flow has all but stopped.
IPv4 Transfers over All Time, generated by SankeyDiagram.net
by Leo Vegoda
The regulations and processes involved in the use and control of IPv4 addresses is a layered system. This is the case because the internet is comprised of cooperating but autonomous interconnected networks. The collaborative nature of the system requires some governance by those managing it. But rules vary among the Regional Internet Registries (RIRs) that run the system.
The RIRs have developed terms of art that give additional meaning to commonly used words.
An assignment (or reassignment) is a level of use and control where a block of IP addresses is associated with an end user. That user is not an intermediate network – such as an internet service provider (ISP) – that provides services to someone else. Generally speaking, assignments do not involve ownership. (Note that ownership and possession combine to make for slippery concepts when it comes to IP addresses, anyway.)
An assignment may go to an individual or an organization. There’s no minimum or maximum size. But assignments are likely to be smaller rather than larger. This is the case because an assignment does not include the level of control ownership provides. So, organizations needing many addresses, often as crucial parts of their enterprise, want the added control of owning the addresses they use.
Assignments of single IP addresses are generally not registered with an RIR. ARIN and RIPE NCC only require /29 and larger blocks (8 or more addresses) to be registered with them. One could register a single address but there would be little benefit to doing so.
Assignments are the final distribution layer of addresses. They go to the end user. Allocations make up the layer (or layers) of address blocks from which assignments come. There can be multiple service provider allocation layers. An example of a typical set of allocation layers is below:
Note that the “Subscriber” here might be a single IP address from the ISP allocation. That single address does not have to be registered with the appropriate RIR.
The question of ownership of IPv4 addresses is thoroughly explored in our blog, “Are IP Addresses Property?” While the route to a policy makes interesting reading there, it’s primarily important to know the registration an IP address is unique, worldwide. Registration maintains uniqueness in the sense that it makes clear who is the authorized controller of an IP address. Registration includes the ability to transfer IP address use to someone else, subject to the policy of the registries, in return for payment. Thus, “ownership” is of the registration, not the address itself.
Leasing (or renting) is a common way to have exclusive use temporarily. This form of control includes many levels of authority and permissions. It’s flexible in timeframe and cost and does not convey ownership. Leased addresses can be registered as an assignment, allocation, or sub-allocation. In the RIPE NCC’s systems, they can be registered as a temporary transfer. Each of these methods of arranging temporary use includes different extents to which responsibility can be delegated to the lessee.
Also critical is the broad intended use of addresses by a lessee. Many schools, companies, and other organizations run their own networks. They are the end users of addresses. They do not reassign IPs to other organizations but instead use them to run the enterprise’s own network. Other organizations’ business is to provide network access or other services to end users. ISPs and telecoms delivering internet access are not the end users of the addresses they manage and – generally – own.
A lessee that wants to use the addresses for their own network will need an assignment, known as a reassignment in ARIN’s documentation. As an end user the lessee won’t be able to manage registry information themselves, so the address space owner must create the assignment, reverse DNS delegation, and a routing registry entry and RPKI ROA if the lessee will manage its own internet connectivity.
Such a lessee may want to be the first point of contact for abuse reports. But the owner of the IP addresses should also list themselves as an abuse contact for the addresses. It is important for an owner who is leasing IP addresses out to know how many abuse reports the lessee is generating and how quickly and effectively they deal with them.
The owner of the IP addresses may terminate the agreement and remove the assignment if the lessee fails in their responsibilities in some way. This can be done very quickly and easily with an assignment or reassignment.
A lessee who is not an end user but assigns user to subscribers needs an allocation. This is called a reallocation in ARIN’s terminology and can be called a sub-allocation in RIPE’s.
An allocation will normally have assignments below it. This further removes the owner from control of their IP assets . So, it is important for the owner of the addresses to agree to registration requirements with the lessee so that their use and the assignment of use to subscribers is well-understood. Poor management of the allocation (and/or its further assignment) can result in the address space gaining a poor reputation. That could put it out of use for some time while the owner cleans it up.
So, agreements should require that assignments are registered when they are made and deleted when their service ends.
Rules vary regarding who controls what at an RIR. In all cases, the set-up creates the reverse DNS delegation, routing registry, and RPKI entries for the lessee. In some cases, control to do these things can be delegated to the lessee. For instance, the RIPE NCC’s mnt-lower attribute allows control over the creation and management of assignments and routing registry entries. Sometimes, it can be used to delegate control of the creation of domain objects for reverse DNS. This depends on the size of the allocation. Reverse delegation for allocations smaller than a /16 (65,536 IPv4 addresses) will need to be managed by the IP address owner.
Because the lessee is managing the distribution of addresses to their own subscribers, they are normally held to a higher standard than an end-user customer with an assignment.
These leasing agreements often require specific performance related to abuse reports. This includes a working contact address for abuse reports to go to and some performance metrics for acknowledging, investigating, and resolving abuse reports. One way to make this easier is to require use of a third-party specialist abuse desk service. The advantage of the third-party service is access to reliable reporting. Another option is to require the lessee to include the lessor’s abuse contact address in addition to their own.
The RIPE Database supports a sub-allocation status, which gives the same functionality as an allocation. But sub-allocations must be smaller than the allocation they come from. So, if a lessee needs a block the same as the lessor has available, the lease cannot be registered as a sub-allocation.
If the organization leasing the addresses breaks their agreement, a lessor can remove registry records quickly, disabling the addresses. The RIPE Database has a Force Delete function. ARIN lets you manage these things with an API and through its ARIN Online portal. LACNIC also offers both an API and a web portal called MiLACNIC.
RIPE policy has specific support for temporary transfers. The RIPE NCC has implemented this with a service that allows an allocation to be transferred for a fixed time from one member to another. The recipient of the transfer gains full control of the allocation.
The RIPE NCC publishes a sample transfer agreement. While the RIPE NCC will revoke a temporary transfer for a breach of law, it won’t revoke a temporary transfer for a breach of the agreement, like non-payment or an abuse problem.
The RIPE NCC’s temporary transfers implementation has a maximum term of one year. This creates some ‘start stop’ for longer term leases. One consequence of this is that RPKI breaks at the end of the term. This is an issue as about a third of temporary transfers run for two years or more.
The RIPE NCC has not allowed indefinitely extendable temporary transfers because of risks like sanctions and court orders. The relatively high number of multi-year transfers suggests that many organizations find these leases work well. But IP address owners bear risks, too. These include the potential loss of their IP addresses for the remainder of the term if the lessee breaks the agreement in some way.
October 23, 2024
RIPE NCC is hosting its 89th Regional Meeting from October 28, 2024, to November 1, 2024, in Prague, Czechia. The RIPE community will discuss industry news and review the latest policy proposals. Since the last regional meeting in Krakow, Poland, two proposals have been submitted, both concerning the assignment and allocation of IPv6 space.
The first proposal, 2024-01: Revised IPv6 PI Assignment Policy, was introduced to the RIPE community on August 13, 2024. Proposal 2024-01 seeks to reduce the operational cost of IPv6 PI assignment requests as the current policy text is ambiguous regarding the assignment guidelines. These ambiguities have led to a maximum IPv6 PI assignment size of /48, resulting in routing table deaggregation and RIPE Database clutter. To solve these issues, this proposal will update the definition of End Sites and the requirements for “IPv6 PI assignments” and “Assignments from IPv6 Allocations”, clarify permitted use cases, introduce IPv6 PI issuance at the nibble boundary, and establish new principles for aggregation and registration. If implemented, the proposal would update sections 2.6, 2.9, 5.4, and 7.1 of the IPv6 Address Allocation and Assignment Policy (RIPE-738).
The proposal is supported by several arguments, including reduced fragmentation, the prevention of renumbering due to growth, reducing IPv6 PI hoarding, clarifying the ISP services policy, and a simplified RIPE NCC evaluation process. However, there are a few arguments against this proposal, including the misuse of PI space by ISPs, the waste of address space, potential PI hoarding, increased workload for the RIPE NCC staff, and fabricated large assignment requests. The counterarguments address these concerns by highlighting solutions already in the proposal, such as restrictions on ISP use, address space reservation optimization, PI return requirements, streamlined evaluations and clear guidelines on requests.
Proposal 2024-01 has been in the discussion phase in the Address Policy Working Group Mailing List (APWG) since its introduction in August. Initially set to end on September 18, 2024, however, the phase was extended to November 22, 2024 as the community had multiple significant comments that would need to be addressed. One such comment was that the proposal makes too many changes at once and that it should be split into multiple policy proposals. Another comment was that the language used in the proposed policy updates seem to overcomplicate the policy and contradict the goals of the proposal by allowing deaggregation and increasing fragmentation. In response, the proposal writer expresses that the scope of the proposal is necessary and welcomes further community input to refine the language of the proposed policy updates to eliminate any contradictions.
The second proposal, 2024-02: IPv6 Initial Allocations /28, was introduced to the RIPE community on October 14, 2024. Its goal is to increase IPv6 adoption among RIPE members by increasing the IPv6 allocation size from /29 to /28. This proposal would update section 5.1.2 to allow for the larger initial allocation, and section 5.7 to allow for the extension of each previous allocation, up to a /28. Arguments supporting this proposal include its support for regular policy updates based on IPv6 deployment experience, a reduction in RIPE NCC’s overhead, a simplified LIR justification process and increased flexibility through the allowance of nibble-boundary prefix allocations.
Proposal 2024-02 is currently in the discussion phase which started on October 14, 2024 and is set to last until November 12, 2024. One issue brought up by the RIPE community is that the edit to policy section 5.7 could allow for a single RIPE Member (LIR) to extend the allocation of multiple previous allocations and contribute to IPv6 hoarding. It was suggested that the language be changed to limit LIRs to one allocation extension. In response to this concern, the proposal writer states that these extensions will require some form of demonstration of need, so the potential exploitation of loopholes is limited, however, they are willing to adjust the proposed language updates to better address this concern.
These proposals will be discussed during the second Address Policy session on Wednesday, October 30, 2024. During the first session, on the same day, will include a tribute to the late Erik Bais, with a few words and a moment of silence. To participate in these discussions, please register to attend the conference either onsite (for a fee) or online (for free).
October 22, 2024
ARIN 54 will be hosted in Toronto, Canada from October 24 to October 25 to discuss with the community current draft policies and recommended draft policies.
These are policies that are going to be presented at ARIN 54 to judge consensus to move them to a last call. The Advisory Council has already reviewed these and recommends their adoption.
ARIN-2022-12: Direct Assignment Language Update.
This recommended draft policy updates the NRPM by replacing “assignment” with “allocation” to better match ARIN’s current practices, as direct assignments are no longer a part of their resource distribution model. The change is largely technical, with terms like “assigned” being switched to “issued” for improved clarity and consistency across the NRPM. This aims to eliminate any ambiguity regarding the nature of IP address distributions. Given that this recommended draft policy reflects a shift that has already taken place operationally, it’s expected to be implemented within three months and to have minimal impact on ARIN’s current processes. Community feedback has been relatively quiet, as the recommended draft policy does not introduce major changes.
ARIN-2023-7: Clarification of NRPM Sections 4.5 and 6.11 Multiple Discrete Networks.
This recommended draft policy aims to make the requirements for managing multiple discrete networks clearer by revising Sections 4.5 and 6.11. It updates outdated terms and aligns the sections with ARIN’s style guide, making it easier for organizations to understand the requirements. For example, organizations that want additional IP allocations need to show 50% utilization of their existing space and provide strong reasons for keeping discrete networks. Some community members have supported the revision, seeing it as a way to make the application process smoother and more understandable. However, like all revisions, there needs to be careful consideration to ensure that the new language does not create any additional complications.
ARIN-2024-1: Definition of Organization ID/Org ID.
This recommended draft policy aims to clarify the definition of the Organization Identifier (Org ID) used in ARIN’s documentation, ensuring consistent terminology across all ARIN publications and resources. By formalizing the definition of Org ID, the policy seeks to simplify compliance for organizations and enhance their understanding of how these identifiers are referenced in various policy documents. This clarity will also address inconsistencies in processes such as resource management and registration updates, making interactions with ARIN more efficient. Earlier discussions within the community highlighted the need for a precise definition, with members advocating for clearer terminology to facilitate better understanding and application of ARIN’s requirements.
ARIN-2024-2: Whois Data Requirements Policy for Non-Personal Information.
This recommended draft policy seeks to balance privacy concerns with transparency by clarifying the types of non-personal information that must be made available in ARIN’s public Whois database. It emphasizes the need for essential non-personal data to remain publicly accessible while protecting personal information. Community discussions have centered around finding the right balance between transparency for network operators and privacy for individuals, especially due to evolving regulations. There was a call for further discussion from to increase clarity on this recommended draft policy.
ARIN-2024-9: Remove Outdated Carveout for Community Networks.
This recommended draft policy proposes the removal of a special carveout that allows Community Networks to receive a /40 of IPv6 space, arguing that this provision is no longer necessary. With current rules permitting any Local Internet Registry (LIR) to request this allocation size, this recommended draft policy aims to simplify the Number Resource Policy Manual (NRPM) and treat all organizations under the same criteria. Supporters believe this change will reduce administrative complexity and bring ARIN’s policies up to date with the current needs of the internet community. Community discussion has seen some support that the carveout has outlived its purpose, but further conversation may be needed to ensure that there are no unintended consequences and that everyone is considered.
These are considered to be a work in progress that will be presented for feedback.
ARIN-2023-8: Reduce 4.1.8 Maximum Allocation.
This draft policy proposes reducing the maximum IPv4 allocation size from a /22 to a /24 to address the lengthy waiting periods for new IPv4 address allocations, which currently extend to around three years. The draft policy aims to give priority to new entrants by restricting eligibility for additional allocations to those who do not already hold IPv4 space, thus freeing up the limited available pool. This would help ensure that organizations new to the internet ecosystem have a chance to secure the resources they need.
The community has been actively discussing the draft policy online, raising concerns about its potential effects on organizations currently on the IPv4 waitlist. One suggestion is to grandfather these waitlisted entities, allowing them to receive allocations based on the previous /22 limit instead of the proposed /24 restriction. As a potential compromise, some community members have proposed a /23 allocation, which would still conserve IPv4 space while providing slightly larger allocations to those in need. However, there is also opposition to further changes, as some believe the waitlist serves an important role in promoting IPv6 adoption.
ARIN-2024-4: Internet Exchange Point Definition.
This draft policy introduces a precise definition of an Internet Exchange Point (IXP) as a shared network used by three or more autonomous systems, providing a consistent reference point across ARIN’s policies. The aim is to eliminate ambiguities that might arise when organizations seek resources specifically for IXP purposes. The definition aligns ARIN’s standards with operational norms observed by IXPs globally, ensuring that draft policy references are consistent with how these infrastructures function in practice. Feedback from the community has been supportive, with stakeholders noting that this clarification helps smooth out policy application in cases involving IXPs. Some members have asked for further details on how the new definition will interact with existing policies on critical infrastructure and micro-allocations. There was also a suggestion to allow a grace period for smaller IXPs to meet the requirement of three autonomous systems.
ARIN-2024-5: Rewrite of NRPM Section 4.4 Micro-Allocation.
This draft policy proposes a rewrite of Section 4.4, which deals with micro-allocations for critical infrastructure like Internet Exchanges and DNS root servers. The updates aim to make the requirements clearer and more in line with current practices by setting minimum criteria for entities eligible for micro-allocations. The new language seeks to ensure that resources are allocated fairly while still supporting the needs of essential internet infrastructure.
Community feedback has highlighted the importance of clear guidelines, with some noting that previous language left too much room for interpretation. However, other members have raised concerns that the stricter criteria might make it more difficult for smaller or emerging IXPs to secure necessary resources. The importance of aligning this draft policy with the proposed definition in ARIN-2024-4 was also discussed to avoid conflicting interpretations. Community members suggest consolidating all definitional text for Internet Exchanges (IX) to ensure consistency and to avoid future synchronization issues.
ARIN-2024-6: 6.5.1a Definition Update.
This draft policy focuses on improving the clarity of Section 6.5.1a of the Number Resource Policy Manual (NRPM) by explicitly defining the interchangeable use of Internet Service Providers (ISPs) and Local Internet Registry (LIRs). This update aims to reduce confusion and ensure that policy language aligns with ARIN’s current practices, making it easier for organizations to understand and comply with ARIN’s allocation guidelines. The proposed change is expected to be implemented immediately, given its minimal operational impact.
Community discussions recognize that this policy addresses longstanding ambiguities in the language. Participants emphasize the need for precise terminology to prevent misunderstandings and highlight the importance of careful evaluation, as broad changes could significantly impact implementation. There’s a call for consistent terminology throughout the NRPM, particularly regarding requirements like physical presence. Overall, there’s a consensus on the need for clear guidelines, with some advocating for specific wording to maintain consistency and understanding within the community.
ARIN-2024-7: Addition of Definitions for General and Special Purpose IP Addresses.
This draft policy introduces precise definitions for “General Purpose” and “Special Purpose” IP addresses within the Number Resource Policy Manual (NRPM). By adding these definitions, ARIN aims to enhance the clarity of its policy language, making it easier for organizations to understand the types of allocations they may qualify for. This change is designed to simplify future policy proposals and discussions, providing a clearer framework for managing IP address allocations while keeping the overall policy structure intact.
Community feedback shows support for ARIN’s initiative to clarify definitions for general and special purpose IP addresses. Many members believe these definitions will help differentiate between everyday and specific functions, aiding resource management. While most view the proposal as harmless, some question its necessity, arguing it may not significantly improve existing policies. Concerns about potential unintended consequences, such as confusion or misinterpretation of rules, highlight the importance of compliance with ARIN policy on special purpose addresses. Participants suggest detailed revisions to enhance clarity and align with ARIN’s allocation practices.
ARIN-2024-8: Restrict the Largest Initial IPv6 Allocation to /20.
This draft policy proposes limiting the largest initial IPv6 allocation size to a /20 to encourage more conservative use of IPv6 space and support long-term address conservation. The intention is to promote efficient address use while still accommodating the needs of growing organizations. Some community members support the draft policy, viewing it as a necessary step for improved resource management and a means to promote conservative allocation practices, especially since larger allocations like a /16 are rarely needed. However, opinions vary regarding the strictness of these proposed restrictions. While some participants stress the importance of requiring clear justifications for larger allocations, others argue that limits are unwarranted if organizations can effectively demonstrate their specific needs.
ARIN-2024-10: Registration Requirements and Timing of Requirements With Retirement of Section 4.2.3.7.2.
This draft policy aims to streamline registration processes for both IPv4 and IPv6 resources, emphasizing timely updates to records. Key changes include a requirement that IPv4 reassignments of /29 or larger must be registered within 14 days and adjustments to ensure IPv6 records are maintained in a similar manner. The goal is to keep ARIN’s records accurate, benefiting both ARIN and the wider internet community by ensuring that routing and contact information remains up to date. While there has not been extensive discussion on this draft policy within the community yet, it is going to be discussed in ARIN 54.
These proposals will be discussed during the two policy sessions at ARIN 54 on Thursday, October 24, 2024, from 11:10am to 12:20pm and 3:30pm to 4:45pm. To participate in these discussions, please register to attend the conference either on site in Toronto or remotely
by IPv4.Global Staff
Chief Financial Officers (CFOs) help organizations maximize their corporate value and enable stakeholders to navigate the financial data obtained from cash flow, asset value, and operational expenses. For CFOs to fully understand their organizations’ capital, they must determine the value of their tangible and intangible assets.
Often, asset valuation tends to focus more on tangible assets, which are typically given preferential treatment by financial markets over their implicitly valued intangible counterparts. However, intangible asset valuation can provide opportunities for organizations to finance capital projects without taking out lines of credit or seeking additional sources of revenue.
Monetizing intangible assets then proves to be a worthwhile source of capital for any organization, especially when these assets are highly marketable. So, how can CFOs monetize the intangible assets their organizations currently hold?
An intangible asset is a non-physical commodity of value. Many can be monetized to provide revenue to an organization. Although these assets cannot be handled physically, they offer significant value to their owners, especially when they are sought after on the market.
Examples of intangible assets include:
Innovative asset monetization requires CFOs to thoroughly review the assets in their organizations’ inventories to determine which qualify for short- or long-term revenue generation. For some who discover these assets, it may be clear how to determine the value of royalties or sales from selling IP. It may not be immediately obvious how to redeem the value of intangibles like goodwill or IPv4 addresses.
In the tech world, IPv4 addresses are some of the more common types of unused intangible assets that can be monetized for significant revenue. These addresses are typically underutilized or overlooked at the institutions where they may be sitting unused, such as universities or colleges.
Historically, IPv4 addresses were over-allocated to universities during the Internet’s early days, mainly because of oversight regarding its rapid growth and expansion over the next decades. At that time, the Internet was regarded as the foremost research and educational tool, and these institutions were provided with large quantities of IP addresses to meet these needs.
However, many colleges and universities that were granted thousands of IPv4 addresses only used small numbers of them, leaving significant portions unused. Typically, these addresses go entirely unnoticed or listed as “miscellaneous” items on balance sheets and during mergers and acquisitions, limiting their potential value as intangible assets.
For a CFO, IP address asset monetization is challenging because—like other intangibles—these assets may seem difficult to value. Even in the current, open marketplace IPv4 environment prices flucturate. For instance, the price per IPv4 address ranged from $10 to $60 between 2014 and 2022 with periods of rapid increases and stagnation. Regardless, the pricing steadily increased over these years, indicating the consistent demand for these intangibles on the market. Since 2022 prices have generally fallen and then stabilized.
So, how can CFOs monetize unused intangible assets to generate revenue for their organizations? Leveraging intangibles for revenue will likely involve:
In the IPv4 address space, selling and leasing unused IP addresses can provide the revenue required to fund various initiatives.
The value of IP addresses skyrocketed after they became exhausted globally. It all started when the organization responsible for allocating IPv4 addresses to regional bodies worldwide depleted its pool of these addresses, creating global demand for their transfer to entities involved in network expansion.
With a low global supply of IPv4 addresses but a surplus of them sitting unused at various institutions, there’s a unique monetization opportunity for CFOs to leverage. Institutions like the Massachusetts Institute of Technology (MIT) are among those that successfully monetized millions of IPv4 addresses for significant revenue. In 2017, MIT announced it would sell various block sizes for at least eight of its total unused 14 million addresses.
Partnering with an experienced IPv4 broker like IPv4.Global can help CFOs interested in successful IP address monetization sell off their organizations’ unused assets in the competitive IPv4 trading market.
For CFOs, unlocking untapped business value may start with monetizing unused intangible assets. The revenue generated from these assets can provide the cash flow necessary to fund various projects and initiatives. For instance, companies looking to pursue corporate expansion goals can leverage these funds to finance the completion of these projects.
Organizations with asset-heavy balance sheets can also monetize unused intangibles to provide sufficient liquidity to reinvest into their business needs. Consider, for example, an organization with a failing (but fixable) product. By selling off a large block of IPv4 addresses, the CFO could keep the company cash flow positive while the R&D team has a chance to resolve the core issue.
In short, CFOs can strategically leverage the equity in these assets to capitalize on opportunities that are not typically available due to cash shortages or low capital.
As with any other form of asset monetization, there are risks and challenges involved in monetizing intangibles. CFOs must consider the legal and contractual ramifications of monetizing, especially when selling, licensing, or franchising them. Although these assets are valuable, organizations who cover all their bases throughout the monetization process ensure any transfer of assets is legally protected.
Beyond exercising legal oversight, CFOs must also be aware of the balance between maximizing short-term gains from monetizing IPv4 addresses and achieving long-term strategic objectives for their organizations. For instance, developing sustainable processes for repeatedly monetizing these assets will ensure the organization reaches its goals successfully.
A CFO has oversight of the ins and outs of the processes required to monetize intangible assets and unlock the untapped value they provide. As such, the CFO is responsible for recognizing the gaps in bringing these assets to market at a fair and reasonable value for the company.
With the help of trusted IPv4 brokers like IPv4.Global, these strategic CFO approaches can drive corporate value for any organization with unused intangibles. Beyond being a leading IPv4 broker, IPv4.Global provides the education organizations need to monetize the intangible assets in their inventory—unused or otherwise.
As predicted, /16 prices have converged with prices for smaller blocks. As long as there is demand for /17, /18, and /19 blocks, we do not anticipate /16 prices falling below those sizes, since a /16 can also be sold as two /17s, etc. Small blocks prices have risen slightly, led by interest specifically in /24 blocks from ARIN.
by Leo Vegoda
Today’s internet and associated technologies have a suite of services to help users and others know where someone or something is. This convenience creates a long lasting record of where we – or our devices – are over time. These records sit in the logs of all services that collect geolocation data. We should assume it is retained as long as allowed by law and analyzed to improve services, profit, and to support law enforcement, when required.
Geolocation is useful for users, for network operators, for businesses using the internet, and for governments around the world.
Our mobile devices are with us most of the time and location services are generally a boon. But geolocation creates advantages and disadvantages to the person using the device. For instance, some services are available to you only at your home location (or the vicinity). So, those services – if geographically specific – are lost to you when traveling and you may be denied access.
Most fixed-line internet access services (cable and fiber) have a generalized location associated with them. A market of separate companies collects, packages, and sells data about the location of IP addresses at the user end of these fixed-line services. They call it GeoIP data. All sorts of companies use this city level data to localize the services they provide. For instance, users generally find that maps default to their city or neighborhood and local advertisements are served on web pages that appear on devices accessing that IP address.
But an increasing amount of time is spent accessing internet services on a phone. W3C, the organization that develops the open standards used to make the web work, has a Geolocation mechanism. It works best on mobile devices because they have hardware built into them for working out where they are. But you might occasionally see a website on a desktop computer asking for permission to share your location.
So, web browsers and other applications can ask the device for its location. W3C’s technical standard enables the device to get that information from, “Global Positioning System (GPS) and location inferred from network signals such as IP address, RFID, WiFi [sic] and Bluetooth MAC addresses, and GSM/CDMA cell IDs.” And, of course, users can just type it in.
GPS signals are very accurate device location aids. But forests or valleys can block accurate GPS location data as it needs a good view of multiple satellites. In urban areas, tall buildings get in the way. To supplement GPS location tools, cell towers are an important source of location data. When a phone connects to three towers, its position can be triangulated. This is often used to help locate people who go missing. Nonetheless, W3C’s document notes that “no guarantee is given that the API returns the device’s actual location.” This can be true in both urban and rural areas.
The companies that collect and collate mapping information don’t just care about street names and business addresses. They also map Wi-Fi networks. Wi-Fi networks and cell towers are relatively stable and designed to be visible to radios at street level. That’s why your phone will tell you to turn on Wi-Fi to improve location accuracy. It’s not to connect to random Wi-Fi networks. It’s using them to work out where you are.
But not all services need to know which side of the street someone is on. Services that rely on intellectual property licenses (streaming services or sports franchises) just need to know which jurisdiction the device is located in. And most advertisers don’t need anything more precise than a district in a city.
One key source for this information is network latency data collected by Content Delivery Networks. Data travels known speeds in fiber optic cables: about a third of the speed of light in a vacuum. Network operators know how long it takes for data to travel across a city, across a country, and across an ocean. They can automatically measure how long data takes to get to a user. That can tell them roughly how far away a user is.
And an update to the DNS protocol means that they often have routing information for the device that will use the DNS answer. Knowing the route helps establish distance.
The EDNS0 Client Subnet option is a tool used by the DNS servers that research answers for users. They use it to share information about the network location of the user they are researching an answer for. Some services will be served from many data centers, with each server having a different IP address. If the DNS server giving the answers knows where the user is, it can provide the address of the server closest to the user.
Using a mapping service lets the map service operator know what you’d like to do. For instance, if you search for “restaurants near me” at 11:00 a.m., they’ll know that you’re looking for somewhere to eat lunch. But getting a DNS answer means sharing your immediate intentions to the operators of all the servers involved in answering your question. For instance, if you ask for the IP address of a meal delivery service, the DNS server operators know who you’re choosing to buy lunch from.
Of course, you could be doing more than ordering food. It’s a privacy issue and the designers of the EDNS0 Client Subnet option recognized that. They described some ways to mitigate it. Geoff Huston, APNIC’s Chief Scientist, described a possible approach for improving the privacy protections given to people whose DNS answers are researched this way. It involves industry standardization of the service areas and IP addresses to represent them. No identifying client information needs to be shared.
Historically, network operators have tried to get some location information from the Regional Internet Registries’ (RIRs) public databases. But this data was never intended to show user locations. The addresses published were often the locations of head offices. Industry consolidation often meant that these were in different cities, states, or even countries.
So, engineers created a format for network operators to publish location data. Once that had been standardized, they encouraged the RIRs to allow publication of links to the information in the listing for blocks of IP addresses. The files themselves can be hosted anywhere but their location can be found in the RIRs’ public databases.
Two kinds of users want this information. Business users want it because they often need to know if they can provide a service to someone. And ordinary internet users want it because when it is wrong they cannot access services. Streaming services and financial institutions are two of the main business users of this data.
Networks can now publish details about the city each block of addresses is used in. The format also lets them tell users that a block of addresses doesn’t have a location associated with it. This could be a block of addresses that has not been put into use, or a block used for infrastructure links that should never be communicating directly with commercial services.
In late 2024, almost all the commercial geolocation databases use this information. Some of these are run by Content Data Networks that need the information for their own operations. Others are run or used by streaming services who license content. A third group sells security and fraud detection services. Most download and process the RIR public databases regularly, so they know about changes. But the time between changes and discovery varies. Geolocatemuch.com reports that some react in about a day while others take over two weeks.
Users get upset when they can’t access or use services. They will complain to customer service and support services, which cost money to provide. So, network operators need to remember the time it takes for new geolocation information to work through the system. It takes time to publish it, for the geolocation services to react, and then for their customers to act on the updated information. It can take several weeks.
Some services will only update their geolocation data slowly, if ever. These are often the users of free geolocation data.
Highly detailed, customizable maps are available for free on any smartphone. But as Andrew Lewis told us in 2010, “if you are not paying for it, you’re not the customer; you’re the product being sold.”
But the experience is remarkably good. Whichever services you choose to use, and whatever you search for, you have locations, directions, and reviews. It’s easy to find the route to a distant place or discover somewhere to eat or workout in a city you don’t know well. You don’t even need to trust someone to give you a good suggestion. You can rely on statistics and the wisdom of crowds.
Google Maps offers Google Reviews while Apple Maps links to Yelp’s ratings service
Of course, it’s all paid for by advertising. The advertisers know that they are buying advertisements that will be seen by people who want their service and are looking at their area. It is well targeted spending.
Other in-app and web advertising can do similar things. Our phones know where we are and share that information with the advertiser through W3C’s Geolocation API. And the GeoIP services sell the locations of devices connected by fixed lines.
But the information that helps us make purchasing decisions can also protect us.
Banks and card issuers have been tracking spending trends for decades. If your card is typically used for groceries and fuel in one city but is suddenly used at a high-end department store in another, the transaction should be flagged for review.
Financial institutions use multiple signals when deciding whether to authorize a transaction. That’s why banks ask for travel notifications. They don’t want to block legitimate transactions, like a taxi ride or hotel bill in a foreign city.
They combine IP addresses, data from W3C’s Geolocation API, and fraud trends in that location, when evaluating a transaction.
If you login to an online service on a new device, you’ll often be asked to authorize that connection with a second factor. When that second factor is delivered by email or SMS, it will normally say the location of the login attempt. That’s to help you reject attempts you know cannot be yours. Some services will show you where your account is being used. The IP addresses are shown alongside their locations, so you can quickly see anything suspicious.
Many companies block login attempts from IP address ranges associated with locations they know their people won’t be using. This doesn’t just mean blocking access from countries like North Korea – 175.45.176.0/22[1] – but also address blocks used by commercial VPN providers, some cloud computing services, and data centers.
Each organization needs to tailor an approach that fits its own risk profile and appetite. Some will be more cautious than others. The important thing is to regularly review and update both the approach and the implementation. IPv4 and IPv6 address blocks change hands every day. New IPv6 address blocks are allocated every day, too.
App stores are localized using knowledge of all the other factors in combination with payment card address and the location of the device accessing the store. Users can download updates to an app sold only in one store while they are abroad because their payment card is registered in the right country. But users with an account but no payment card will be served based on the local store.
Apple’s App Store region setting.
App store operators need to use all these geolocation techniques because they must comply with local laws. In 2024, Brazil’s Supreme Court ordered Apple and Google to remove X, formerly known as Twitter, from their app stores. They complied. Negotiations followed.
The world is divided into many markets. The rights for books, music, video, and games are sold separately in each market. In some cases that means that something popular in one market is not available in others – yet. In other cases, the same content is available but at different prices to account for the varying cost of living.
Broadcasters that might otherwise want to have a global audience, cannot. Rights issues mean that they need to limit internet streaming to the same group of people covered by broadcast signals.
Trade sanctions forbid trade with some countries. For instance, the US State Department describes trade with Russia as risking “severe civil and criminal penalties.” And the International Trade Administration recommends “transactional due diligence for all business involving Russia.” Geolocation is a strong tool in avoiding or managing those risks. It is especially important for anyone with an automated internet shop front.
People in some jurisdictions have rights that people in others don’t. For instance, the disclosure right in California’s CCPA impacts many businesses. Californians have the right to be informed when data like geolocation or IP address is collected. And they have the right to opt-out or have their data deleted. Honoring the law requires businesses to know that internet users are in California, which requires geolocation.
The World Trade Organization was established in 1995, following the fall of the Soviet Union. Its mission was to globalize trade. But the last few years have seen an increase in tariffs, sanctions, and trade disputes. Borders are becoming more important and that means that geolocation capabilities will become more important, too.
Studios have been relaxed about people getting around borders to access entertainment more cheaply. They are likely to be more aggressive with commercial VPNs. The proliferation of VPN services offering location-on-demand frustrates the business models of those restricting use to specific locations. Counter-measures are inevitable when profit is threatened.
Supermarkets have been experimenting with dynamic pricing. We can expect other kinds of geolocation-based pricing. For instance, travel booking sites could suggest different pricing based on the district from which a user accesses the site. They’d be seeing different prices at the offer stage, long before getting to the checkout. Similarly, car insurance policies could introduce dynamic premiums that vary based on where and when drivers travel and park.
The internet has challenged the United Nations “principle of the sovereign equality of all its Members.” Sovereign equality suggests that countries control that which is inside their boundaries on an equal basis, each respecting the other. But physical invasion isn’t the only means of violating that principle. Countries with strong technology sectors have the opportunity to undermine the sovereignty of other countries. One set of examples is the series of protests, uprisings, and revolutions labeled as the Twitter Revolution by Wikipedia. Another includes foreign interference in other countries’ elections.
Expect more surgical filtering based on better geolocation technology. It’s being deployed by organizations who want fewer complaints about subscribers who can’t access streaming services. We can expect financial institutions to combine geolocation data with trend analysis to improve their fraud detection and blocking processes.
And governments are just as capable of using the data, in combination with DNS and other sources, to create national borders for the internet. Brazil’s ban of X was one example. And Elon Musk’s capitulation will be noted by other business leaders.
IP addresses are the internet’s locators. They’ve always been tied to geography in some way. They are used to number servers that sit in data centers and user devices that sit on desks or in hands. But the accuracy of GeoIP data is much higher than it has ever been before.
There was a period where the internet was a wild west. Entertainment was shared without compensating the creators. That time is ending. People pay monthly subscription fees for streaming services, much like they paid monthly subscriptions for cable services. Pricing differentials, local taxes, and more, mean that the streamers want to know where users are.
Expect commercial demands for GeoIP data quality to increase in the coming years. Expect subscribers to demand that from their access providers.
by Leo Vegoda
The internet was relatively new in the mid-1980s, and still largely dominated by academic institutions. Its future growth was – literally – unimagined. The people developing the protocols we continue to use today didn’t know how the internet and its support pieces would evolve. They just knew that they needed to be good stewards.
The 268 million unallocated Class E IPv4 addresses – 16 /8 blocks – are just one of the results of that response. That’s 268,777,216 addresses.
IP multicast is a protocol that lets one data packet go to many receivers. A benefit is that it can lower bandwidth requirements. When describing multicast in 1986, its designers also reserved a big block of addresses for “future addressing modes”. After all, the designers were aware of their inability to predict the future. They called this reserved space, Class E.
IP multicast is still used on financial trading platforms and for video distribution. But those future good ideas that could have used Class E space were never developed. So, addresses in the range 240.0.0.0 to 255.255.255.255 have been reserved for almost 30 years.
In 2008 people were worrying about the rapid pace of IPv4 allocation. The global IPv4 address reservoir was about to run dry, leaving the Regional Internet Registries (RIRs) to run down their stock. In response to pending exhaustion of IPv4 supply, teams published two slightly different proposals for how Class E IPv4 addresses could help with the threat.
The more conservative proposal came from an APNIC team. They proposed to formally scope Class E addresses as additional private space. That meant it could be used on private networks but not routed across the internet.
The more radical proposal came from a team at Cisco. They proposed to redesignate the space as unicast. Unicast means one-to-one communication, while multicast is one-to-many. Unicast is what we use when we browse the web, stream music, or send a message.
The Cisco proposal’s key difference was that it did not propose a scope. Instead, it invited a discussion on potentially designating Class E addresses as globally scoped. That would mean allocating them to RIRs, so they could be used in homes, offices, and data centers around the world. They “envisioned that the utility of this block will grow over time.” They also noted that “some devices may never be able to use it.”
The devices that might never be able to use addresses from the Class E space were deployed across the internet and not managed or controlled in a centralized way. They included computers whose operating systems would need simple updates to turn on support for these addresses. But they also included devices that often don’t get updates, like home Wi-Fi routers.
The existence of those devices, along with IPv6 as an alternative, have blocked both of these proposals. Why waste time on updating systems to cope with just 16 /8s when there’s so much IPv6 address space available?
Because the IPv4 Class E space was not redesignated, the last five IPv4 unicast /8s were allocated to the RIRs in February 2011. Neither the APNIC nor the Cisco proposal progressed and the Class E space is still formally reserved. A 2011 document noted that “it is possible that 240.0.0.0/4 might only be useful in very large, new greenfield deployments where full control of all deployed systems is available.” Which is to say, that the IPv4 Class E addresses would be too unreliable for internet use. Instead, they were best suited to use in an environment controlled by a single organization.
Cloud computing has a history going back to the 1960s and got that name in the 1990s. But it was a specialist service until the early 2000s, when Amazon AWS and Google Docs hit the market. They h it the description of the greenfield deployment envisaged in the 2011 document.
But use of the reserved Class E space was put on hold pending decisions about its future use. While it is formally reserved, it’s not technically impossible to use. It was there and so got used. In 2022, internet engineers detected use of Class E addresses in private networks (not connected directly to the internet) run by Amazon AWS and Adobe. In 2024, an APNIC team ran an experiment to see whether internet end users could access services hosted in Class E space. So, the space was reserved but could be quietly used in private networks.
APNIC’s 2024 experiment showed that just 0.0452 percent of users could access their Class E test download. This is based on a sample size of 130 million users. They concluded that “the status quo is entirely adequate for the 240/4 address prefix!”
Of course, most networks won’t send data to these addresses and will reject packets coming from them. That’s because they are formally reserved. Allowing access to reserved addresses could put users at risk of malware downloads and worse. Preventing propagation of incorrect routing information is so important that it’s the first action on the MANRS requirements list. MANRS is a global initiative to reduce the most common threats in internet routing.
So, how would things be different if these addresses were allocated to RIRs? There would be two main issues. Firstly, creating policies for allocating these addresses would not be simple. Secondly, making them usable would be a challenge.
The current policy for allocating IPv4 addresses to the RIRs assumes a small and decreasing pool of reclaimed addresses. And that policy is struck through on the ASO website because the pool is empty.
Nonetheless, some people desperately want more IPv4 addresses. 268 million new addresses looks like an appealing prospect if you don’t look too closely. But how could they be put into the hands of the networks that want to use them on the internet?
If 16 new /8s became available then a new policy would be needed to allocate them. The process for developing this kind of Global Policy generally takes two years.
16 of anything, including /8s, cannot be easily broken up into five equal pieces, so giving each RIR the same amount won’t work. The previous Global Policy used an allocation trend calculation to determine how many /8s an RIR should get. But the IPv4 market has been actively redistributing IPv4 addresses for the last decade, so allocation trends wouldn’t make sense.
The RIRs themselves have policies to evaluate how many IPv4 addresses a requester can justify. Essentially, requesters of more space need to demonstrate a need and the ability to usefully deploy the new IPs. While RIR justification rules vary, they are all similar to guidelines documented in 1996. Where they have been removed from policy documents, they could quickly be reinserted.
But managing a flurry of applications for a limited resource would be an administrative challenge. The IPv4 runout experience suggests that there would be a rapid influx of membership requests, initial allocation requests, and mergers. While many requests would doubtless come from organizations that want to run networks, others would come from companies seeking to stockpile and resell IPv4 addresses.
This was the experience when RIPE NCC made any new entity eligible for a /24 simply by requesting it. Given the value of this block it made great sense for the entrepreneurial to establish shell entities, take possession of the /24 blocks and wait the required two years to then sell the IPs.
Developing and implementing policies doesn’t solve the second problem: making the addresses usable. Internet systems have not had to support Class E addresses over the last 30 years. Some systems are never updated, only replaced. There’s a problem when those systems sit between people using Class E addresses and people who want to connect to them.
That doesn’t mean that most business and consumer operating systems would reject them. Most of their code has been updated. But the machines in the middle generally get fewer updates. They are infrastructure, and so stability is valued. Many networks only apply updates to fix bugs affecting them. And lots of home and small office networking equipment is effectively unmanaged.
The people whose systems are numbered with Class E addresses would have to convince others to spend money on fixes. Essentially, they’d be asking organizations running incompatible systems to obtain, test, and install an update. Or, in many cases, replace equipment for which updates aren’t available. The costly updates wouldn’t benefit those spending the money. Experience has shown that this approach is a “challenge.”
Meanwhile, the large organizations already using these addresses in a private context would need to make changes, too. Use by Amazon AWS and Adobe has been detected but that doesn’t mean they are alone. Or they might choose not to make those changes, calling the bluff of other networks.
Their kind of unofficial use has been seen and measured before. But there has been considerable market consolidation since then and the internet is not in a rapid growth phase. It has become essential infrastructure.
So, if this space were allocated, the competition authorities empowered by governments could find themselves choosing between two options. One would be to favor new market entrants. To do so would mean to support them getting some IPv4 addresses at bargain prices. The other would be favoring large enterprises – and their customers – with significant investments in the unofficial use already in place.
Of course, the organizations using Class E space already would participate in discussions about redesignating it. Their engineers can argue against it and could be persuasive. The cost of making these addresses reliably useful for anything more than private use would be unpredictably expensive. And the benefits would not be certain either.
Formally designating them as additional private addresses does no harm. But as they are being used like that already, it would just be a paperwork exercise.
Change is unlikely and impractical. IPv6 sees a growing share of internet traffic, averaging 40 percent at the moment. That’s the place to invest effort.
by IPv4.Global Staff
IPv4 addresses are numerical identifiers, organized and used in a specific way to make network communication among devices possible. They are publicly registered, identifying their exclusive user. The right to use these identifiers can be bought and sold. It is this right-to-use that can be considered an asset. Since there is a finite number of them and a sizable demand worldwide, IPv4 addresses have significant value. So, when addresses change hands in a merger or acquisition financial leaders should understand the basics of their valuation and transfer.
International mergers or acquisitions add yet another layer of complexity to the issue. There are five Regional Internet Registries (RIRs) worldwide that manage the billions of addresses and nearly countless users of them. So, cross-border M&A involving IPv4 addresses is typically complex. Adding to this complexity are the financial implications of these transactions, legal and regulatory compliance requirements, and other related nuances.
Below, we’ll cover essential considerations for successfully completing IPv4 transfers in M&A.
In most M&A transactions, asset valuation typically centers on tangible assets, whose value is relatively easy to determine and track on balance sheets. For instance, appraising assets like land, equipment, or buildings during M&A can reveal their value in a specific transaction.
However, appraisals of intangible assets like IPv4 blocks tend to be more challenging because due diligence is necessary to determine their market value. Establishing this value requires some estimate of likely monetization through a potential sale or in the form of the asset’s valuation in a leasing environment. Getting a sense of these valuations is readily accessible. The largest and most transparent IPv4 marketplace in the world displays current, anonymous transaction histories online. They can be examined in the IPv4.Global marketplace and in the website’s prior sales summary reporting.
Without an up-to-date IPv4 valuation, CFOs will likely be unaware of the value of their organizations’ IPv4 addresses, which could impact the accuracy of financial statements and long-term asset valuation. For instance, between 2019 and 2022, the value of an IPv4 address rose from $20 to $60, meaning an organization holding hundreds of thousands of these addresses gained significant value during this period.
Here is a break down of the main processes of IPv4 transfers in M&A:
IPv4 due diligence is critical to identifying risks related to IP address management, which typically relate to security. For instance, a poorly monitored network of IPv4 addresses presents risks upon acquisition if insecure devices remain connected to the network and are undetected even after the acquisition. Cybercriminals find these networks easy targets because there are lower chances of being detected while breaking into them. IP address audit tools like ReView are a boon for taking accurate inventory of your IPv4 holdings and can help identify security risks before a transfer is conducted.
It’s also critical to determine the current and historical financial value of the IPv4 addresses, which typically depends on block size relative to market dynamics. (The two sources sited above are ideal for this purpose.) For instance, between 2015 and 2020, large blocks were priced lower than smaller ones but sold at higher prices after 2021, likely because of changes in supply and demand. This historical information can also help track any discrepancies in the pricing of IPv4 addresses traded during a specific period.
Pricing and valuation of IPv4 addresses hinges on multiple factors that may or may not be under an organization’s control. For example, market dynamics extrinsically determine how much the rights to an IPv4 address block will cost. To some extent, block sizes can also influence the pricing of IPv4, depending on the supply and demand shifts of a given block size of addresses.
On the other hand, the reputation of any IPv4 addresses depends on their prior use and the diligence with which that use has been protected by their owners. IP addresses that rank low reputationally are less likely to have significant value since they are considered a risk to any organization’s network security, among other considerations.
Understanding how these factors influence IPv4 pricing will help guide deal negotiation to maximize the value of these assets during evaluations leading up to a merger or acquisition and in establishing financial worth following one.
IPv4 regulatory compliance is often less complex for intra-RIR transfers between companies under the same RIR region. However, inter-RIR transfers, which involve transfers across borders, typically have more requirements for buyers and sellers.
For instance, the American Registry for Internet Numbers (ARIN) requires organizations to demonstrate their acquisition of the company or the underlying network IPv4 addresses via documents such as:
Alongside compliance with legal and regulatory requirements, executives are also expected to justify the need for every IPv4 investment. For a CFO, this means identifying the financial risks of acquiring these assets as part of an M&A and minimizing any unnecessary fees, penalties, or unforeseen expenses during and after the M&A.
For example, in ARIN, companies looking to transfer their IPv4 addresses to another ARIN-based organization are required to pay a $500.00 Resource Transfer Fee per transaction. Organizations receiving IPv4 assets will be charged a Recipient Transfer Processing Fee ranging from $187.50 to $192,000.00, depending on the aggregate block size of the transfer. Overall, ARIN’s fee schedule is a complex mix of tiered membership and service specific fees.
So, there’s an astronomical difference between owning one small /24 block and those larger than a /6 (over 67MM addresses). Without prior knowledge or due diligence, a CFO may be unprepared for the significant costs of holding and/or transferring these assets.
One way to overcome such challenges is to partner with an IPv4 broker who can advise on the financial repercussions of owning certain IP address blocks and whether they will remain valuable in the long term.
Once the IPv4 addresses are acquired, CFOs must also plan for the implications of these acquisitions. Thinking long-term, any company that plans to rapidly expand its networks will benefit from holding these IPv4 blocks rather than buying them later on an as-needed basis.
However, if there isn’t an immediate need for deploying these IP addresses, a company could lease them to organizations that currently need network space. In either scenario, there’s a significant demand for IPv4 space because it’s been exhausted globally, so a CFO can mitigate many of the risks of owning these assets post-M&A.
IPv4 addresses will remain valuable in any market where companies and enterprises desire network expansion. Strategically speaking, IPv4 address rights can be treated like any other intangible or tangible asset whose value changes with market conditions. For instance, a company can choose to hold them after they have been acquired and sell them later, or sell immediately to offset the corporate acquisition cost. Prices may rise over time, but there’s risk that they could fall, or not keep pace with inflation or a company’s internal rate of return. With the help of a broker, a company holding stockpiles of these IP addresses can sell them at competitive prices.
Depending on the region, holding IPv4 addresses also allows CFOs to implement various leasing strategies, especially if many of these addresses are unused. For instance, a CFO could plan to lease small IPv4 blocks in the short term, adjusting for lease pricing as market demand shifts and generating substantial revenue without selling these addresses upfront.
A relative scarcity of IPv4 addresses in the marketplace isn’t changing soon, meaning businesses can likely acquire these addresses for their long-term needs without undue risk of their value evaporating. Forward-thinking CFOs realize that IPv4 addresses aren’t only tools for network expansion but have substantial monetary value when leveraged strategically.
CFOs and their executive partners should identify any conflicts that may impact the ownership of IPv4 addresses. Since these assets are volatile, estimating current and future value ensures pricing is trackable relative to the assets’ value at the time of acquisition. Thorough integration of IPv4 addresses also helps increase the accuracy of disclosures to all stakeholders involved in the acquisition.
September 10, 2024
APNIC 58 was held in Te Whanganui-a-Tara Wellington, New Zealand from August 30th to September 6th of 2024. There were initially four proposed policies but only two of the proposed policies were voted on as the other two were withdrawn.
Did not reach consensus.
This proposal would introduce temporary IPv4 transfers in the APNIC region as a controlled alternative to leasing, which is prohibited. The aim is to help smaller organizations transition to IPv6 by providing temporary IPv4 space under strict guidelines, such as a /24 block size minimum, and allowing only intra-region transfers. While some support the idea, concerns have arisen about potential misuse for profit and undermining IPv6 adoption efforts. The policy has sparked debates over the community forum for its potential to encourage leasing-like practices, with many calling for adjustments to limit its scope and promote a faster shift to IPv6.
The author uploaded a new version of this policy with minute differences, so APNIC allowed for the author to present this policy to the community. This new version added on to section 11.1.3 of the APNIC Internet Number Resource Policies. For a temporary transfer, the justification for the space would need to match the length of the transfer since current justification requires it for two years while temporary transfers can be shorter than that. This received significant opposition from the APNIC community. Concerns were raised about the potential legalization of leasing and the legal risks involved, especially regarding the return of resources and potential liability for APNIC. Some suggested placing limits on the number and duration of transfers and incorporating a dispute resolution process, but Jordi resisted these changes, citing previous community feedback. The community voiced strong resistance to this policy, fearing the creation of an uncontrolled leasing market. Ultimately, the community decided to drop the proposal due to the lack of consensus, though Jodi expressed intent to submit a revised version.
Withdrawn.
This proposal would reduce the minimum IPv6 allocation size for new Local Internet Registries (LIRs) from /32 to /36, aiming to ease the financial burden on smaller LIRs. It is intended to support newer LIRs in adopting IPv6 without incurring higher fees. However, it has faced opposition, with critics suggesting that fee structure reforms, rather than smaller allocation sizes, would be a better approach. The proposal has not gained widespread support, with many community members calling for amendments to address concerns more effectively.
The author had not registered for the conference and was unable to present their proposal. APNIC had reached out via email but had not received a response, so the proposal was withdrawn.
Did not reach consensus.
This policy proposal seeks to increase the initial IPv6 allocation from /48 to /44 for organizations eligible for a /23 IPv4 block, aiming to provide greater flexibility for multihoming and multi-site deployments. Supporters argue that larger allocations would make IPv6 implementation easier, but critics believe IPv6 assignments should be based on actual need rather than IPv4 eligibility. The debate centers on whether the increased allocation is justified by technical requirements or if it risks over-allocating resources unnecessarily.
The author submitted a second version of their policy proposal on September 1st resulting in insufficient time for APNIC to complete their impact assessment on this new version and for the community to review. As a result, some participants requested more time to consider the policy. It was noted by the community that members can already apply for more than a /48, with options to request larger allocations like a /44 if needed. While some were neutral, others expressed opposition, citing concerns about splitting blocks and the difference in metrics between IPv6 and IPv4. One member agreed with the goal of encouraging IPv6 adoption but felt a /44 allocation was excessive, suggesting a /47 instead. Ultimately, there was no consensus on the proposal, with most opposing it based on both online and in-room votes. The proposal will return to the mailing list for further discussion.
Withdrawn.
Originally proposing to allocate IPv6 addresses for IoT devices, including non-electronic items, this policy sparked debate over the appropriateness of IPv6 for non-networked objects. The revised version suggested using IPv6 for IoT purposes with a smaller allocation size but was still met with concerns over unnecessary complexity and over-allocation. Critics argued that existing policies already support IoT needs, and alternative identification methods like Object Identifiers (OIDs) or Universally Unique Identifiers (UUIDs) might be more efficient. The proposal was withdrawn, but discussions on IPv6’s role in IoT are expected to continue.
Policy 161 was withdrawn prior to the conference because the authors realized that current APNIC policies already allow the use of IPv6 addresses to host information for non-electronic items on the Internet. During an informational presentation, it was explained that IPv6 is already being used by some in the IoT community to host and verify data associated with electronic and non-electronic items, with no need for policy changes. The purpose of the presentation was to share best practices rather than seek consensus, since there is no pressing need to alter the existing framework for IPv6 use in IoT applications at this time.
As we predicted, the price of /16 blocks and smaller blocks has converged, with a significant drop in /16 prices. Address supply has been more than enough to meet demand so far in 2024, so buyers can choose cheaper blocks. The /16 market is dynamic, so call us for up to the minute market conditions.
by Lee Howard
As the leasing market is heating up, and following several years of proposals to allow or prohibit IP leasing, here’s the current policy situation in each region. “Leasing” is generally understood to mean delegating or assigning addresses to an organization that is not a connectivity customer. To put it another way, address assignments are traditionally from an Internet service provider or cloud/hosting company to their customer. Leasing is when that assignment does not come with a connection to the Internet.
The sentiment of the RIPE community is generally focused on keeping the public database accurate. RIPE therefore has permissive policies, including a temporary transfer policy explicitly intended to facilitate leasing:
2.1 Transfer Requirements
Transfers must be reflected in the RIPE Database. Transfers can be on a permanent or non-permanent basis.
The original resource holder remains responsible for an Internet number resource until the transfer to the receiving party is completed. In the case of a temporary transfer, the original resource holder re-assumes responsibility when the resource is returned. The current resource holder must ensure that all relevant policies are applied.
https://www.ripe.net/publications/docs/ripe-807/
Note that temporary transfers only apply to addresses transferred within the region: they do not have a temporary inter-RIR transfer policy.
ARIN’s policies are silent on leasing, but the staff has made clear anyone with an allocation from ARIN can lease out those addresses. However, leases will not qualify as efficient utilization for the purpose of justifying a transfer.
Address space leased without providing Internet services cannot be used for justification when requesting IPv4 addresses
https://www.arin.net/blog/2023/02/23/ipv4-leasing/
An organization with an abundance of addresses can lease some of their addresses. If they need more addresses, they need to meet justification thresholds (sections 4.2.4.1 and 4.3.3) without including the leases. An organization that will not need to justify additional addresses can lease all of their space.
APNIC’s policies don’t allow leasing out APNIC registered addresses. Addresses can only be assigned “in relation to network connectivity services.”
3.1.3 Aggregation
LIRs must only delegate addresses to customers who will be using those addresses in relation to network connectivity services provided by the LIR.
LIRs are expected to enter into agreements with their customers specifying that the end-user will hold the addresses only for so long as the end-user remains a customer of that LIR. Such agreements should also be consistent with the license under which the address space is being used by the LIR.
Further, if the justification for the original allocation changes, the allocation is no longer valid.
4.1 License Renewal
IRs will generally renew licenses automatically, provided account holders are making a good-faith effort at meeting the criteria under which they qualified for, or were granted an allocation or assignment.
Licenses to account holders shall be renewable on the following conditions:
4.1.2 Validity of delegations
An allocation or assignment becomes invalid if it is:
APNIC may revoke addresses from an organization that leases them out.
4.2 Closure and recovery
If an LIR holding APNIC address space ceases to provide Internet connectivity services, all of its address space must be returned to APNIC. It is the responsibility of the LIR (or any liquidator or administrator appointed to wind up the account holder’s business) to advise all of its customers that address space will be returned to APNIC, and that renumbering into new address space will be necessary.
In the case that a new LIR takes over the business or infrastructure of the closed LIR, the existing address space may be transferred to the new LIR, however such a transfer is subject to re-examination by APNIC and may be treated as a new address request process.
https://www.apnic.net/community/policy/resources
All allocations/assignments in the APNIC region are subject to these policies. There are no legacy resources in the APNIC region. https://www.apnic.net/community/policy/resources#a_h_4_2_1
APNIC can not prohibit organizations in its region from leasing addresses from another RIR.
LACNIC policy is clear that address assignments are to be used within the network infrastructure.
0.9. Assign
Therefore, sub-assignments to third parties outside said infrastructure (for example, the use of end-user assignments for ISPs or similar clients) and providing addresses to third parties in data centers (and others) are not allowed.
Connectivity is assumed in other parts of the policies.
2.3.2.13. Registering assignments
All IPv4 address block assignments of a /29 or larger block made by an ISP to customers connected to their network and users of services provided must be registered on LACNIC’s WHOIS database
https://www.lacnic.net/680/2/lacnic/lacnic-policy-manual-v219—22_08_2023
However, LACNIC has had discussion and clarification. Legacy resources, i.e., addresses assigned before LACNIC and ARIN (the previous RIR for the region) existed, are exempt from this policy.
https://blog.lacnic.net/en/ip-address-leasing-creating-a-space-for-dialogue
AFRINIC policy strongly implies that leasing is prohibited.
2.3 Local Internet Registry (LIR)
A Local Internet Registry (LIR) is an IR that receives allocations from an RIR and primarily assigns address space to ‘end-users’. LIRs are generally ISPs.
2.6 Assignment
An assignment is an IP address block given by an LIR to its end-users for their own usage. To “assign” means to delegate address space to an ISP or End User for specific use within the Internet infrastructure they operate.
5.5.1.1.1 AFRINIC allocates ranges of IPv4 addresses to Local Internet Registries (LIRs). LIRs reassign or sub-allocate that space to their customers.
https://www.afrinic.net/library/policies/2479-consolidated-policy-manual-v12
IPv4.Global complies with all RIR policies. As members of the global Internet community, we seek to provide organizations with addresses they need, in compliance with those policies. Therefore:
Policies can change, and there are policy proposals in several RIRs that would change these rules. We believe these to be accurate as of August 2024.
by IPv4.Global Staff
Many organizations were assigned IPv4 addresses before ARIN was established in 1998. Those legacy organizations aren’t required to contract with ARIN for registration services. Others, who do so, pay for the operation of the registry, a public database, and policy development. But no-contract, legacy addresses don’t simply offer the holder a free ride without some cost. There are security sacrifices involved.
Transferring IPv4 addresses from a legacy holder to an organization with an RIR contract can improve internet routing security. The security improvement occurs because organizations whose addresses are under an ARIN contract can benefit from processes and services not available when ARIN was established. These services reduce the impact of various configuration errors on networks – among other benefits – and are only available to contracted members.
The RIRs’ transfer policies have been a success. Over 90 million IPv4 addresses have been transferred to specified recipients within the ARIN region. About 40 million IPv4 addresses have been transferred from ARIN to other RIR regions.
In most cases, the contract status of transferred resources changes. ARIN requires transfer recipients in its service region to sign a standard contract. When an organization signs a contract with ARIN, the registry is more accurately maintained. ARIN can check who signs the contract and know where the payment comes from.
Other RIRs require a contract with one exception. The RIPE NCC will allow legacy resources to retain that status and be uncontracted but will not provide RPKI services. RPKI requires a contract.
ARIN recognized the contribution of the earliest internet pioneers by not requiring them to pay fees for basic services, like updating their contact details and reverse DNS delegation.
For those under contract, ARIN’s has 11 fee tiers. They start at $250 for organizations with an IPv4 /24, sometimes called a Class C, and up to three AS Numbers. The ‘Medium’ tier costs $4,000 for organizations with between 16 thousand and 65 thousand IPv4 addresses. Organizations with up to 16 million IPv4 addresses pay $64,000 a year. There are two higher tiers.
But legacy users don’t have access to ARIN’s official Internet Routing Registry (IRR) or RPKI services. RPKI gives IP addresses and AS Numbers digital certificates. These can be used to create statements that link the IP addresses and AS Number. The digital certificates allow computers to automatically validate them and use them in building filters.
An IRR is a database where networks share information about how their IP addresses are routed across the internet. Other networks use this registration to build filters. If a network accidentally breaks its routing configuration, filters in other networks won’t accept the accidental routing announcement.[1]
There are two classes of IRR. The official class is operated by the RIRs and NIRs. They get their status because they are the source of the authoritative information about who is responsible for IP addresses and AS Numbers. The second class of IRRs is operated by large networks. They need to use publicly available information about who manages IP addresses and AS Numbers when validating what people register in their databases.
Most of the unofficial IRRs started when ARIN did not offer an official IRR. At RIPE 88, Richard Jimmerson, its COO, explained that it is, “locked down by policy and the wishes of the community,” it cannot provide IRR services to organizations unless they sign a contract.
Postal mail is routed starting with the most important information and ending with the most detailed. For international mail, the country is processed first, and the city and then street information come last.
Internet routing is similar. A sending network only needs to know the right direction to send traffic. It doesn’t need to know about the internal structure of other networks. But sometimes networks make configuration errors, or there are bugs in equipment.
Organizations who manage their own internet connectivity update equipment based on estimated growth over several years. The internet had seen linear growth in the number of routes between independently managed networks since 1989. But temporary changes in demand can throw those plans away.
1997 started with about 40,000 routes in the internet’s routing table. It ended it with about 50,000. But the number of routes grew from about 45,000 to almost 120,000 for a few hours in April 1997 AS7007 leaked 72,000 internal routes. Other networks did not need to see those internal routes. When they did, many found they did not have the capacity to cope with so much information, and shutdown.
But not everyone suffered equally. Those who used IRRs to filter suffered less. Building filters from IRRs is now an expected part of keeping the internet running.
But there’s a tension. IRRs began in the early 1990s when the internet wasn’t very important and trust was higher. Some networks built filters by creating IRR entries for their customers. These proxy registrations led to duplicate entries and some confusion.
Engineers presented on the impact of ignoring unofficial IRR at RIPE 88. It is part of work they are doing to develop a Best Common Practice (BCP) for building Route Server filters. They measured the potential for improvement. It varies between Internet Exchange Points. But thousands of network prefixes would benefit from improvements if their contract status changed.
Route servers help large IXPs scale. Every connected network shares routing information with the route server. The route servers just share information about the routes available. They don’t forward traffic themselves.
The alternative would be configuring an exchange of data with every other network. An IXP like IX.br, has over 1,700 members and 2,200 connections. Reducing the amount of configuration each network manages is an important function of the route server.
The route servers need to filter the routes shared with them. Otherwise, a configuration mistake could impact the whole IXP. The IXPs developing this BCP want to only use IRRs that have the most authoritative data.
So, they want to encourage everyone who can to use the RIRs and NIRs official IRR databases.
The engineers found that about 70 percent of the prefixes shared at their IXPs have routes registered in RADB. This is an IRR run by MERIT, a US regional research and education network.
During the discussion at RIPE 88, RADB was praised. It is not just popular because its customers cannot use ARIN’s authenticated IRR. Remko van Mook, who serves on the RIPE NCC’s board noted that: “there’s a support phone number, an e‑mail address, which companies love and is that maybe something that [the RIRs] should be fixing?”
The customer service wins are balanced out by the less authoritative nature of what they publish. This research and the BCP that inspired it is part of an industry push to improve routing security.
The transfer market is giving more IP addresses access to authenticated IRRs. Addressing some of the customer service issues can help. But so can adjusting some of the automation that registers routes and builds filters from RADB and other unofficial IRRs.
by Leo Vegoda
About 70 percent of Network Operation Centers surveyed by European research network GÉANT use Excel for resource management. Maria Isabel Gandía Carriedo presented the results from the survey at RIPE 88 in Kraków, Poland in May 2024. The survey solicited 500 responses from 37 European research and education networks.
Excel has quirks to go along with its power and convenience. Broadly speaking, it is a generalist’s tool, meant for pretty-good performance in almost any calculating and record-keeping environment. But “pretty good” isn’t terrific. Tools for specialist functions often provide flexibility and precision that can make a big difference.
In most uses, Excel is a single-user bit of software where only one person can edit any given file at a time. The file can be shared but isn’t commonly usable by multiple individuals simultaneously. Changes can be tracked but not if you use Excel Tables. And the functionality varies depending on the version of Excel you use.
In many organizations this means changes can be made by anyone with access to the file. Excel offers restrictions on reading, copying, printing and editing a file but these are cumbersome to administer and are rarely used. As important (or more so) the nature of the change is almost never tracked. Reverting to earlier versions of untracked changes is hard, if not impossible to do.
In contrast, an IP Address Manager (IPAM) is a dedicated application based on a database. Databases are designed around strong change control and the ability to revert changes to earlier versions. Key benefits include:
Most importantly, all changes can be logged with an associated reason or description of the alteration. Identifying change numbers are often available.
Excel can be used for almost anything. But it does not have native knowledge of IP addresses. At the most basic level, this means that IP addresses are stored as text. Sorting won’t be based on subnet structure. Of course, with Visual Basic for Applications (VBA) and macros, Excel can be made to do more. But this means you’re developing software and need to support it yourself.
A spreadsheet for tracking IP address space needs to be cleverly formatted. When you adjust your addressing plan you must adjust your spreadsheet. Changing its structure can change the data unless you are careful.
In contrast, an IPAM is a specialist application. It understands about both IPv4 and IPv6 addresses and how they can be organized. It is designed to make it easy to organize what is currently in place, analyze it, and plan for the future. Because it’s an IPAM, it can manage multiple levels of subnetting elegantly.
Anyone can keep records. But making sure they are an accurate reflection of reality is hard. How often do you open Excel and update that spreadsheet? And does everyone using an IPv4 address, or an IPv6 /64, record its use?
Most IPAMs either include or can integrate with network scanners. This means they can detect rogue devices and be a part of your audit controls, instead of a risk. A key element of that is automatically reporting on what has changed, when, and why.
A dedicated IPAM will produce reports at the press of a button. It can easily report on things like:
Excel won’t.
Many IPAMs can automatically generate updates to an RIR’s database and generate a geofeed file.
IPAMs either include or integrate with DNS and DHCP management. That means that there is a tight integration between your IP address assets and the physical assets that use them. So, as you spin up servers or networking infrastructure, they get the IPv4 and IPv6 addresses they need. They also get forward and reverse DNS entries, making their role clearer to technicians and engineers. And everything is automatically cleaned up when you decommission that infrastructure.
This is important in networks of any scale. When hundreds or even thousands of IP addresses change their use across a year it’s important not to leave a mess behind in DNS.
IPAMs help organizations manage and plan IP address assets. When organizations lack that management, they might encounter operational and security problems. But they could also be missing key opportunities.
IPv4 addresses are worth at least $30 each on the transfer market. Addresses in /16 blocks, also known as Class B blocks, are worth more. Deploying an IPAM and getting control of your IP addressing assets can pay for itself. Especially if you decide to transfer excess, unused IPv4 addresses in the market.
IPv4.Global can help you. If you’re using Excel, try ReView, our first-of-its-kind digital IP address audit tool. It’s a free tool from IPv4.Global working with 6connect. It will show you what you have, how it is used, and deliver insights on potential efficiencies. If you find you have an excess of IPv4, we can help with that, too.
by Leo Vegoda
Engineers built the internet with several assumptions front and center. Perhaps first among them was the belief users in this primarily academic environment could be trusted. “Trusted” involves privacy and security, especially. But the internet has escaped academia and is now a dominant form of communication for well over half the world. The trusted community of academic users is now a very small portion of the whole audience.
Plus, commerce has found its way into virtually every corner of the internet. Advertising revenue has almost completed a transition away from print and broadcast media. And automation means that advertisers can know more about internet users than a newspaper publisher ever could.
Advertising buyers no longer have to ‘spray and pray.’ They can target their campaigns with reasonable assurance that they are reaching the people they want to influence. The commercial marketing industry isn’t alone in making use of these new capabilities. Politicians and governments use tracking technology to observe and engage with individuals or small groups around the world.
The identification of individual users and their interests is based on users’ behavior online. Where one browses, purchases, clicks, etc. is often recorded by interested groups. Aggregated, then shared, this information can identify interests of all kinds on a very granular level. Who you are and what you care about can be deduced from what you do online. But behavior tracking isn’t the only form of involuntary characterization by outside parties. We announce who we are and what we (probably) care about in many ways.
Privacy is the condition of being apart from intrusion or observation, physically, emotionally, and/or intellectually. It primarily applies to individuals but can refer to a group separated from others in one way or another. Privacy can be selective in the sense that some information about you can be private and some public. So, it isn’t a condition of absolute invisibility or isolation. And doesn’t always relate to a person. For instance, a particular message can be “private” in the sense that it is conveyed selectively and in such a way that uninvited observers are excluded from access.
Anonymity is closely related but different. It relates to anything that is not ascribed to or explicitly connected with an individual person or group. Extremely public information that is not attributed to an individual is anonymous. Curiously, the word applies to both the statement and the person uttering it. Both are anonymous in the sense that they are not connected to one another.
Security relates to and describes the protections and guarantees associated with providing privacy. A thing is securely private if it is certainly so by means of a reliable system. Normally, security measures are processes developed to provide privacy in some predictable and consistent manner.
The above should make one thing clear: nothing is absolutely private that exists in any public forum. (If you think it, then immediately forget the thought, it was private. Everything else has the chance of worming its way to becoming public.) No system of isolation can be certain to convey content, especially on the internet, such that it can only be retrieved by a single designated recipient. Security systems now in place expand the likelihood of privacy and make intrusion much, much more difficult. Some systems – though usually very cumbersome – are extremely secure. But none is perfect and those that function conveniently are limited to being “very secure” so as not to become grotesquely inconvenient.
On a fairly broad level, privacy and – by extension – anonymity are rights. The Supreme Court has ruled the First Amendment guarantees the right to anonymous speech. The reasoning behind this position is that anonymity “shields” the speaker from “intolerant society.”
Austrian privacy campaigner Max Schrems runs a nonprofit organization to advance privacy. It’s called NOYB, for ‘None of Your Business’. The organization lobbies for the right to be unobserved. That doesn’t mean completely anonymous or isolated. Rather, it means one can become less observed if one chooses to be. NYOB argues for the right to be more invisible, in essence to have technology serve people, in the way they wish, instead of the reverse.
Andrew Lewis told us in 2010 that “if you are not paying for it, you’re not the customer; you’re the product being sold.” The underlying truth of this business relationship is simple: most content is paid for by someone, somehow. If one values the thing they watch, read, or listen to they may choose to pay for it directly. Streaming video and audio, and some news sites with pay gates (The New York Times and Apple Music) are good examples. Other means of payment to content providers is the money paid by advertisers to address an audience. When the prior behavior of that audience can be well-known and the future actions tracked, advertisers profit and so pay more for the advertising in question.
In previous generations, advertising was targeted based on the medium. Comic books displayed a different kind of advertising as distinguished from quality newspapers. Special-interest magazines were invented to identify a particular audience whose fandom could be assumed and so their value to advertisers known. But the world has changed, and we get targeted advertising on our devices now. These very specific ads may show up on a generic medium. One may get motorcycle garb advertising on The New York Times, for instance.
Plus, location matters. For instance, a local retailer wants to show online ads only in the vicinity of their store. Buyers can target advertising to a radius as tight as 1km, or based on a jurisdiction, like county, or country. Advertisers refer to this as geo-fenced advertising.
But some people are targets for tracking because of who they are or what they do. Examples include investigative journalists, political campaigners, aristocrats, and the ultra-rich. People want to track them to find out what they are investigating, who they meet with, and where they’ll go next.
An individual may use a phone, a tablet, a laptop, and a games console. Normally, devices are used by only one user. So, device tracking often exposes the (primary) user to characterization. That is, specific targeting by a consumer profile.
What’s more, they might also be interested in how a device moves among networks. Did a device start the day in a residential neighborhood and then move to a coffee shop, an office, a restaurant, an airport, and finish at a hotel? If it did, companies might want to send specific types of advertising to the main user of that device. After all, even though the device is a gaming machine, its behavior is typical of an adult vis a vis its locations. Advertisers are likely to interpret its movement and target offers accordingly to its traveling owner.
Since the exhaustion of the IPv4 address supply, these addresses have become quite valuable. So, methods have developed to avoid their inefficient use. One way to conserve them is to use a Network Address Translator (NAT) at the edge of a network. It lets the internal network use private addresses, which only have to be locally unique. Which is to say, the same private addresses can be used in multiple networks because they are not used as device locators outside the walls of the closed-wall network on which they work. The NAT substitutes one or more globally unique addresses when exchanging data with other networks and then communicates within the private network using these private IPs.
A side effect of NAT is that it blends the traffic generated by multiple people and devices. For instance, the public WiFi at a café might have a single address and be used by dozens of people every day. Of course, that doesn’t mean that users can’t be tracked when they login to services. But it does mean anonymous use of websites is less likely to be linked to a specific individual.
The IPv6 address format (and so its total population) is so much larger than IPv4 that most people struggle to understand the enormity, not to mention the formatting of these numbers. This address abundance means NAT is not needed to combat scarcity in an IPv6 environment and every device can always have at least one unique IPv6 address.
IPv6 addresses have two parts. The first identifies the network and the second identifies the host, a technical term for the individual device to which it is attached. Originally, hosts would use their unique MAC address – the number assigned to a network card in a device/host – as the host part of their IPv6 address.
Orange shows the network portion of the address, yellow shows the host portion. Green shows the full address.
This was a simple way of automatically configuring an IPv6 address on a device. The host simply needed to find out the number used for the network and it knew its own IP address. But MAC addresses won’t change on most devices. They are specific to the machine. That means every IPv6 address is automatically linked back to a device and can be tracked over time and as it changes networks.
The 2001 revision of IPv6 framed the problem in the context of a “road warrior” who was tracked as they moved from home to airport, hotel, and so on. 20 years later, the specific use case was dropped because all internet users are now routinely tracked. And the solution, which all major operating systems have deployed, is to generate a random host address and change it regularly.
This means the host portion of the IPv6 address is likely to be both very large and changing. So, a user cannot be identified by a stable device-specific number. The new (temporary) identifier for the host has an even probability of having any value between 0000:0000:0000:0000 and ffff:ffff:ffff:ffff. This is an astronomically large range. It is impractical to draw an association between two different host addresses over time without some other reason. That other reason could be specific user behavior, a web cookie, or web browser fingerprinting.
As with NAT, this approach just blurs users’ identities. A sophisticated analysis by a well-resourced adversary is unlikely to be stopped by address randomization.
DNS, the internet’s naming system, was developed in the early 1980s and refined later that decade. Computing was expensive and the early internet was small, so trust was high. No-one cared that every DNS query was sent across the internet in plain text, available for anyone on the path to read. Large scale data capture and analysis was expensive and there was no commercial or intelligence interest in that work anyway.
The web wasn’t developed until 1991 and commercial websites took time to arrive. Amazon launched in 1994, a decade after DNS was first documented.
The Snowden revelations changed the priorities of the engineers. Suddenly, they realized that anything that wasn’t encrypted not only could but would be stored, read, and analyzed. They committed to improve the “privacy properties of IETF protocols” when they met in July 2013.
The first objective was to ensure that deployments “made better use of the security and privacy mechanisms that already existed.” They then discussed what to do next and in 2014 agreed that “pervasive monitoring is a technical attack that should be mitigated in the design of IETF protocols, where possible.” It has been referenced by about 70 protocol documents since then.
Of course, engineers had been working with cryptographic technologies before this. One was DNSSEC. They had focused on the utility of cryptographic signatures to show that DNS answers had not been tampered with by a third-party. They hadn’t worried about making the DNS queries and answers private. Why do you care if someone can see your DNS queries and answers? Because they can be used to describe you. They can tell the operators of the resolver, and anyone else who’s able to watch, where you work, your hobbies, marital status, political interest, sexual preferences and more.
Some people won’t care. Others might have a preference for privacy where it is possible. But some people need as much privacy as possible to aid their professional or personal security. After all, once someone has identified a target, they can use that knowledge to take action. That’s why political activists, some government workers, and the ultra-rich often need additional security.
For instance, a democracy activist in a totalitarian state might need privacy to protect what freedom they have.
Two approaches for improving the privacy of DNS queries are DNS-over-HTTPS, known as DoH, and DNS-over-TLS, known as DoT. They do the same thing in slightly different ways. They create an encrypted tunnel for transporting the initial DNS query and the final answer to a local resolver when the device does not already have a cached answer.
HTTP is the protocol used for web data. Everything from the most basic web page, to streaming media and games are transmitted using HTTP. TLS is Transport Layer Security, the cryptographic protocol used for network security. HTTPS uses TLS to provide security, so they have the same security properties.
More than 90 percent of DNS queries are answered using answers already in a device’s cache, or in the local resolver’s. About 10 percent of DNS queries must be researched to get an answer. If these queries can be linked to you then they can describe you by showing where you work, bank, your political and religious beliefs.
Local resolvers answer almost all queries. About 10% require research. About 1 in 10,000 queries goes all the way to the root of the DNS. Diagram based on RSSAC research.
People whose personal security requires additional privacy might value hiding their DNS queries inside encrypted tunnels. They can still use the local network to access the internet. But the network doesn’t see the names of the websites they visit.
But some security experts are worried that encrypting DNS will hide a lot of information they have relied on for legitimate security analysis. ISPs and others often sell DNS filtering products and they rely on DNS traffic analysis to help them build filters suitable for home and enterprise users. As ever, there is a tension between protecting users through better privacy and making them vulnerable by making it harder to observe malicious behavior.
Your device’s DNS conversation with the resolver can now be encrypted. But the resolver’s research for the 10 percent of answers it does not already have answers for is not encrypted. The query it sends to an authoritative server and the answer it gets are both plain text, so anyone along the path can see that conversation.
This is where DNS Query Name Minimisation comes into play. And it does what the name suggests. Instead of sending a query for the whole DNS name it needs an answer for, it just asks about a part of it. This change in behavior is based on the principle that “the less data you send out, the fewer privacy problems you have.”
This is a change in behavior and not the protocol. The tradition was to always send the whole name being queried but it is not necessary. Users with elevated security requirements can benefit from small changes like this. And commercial organizations can benefit, too.
Some organizations compile and sell information about their users to internet advertising companies and other organizations who want this data. If a DNS operator can reduce the flow of DNS data available to other organizations, it can increase the value of its own data.
The S stands for “Secure”. The original version of HTTP was designed for a high trust environment and did not encrypt anything. Instead, it was like sending a stream of postcards. Anyone on the network could see who was talking and what they were saying. The key difference between real postcards and web traffic is that web traffic flows. Postcards tend to be occasional and rarely share anything personal. But visiting a website involves asking for a page, getting it back, then clicking on a link and getting that page back and so on.
The web encourages prolonged use and people rely on it for private activities, like banking and shopping. Disclosing usernames and passwords over the internet is dangerous, so HTTPS was rolled out for sessions that need to be secured in the late 1990s.
Apple and Google encouraged apps and websites to default to HTTPS by the end of 2016. While the network can see that you connect to an IP address that hosts a specific website, they can’t know which website if that address hosts many sites. That’s why Content Data Networks (CDNs), like Cloudflare, deployed ECH. This is a way of stopping anyone apart from you, the website owner, and the CDN operator from knowing which site you visited.
So, anyone who wants to track users’ web habits will need to do something extra.
But companies and others want to know which websites you visit. And they do their best to follow users around the web.
Advertisers want to know who you are and what you are interested in so they can serve you advertising that will encourage you to take action. They do this with web cookies and web trackers. Cookies are bits of data offered to your web browser by a website. Your browser stores the cookie and then tells that web server, or another, its value when asked.
Authentication cookies are the type users find useful. You login to a website at home, then you go into the office. The cookie in your web browser identifies you, so you can continue your session.
Tracking cookies are the type that report on your browsing history. Advertising and analytics companies use these to profile users and target them with personalized advertising. Countries and states around the world have enacted laws to regulate cookies. Some require users to be given the chance to opt-in (accept cookies on their device), others require an option to opt out.
This is why many websites now present cookie permissions dialog when you first visit.
Example of a cookie permissions dialog seen in a US state with a data privacy law
Wherever you are, all popular web browsers let users clear out cookies and cached files.
Chrome’s ‘Clear Browsing Data’ control
Many people dislike being tracked, and advertisers are among them. Two thirds of people working in advertising use an ad blocker in contrast to just 52 percent of Americans, according to privacy company, Ghostery. Not loading ads and trackers can speed up browsing. This is important when using mobile data. But many people are worried about trackers recording their visits to pages on healthcare or political websites. And people working in advertising distrust the companies gathering this data more than anyone else.
Google’s Chrome and other web browsers support an Application Programming Interface (API) called Manifest. This is the protocol used by small programs that extend the capabilities of the browser. The Manifest API lets them block web advertising.
But Google will replace support for Manifest v2 with v3. This could make it harder to block trackers and ads. Google claims that the change will improve performance by reducing the resource required by extensions. But it comes at the expense of an arbitrary limit on the number of rules adblockers can include. Google’s limit is 30,000 rules but popular adblockers often have 10 times that.
Rival browser, Firefox, will support v3 while retaining support for v2. Ad blocking performance might soon vary between browsers.
Virtual Private Networks (VPNs) create an encrypted tunnel between devices on one network and devices on another network. Corporate VPNs are used to authenticate users accessing restricted services. For instance, an employee might have to login to a VPN to use internal services when not in the office.
Privacy a key feature of commercial VPNs. Their privacy offer is achieved by blending traffic, like a NAT, and operating their own DNS resolvers. It’s not always possible to know if VPNs truly offer privacy. Some people worry that VPNs could be operated by those who want to gather traffic data.
VPN operators can do two things to demonstrate that they can be trusted. One is to commission an audit and publish the full report. The other is to show they don’t have any user data available when police or the courts demand access to logs. For instance, Mullvad VPN was visited by police but couldn’t help them as it doesn’t log customer data.
Apple’s iCloud Private Relay offers the privacy features of VPNs by hiding your DNS requests and IP address. Even Apple does not have access to the user data. It works in a similar way to Tor, The Onion Router, which was developed by the US Navy.
How Tor works, published the EFF under a CC BY 3.0 license
The key differences are that Apple’s service requires Apple hardware and a subscription. Tor, in contrast, can be used by anyone but is slow as it relies on donated resources. This also reduces its attraction to some criminals. Part of the TOR philosophy is to decentralize operations, which the project claims “keeps Tor users safe.”
Everyone has their own preferences and risk profile. Many people do not care that advertisers track what they do on the internet. But political activists, journalists, politicians and others might need to be more careful.
Most users won’t have control over whether they use IPv4 or IPv6. That means they probably cannot control if their traffic is blended through a NAT, or their device regularly changes its IPv6 addresses. But users can choose to use HTTPS over HTTP in most cases. And most browsers can be configured to let the user select a DoH resolver. Similarly, users can decide if they need to spend money on a VPN or use a privacy service like iCloud Private Relay or Tor. They can also check the privacy practices and audit reports of the different DNS and VPN providers.
Of course, anyone who can monitor traffic going over the network can see that users establish and send traffic through encrypted tunnels. So, very high risk individuals need to think very carefully about operational security as well as technology choices.
by Leo Vegoda
IPv4 and IPv6 sound very similar and they were both developed to solve the same problem. But unless you’ve looked closely under the hood, it’s hard to know how they differ.
Read on to understand these differences. Plus, learn why you’ll need both for most networks for the next decade or more.
Many of the practical differences between IPv4 and IPv6 are the result of the abundance of addresses in the new system. The widely-used but older system, IPv4, is a 32-bit address space. This defines the maximum number of unique addresses it can specify as 232. It results in a system with about 4.3 billion addresses in total. Due to the way in which certain portions of the total number are set aside for specific, special uses, only 3.7 billion are available for ordinary internet use. That “use” of course is to identify unique devices on the network.
When the internet was developed there were relatively few devices on it. So, establishing a system with 4 billion nodes seemed downright extravagant. But the internet grew. Computing – and internet communication generally – spread. While there are “only” two people on the planet for every available address, most people with internet access use multiple addresses. Many people have smartphones, a work device, a smart TV, a home computer or tablet, and maybe more. Each of those uses at least one address and each service they connect to will use at least one, too. So, IPv4 addresses are carefully managed because there aren’t enough of them. No more are used than required. Excess capacity is sold because there is an acute shortage of them.
IPv6 is a 128-bit (2128) address space. Due to the way in which such numbering systems work, that means the IPv6 system is almost incomprehensibly large. It’s about 79 octillion times bigger than IPv4. Put differently, IPv6 can support 340,282,366,920,938,463,463,374,607,431,768,211,456 unique IP addresses. Wrapping your mind around a number of that sort isn’t easy. Suffice it to say, the system can support trillions of devices. But a trillion internet nodes isn’t easy to picture, either. More visceral is the thought that there are more IPv6 addresses than there are atoms on our planet.
With that sort of abundant supply, thinking about the use of the resource changes. With IPv6, every LAN – WiFi network, server network, and so on – is the same size. They all get a /64 subnet, which has 18 quintillion unique addresses. Needlesstosay, this is splendid overkill. The distribution system essentially establishes a vast resource virtually everywhere, regardless of the proportion of the need. Where an IPv4 network at a small liberal arts college might deploy a /22 (1,024 addresses), IPv6 would lavish a /48 on it – that’s 65,536 /64 subnets.
This changes network administrators thinking considerably. By design. As they manage IPv6 /64s and the bigger blocks they come from, administrators don’t focus on the supply or on the assignment of individual addresses because there are such large numbers available. Instead, they want an address plan that is easy to manage as their network changes over time. The huge address space means that administrative ease is a specific policy goal in IPv6’s design, unlike IPv4. When large numbers of available addresses surround every use case, growth, change and reorganizing networks is less challenging.
IPv4 sets aside about 17 million addresses for private use. This means the same address can be used a number of times but only within private networks where access doesn’t overlap via the internet. The same private addresses are used repeatedly on networks all over the world. But the walled garden element of their use is essential.
In IPv6, even private addresses are unique. A whole IPv6 /8 has been assigned for private IPv6 addresses. Just like in IPv4, these addresses aren’t available for use on the internet, just as internal addresses in private networks.
Their uniqueness is not even guaranteed with a registry. Instead, engineers rely on the huge size of IPv6 and randomness. Each network administrator randomly selects one of the trillion possible /48 prefixes reserved for private use.
So far, about one percent of the total IPv6 address space has been distributed. There should be enough IPv6 addresses for at least another century.
IPv4 and IPv6 addresses are represented in two slightly different human readable (base ten numeral) forms.
IPv4 addresses are written down in what is often known as ‘dotted decimal’ format. There are sections to the address. Each section shows an 8-bit value. These are presented as a decimal number. For instance, 203.0.113.79 is the human readable presentation of 11001011.00000000.01110001.01001111.
IPv6 addresses are much longer, so hexadecimal is used instead of decimal. This numbering system uses the decimal digits 0 through 9 and adds a, b, c, d, e and f. Colons are used as the section delimiter and each section is 16-bits instead of 8-bits. Sections where the values are all zeros can be compressed with a double colon.
These rules lead to some flexibility in how addresses could be represented, so engineers documented guidelines. Applying these guidelines reduces the chance of addresses being missed when searching configurations, spreadsheets, and network diagrams where addresses might be shown.
In the address 2001:db8::1 the letters in the second section are shown in lower case. Leading zeros are omitted and sections that are all zeros are compressed with the double colon. When fully expanded, that address would look like 2001:0db8:0000:0000:0000:0000:0000:0001.
IPv4 was designed around managing individual address assignments. IPv6 was designed around managing network prefix assignments. A “prefix” is the number given to identify the network. For instance, the network 192.168.0.0/16 has ‘192.168’ identifies the network.
The number of bits in a network prefix lets you know how many addresses – or smaller prefixes – it has within it. There are 32-bits of IPv4 space, so if 24 are used for the prefix, that leaves eight for addresses. There are 256 addresses in a /24 network prefix because 28 is 256. People tend to use the terms network ‘prefix’ and ‘block’ interchangeably. A network prefix provides a block of smaller networks or addresses.
IPv4 CIDR slash notation shows network length and available addresses
Blue boxes identify the 24 bits dedicated to identifying the network. The green boxes show the 256 sequential network addresses available in this /24 network.
We could refer to an individual IPv4 address as a /32 and an individual IPv6 address as a /128. Both address types use the same CIDR ‘slash notation’ to communicate the size of the network.
There’s no point in specifying the number of addresses in IPv6. All the numbers are just too big. Instead, the goal is to know how many /64 LANs are available in each part of the network.
When developing an addressing plan for an access network, the goal is to understand the number of subscribers that each part can connect. A similar approach is used for the different parts of an enterprise or academic network.
IPv6 CIDR Slash notation shows number of smaller networks available[1]
Most access networks assign each consumer subscriber a /56. This gives each subscriber 256 /64 LANs. Enterprise subscribers typically get a /48, which gives them 65,536 /64 LANs[2] [3] . This is a huge number of almost inexhaustible LANs. This choice means these networks should not have to renumber in the future, when new use cases for networks arise.
When networks were new, computers were expensive and rare, so configuring a new device was something an engineer would do when it was set up. But computers are much cheaper and more mobile now, so manually configuring IP addresses isn’t practical. Engineers developed protocols to automate address configuration on both IPv4 and IPv6 networks. This can be done in two ways in IPv6.
The Dynamic Host Configuration Protocol (DHCP) lets any device connecting to an IPv4 network request an address. The DHCP controller answers with an address and other configuration information, like where the device should send DNS queries.
The DHCP controller assigns addresses with a lease. The lease could be an hour, a day, or longer, depending on the needs of the network. When the lease expires, the device must either request a renewal, or stop using the address.
A version of DHCP, called DHCPv6, does the same kind of thing for IPv6 networks. It can assign addresses to devices and send them configuration information. DHCPv6 also allows subordinate networks to request a prefix from a controlling network. For instance, a newly connected cable subscriber’s router can request a prefix delegation from the cable network.
As with IPv4, the prefix delegation needs to be renewed periodically. The device on the subordinate network sends a ‘Renew’ message to the DHCPv6 controller to extend the lease.
But not all networks are managed. IPv6 Stateless Address Autoconfiguration (SLAAC) is the protocol that can be used for unmanaged, or lightly managed, networks. It is designed for small networks of a few machines attached to a single uplink.
Devices can self-assign an address based on the network prefix and unique identifier, like a pseudo-randomly generated hardware address. These are combined to form the full IPv6 address.
Why would engineers recommend that devices configure themselves with a pseudo-random identifier when creating an IPv6 address?
In most cases, IPv4 internet connections are mediated through a Network Address Translator (NAT). Most devices get a private address, which is only unique on that network. The NAT rewrites the address in each data packet. In most cases multiple devices used by multiple people are hidden behind a small number of unique addresses.
NAT use grew for a variety of reasons. While privacy was never a particular goal of NAT deployment, address translation can have a blurring effect in some situations.[1] This is because many different devices and users can be hidden between a single address.
But IPv6 addresses were originally designed to be formed with 64-bits coming from the network and 64-bits coming from the hardware address of the device’s network card. These are called MAC addresses and they are supposed to be globally unique.
Having a unique identifier would leave a trail that could easily be used to correlate seemingly unrelated activity. For instance, a work laptop used at an office, a home, an airport, a passenger jet, and a hotel would leave a trail identifying the device – and likely user – if they consistently used personal services, like social media.
All major IPv6 implementations now use temporary addresses. These are regenerated every few hours.
Neither NAT or temporary addresses provide complete privacy. They just blur the identity of users a bit.
IPv4 and IPv6 are very similar because IPv6 is a newer version of the Internet Protocol. But there are several key differences.
by Leo Vegoda
Selling IPv4 blocks for immediate financial gain is a popular monetization choice for many enterprises, but companies with surplus, unused IPv4 addresses can use them for long-term revenue via IPv4 leases instead. Unlike selling IPv4 addresses and relinquishing ownership rights to these addresses, leasing them on the market enables organizations to “lend” these ownership rights to lessees.
In general, leasing arrangements are subject to the regulations stipulated by regional internet registries (RIRs), the entities responsible for overseeing regional distribution of IPv4 addresses. Understanding how IPv4 address leasing works, including the legal framework for managing ownership rights, will help any organization smoothly lease these addresses in a competitive market.
IPv4 leasing is an agreement between two parties where the lessee “rents” IPv4 space from a lessor without the lessor transferring ownership rights to the leased addresses. The lessor is like a landlord and the lessee is like a tenant.
Many lessor companies choose to lease their surplus IPv4 addresses rather than sell them due to uncertainty regarding long-term network expansion needs. So, a company that currently holds a stockpile of IPv4 addresses but anticipates significant growth in a few years may decide to lease them until there’s an actual future need for the addresses. Other companies may simply prefer recurring operating income over a one-time capital event.
Similarly, a lessee with limited capital may prefer leasing IPv4 addresses, which provides flexibility and avoids the upfront capital commitment required when purchasing hundreds or thousands of these addresses.
In the IPv4 trading world, “ownership” means an organization owns the rights to a set of IPv4 addresses but does not necessarily own the addresses. Each IP address is a unique identifier that can only be attributed to a single entity, meaning whoever owns the rights to a block of IPv4 addresses is recognized as the registered “owner.”
Understanding how these ownership dynamics work is critical when lessors partner with lessees to develop a leasing contract for IPv4 space. For instance, without permanent rights to a block of IPv4 addresses (as with a lease), companies do not have network autonomy, meaning they lose any rights to these addresses when the lease ends. Any network operations that fully rely on the leased IPv4 addresses will need to be renumbered.
Likewise, lessors typically set specific parameters to govern the use of IPv4 addresses during a lease, such as requiring a lessee to comply with the policies established by the respective RIR overseeing the distribution of internet resources in that region. Most often, lessors will prohibit email or other illegal activity, since a bad reputation can prevent the addresses from being used later, and give the lessor a bad reputation.
Regional internet registries (RIRs) are the organizations tasked with managing the distribution of internet number resources such as IPv4 and IPv6 addresses.
The five RIRs and their respective regions include:
In alignment with the local regulations of the countries and regions in which they are located as well as the communities they serve, RIRs establish and implement policies to govern the proper use of internet number resources. This process typically involves justifying the need for organizations to acquire IPv4 addresses and ensuring these addresses are assigned to unique entities so the internet functions smoothly.
RIR policies often seek to make sure addresses are available to new and growing networks. They therefore usually make it harder to stockpile addresses by requiring acquiring organizations to show how they will use the addresses, or why they need them. This means an organization cannot use their leased-out addresses to justify the acquisition of more address space. The exception is RIPE NCC, which does not require justification. Organizations that have a surplus of addresses from years ago generally may lease out their addresses.
Between 2021 and 2023, the price per IPv4 address ranged anywhere from $30 to $50, indicating the volatility of the market. Although these IPv4 market dynamics can help estimate leasing trends and influence buying vs. leasing decisions, the decision to lease or buy IPv4 addresses ultimately comes down to an organization’s specific needs.
For example, companies with clear long-term network expansion plans and capital available to finance these plans are better off buying IPv4 addresses, especially when the market pricing is favorable. On the other hand, a company that’s unsure how fast it will grow and whether it needs significant network space should ideally lease these addresses to determine if a purchase is more practical down the line.
On the lessor side, it’s profitable to lease out IP addresses if an organization does not plan to use them soon. Sometimes, spammers looking to lease IPv4 blocks may attempt to take advantage of lessors, who may be caught unaware. To avoid the impact of such unfavorable scenarios, lessors can work with experienced IPv4 brokers like IPv4.Global, who review potential lessees and monitor leases in progress.
Navigating the IPv4 leasing market can also be challenging for both lessees and lessors.
In many instances, violations of RIR policies via non-compliance can impact the relationship between the RIR and a lessor, which can affect future transactions involving the trading or transfer of IPv4 addresses by the lessor. For example, a lessee that violates the terms of a leasing contract can damage the reputation of a lessor, who would then be tasked with repairing that damage with the RIR, resulting in legal and financial costs.
On the lessee side, it can be challenging to determine the reputation of IPv4 blocks one chooses to lease without conducting significant due diligence.
With network audit tools, companies can determine whether the addresses they are leasing were sitting dormant for extended periods of time or if the networks were unmonitored and prone to security risks. A good example is ReView, IPv4.Global’s IP address audit tool, that inventories IP address allocations and assignments so an organization can understand the nature of IP addresses it’s leasing.
The IPv4 leasing market is poised for growth in the coming years, especially after Cogent’s securitization of IPv4 leases for $206MM.
Although IPv4 scarcity has driven up the demand for these addresses, the growth and adoption of newer IPv6 technology is helping to meet the unsatisfied demand. Organizations may be able to lease IPv4 addresses for a few years while deploying IPv6 and need fewer IPv4 addresses when the lease ends.
Choosing to lease or purchase IPv4 addresses will help meet any organization’s network expansion needs. Finding the right information to guide these decisions will help streamline the entire process, particularly on the legal side. Understanding how IPv4 ownership rights and compliance with RIR policies affect the IPv4 leasing market helps organizations prepare for leasing agreements more effectively.
Whether one is a lessor or lessee, it helps to identify the requirements for a successful lease agreement, such as usage stipulations, the impact of ownership rights on a lease, the role of IPv4 market trends on lease pricing, and the end-to-end risks and challenges.
Ultimately, finding a reliable and trusted source of information on IPv4 leasing will help your company make the right decision. At IPv4.Global, our experience as trusted marketplace brokers enables us to find the right IPv4 addresses for your needs. Whether you choose to lease these addresses or buy them, our team can walk you through the considerations of either option.
Prices remain stable in the low to mid $30s per address. Prices for /16 and larger blocks have fallen, with offers in the $40s.
This is a market in transition. Large blocks (/16 and larger) are available and sales are slow, so flat /16 pricing reflects prior months’ transactions. Demand for smaller blocks is up, so prices are recovering.
High demand in May caused small block prices to rise. A small volume of /16s traded, at approximately the same price level as the previous month
May 29, 2024
by Akeyla Wallace
Last week, RIPE 88 was held in Krakow, Poland. During the conference, the Address Policy Working Group (APWG) met and discussed policy and services updates, reviewed potential policies, and made their selection for the two open co-chair seats. In the first part of the meeting, the two co-chair candidates, Erik Bais and Alex Le Heux, were elected into the positions without conflict. However, on May 28, 2024, the networking world was saddened to learn of Erik Bais sudden death; a terrible loss for the community.
After the co-chair selection was completed, “Options for Revising the IPv6 PI Assignment Policy”, where RIPE-738: IPv6 Address Allocation and Assignment Policy would be updated was discussed. The RIPE community approved of this update in a general sense but had a couple of inquiries on how the policy would affect RIPE members. The first inquiry revolved around how the updated policy would resolve two separate IPv6 requests of /48s coming from the same LIR. The proposer responded that RIPE NCC would assign a /44 block of IPv6 addresses to the LIR to satisfy both requests. Another inquiry addressed the need for a clear definition of an “End-Site” and the response was that adding this definition should be a separate policy proposal as it would affect more than just this section of the RIPE policy. The final inquiry was if a user can extend to a /46 from a /48 without renumbering their system. In response, the proposer mentioned that there is already a provision for this situation in the policy.
A potential proposal that was presented for the first time to the community was PI Policy Simplification. which seeks to limit IP address statuses to allocated, assigned and aggregated. This update is theorized to offer clarity, consistency, more policy oversight, and simpler policy/procedures. This potential proposal would also give membership room to evolve based on our current reality as the membership structure is rigid and based on IPv4 distribution. The RIPE community had pushback with regards to removing statuses as it would remove information regarding the contractual requirements of the address space from the public view. Taking away this visibility could result in errors in the request of resources, complicate resource transfer policy, and have further implications for legacy resource holders. Furthermore, the community is confused as to what other consequences may result from the implementation of this policy and its ultimate goals. Finally, the community recommended the proposer consult the Database Working Group before submitting preliminary proposal text to the Address Policy Working Group Mailing List (APML). As there was a need to move onto the next subject during the policy session, Erik Bais requested that any further questions for the proposer be submitted via the APML.
The potential policy “Limiting Membership and Allocating IPv4 Subnets in Less Developed Countries” was not discussed during the APWG policy session, however, there were many interesting updates delivered to the community.
From RIPE NCC Registration Services, we received the following updates:
RIPE NCC will host their 89th Regional Meeting in Prague, Czechia from October 28, 2024 to November 1, 2024.
by Lee Howard
The market for IPv4 addresses has been active for at least 12 years. In recent years, a market for leasing IPv4 addresses has developed. The leasing market has been controversial, driving policy discussions at public policy meetings among the Regional Internet Registries (RIRs) that administer the IPv4 address records.
While the buy/sell market has hovered around 40MM addresses per year, the leasing market has grown to about 25MM addresses. Cogent recently disclosed that they are leasing over 11MM addresses. Larus says they have 10MM addresses, IPXO says they have 3MM, and InterLIR says they have 1MM. Comparing the sales and leasing markets shows a buy/sell market of $2B per year (at $50/address) and a leasing market of $105MM per year (at $4.20/address/year).
Demand for IPv4 addresses to lease comes from a variety of sectors. There are a few long term lessees, generally capital-constrained small ISPs or hosting companies. Networks like this face risk in the leasing market: when the lease is up, they have to acquire replacement addresses at whatever market conditions are at that time, and renumber into that space, incurring costs and potentially disrupting customers. Short term lessees tend to use the addresses in ways that will get them blocked, including spamming, but also sneaker proxies, screen scrapers, and extra-territorial VPNs.
There are some reasons to think the IPv4 leasing market will heat up. For one, with cloud providers charging up to $43 per address per year while the buy/sell market is well below that, anyone needing 100 or more addresses is better off buying them. Potentially even more attractive is leasing addresses for BYOIP; at $0.35 per address per month, network operators have ten years to migrate from IPv4 to IPv6, and still pay less than $43/address.
Further, there has been resistance to leasing among some RIR communities. Some community members fear that leasing will enable spam or other misbehavior. Others worry that an investor will buy up a lot of address space, raising prices on the buy-sell market, then extracting high rents on the leasing market. Of course, there is a pressure release on either market: accelerated adoption of IPv6, with transition technologies reducing the number of IPv4 addresses needed.
A potential surge in demand is more than offset by a potential surge in supply. At IPv4.Global, we have been fielding inquiries from multiple parties considering leasing out large amounts of IPv4 address space. While prices may fluctuate, there is enough address space and technology to satisfy both markets for the foreseeable future.
May 14, 2024
by Akeyla Wallace
RIPE NCC is hosting their 88th Regional Meeting from May 20, 2024 to May 24, 2024 in Krakow, Poland. Typically, the RIPE community would gather at his event to network, share updates about the networking industry and discuss any recently proposed policies. However, there are no policy proposals currently up for an official discussion. The last policy proposal that was discussed, Add AGGREGATED-BY-LIR status for IPv4 PA assignments, was accepted on April 15, 2024 and the updated policy section, IPv4 Address Allocation and Assignment Policies for the RIPE NCC Service Region, was published as RIPE-822 the same day. This proposal was then moved from the current policy proposals page to the archived policy proposals page.
Though there are no proposals listed on the current policy proposals page, there is a potential proposal going through a preliminary discussion in the RIPE Address Policy Working Group Mailing List (APWG). The proposal, titled “Limiting Membership and Allocating IPv4 Subnets in Less Developed Countries”, was submitted to the APWG mailing list on April 9,2024 and seeks to reduce the potential for IPv4 hoarding and allow for the increased allocation of these addresses to “less developed countries”. The goal of the proposal would be reached by introducing a two RIPE NCC membership maximum per entity and allowing the allocation of more than one /24 block of IPv4 addresses to entities that are registered in countries that are deemed to be “less developed” to encourage their transition to IPv6.
The community responded with questions on a few parts of this proposal. The first question was how will RIPE NCC determine that a country is “less developed”? The proposal’s author responded that RIPE NCC will need to use metrics such as GDP, internet penetration rates and infrastructure. Another question, that has not been addressed by the proposer, was how would limiting membership help with the distribution of /24s when an entity can create shell companies to get around the restriction? Finally, the community requested further clarification on how allocating more /24 blocks to qualifying entities would encourage them to transition to IPv6. The proposer responded that it is their intent that the increase in allocation will allow these entities to fulfill their needs while gradually transitioning to the new protocol. As of April 10, 2024, there has not been any further discussion on this potential proposal.
Another potential proposal currently in discussion is “Options for Revising the IPv6 PI Assignment Policy”, where the proposer is looking to update RIPE-738: IPv6 Address Allocation and Assignment Policy. This revision is being sought in order to improve IPv6 accessibility for small organizations by reducing fragmentation, restricting how the addresses are utilized, allowing for the allocation of a /64 per device, and streamlining assignment procedures. The parts of the policy that are being focused on are sections 2.6, 2.9, 5.4, and 7.1. The response from the community has been that these updates are needed and should be implemented.
These potential proposals will be discussed during the Address Policy sessions on Wednesday, May 22, 2024. Also on the agenda is the selection for the two open co-chair seats. The candidates are Erik Bais, who is a current co-chair and has volunteered to serve as co-chair again, and Alex Le Heux, who has been filling in as interim co-chair and would like to take up the mantle in an official capacity. To participate in these discussions, please register to attend the conference either onsite (for a fee) or online (for free).
by Lee Howard
With IPv4 securitization in the news and falling sale prices, people responsible for IPv4 addresses are increasingly wondering if the lease market is better for them.
The best reason to lease is that it generates monthly recurring revenue that can be reported as operating income. For an asset with often a $0 cost basis, that’s very appealing.
However, leasing prices are around $0.35 – $0.45 per address per month. That’s $4.20 – $5.40 per year. With small block prices around $30 and large block prices above $40, it’s six to ten years before the leasing income will be greater than sale income.
In fact, the present value of money makes it even longer. A capital windfall can give a business a chance to invest in revenue-generating (or risk-mitigating) projects. If a $3MM investment would return 10% per year (the internal rate of return, or IRR), that $40 per address returns $4.00 after the first year, $4.84 the second year, $5.32 the third year, and so on. Paying down debt can be similarly attractive if interest rates are high.
Leasing returns will also depend on the term of the lease(s): short-term leases usually pay more. With a lease term of a few months, lessors perceive a higher risk that addresses will be used for spam or abuse. There’s also a higher vacancy rate: it can often take weeks or months to find a new lessee. A long term lease therefore provides more security and stability, and so lower rates.
Whether leasing or selling will return more depends on the amount of space in question, the actual lease rates, the duration of the lease, and the value of how proceeds will be used.
The leasing market is still fairly small. While the worldwide buy/sell market has hovered around 40MM addresses per year, the leasing market has grown to about 25MM addresses. Cogent recently disclosed that they are leasing over 11MM addresses. Larus reports they have 10MM addresses, IPXO says they have 3MM, and InterLIR says they have 1MM. Comparing those two markets shows a buy/sell market (at $50/address) of $2B per year and a leasing market of (at $4.20/address/year) of $105MM per year.
There are address holders who could flood either market.
Demand is uncertain. In the current lease market, a long-term lessee (recipient) has stability and may spend significantly less over several years, so it can be attractive to lease instead of buy. However, at the end of that lease, they will have to replace the addresses at whatever the market is at the time. They will also have to do the work of renumbering, which can be time-consuming and disruptive. IPv6 and automation can help.
The recipient of the addresses may need any of five things: reassignment in WHOIS, reverse DNS delegation, letter of authorization (LOA), route object in an Internet Routing Registry (IRR), and/or route origin authorization (ROA in the RPKI system). A good lease manager will help with those, and if they are given administrative access to the account in the regional internet registry (RIR), can do it themselves. However, administrative accounts give full authority to all records held by an organization.
The other essential element is protecting the address holder from reputational damage. The greatest fear of most potential lessors is that the addresses will be used to send spam, and their addresses will be listed in a Reputation Block List (RBL). Many networks use RBLs to reject email, and sometimes other traffic, to protect themselves. Some RBLs make it easier to get delisted than others, so prevention is important. Traditional internet service providers (ISPs) or hosting companies can block outbound spam from their network. A lessor is not in the flow of traffic and has less control.
A good lease manager will monitor the abuse mailbox to watch for early reports, as well as monitoring major RBLs. They will have an escalating abuse response plan, leading to revocation of leases and all of the services that enabled the user to use the addresses.
Worse, if the addresses are used for other nefarious activity, it may tarnish the address holder’s reputation to the public. This is generally only the case for long term, recurring abuse. If recurring complaints are not addressed, the risk increases.
A sale has none of these risks. The transfer process is generally straightforward, and once the transfer is complete, no further work is required and there is no risk to reputation.
Ultimately, the best decision between leasing and selling comes down to the unique circumstance of each organization. If they will need the addresses, prefer recurring operating income, and can tolerate the vagaries of the market, leasing may be preferable. If they have low risk tolerance and have good plans for the capital, selling is a better option.
by Peter Tobey
Summary: The price difference per IP address between large blocks (/16s) and somewhat smaller ones (/17s – /19s) is considerable. The $ per IP address differential is likely greater than the integration cost penalty of dealing with multiple small blocks. So, mid-size IPv4 address blocks offer a significant opportunity for buyers.
Pricing is primarily influenced by supply and demand. In the IP world, future value expectations, the costs of integration with existing systems, acquisition, and maintenance costs, etc. impact prices. These are projected and ongoing concerns, not those directly related to an immediate purchase. So, they are difficult to quantify and have variable effects on different buyers and sellers.
Still, for many years (2016 – 2020), larger IPv4 address blocks traded at something of a discount to smaller blocks. This discount wasn’t dramatic but was very consistent.
Large buyers promoted the idea that they should get a bulk discount for committing to a large purchase. Sellers of large blocks, often looking at a windfall, simply accepted the best (somewhat lower) offer. For the first years of the market, sellers had little opportunity to sell smaller blocks—there was essentially no small block market, and no pricing transparency until IPv4.Global began publishing its anonymous transaction statistics.
As you can see above, the lower per-IP price of large-block IPv4 addresses ended in late 2021. Large blocks became (relatively) more costly than smaller ones but continued to trade in a tight range. Smaller blocks began to be traded in a wider – and generally lower – range.
Today, sellers can expect a higher price-per-address for larger blocks. This makes sense in terms of scarcity: since every block of 65,536 addresses can be broker into (e.g.) four blocks of 16,384, we know there are more /18s than /16s.
The above chart illustrates an associated-but-different phenomena mentioned above: prices have not simply diverged, separating large block prices from all others, they’ve scattered. Until late-2021, all IP addresses traded in a fairly narrow price range. There was some significant difference between large blocks and all others (large blocks commanding lower prices per IP address). But the per address price difference among all address block sizes was small and individual blocks within any given class traded very consistently.
The line graphs shown earlier depict this consistency well. However, since mid-2021 the scattering of prices among blocks in tight ranges is clear only when a graphing of individual trades is shown as in the scatter plot above.
The 2021 and thereafter, the scattering of prices for smaller blocks has continued. That is, the variability of pricing even among recent transfers of the same block size can be quite different. Today, we regularly see small-block transactions varying from $30 to $40 per IP address in the same week.
When a commodity trades in a wide range of prices the attentive buyer is rewarded. Regular monitoring of blocks being offered can yield significant savings. Features such as IPv4.Global’s “Notify Me” application can actively monitor blocks for sale and alert buyers when certain (RIR and price) conditions are met.
Also, the divergence in pricing between /16s and /17s is an opportunity for buyers. Two /17s – in spite of somewhat higher deployment costs – can save significantly over a single /16.
| Addresses/Block | Total Addresses | Price/IP | Cost | |
| One /16 | 65,536 | 65,536 | $47 | $ 3,080,192 |
| Two /17s | 32,768 | 65,536 | $35 | $ 2,293,760 |
65,336 IPv4 addresses currently cost about 25% less when bought as two /17s. That’s a huge saving for the cost of two routes and two configuration lines instead of just one. As noted, there is a small increase in complexity when using multiple blocks in this way. (Some of them are discussed below.) But in most cases, that complexity is more than compensated for by the lower purchase price of the smaller blocks.
While you might want to get a single IPv4 prefix to meet all your needs, that is not always the best approach. Some organizations will want to separate their internal management functions from public facing functions. Some will simply be happy to buy only the addresses they need for their next growth period.
Managing multiple prefixes used to be more challenging than it is today. IP address management (IPAM) and configuration management weren’t widely used by IP networks in the 1990s. But we now have mature markets for both. This makes it much easier to design, implement, and monitor consistent policies through automation.
Deploying configuration management significantly reduces concerns about configuration complexity. It also makes it easy to audit and update configurations quickly and predictably.
If your organization wants to route parts of its network in different ways, having multiple prefixes could be an advantage. Not all networks are based in one location, with one set of connections to the internet.
If your network has multiple sites, or multiple uplinks, having multiple prefixes could be ideal. For instance, a network with sites in two cities might want to keep each city’s traffic local. One way to do that is to use a different prefix for each site.
Example of an organization with one IPv4 prefix per site
It is possible to organize routing so most traffic for each site will arrive through the local link. It is also possible to organize routing so the other site provides a backup connection. This means neither site will be disconnected when its uplink is down for maintenance or an unscheduled interruption.
Predicting future prices is a perilous undertaking and not one that is happening in this blog. There are a considerable number of influences on market pricing of IPv4 addresses and many of them are unpredictable. However, the most recent, short-term trends in both large and all other block prices seems to suggest some convergence in prices. Even if the difference in prices among these blocks remains as it is or becomes slowly lessened, the price spread among these assets’ prices are significant.
by Lee Howard
With IPv4 sales prices at their lowest in three years, and multiple options for leasing IPv4 addresses, organizations needing IPv4 addresses have to consider whether buying or leasing makes more sense.
Small IPv4 block prices are around $33 per address, about $8,500 for a /24. Larger blocks are currently in the low $40s per address. Meanwhile, leasing prices are still $0.35 – $0.45 per month. There are three factors that affect leasing prices:
Using a geofeeds.txt file or updating major geolocation services can help with the first, creating additional flexibility. Larger blocks may lease for a bit more than smaller ones. The biggest difference is in term length: lessors worry that a three-month tenant is going to use the addresses for spamming or proxying and create a bad reputation that makes the addresses unusable. Significant discounts are available for commitments of two, five, or ten years. That makes sense; a lessor wants to incentivize long leases so they don’t have non-revenue vacancies, and without a discount, a lessee would take a short contract and renew.
There are risks at the end of the lease: the tenant will have to acquire replacement addresses at new market conditions, and will have to renumber, potentially impacting customers. If the term of the lease is at least a few years, the lessee may be able to reduce the impact of these concerns.
Renumbering can be made easier with automation. Instead of manually configuring servers and network hardware, tools like ansible can turn a configuration repository into a database. Similarly, a good DDI (DHCP, DNS, IPAM) tool can use DHCP reservations and dynamic DNS to make server configurations easy. Firewalls and routers (and related security policy and routing policy) are typically updated twice: once to enable the new addresses, and again to remove the old addresses. Configuration management tools can help with these processes, too.
Even better, a migration plan to IPv6 can reduce the need for new IPv4 addresses at the end of the lease. Network devices can run dual-stack—both IPv4 and IPv6—combined with Network Address Translation (NAT) for the IPv4 addresses. NAT can compress a network of thousands of devices into just a few IPv4 addresses, especially when half or more of the connections are able to use IPv6.
With proper planning, the cost of leasing may be less in both the short term and long term.
For a description of IPv4.Global’s leasing options, click LEASING IPv4.
May 3, 2024
by Lee Howard, SVP IPv4.Global
Cogent (NASDAQ: CCOI) recently announced it is offering secured notes for $206MM. The unusual part is what it’s using as security: some of its IPv4 addresses and the leases on those IPv4 addresses.
IPv4 addresses are the identifiers used to send and receive data in version 4 of the Internet Protocol. The protocol uses a string of 32 ones and zeroes as an address for the specialized computers (called routers) to figure out how to forward packets of data. Those 32 bits mean there are only 4.3 billion possible IPv4 addresses, which seemed like a lot when there were only two million personal computers and only a few thousand capable of networking. The growth of the internet has led to scarcity, creating value in addresses that were originally distributed for free to whatever networks needed them.
Cogent has been leasing out addresses for several years. All internet service providers (ISPs) give IP addresses to their users, but Cogent was among the first to lease those addresses independently of internet access. (Internet access customers normally require a unique address as part of their service.) Sources are hard to find, but prevailing wisdom is that they have over 10MM addresses leased for about $0.30 per month, or $36MM per year in revenue.
The notes are expected to be repaid in five years. It’s important that Cogent is creating a special-purpose, bankruptcy-remote subsidiary for this security. The registry in charge of IPv4 records in North America is ARIN, the American Registry for Internet Numbers, and while they allow transfers, they are only allowed if the recipient can demonstrate need, or if the recipient owns the entire organization or network that holds the addresses. By placing the addresses in a subsidiary, even if Cogent were to go bankrupt or stop paying on its secured note, the note holders could claim the addresses from the subsidiary, and sell them off through a marketplace like IPv4.Global by Hilco Streambank.
The underlying value of the addresses is only as strong as demand for them. In a worldwide sale market of about 40MM addresses per year, the largest buyers have consistently been the “hyperscaler” cloud companies. With last year’s announcement by Amazon Web Services (AWS) that they would begin charging customers for every IPv4 address used, that dynamic may change. AWS users may buy their own addresses to Bring Your Own IP (BYOIP), or they may lease for a few years while migrating to IPv6.
For details regarding this offering, see Yahoo Finance.
IPv6 is the newer (dating to the 1990s) Internet Protocol. With 340 trillion trillion trillion possible addresses, there is no scarcity, so it is essentially free. However, those with IPv6-only can’t communicate with those with IPv4-only unless someone installs a translator. IPv6 adoption is wide, with 45% of hits on Google properties using the newer protocol, but projections still put it ten years away from being above 90% of the internet.
Other pricing risks to IPv4 include potential surges in supply from the U.S. government’s hoard of a few hundred million addresses, an effort to reclassify 240MM experimental addresses, or other publicly traded companies feeling pressure from shareholders based on Cogent’s offering. Indeed, prices have recently eased, and there are signs that will continue, at least until prices of large and medium blocks converge.
High demand in April brought prices for small/medium blocks back up to the mid $30s per address. A small volume of /16s traded, slightly below the previous month.
by Leo Vegoda
The variations in transfer fees within a single Regional Internet Registry (RIR) can be considerable. Comparing those required by the four transferring RIRs is confusing. The differences are many and inconsistent.
For this reason, IPv4.Global has developed a tool for calculating transfer fees. It can be found here: Transfer Fee Calculator. But the ease of using this tool hides the complexity of the fee structure. Plus, it certainly doesn’t explain the reasoning behind those fees. They are certainly designed to defray the cost of executing transfers.
But the variable costs of doing business in their established regions is not the only reason the RIRs don’t have a consistent set of charges. Other factors influence their charging decisions. They include:
The RIRs are careful to avoid discussing among themselves the structure or the level of charges they require. On the one hand, each RIR is a monopoly of sorts. What’s more, registrations can be transferred between RIRs, so their connections are inherent and to some extent interdependent. Considering this unusual set of circumstances, it is not surprising that, for all parties in the system, it is important to avoid cartel behavior, or even its appearance.
RIRs charge fees to provide registration services to organizations that need addresses. But they do more than just that. They engage with governments, intergovernmental organizations, and standards bodies on governance and other issues that impact their members.
They also provide learning and development services focused on some of the technical services they provide. These include DNSSEC and RPKI. Supporting deployment of technologies that make the internet more resilient benefits everyone.
They also support and spur development in the regions they serve. This is especially important for AFRINIC, which has assigned less than two percent of ASNs. While this is not a complete measure of development, it indicates a need relative to the other RIRs.
The RIRs have three main approaches to charging their direct customers for sustained service:
They each apply some of these. And most RIRs also charge an additional fee to process a transfer. ARIN offers enhanced services for a fee.
Some RIRs use a tiered fee structure so that those with more addresses contribute more. This makes service more affordable for new market entrants.
APNIC’s fee schedule relies on CIDR boundaries instead of other tiering mechanisms. They perform a calculation based on the number of address bits allocated to a member. They provide a calculator to help people estimate their likely fees.
The RIPE NCC’s one-size-fits-all approach is different. Its fees have been low for over a decade and it often returns excess income to members in the following year by discounting their next invoice.
[*] Based on fees for ISPs and not End Users
Some members of RIRs are not network operators themselves. Instead, they focus on providing equivalent services to other organizations. The National Internet Registries (NIRs) in the APNIC and LACNIC regions provide registration services to local network operators. APNIC and LACNIC have different charging arrangements for these organizations.
In the RIPE NCC service region, organizations with address space can buy registration services from a RIPE NCC member (a sponsoring LIR) instead of contracting directly with the RIPE NCC. This is different from an NIR as there can be multiple members serving the same country. The sponsoring LIR is free to set its own fee structure and is charged a fixed amount per indirect customer each year. This is currently set at €50 but could change in 2025.
This is the approach taken by the RIPE NCC. It previously used a tiered structure but has used a simpler one-size-fits-all approach for over a decade, with member fees being set annually. In that time, membership fees have varied between €1,400 and €1,800. It is €1,550 in 2024.
The RIPE NCC also returns money to its members in years when its reserves are too high.
Most RIRs charge a transfer fee. Transfers requests must be evaluated by people and rely on custom software. These fees are intended to recoup the cost of delivering transfer services.
The RIPE NCC is one exception. It only requires that the organization transferring space away are up to date with their accounts. AFRINIC is another exception. It doesn’t charge a transfer fee but requires the recipient to join if it was not previously a member. The new member then needs to pay the regular membership fee.
| RIR | 2024 Fee |
| AFRINIC | — |
| APNIC | 20% of the Annual Fee applicable to resources being transferred. |
| ARIN | $500 plus a variable fee based on size, starting at $187.50 [*] |
| LACNIC | $200 filing fee plus $1,000 (up to a /19), or $1,500 for all larger blocks |
| RIPE NCC | There are no transfer fees but the seller must have paid its membership fee. |
[*] Waived for Premiere Support Plan members
ARIN offers what it calls a “Premier Support Plan” that any member can buy for $5,000 each year. It is included at no charge for its largest membership tiers. Members with this service get a dedicated point of contact for complex requests, round the clock support, and transfer fee waivers.
Not all countries are equally developed. APNIC uses the United Nations list of Least Developed Countries as the basis for discounts. This means that members in advanced economies are providing a subsidy to those where there is less money.
Fig 1: UN map of least developed countries as of December 2023, from UNCTAD
APNIC’s discount is currently 50 percent and is applied to transfers as well as membership.
AFRINIC also offers a 50 percent discount for academic and research institutions. This is only applicable if all the addresses are used for that purpose.
Network operators and governments around the world rely on RIRs. Their services are becoming more and more operationally important. They must be able to provide those services even if their income suddenly dries up for reasons beyond their control.
The RIRs try to build up reserve funds that can be drawn down in times of need.
Once established, these funds can mostly sustain themselves. And depending on the jurisdiction, there might be a cap on the total amount that can be placed in reserves.
| RIR | % (OpEx) | 2022 Reserves |
| AFRINIC | 2 years (goal) | $6 million [*] |
| APNIC | 16 months | AUD 33 million |
| ARIN | 1 year | $31 million |
| LACNIC | 1 year | $4 million |
| RIPE NCC | 1 year | €32 million |
[*] This is the 2021 number as the 2022 financial reports had not been published at the time of this writing.
by Leo Vegoda
Until you have a postal service, street names and addresses are a convenience. But when everyone can mail letters, an administration must make each location unique.
When the internet was still the ARPANET, Jon Postel did this for all sorts of unique identifiers used for computer networks. IPv4 addresses were a part of this, but he also managed port assignments, and the creation of Top-Level Domain names, like .com.
These addresses were issued before the development of community governance for IP addresses. The organizations using these addresses did not have to implement the new policies. Most importantly, they did not have to return any surplus addresses.
“Managing” IP address space essentially means distributing it and recording who is using those addresses. IP address space is now managed in a hierarchical manner. The top level of all internet number registries is managed by IANA, a small specialist organization based in Los Angeles. They delegate IP addresses, including responsibility for onward distribution, to other organizations, who delegate onwards until we get to network operators.
The hierarchy of IP address delegation.
Postel did not directly issue all the IPv4 addresses himself during the early years. The internet’s rapid success required overseas help. And as the internet started to grow in Europe and Asia, local people distributed addresses and kept records. This meant that people could coordinate with the registry in their own language and time zone.
The Regional Internet Registries (RIRs) emerged in the early 1990s but weren’t mature legal entities until the end of the decade. AFRINIC, the last RIR formed, achieved recognition in 2005.
National Internet Registries were instrumental in the development of the RIRs. They continue to play a vital role in localizing the delivery of services to populations that don’t speak the dominant language in their region. This includes transfers in and out of those regions. JPNIC, serving Japan, and NIC.BR, serving Brazil are key examples.
The policy-making function for the allocation of addresses started to move away from IANA in the mid-1990s. In 1993, the Guidelines for Management of IP Address Space was published. It recommended that RIRs should be “committed to allocate IP numbers according to the guidelines established by the IANA and the IR.”
That changed by 1996, when new guidelines were published. These were developed by the RIRs and their communities. The new guidelines recognized the introduction of technologies that improved address usage efficiency.
And the legal basis for allocation changed when the operator community created the RIRs. The creation of the RIRs involved the development of a policy and legal framework. Companies entered contracts and agreed to policies.
The new community policies were not retrospectively imposed on those who already had addresses. Many organizations found they had much more address space than they actually needed.
Improvements in routing technology meant that they could use their addresses more efficiently. Suddenly, they had a surplus. And importantly, they were under no agreed-upon requirement to return addresses to the registry.
Each RIR treats these legacy or historical allocations differently.
Legacy resource holders do not have access to the MyAFRINIC portal, or services like DNSSEC and RPKI. Resources lose their legacy status when transferred.
In 2021, APNIC decided that everyone with historical resources would need to contract with APNIC. It is now reviewing every historical resource. It will reclaim unused addresses for future allocation.
Contracting with APNIC means that historical resource holders have access to all of APNIC’s services, including RPKI. Resources lose their legacy status when transferred.
ARIN has been encouraging legacy resource holders to sign a tailored contract with it since 2008. Registrants without a contract continue to get the basic services but can’t get new services, like RPKI or use ARIN’s Internet Routing Registry (IRR).
Resources lose their legacy status when transferred.
Registrants that signed its tailored contract before the end of 2023 got a fee cap. Those who sign up now won’t get that benefit. But they could choose to transfer their resources to the RIPE NCC and contract with them instead.
LACNIC offers all services to legacy registrants but they lose their legacy status if they are transferred.
The RIPE NCC requires the least from legacy registrants. It will continue providing the services the registrant already has but does not need to offer new services, like RPKI. No contractual agreement is required. The registrant may contract with the RIPE NCC or a Local Internet Registry in its own country if it prefers. Contracting gives the registrant access to RPKI services.
The RIPE NCC recognizes the legacy status of historical resources transferred to its region. The RIPE NCC has a dedicated legacy resources FAQ.
The key value of legacy status is the ability to take advantage of basic registration services without charge. RIR services for non-legacy registrants incur an annual fee.
2024 fee for a legacy /16 (65,536 addresses)
| Fee | USD equivalent | |
| AFRINIC | USD $1,4631 | $1,463 |
| APNIC | AUD $10,2342 | $6,750 |
| ARIN | USD $4,000 | $4,000 |
| LACNIC | USD $600 | $600 |
| RIPE NCC | EUR €1,550 | $1,675 |
1Non-member fee. The fee charged to Local Internet Registry members is higher.
2A discount is available to registrants in UN designated Least Developed Countries
Internet network operators are paying more attention to routing security. Not having access to RPKI services is likely to be a problem for some networks in the future. Bringing your own IP addresses (BYOIP) to a cloud service, like AWS, must be done using an RIR’s RPKI service.
Not having access to ARIN’s IRR will be a problem for networks that want to change the way they route their addresses on the internet.
IRR registration and RPKI reduce the risk of misconfigurations in other networks causing routing problems for your network.
If you have surplus legacy IPv4 addresses, we can help you realize their value. IPv4.Global has brokered over $1 billion in sales. We operate the most transparent auction platform and can negotiate private deals. Contact us at info@ipv4.global for a chat about how we can help you.
by Leo Vegoda & Linda Shannon
Many UK and Irish universities are sitting on untapped, very liquid assets. This asset type is often unused or replaceable with free resources while being very valuable to others. Sale prices can run into the millions.
IP addresses are the numbers designating devices on the internet. Unique IP addresses identify the end points of traffic crossing the internet. And as the internet started in educational institutions, they got large blocks of addresses.
Many higher educational institutions received large numbers of IPv4 addresses – the first widely deployed version. Early technical limitations meant they often got many more than they needed then or now. These addresses – free at the time – are now traded between $30 and $50 per address. That’s between £24 and £40.
At the top end of that range, a large block of addresses brings its seller £2.6 million.
Educational institutions in the UK and elsewhere are under significant financial pressure. Tuition fee caps have not changed since 2012 but the Office of National Statistics reports CPI inflation of 33 percent since then.
Times Higher Education (THE) reported in January that “Nearly half of UK vice-chancellors expect their university to be in financial deficit this year”. Of course, staffing costs are a key factor with 27 percent of schools telling THE that they were considering personnel cuts. Another 23 percent were considering changing staff-to-student ratios.
IPv4 addresses were created when computing was slow and expensive. This meant there were relatively few computing devices on most networks and relatively few networks. The organizers of the system designed a straightforward way of dealing with the needs of small, medium and large networks.
They simplified address management by grouping them in blocks of addresses allocated to independent networks. The best-known of these methods was called classful routing. It used the small, medium, and large approach to bundles of addresses:
Since the addresses seemed plentiful at the time (there are four billion of them) there didn’t appear to be a need to ration carefully. And, certainly no need to give fewer than requested to any educational institution. So, a network that appeared to need 5,000 addresses now or sometime in the near future (that is, 20 or so Class Cs) were given a Class B instead. So, a school needing 5,000 addresses got 65,536. Many still have them all, largely unused.
Put simply, even with organizational growth, many institutions have a lot of unused addresses.
Even more impactful for higher education, IPv4 is not the only game in town anymore. A subsequent system, called IPv6, is widely used.
The Internet Society reports that almost half of the top 1,000 websites support IPv6. 45 percent of traffic to Google was IPv6 at the end of February 2024. It is clearly a protocol that is available and growing. Best of all, there is no shortage of IPv6 address space. This releases valuable IPv4 addresses to the transfer market, providing a cash infusion to those who sell those they don’t need.
Many UK and Irish universities believe they do not “own” and cannot transfer for payment the IPv4 addresses they have. This belief stems from the assumption that Jisc or HEAnet (the national research and education networks) have claim to them. In most cases, this is incorrect. Following many inquiries, Jisc has answered the question of what kind of addresses UK colleges and universities have and what their rights to them are. Simply put: UK universities and colleges have the right to sell their addresses through the IPv4 transfer market.
In most cases, Jisc acts as the Local Internet Registry for the institutions. This means that they maintain the relevant database entries at the RIPE NCC. The RIPE NCC is where the addresses are registered. Its database shows who is using addresses and how to contact them when trying to resolve technical issues.
Jisc limits itself to acting as a center of expertise. It can offer advice but educational institutions get to decide whether to sell their IPv4 assets. You can sell your addresses on the transfer market as long as they aren’t assigned by Jisc.
It’s good to regularly review your assets. If you’re considering liquidating your IPv4 address holdings for cash, these are the steps you need to take. (Note that help is available to you to accomplish these tasks. More on that at the end of this blog.)
You can sell what is directly allocated to your institution. To discover that fact, go to the RIPE NCC website. Check that the “org:” for the IPv4 addresses your institution uses. Then select an inverse query and filter for “inetnum:” type objects.
RIPE Database query for inetnums (IPv4 address space) allocated to the RIPE NCC
You can get the same results on a command line. Just add your ORG at the end of this command:
$ whois -h whois.ripe.net — -r -Tinetnum -iorg YOUR-ORG-HERE
Check the status. If the status is “LEGACY” it can have additional value to some buyers. That status can be transferred and allows the holder of the address space to get basic services for free.
Check how much address space is not used on your network. In many cases you could sell those unused addresses separately. But larger blocks are more attractive, so the next step is to look at where your network uses IPv4 addresses in ways that aren’t needed. Note that the assignment of addresses to various parts of a network, especially if that network grew over time, can be somewhat chaotic. That disorder can be remedied so that unused blocks can be sold.
Other addresses can be made available in other ways. One example is guest LANs. These can often be replaced with IPv6, or with private IPv4 addresses and NAT.
Consider reorganizing the addresses used on your network, so you free up a large contiguous range. Larger blocks get better prices.
Example of a large block of addresses with patches of unused space. Reorganizing the address distribution can free up large, contiguous blocks for the transfer market.
IPv4.Global operates the world’s largest and most transparent auction platform. That means we show the sale prices for past transactions, giving you an insight into what is possible. But we can also negotiate private sales. If you have a very large amount of space to sell or want to exchange a large block for a smaller block, a private sale might be right for you.
We can help throughout your process.
Contact IPv4.Global at info@ipv4.global and one of our local experts can be your guide. If you’d like, contact Linda Shannon, Hilco Streambank Europe, lshannon@hilcoglobal.eu, +44 7718 424 451.
April 12, 2024
The American Registry for Internet Numbers (ARIN) is hosting their 53rd Public Policy and Members Meeting in Bridgetown, Barbados from April 14th 2024 – April 17th 2024. During this meeting, members of the ARIN community will discuss pending policy proposals, the state of the ARIN waitlist, the state of ARIN’s financial status and more.
The proposals up for discussion during ARIN 53 include:
On March 1st, 2024, ARIN-prop-330: Edit 6.5.8.3 Section 2 was submited for review by ARIN. The proposal seeks to correct policy language from “When possible subsequent assignments will result it the expansion of an existing assignment by one or more nibble boundaries as justified.” to “When possible subsequent assignments will result in the expansion of an existing assignment by one or more nibble boundaries as justified.”. The ARIN Advisory Council (AC) discussed this proposal at their March 21st 2024 meeting and accepted the proposal as Editorial Update ARIN-edit-2024-3 and posted it to the Public Policy Mailing List (PPML) for community review on March 26th, 2024.
Proposed on February 9th, 2024, ARIN-prop-329: WHOIS Data Requirements Policy for Non-Personal Information seeks to clearly define the requirements for point of contact (POC) information in ARIN’s WHOIS database. As these requirements are not codified, there is a risk for the database to violate ever evolving data privacy laws regarding personally identifying information (PII) resulting in redactions in other WHOIS databases. This policy update would expand the Number Resource Policy Manual (NRPM) policy section 3.8 to include language that states that “All organization registration records will be visible in the public Whois.” And what POC information is required. The AC advanced this proposal to the status of Draft Policy and posted it to the PPML on March 26th 2024 as Draft Policy ARIN-2024-2. So far, this proposal is supported by the community as there have been issues in the past related to inaccurate POC information in the ARIN WHOIS database.
Submitted on December 18th, 2023, ARIN-prop-328: Definition of Organization ID/Org ID proposes that the definition of an Organization ID (OrgID) should be added to section “2.Definitions” of the NRPM. The new definition is proposed to be section “2.18. Organization Identifier (Org ID): An Organizational Identifier (Org ID) is a record that represents a business, non-profit corporation, or government entity in the ARIN database. An entity must have an Organizational Identifier (Org ID) to request Internet Number Resources.”. This definition addition was part of Draft Policy ARIN-2023-7 but was removed from that proposal due to community feedback that this would need further discussion. The goal of this proposal is to ensure that the term “OrgID” is used consistently throughout the NRPM, and other publications by ARIN. After reviewing the proposal, the AC posted it to the PPML on January 31st, 2024 for community review as Draft Policy ARIN-2024-1.
The community determined that the language of the initially proposed for the definition of an OrgID was too specific and excluded natural persons as resource holders. In response to this, the proposed definition was updated to read “An Organization Identifier (Org ID) is an identifier assigned to resource holders in the ARIN registry.” The revision was posted to the PPML and the Draft Policy ARIN-2024-1 page on February 7th, 2024. This update was met with some push back in the PPML due to its phrasing as it seems that an organization would need to have resources before receiving an OrgID, when the opposite is true. Currently, there is no agreed upon definition for an OrgID among the PPML participants and they continue to discuss this matter.
In an effort to reduce the wait time on the ARIN waitlist, ARIN-prop-327: Reduce 4.18 maximum allocation was proposed on October 26th, 2023. The changes to the policy would involve the following:
This new policy would apply to new waitlist applicants and the goal, as previously stated, is to reduce how long organizations must wait for an allocation of IPv4 addresses from ARIN. The AC accepted this proposal and posted it to the PPML on November 21st, 2023 as Draft Policy ARIN-2023-8. A revision was then posted on February 14th, 2024 as the section numbers referenced in the proposal were corrected. All community discussion of the proposal took place after the revision.
The most opposition to this proposal has been regarding the reduction of the maximum size aggregate from /22 to /24 as there are businesses that need more than a /24 as an initial allocation. An alternative to this reduction is the idea that if a legitimate business needs space urgently, they should go the route of purchasing IPv4 space instead of utilizing the waitlist and increasing wait times. Others have proposed that instead of limiting the maximum size IPv4 block that can be requested, a new prioritization process be introduced that considers how long an organization has been on the list and how much space they are requesting. This way, an organization requesting a /24 may be able to receive their space within six months instead of waiting years behind another organization requesting a /22. Another concern brought up in the PPML discussion is that change in policy could be unenforceable and have many loopholes that may be exploited. The counter argument to this being that ARIN has the capability to develop checks and balances to ensure all organizations on the waitlist qualify for the IPv4 space they request. Finally, there was a debate on the ethics of organizations that already have an allocation of IPv4 applying to receive space from the ARIN waitlist.
Draft Policy ARIN-2023-4 was reported on and discussed at ARIN 52 in San Diego, California. Since that conference, the AC advanced the proposal to the status of Recommended Draft Policy status on December 28th, 2023. The Draft Policy was then revised and posted on January 17th, 2024. The few community comments provided centered on removing outdated terms in addition in to the language modernization this proposal calls for in NRPM sections 4.2.3.7.1 and 6.5.5.1. A corrected copy of this proposal was also posted on March 6th 2024.
The following policies were also previously reported on and discussed at ARIN 52 in San Diego, California.
ARIN 53 will have two policy sessions. The first policy session (Policy Block #1-4) will take place on Monday, April 15th, 2024 and include discussion on ARIN-2023-1, ARIN-2023-4, ARIN-2022-12, and ARIN-2024-1. The second policy session (Policy Break #5-9) will take place on Tuesday, April 16th, 2024 and include discussion on ARIN-2023-5, ARIN-2023-7, ARIN-2023-6, ARIN-2023-8, and ARIN-2024-2. A Live Stream of these sessions will be available and to join the conversation, free registration (virtual and in-person) is also available.
Strong interest in small blocks (/20-/24) has kept prices steady. Medium blocks (/17-/19) were slow in March, so sellers set more aggressive pricing. As predicted, we’re seeing /16 prices pull back slightly while /17 price come up a bit, closing the irrational gap between them.
by IPv4.Global Staff
Broadly speaking, “debt” is the current obligation to pay a creditor, normally to compensate for an earlier benefit of some kind. In IT, a “technical debt” refers to the obligation to re-work or expand a system due to an earlier decision to deploy a solution with (usually) only short-term or limited-scope capacity. In other words, a technical debt results from an immediate solution applied to a need when broader fixes might have been better. Such roads-not-taken were normally either time-consuming and/or expensive to deploy. Sometimes, the better solution simply wasn’t available yet.
Intentional technical debt can be taken on as a strategic decision, much like financial debt. This is often done when fast growth is needed and that growth will pay for the debt’s interest.
Unintentional technical debt accumulates when regular maintenance is ignored for a long time. When organizations change, their supporting tools need to change, too. When they don’t, organizations end up paying for keeping imperfect technologies. Software engineer Steve McConnell described it as “the non-strategic result of doing a poor job.”
Technical debt accumulates when organizations don’t adequately plan for the growth of their systems and/or changes in them. Or when business processes and technology change faster than systems adapt.
In networks it is often foundational systems that are overlooked as more “surface level” applications are adapted because high-visibility items are updated as corporate environments change. The underlying system can find itself ignored simply because it has managed to continue working with consistent fixes and ongoing maintenance. But the challenge is that, over time, these IT debts continue to accrue, even as the systems are used – or not. Just like physical infrastructure – technical infrastructure ages in place, whether you use it or not. If it isn’t the infrastructure itself, the operational and institutional knowledge ages in place at the same time.
IT Systems are no different in this regard. As systems continue to empower the organization to generate revenue and facilitate growth, “it is running now, why change it” embodies the risk that every CIO and CTO will understand. Why introduce very real risk into a “working” environment when the downside (outage, downtime, reputation) can be so significant to the organization? There needs to be significant upside to addressing technical debt – and unfortunately, it ties directly to the strategic initiatives of an organization (what we should do in the future) and not as strongly to the operational initiatives (what is needed now).
When it comes to technical debt in IT, gaining control is never as easy as “upgrade to current”. It’s also not as easy as “hire a consultant” or “outsource it” might seem. Control comes with understanding the operational landscape of your organization and how it relates to your strategic initiatives. Control is also how your changes are maintained over time. Addressing technical debt with methods that don’t have long-term efficacy puts your organization of the position of increased risk with higher costs. This is not a good combination.
One way of approaching a control mechanism is to imagine how your future self will regard it. Changes that address immediate issues won’t necessarily address systemic problems and will likely bring new issues. Ideally, addressing technical debt aligns with your strategic goals – but also brings in improved methods and supports your organizational culture. This organizational support is exactly why “one size fits all” simply isn’t realistic as there are humans involved in maintaining these processes moving forward. With this additional goal in mind, suddenly flaws in the usual strategy of “buy tool X” become apparent. A lasting control mechanism acknowledges this reality and gives you the ability to grow into the solution for the long-term.
Why have an eye on the long-term? When addressing technical debt, you will be confronted with both short and long-term solutions, along with the challenge of prioritizing these items effectively. To make this more interesting, it is likely that for these solutions to be successful, they will have an impact across business units or teams. IT challenges have only grown over the years with the increased dependency on these systems. Outsourcing to the cloud only reduced (hopefully) some of the operational costs, but it brings out management overhead that needs to be considered. As you look at addressing technical debt, one of the first steps you can take is doing an audit or at least examining what your sources of information are today.
Control also comes with understanding that there are changes that may be needed in your organization – your business processes as well. When it comes to understanding the scope and impact of technical debt, it is crucial to keep your strategic goals in mind.
Older deployments are less likely to have centrally managed configurations. Configuration management has been around since the 1950s but early IP networks didn’t use it. This means the configurations for some older systems are unmanaged and often undocumented.
Mergers, acquisitions, and corporate restructuring make this more likely. Networks are often duplicated or extended but not removed or reorganized. Many connected systems use different address blocks because their configurations weren’t updated.
Unmanaged systems are not just invisible to management, they are attractive to criminals. If they can find an unpatched system on an internet-connected network, they can use it to jump onto others. They can gain unauthorized access to information or control of the systems themselves.
Configuration management and network orchestration can manage this risk. They put power into the hands of each enterprise’s technology owners. Proprietary and open-source tools to facilitate that orchestration were introduced in the early 2000s. The available solutions are numerous, mature, and with a wide range of functional variation.
The first step to managing this management technology is to find out what exists. One way to do this is to use an IP Address Management (IPAM) tool to scan your network and identify what is deployed. Think of IPAM as a business planning tool that can be linked with more specific task management tools. IPAMs will:
With this data you are empowered to improve efficiency in several ways.
You will be able to reorganize systems to improve efficiency because you have full visibility of your network. You can free up unused addresses. You can also plan for future usage and reserve resources for where they are needed.
ReView, a free tool provided by IPv4.Global and 6connect, can perform audits of this kind from inside your own network. It can give you information about your local network and address usage on cloud services.
6connect’s full tool will do more. For instance:
by Leo Vegoda
The IPv4 market has created serious interest in the protocol far beyond the natural confines of networking professionals. These assets are worth a lot. Marketplaces, IPv4.Global’s especially, have grown to be large centers of asset transfer by buyers and sellers of IPv4 addresses. IPv4.Global has helped transfer over $1 billion in IPv4 blocks.
But what happened to earlier versions of the Internet Protocols? And if IPv6 is the next version of the Internet Protocol (IP), what was IPv5? Will there be new versions in the future?
A “protocol” is an official (or generally recognized) procedure or system of rules that prescribe an acceptable form of a process. In a social or political sense, protocols are the structured forms of etiquette that govern communications. The structure provides a format in which content can be embedded.
Diplomats use protocols to avoid surprise, allowing them to focus on the content of communications instead of their form. So, it is no surprise that protocols serve the same function in electronic communications. A communication protocol is an organized set of rules that allows a communication system to transmit information among two or more parties. As with a diplomatic protocol, a communications protocol defines the rules of communication. Included are the syntax and semantics of the exchanges plus any timing and coordination of two-way exchanges.
Roger Scantlebury and Keith Bartlett are credited with the first use of the term “protocol” in the context of a modern communications network. They published “A Protocol for Use in the NPL Data Communications Network” in 1967.
Competing approaches to developing data communication protocols were tried in the 1970s and 1980s. The win went to IPv4, which was initially specified in 1981. But parts of the OSI protocol stack developed by the International Organization for Standardization (ISO) continue to be used today.
In IPv4, each packet of data has a tiny header – the protocol part – and a large part dedicated to the data being transmitted. The 60 bytes dedicated to the packet header and options are much less than one percent of the potential total packet size.
IPv4 packet header by Michel Bakni, published under a CC BY-SA 4.0 license
The version field in the packet header diagrammed above is four bits in size. That means it can have 16 values.
So how come IPv4 is the first version of IP?
Like in most IANA registries, the first and last values in the IP Version Numbers registry are marked as reserved. But 0, 1, 2, and 3 were used in early, experimental versions of the protocol, during the 1970s. Version 0 was described in IEN 2, published in 1977. Version 2 was described in IEN 28 from 1978.
The key difference is that those early versions combined the packet protocol with session management, the Transmission Control Protocol. These were separated for IPv4. That is why the Internet Protocol is often referred to as TCP/IP.
IPv4 was good enough that we are still using it today.
IPv2 and IPv3 are now marked as “Unassigned”. They are unlikely to be reassigned for a long time, if ever. Today, only IPv10, IPv11, IPv12, IPv13, and IPv14 are available for future assignment.
IPv5 was assigned for an experiment that has now ended. The Internet Stream Protocol Version 2. It was intended to allow for “end-to-end real-time guarantees over an internet.” In other words, its goal was to provide support for quality of service. And it was never intended as a replacement for IPv4. Instead, it was intended that it would be used for real-time data, like voice. IPv4 would be used for less latency sensitive data, like big file downloads.
Telephone for Network Voice Protocol (NVP) over Internet Stream Protocol (ST) – early VOIP prototype – Lincoln Lab, public domain image
The concepts developed in IPv5 have been applied in protocols we use every day. Apart from voice and video they are used in MPLS, a core telecommunications technology.
When the internet became a success, the limitations of IPv4 became clear pretty quickly. Discussions about what to do began in March 1992. By 1994, address space for use on private networks had been reserved. This was opposed by others, who wanted “every system to be globally accessible” and knew this required “a globally unique addressing system.”
Internet engineers had continued to develop alternative protocols since late 1990. They created the IPng Area in late 1993 to investigate the various proposals and recommend how to proceed. The process looked at multiple protocol proposals. IPv6 was developed out of it and is still being deployed today.
IPv7 was a proposal for TP/IX: The Next Internet. It left as much of the IPv4 architecture as possible in place. It expanded the address space from 32-bits to 64-bits. That was a jump from 4.3 billion to about 18 quintillion addresses.
IPv8 was a proposal for the “Pip internet protocol”. This protocol relied on translators to and from the IPv4 internet. Pip IDs would be 64-bit and “could identify a user or a process” as well as a host.
IPv9 was a proposal for “TUBA, TCP and UDP with Bigger Addresses”. It called for a gradual migration from the then current suite of protocols to an updated one “running over TCP or UDP, running over CLNP.” CLNP is the Connectionless-mode Network Protocol, which was developed as a part of the OSI stack by the ISO. It was developed into IS-IS, an important routing protocol still used today. It was published as an RFC in 1990.
Never say never. But IPv5 was an experiment, while IPv6 through IPv9 were developed in a competition to create the next generation of IP. IPv6 deployment is not yet complete, almost 30 years after its initial specification. Another new version of IP would be just as hard to deploy. This is because IP is so fundamental. Billions of devices would need to go through a managed transition.
While Huawei has been promoting what it calls “New IP” it’s not really a formal protocol. It is a set of proposals for user features, like holographic communications.
New routing protocols – the protocols for guiding data across the internet – are being developed. Often, these are based on new social and political requirements. SCION is one example. It aims to be “a secure and reliable inter-domain routing protocol, designed from inception to enhance network control and transparency.”
But it builds on top of existing versions of IP.
IPv4 might become less relevant over the next decade. IPv6 deployment will almost certainly grow significantly. With two well-entrenched foundational protocols, there is unlikely to be much appetite for IPv10.
Despite the growth in IPv6, IPv4 is still necessary for most networks today. If you are building or growing a network, you can rely on IPv4.Global to help you source your IPv4 addresses. We have the largest and most transparent marketplace and public auction platform. We can also broker private deals. Contact us for help with your network growth.
by IPv4.Global Staff
Anyone buying or selling IPv4 address space has a bigger market when they consider an inter-region transfer. It has been exercised enough that there are strong processes in place. An inter-region transfer is very similar to an intra-region transfer.
In fact, there were about 2,000 IPv4 transfers in the European region in 2022. But since inter-region transfers became possible, companies in the region have transferred 756 blocks originating in other regions. And they have transferred 350 blocks out to companies in other regions. Inter-region transfers aren’t the majority of the market but they are a significant part of it.
That’s because of the distribution of IPv4 address space. ARIN, the registry for North America, manages about 100 /8s of IPv4 space. The registries for the Asia Pacific and Europe manage 53 and 50 respectively. Nine more /8s are managed by the registries for Africa and Latin America.
Some people might hesitate to involve a second registry in their transfer transaction. But with years of experience, these processes are now mature and efficient.
There are five Regional Internet Registries (RIRs). They manage, distribute, and register IPv4 and IPv6 addresses and Autonomous System Numbers in their regions. Each region is roughly continental.
The IP addresses you use are registered in an RIR database. A transfer happens when the registration is updated to reflect a new owner for the block – or when the block moves from one RIR’s database to another. So the RIR must manage the transfer process.
Their policies are decided by their communities. Anyone with an interest can participate in RIR policy development, which happens on email discussion lists and at public meetings. The five policies are broadly similar with regional variations.
Fig 1: The geographic boundaries of the five RIRs
| RIR | Full name, geographic scope, and membership size |
| AFRINIC | The African Network Coordination Centre was established in 2005, is based in Mauritius and serves Africa. It has over 2,000 members. |
| APNIC | The Asia-Pacific Network Coordination Centre was established in 1993, is based in Australia and serves the Asia Pacific. It has almost 24,000 members. |
| ARIN | The American Registry for Internet Numbers was established in 1997, is based in the USA and serves the United States, Canada, many Caribbean and North Atlantic islands. It has over 17,000 members and over 15,000 organizations that got addresses before ARIN was formed. |
| LACNIC | The Latin American and Caribbean Internet Addresses Registry was established in 2002, is based in Uruguay and serves Latin America and the Caribbean. It has over 12,000 members. |
| RIPE NCC | Réseaux IP Européens Network Coordination Centre was established in 1992, is based in the Netherlands and serves Europe, the Middle East and parts of Central Asia. It has over 23,000 members. |
The RIRs are all operationally and financially independent. But they cooperate on shared activities that serve their common stakeholders through the Number Resource Organization.
It was established in 2003 and its mission is to contribute to an open, stable and secure Internet, through:
Inter-RIR transfers are an example of this. Its engineering teams have coordinated to ensure that a registration is removed from one database when it is added to another. This is vital to avoid confusion over which organization is responsible for an address block. This is often referred to as “uniqueness.”
All five RIRs give the accuracy of registration data a top priority. In the 1990s and early 2000s they focused on ensuring that organizations did not get more space than they could justify under the policies. Now that their IPv4 pools are empty they make sure they have accurate information for the organizations behind the addresses in their registries.
The RIRs’ Know Your Customer checks protect everyone. The RIRs won’t let a transfer go ahead unless they can tie the addresses to the organization selling them.
In contrast, industry blogs often report court cases about domain names that might have been stolen being sold in that secondary market.
Inter-RIR transfer policies were developed about 10 years ago. The policies and the processes to implement them have been refined since then.
APNIC, ARIN, and the RIPE NCC all have mature inter-RIR transfer processes and they are reciprocal. This means that the recipient of the transferred addresses must demonstrate that they need them. The criteria for the need are the same as if it were an allocation from the RIR.
One example of the maturity of these processes is that live, routed addresses can be transferred without an interruption to service. APNIC staff reported this in the informal RPKI Discord community in September 2023. This means that behind the scenes things, like IRR and RPKI entries must be coordinated.
Organizations based in the AFRINIC region can transfer addresses between each other, but not to or from organizations in other regions. There have been proposals to revise that policy, but the organization has not been able to hold a policy meeting or make progress on policy development for a few years.
LACNIC implemented a policy allowing inter-RIR transfers in July 2020 but not many had been completed by mid-2023. LACNIC was the source of 20 transfers and the recipient of 28.
Transactions involving LACNIC typically take several months and require a wet ink signature. This means moving a paper document around the world. It can take several days or weeks to get responses for LACNIC transfer tickets. This longer process often drives a lower price for IP address transactions involving LACNIC.
While the policies and supporting processes vary between the RIRs, they are reciprocal. This means the main differences buyers and sellers will experience are the forms they complete.
The origin RIR will make sure the organization transferring the addresses away has that right. When the RIR allocated those addresses itself this is easy. When the addresses were allocated by someone else – another RIR or a pre-RIR registry – they will check the chain of custody. In some cases this is simple. For instance, educational institutions are less likely to be involved in mergers and acquisitions. But commercial organizations often are.
The RIR will check that the block of addresses being transferred is properly controlled by the organization selling them. Sometimes this involves checking company registry information and looking at other sources.
The RIRs want to avoid transferring resources when there is any dispute as to their status.
The recipient of the transfer will be subject to a “needs based assessment” by the receiving RIR as that is where the addresses will then be registered. This assessment will check that the buyer intends to use the addresses on an operational network. It will also look at how quickly and how efficiently the addresses will be used. IPv4.Global has experts who can advise on how to design and document an addressing plan.
Each RIR manages its own fee schedule. Some have specific transfer related fees. APNIC and ARIN require their fees to be paid in advance. LACNIC’s fees are paid in installments.
| RIR | Fees and payment requirements |
| APNIC | For intra-APNIC transfers, the buyer pays fees. For inter-RIR fees, the seller pays fees. If both members are APNIC, only the buyer pays. The fee is calculated by taking 20% of the annual fee (membership) for the number of IPv4 addresses being transferred in a single transfer request. APNIC’s fees are denominated in AUD. |
| ARIN | The seller pays ARIN $500 and the buyer pays a fee based on the size of the address block. |
| LACNIC | A $200 initial payment is required to open a ticket. Sellers usually open this ticket, and Buyers are then expected to pay the remaining fee. The remaining fee is $1,000 for blocks smaller than /19 and $1,500 for /19 and larger blocks. |
| RIPE NCC | There are no transfer fees, but the seller must have paid its membership fee. |
IPv4.Global has developed a tool for calculating transfer fees at the four RIRs that permit transfers between registries. Of course, this tool works for intra-RIR transfers as well. It can be found here: Transfer Fee Calculator.
The RIRs want IPv4 addresses to be used on networks. They don’t want them to become an investment vehicle.
| RIR | Limitations |
| APNIC | Allocations from 103.0.0.0/8 must be held for five years before being transferred. There is no hold period for transfers from other blocks. |
| ARIN | ARIN requires addresses to be held for five years after being issued from the waitlist, or 12 months for other space. The hold does not apply to addresses acquired through mergers and acquisitions. |
| LACNIC | Transferred addresses must be held for a year before being transferred again |
| RIPE NCC | IPv4 addresses must be held for two years before being transferred, including addresses acquired through M&A. The hold does not apply for legacy addresses if treated as a legacy update. |
You can buy or sell IPv4 addresses in the larger inter-RIR transfer market in just five steps. Of course, you might have particular needs. We can help you with them and provide help beyond these five process steps.
Inter-RIR transfers offer a larger market for buyers and sellers. As a Qualified Facilitator, IPv4.Global can smooth your journey through the process. We have brokered over $1 billion of sales and can help buyers and sellers complete their transaction.
Call us on +1-212-610-5601 or write to info@ipv4.global. We can help you achieve your business objectives.
by Peter Tobey
Merger and acquisition discovery processes vary in both design and execution. Often the transaction is focused primarily on key assets that are important to the acquiring entity. Frequently, other assets are earmarked for liquidation post-transaction. But a third category exists: the overlooked value buried – or otherwise unrecognized – in the sea of sometimes-visible, sometimes-hidden assets being considered.
Of course, the litany of under-exploited assets (or other value) in an acquisition is potentially very long. Here, one particularly common, liquid, and frequently overlooked asset is considered. IPv4 internet addresses are often found in older, often large but sometimes small entities. They are usually easy to make available for sale and their market is established. Best of all, common holdings of these addresses are worth seven and eight-figure prices.
An IP (internet protocol) address is a numerical designation of a location on a network. The number identifies the location of a device that sends and/or receives data over that network.
It’s just a number. IPv4 addresses come from a range that starts at 0 and ends at 4,294,967,295. But they are written down in a “dotted decimal” format that looks like 203.0.113.79. Dotted decimal format makes it easier to know where ranges of these identifiers start and stop.
The address sited above (203.0.113.79) comes from a block of 256 addresses that have been set aside for use in documentation. Its full range is 203.0.113.0 – 203.0.113.255, which can also be written as 203.0.113.0/24. This is a small block of addresses, known as a “slash twenty-four.”
Numbers themselves cannot be owned. But an internet in which any network could use any address would not work. A sole entity has to possess and use the address. That’s because each location on a network has to be uniquely identified. Traffic could not get to the right destination if multiple devices and/or interconnected networks tried to use the same addresses. There are a number of ways to manage this matter of specific, unique locations for sending and receiving data. The means most important here is the unique IP address and its organized registration and use.
We don’t have the problem of disorganized communications arriving at inappropriate devices when relying on unique IP addresses because registries maintain the uniqueness of IP addresses across the internet. Registries (like phone books) keep track of who uses what numbers. Registries implement policies for maintaining those registrations. They support the transfer of IPv4 addresses through a secondary market and via mergers and acquisitions.
But what is being transferred or sold is not the underlying number. It is the registration rights to that number. This is analogous to registered intellectual property assets like patents, copyrights, and trademarks. They can all be sold or transferred between legal entities in a similar way to physical property.
There is pricing information on a per address basis published on the largest IPv4 marketplace: IPv4.Global. But – as you can see there – prices vary based on several factors including the size of the block and where it is registered. A bigger block (where all the numbers are sequential) is often more valuable as it reduces configuration complexity. Prices can be lower for blocks registered in LACNIC (serving Latin America and Caribbean regions) because its transfer process is slower.
Nonetheless, IPv4 address transfers regularly bring in more than $3 million from an asset that might not have been listed on any balance sheet.
Five Regional Internet Registries (RIRs) manage data about IP addresses. They each serve a region of approximately continental scale. Network operators started creating RIRs in the early 1990s. Their primary purpose is to provide a more local service than the internet’s original central (worldwide) registry could provide.
They each provide public access to key registration data, including the registrant’s name and how to contact them. They also maintain non-public data about registrants, like payment history.
Map showing the five RIRs’ service regions, published under a CC-BY-A license by the Number Resource Organization
Each RIR is a legal entity bound by the laws of the country in which it is incorporated. This means they act on court orders and comply with sanctions and other regulations.
| RIR | Established in |
| AFRINIC | Mauritius |
| APNIC | Australia |
| ARIN | United States of America |
| LACNIC | Uruguay |
| RIPE NCC | Netherlands |
In the early days of the internet, computing was expensive and addresses were free. There was an apparent abundance of addresses (there are over 4 billion IPv4 addresses) and a limited number of networks that required them. As a result, addresses were “bundled” into only three distribution sizes:
Anyone needing more than a few Class Cs might be assigned a Class B. So, any organization that might need (or suspected they might eventually need) more than a thousand addresses would be given (free) 65 thousand of them. Some organizations received multiple Class B networks.
But companies, company divisions, and brands are bought and sold. So, the registries require that sellers demonstrate that they legitimately hold the rights to a registration – that is, own those rights – before transferring the registration from one user to another on their records. In some cases, this is easy. But in many corporate sales the list of assets purchased does not include the IPv4 addresses previously held by the acquired entity.
If the acquiring entity is unaware of the transferred asset whose ownership changed in the sale, the registration of the IP address will not be updated on the registry involved. Thus, the new owner of the addresses is not the registered user of them. Also, when an entity changes hands more than once these assets are even more likely to be hidden.
It is also important to note that an unreported transfer of addresses in a merger or acquisition is almost certain to be unknown to the registry that keeps track of these assets. Registries rely on reporting to know who has what. The don’t search. Very often IP address whereabouts become virtually unknowable by anything other than meticulous investigation. They may still be in use. They may have been legally transferred (knowingly or unknowingly) to a new entity. But their registration is inaccurate.
The RIRs want to make sure they record the correct registrant for a block of IP addresses. So, when there are explicitly asked to register an ownership/use change, they do due diligence checks. For example, ARIN requires sellers to properly document change of ownership transactions. They can do this with:
The use of “explicitly” above is meant to draw attention to the fact that a transferred registration only happens when the appropriate registry is asked to change its records. The practical ownership of the addresses may have changed with the transfer in a sale of “all other assets” but the official internet registry will have no way of knowing this has happened unless it is reported to them.
Looking at the real-world chain of custody of an IPv4 block of addresses might reveal a lack of updates to public RIR data. Before transferring any unused IPv4 addresses, you’ll need to update the registry with the identity of the proven owner of the asset.
This could mean changing the name of the registrant, the address of the headquarters, or contact information for the contacts.
There are two important parts to effective valuation of IPv4 address holdings. The first is discovering who owns them. The second is determining if they are in use.
New networks tend to be managed through automation. Older networks were designed before automation was possible. In theory, documentation will report on holdings and their current use. But documentation does not always exist and where it does, individual configurations could well have been adjusted over the years. Often, a block of addresses that are idle become used, then re-assigned to a different use, all without records being adjusted.
Documenting the current state is the first step in adjusting it to a future desired state. Which is to say, an audit of holdings and current use will make an analysis of needs and sales opportunity possible. There are a number of ways in which addresses can be made available for sale, even if currently in use. A reliable IP address auditing tool, like ReView, can help with this. ReView can help organizations inventory what they have and understand how it is used, giving them the power to control changes.
Beyond verifying the accuracy of IP address records, ReView can help sellers strategically identify which IPv4 blocks to sell off to buyers and which to keep, considering the potential for future network expansion or long-term asset monetization.
Most organizations don’t struggle with these processes. There were over 5,800 recorded, non-M&A transfers worldwide in 2023 and almost 45,000 transactions since 2012.
While each RIR has different transfer requirements, the common elements are the same. These registries want to make sure the organization transferring the addresses is the organization that has legitimate control of the asset and so of the registration. They also need to comply with any sanctions or other restrictions.
The communities that develop RIR policies overlap considerably. For instance, people working at a network in North America might also operate in Europe. This has led to similar and interoperable policies in all five regions.
The RIRs want IP addresses to be used for networks and not as an investment asset. They require the buyer to demonstrate a need for the addresses. This means describing how the buyer will use the addresses over the next two years.
There are three exceptions worth noting:
IPv4.Global can smooth your journey through the process because we’ve guided many buyers and sellers before. We actively work with all four transferring RIRs.
Whether transferring addresses within a region or to a buyer in another RIR, the process is similar. The process typically has five steps:
Conducting due diligence of the intangible assets transferred during M&A can help organizations mitigate compliance risks and avoid legal issues and financial setbacks. It’s important to understand the compliance requirements of intra- and inter-RIR transfers, and how best to prepare for these with an M&A either in the past or on the horizon.
Whether you’re looking to start an intra- or inter-RIR transfer of IP address blocks, IPv4.Global can help ensure your company remains compliant throughout the process so you can sell these addresses smoothly and quickly. As a trusted broker in the IPv4 market space, our team operates across all RIRs and fully understands the complexities of IP address block transfers, regardless of geographic region.
Prices for most blocks have stabilized. There is some indication that this is a good time to buy /16 and larger blocks.
by IPv4.Global Staff
There are twice as many people on our planet as IPv4 addresses. Plus, each person with internet access is almost certain to use multiple IPv4 addresses. For instance, an address for a home connection, one for an office connection, and one for a mobile data service. Generally, for devices to connect they must do so using unique addresses. While the same address can be used privately at the same time on different networks, connecting such devices to one another doesn’t work.
The expansion in the base number of global internet users and in the number of internet devices that interconnect means many more IP addresses are needed than there are IPv4 addresses. The newer protocol, IPv6, was developed to respond to this problem.
IPv6 is the long-term answer to the scarcity of IPv4 addresses. Adoption has been gradual, and Google measures that almost half of connected devices in 2024 use it. Without an urgent and compelling reason to use IPv6, IT departments and device makers tend to keep IPv4 addresses in use. And so, in demand. Markets offer network expansion without the adoption of IPv6 by way of IPv4 transfer marketplaces.
Computing was expensive and IPv4 addresses were free in the early days of the internet. So many networks got more addresses than they needed. Many of these organizations still have large blocks of unused IPv4 addresses. The Regional Internet Registries (RIRs) have policies enabling the transfer of addresses from those with more than they need to those who need more.
The excess inventory can be redistributed through the market. Companies with a need can buy addresses. All the RIRs (with the exception of AFRINIC) have inter-RIR transfer policies. APNIC and the RIPE NCC have especially flexible policies to support inter-region transfers. Note, however, that all four prohibit transfers to AFRINIC because that RIR does not reciprocate by permitting transfers out of the region.
Data is sent across the internet to IP addresses. If two organizations try to use the same IP addresses, they will each lose some traffic and get a lot of traffic they don’t want. This would be both a security and operations problem.
The RIRs were established to register which organization uses each block of IP addresses. Their focus used to be on distributing new addresses. But they now focus on data accuracy and managing transfers between organizations.
The RIPE NCC is the RIR serving Europe, the Middle East, and parts of Central Asia. Its full name is Réseaux IP Européens Network Coordination Centre.
APNIC is the RIR serving the Asia-Pacific and its full name is Asia-Pacific Network Coordination Centre.
ARIN is the RIR serving Canada, the United States, and many Caribbean and North Atlantic islands.
LACNIC is the RIR serving Latin American and the Caribbean and its full name is Latin American and Caribbean Internet Addresses Registry.
Map showing the five RIRs’ service regions, published under a CC-BY-A license by the Number Resource Organization
All the RIRs implement policies developed by their communities. Everyone is free to participate in their communities and influence policy decisions. It is the RIR communities that have chosen to develop policies enabling address transfers. The differences between the policies reflect the different needs in each region.
A transfer changes the registered holder of the addresses. Transfers are generally permanent. Only the RIPE NCC supports temporary transfers in 2024. A permanent transfer is very similar to a sale while a temporary transfer is like a lease. Transfers change who has the right to manage the registration data for a block of addresses in an RIR’s database.
Important security services, like RPKI, build on the IP address registry data.
Inter-RIR transfers are transfers that occur across different RIRs, while intra-RIR transfers are transfers that occur within the same RIR. The former may be more difficult to conduct than the former, as there may be differing and perhaps opposing transfer policies between different RIRs.
So, how exactly do transfer policies work in their respective regions?
| Who | Neither sources nor recipients need to be members but should still have a non-LIR account with RIPE. Non-members must have an agreement with a sponsoring member. |
| Requirements | The RIPE NCC conducts due diligence checks. It reviews the transfer agreement before evaluating the needs basis of the request. |
| Size | /24 (256 addresses) is the minimum size for transfers. |
| Legacy IPv4 | Legacy (Historical) IPv4 addresses can be transferred and may retain their legacy status. |
| Fees | RIPE NCC does not charge a transfer fee but there must not be outstanding balances on the membership account. |
| Permanence | RIPE policy allows both permanent and temporary transfers. |
| Restrictions | Recipients of a transfer must hold the addresses for two years before transferring them away. |
| M&A | Transfer restrictions do not apply to transfers arising from corporate mergers or acquisitions. |
| Incoming | The source RIR must have a compatible policy. |
| Outgoing | The receiving RIR must have a compatible policy. |
| Who | Recipients need to sign a service agreement with ARIN. ARIN will sign an NDA with you before you submit any confidential information to it. |
| Requirements | ARIN conducts due diligence checks. It reviews the transfer agreement before evaluating the needs basis of the request. |
| Size | /24 (256 addresses) is the minimum size for transfers. |
| Legacy IPv4 | Legacy (Historical) IPv4 addresses can be transferred but lose their legacy status. |
| Fees | ARIN charges a $500 transfer fee for the seller. The buyer must also pay a tiered fee starting at $187.50. |
| Permanence | ARIN only supports permanent transfers. |
| Restrictions | Organizations that are the source of a transfer may not request addresses for three years. |
| M&A | Transfer restrictions do not apply to transfers arising from corporate mergers or acquisitions. |
| Incoming | The source RIR must have a compatible policy. |
| Outgoing | The receiving RIR must have a compatible policy. |
| Who | Recipients in the LACNIC service region must be a LACNIC member. They can join a National Internet Registry if their country is served by one. (If they are members of an NIR, they don’t need to join LAC NIC.) |
| Requirements | The recipient of the transfer must get pre-approval from LACNIC . The pre-approval expires after 24 months. |
| Size | /24 (256 addresses) is the minimum size for transfers. |
| Legacy IPv4 | Legacy (Historical) IPv4 addresses can be transferred. |
| Fees | LACNIC charges US$1,000 for transfers smaller than a /19 (8,192 IPv4 addresses). They require a downpayment of UD$200. They charge $1,500 for transfers of /19 and larger. |
| Permanence | LACNIC policy does not support temporary transfers. |
| Restrictions | Addresses allocated by LACNIC or obtained through transfer must be held for three years before being transferred. |
| M&A | Transfer restrictions do not apply to transfers arising from corporate mergers or acquisitions. |
| Incoming | The source RIR must have a compatible policy. |
| Outgoing | The receiving RIR must have a compatible policy. |
| Who | Recipients in the APNIC service region must become an APNIC member. They can join a National Internet Registry if their country is served by one. (If they members of an NIR, they don’t need to register with APNIC.) These are registries providing service in local languages. |
| Requirements | The recipient of the transfer must get pre-approval from APNIC. The pre-approval expires after 24 months. |
| Size | /24 (256 addresses) is the minimum size for transfers. |
| Legacy IPv4 | Legacy (Historical) IPv4 addresses can be transferred. |
| Fees | APNIC charges the recipient 20% of the membership fee attributable to the addresses being transferred. |
| Permanence | APNIC policy does not support temporary transfers. A proposal to allow them is being discussed. |
| Restrictions | Allocations from 103.0.0.0/8 must be held for five years before being transferred. There is no hold period for transfers from other blocks. |
| M&A | Transfer restrictions do not apply to transfers arising from corporate mergers or acquisitions. |
| Incoming | The source RIR must have a compatible policy. |
| Outgoing | The receiving RIR must have a compatible policy. |
IPv4.Global has created a Fee Calculator to make the ins and outs of determining fees easier.
For complete descriptions of fee schedules, click the appropriate link below.
All four RIRs implement similar policies. Each wants to ensure IP addresses are being used efficiently instead of lying unused. They have an incentive to be a good partner to both sources and recipients of transfers.
All require the recipient’s needs to be assessed before approving the transfer. This, and hold periods, are intended to reduce stockpiling.
The needs assessment is simple. But all the RIRs will look closely at documents provided as a part of their due diligence process. They will examine the chain of custody if a block of addresses has been transferred between companies in mergers or acquisitions. They will also look closely at the documents identifying the people signing agreements.
When an organization finds it has an excess of IPv4 addresses they can easily turn their surplus into income. Multiple transactions over time is not a problem as the administrative overhead for inter-RIR transfers is relatively low.
Both sellers and buyers have a larger market when they consider inter-RIR transfers.
Organizations with a growing subscriber base, or need for servers, want to control the addresses used for their services. Buying from other regions gives everyone more choice.
February 22, 2024
APNIC 57 (APRICOT 2024) is being held in Bangkok, Thailand, this year from February 21st to March 1st. This year there are four new policy proposals up for community discussion.
prop-154 (Resizing of IPv4 assignment for the IXPs) – Current policy allows new IXPs to receive /23 (IPv4) and /48 (IPv6) max. Usually APNIC assigns one /24, but after analyzing PeeringDB, they found that new IXPs are underutilizing and large IXPs cannot grow due to lack of IPv4 resources. The objective of this proposal is to change the standard size of IPv4 assignments for IXPs from /23 to /26, but if an IXP were to return the space they were initially assigned, they would be able to receive a replacement of up to a /22. It proposed that new IXPs will get /26 IPv4 assignment by default. Larger allocations (ranging up to /25 or /23) can be requested depending on the number of peers on the IXP fabric. Established IXPs also have the option to request larger allocations or establish new Points of Presence (POPs). Resources allocated must be exclusively utilized for IXP peering and are prohibited from being transferred. IXPs can decide on the global routability of the delegation. This policy proposal suggests that APNIC set aside a reservation of up to /20 for IXPs.
There is a diversity of opinions on the proposal, with some supporting it for its potential to facilitate IXP expansion, and others opposing it because they think once all IPv4 resources are allocated, IXPs can move to IPv6 entirely. Some also oppose this proposal because they don’t think the expansion of IXPs depends on the allocation size, but on market dynamic (factors such as availability of ISPs, CDNs, and Telcos), so they argue that reducing the default size of IP assignments can in fact hinder operations, not the other way around.
prop-156 (Assignment of Temporary IP Resources) – Currently APNIC doesn’t have a policy that allows temporary IP resource assignments, except for experimental space in Section 5.7 of APNIC-127. Entities that need resources for temporary events must use existing delegations under different policies, which doesn’t align with the original justification. The proposal recommends setting aside a /21 IPv4 prefix from the non-103/8 pool, along with a /29 IPv6 prefix and 8 Autonomous System Numbers. Long Term assignment is not practical, so these resources will be designated for delegation to events like conferences and other situations where APNIC deems it appropriate. The proposal suggests reserving 1x /21 from non-103/8 pool, 1x /29 for IPv6, and 8x ASNs. The assignment period allowed is 6 months.
Overall, the sentiments of the community seem to lean toward supporting the proposal, with a recognition of the potential benefits for non-profit events and acknowledgment of some concerns such as: considering for commercial events that are not non-profit, and searching for alternatives that provide similar services. The community members commented on alternatives such as CGNAT and IPv6, but the author justified the proposal by pointing out the constraints of current policies, highlighting the importance of using resources for events without profit intentions, and acknowledging the difficulties that may arise with alternative solutions such as CGNAT.
prop-157 (Temporary IPv4 Transfers) – The objective of this proposal is to modify the existing temporary transfer system (already accepted by the community), to function for leasing in the APNIC region. This approach ensures policy compliance, security, and controlled return of addresses when the leasing period concludes. This will help cater smaller entities with modest investments before they leap into the goal of IPv6 deployment. The policy proposes that APNIC maintain a public record of all transfers of number resources (Ipv4, Ipv6, ASNs), including market transfers, M&A, and legacy transfers. For temporary IPv4 transfers, the log will include the initial and final dates. If transfer period is extended, the log must be updated (requires 30 days’ notice). Once temporary transfer period ends, APNIC will restore the original registration information in the Whois Database. Conditions for permanent and temporary IPv4 transfers: Smallest and largest transferrable IPv4 size is /24 and /22, respectively, per recipient. The address must be either assigned or allocated to current APNIC account holder. Recipient must also be compliant with current APNIC policies, such as providing plan for resource utilization within 24 months. Existing resource holder must show past usage data, evidence of compliance, and a plan that align with the initial expected transfer period. Failure to comply with the supplementary conditions will result in immediate revocation of the resources; the conditions include network abuse, the necessity of an ASN, operation IPv4, accurate IRR and geolocation updates, and adherence to MANRS best practice. If passed, the EC can establish specific rates for these transfers and extensions.
There were mixed opinions on this proposal as well; while most want to support the idea of temporary transfers, before accepting this proposal, they would like to refine the proposal by addressing issues such as the proposal’s impact on current policies, applicable transfer fees, addition a minimum transfer period instead of unlimited extension, and the cost that will accrue with the need for tracking the temporary transfer separately.
prop-158 (IPv6 auto-allocation for each IPv4 request) – Most new members seeking IPv4 don’t request IPv6 even though they are eligible and there is no additional cost. IPv4 allocation rates are higher than IPv6; the author believe that this might slow the deployment of IPv6. The objective of this proposal is to automatically allocate IPv6 addresses to each IPv4 address requests to speed up IPv6 adoption and deployment. If passed, this policy will be added to Section “6.1. Minimum and maximum IPv4 delegation” of the APNIC Policy document. For all initial IPv4 requests, IPv6 will be automatically delegated; they should be put into deployment within two years for the delegation date. For any future IPv4 requests, requestors should be able to demonstrate the deployment status of the automatically delegated IPv6 space. This proposal also covers a range of perspectives; the community touches upon technical and legal topics.
The community discussion mostly revolves around NIRs’ role; some argue that NIRs should not have their own set of policies while others argue otherwise so long as they don’t have conflict with the RIR’s policies. They also discussed the need for clarity in the proposal, and the need to clarify the appropriate IPv6 size for various allocations. Although some members agree to the idea of automatic IPv6 allocation, participants bring up issues and requested clarification on some proposal solution before they can come to a consensus. The community discussed the administrative burden and risks that comes with automatic allocation of IPv6 addresses. They also debated about whether the proposal is relevant to speed up IPv6 adoption and they are skeptical that entities would adopt IPv6 even if the IPv6 delegation was enforced upon them.
Prices remained very consistent from December to January, suggesting that the market has found a new equilibrium. There is still a lot of variation—similar blocks may trade for very different prices—but the average has held steady.
2023 was a very satisfying year for IPv4.Global: we assisted clients in the largest number of transfers ever in a single year. We sold millions of addresses, generating over $262 million in revenue for clients and creating liquidity from otherwise dormant assets. Every sector of the world economy worked with us, both for-profit and not-for-profit organizations.
Our marketplace platform continued to evolve, we were recognized as leaders by a number of international organizations, added some great people to our team, and travelled to over 30 events in 12 different countries.
Throughout 2023 the prices of large blocks (/16 and larger) remained stable. At the same time, all block sizes smaller than /16s fell steadily during the year. It appears that this divergence paused toward the end of 2023. Volume, as in many years past, held at levels of approximately 40 million addresses, worldwide.
During 2022 and 2023 the per-IP prices of various IPv4 block sizes have steadily diverged, with the difference between small to mid-size blocks and larger ones becoming very significant. At the end of 2023, the per-block price of large blocks hovered at $52 per IP address and smaller blocks changed hands at +/- $36.
Many alert buyers and sellers of IPv4 addresses bookmark our Prior Sales page to monitor changes regularly and in real time.
For more information on 2023 pricing developments and predictions for 2024, see IPv4 Price Trends and Expectations.
The Launch of ReView
This year, in collaboration with 6Connect, we launched ReView: the free, first-of-its-kind digital IP address audit and renumbering tool. ReView won immediate and wide-spread acceptance as a robust solution to the challenge of performing a detailed inventory of the IP addresses on a network. For those who haven’t already investigated this terrific application, learn about it and download the tool free. Discover ReView here.
$1 Billion in Sales
In August of this year IPv4.Global reached $1 billion in all-time IPv4 address sales. We have transferred over 60 million addresses worldwide in over 3,500 transfers. We have matched 800 sellers to over 2,000 buyers. In 2023 alone, our transactions valued over $200 million.
ARIN Qualified Facilitator
IPv4.Global was one of the first companies to achieve Qualified Facilitator Status with ARIN – the American Registry for Internet Numbers. The recently launched Qualified Facilitator Program was developed so buyers and sellers of IPv4 addresses can easily and confidently identify the expert brokers qualified to help them navigate the complex IPv4 address transfer process.
RIPE Database Certified
In 2023 three members of our team, Theresa Oo, Akeyla Wallace, and Ceasar Sitt, earned their RIPE Database Associate badges! With this certification, they have proven their knowledge in utilizing the RIPE database to find and interpret data, update information, register assignments, and more. With this qualification, our team is able to better assist our clients wishing to transfer space within the RIPE region.
This year we rolled out a variety of new features on our platform to enhance the customer experience. These features include:
BUNDLES Buyers now have the option to bundle together multiple blocks as long as they are from the same seller, making transfers quicker and cheaper. This feature enables a user to search for additional listings by Seller.
NOTIFY ME Looking for a certain block size or price but can’t find what you’re looking for? You can now set a notification on the platform to send you an email when one becomes available.
SELLER PRICE ADJUSTMENT Sellers now have direct control over the pricing of their blocks. In the past, in order to alter a listing’s price, our clients had to email us to request this change. Today, Sellers can make these changes themselves. Of course, we are always available to help in any way required.
ATTACH DOCUMENTS TO LISTINGS Some sellers require additional documentation for the sale of their blocks. By notifying our team ahead of sale, we add the required documents to the listing, shortening the time required for any necessary communication.
Two International Stevie® Awards
IPv4.Global won a Silver Stevie® in the Company of the Year category and a Bronze Stevie® for Fastest Growing Company in the 20th Annual International Business Awards®. The International Business Awards are the world’s premier business awards program. All individuals and organizations worldwide – public and private, for-profit and non-profit, large and small – are eligible to submit nominations. The 2023 IBAs received entries from organizations in 61 nations and territories.
Winning a Globee® Award
We were pleased to be awarded a Silver Globee for Fastest Growing Company of the Year at the prestigious 13th Annual 2023 Globee® Business Awards. This prestigious program recognizes and honors organizations and individuals from around the globe who have demonstrated exceptional achievements in the world of business. With its inclusive nature, the Globee® Awards welcomed participation from companies and organizations worldwide, offering a unique opportunity to showcase accomplishments on a global scale.
During 2024 we expect to see a reduction in the difference between large-block prices and all others. This disparity will be closed either by falling large-block prices, rising small and mid-size prices, or a combination of both. The per-IP price of a /16 is currently 50% higher than the per-IP price of /17s and /18s. While large networks place an understandably greater value on larger block, this disparity is greater than seems reasonable to us. However, seller expectations may be slow to change. During the past two years supply appears to have expanded, probably in response to higher prices. These new sellers may insist on their anticipated returns, buoying prices.
We are also expecting to see an increase in demand, especially for small blocks, because of AWS’ announcement that it will begin charging $40+ per year for every IPv4 address allocated to clients. As a result, we expect businesses to buy addresses on the market and bring them to the cloud.
To learn more about our expectations for the market this upcoming year, click here.
2023 was a terrific year at IPv4.Global. We assisted in more trades, involving a greater number of addresses than in any year before. Plus, we generated more revenue for clients than at any time in the past. Our team grew, adding significant talent to our staff and we expect that growth to continue, too. We look forward to a great year ahead.
IPv4 addresses in all block sizes traded in tight ranges at the end of the year. While not indicated on the average price chart shown here, 2023 ended with significant increases in volume of addresses traded in all block sizes. A marked increase in the sales volume of medium sized blocks (/19 – /17) occurred.
by Leo Bicknell
Many higher education institutions received their IPv4 address space when the available space seemed nearly infinite. Today that IPv4 space can be worth a substantial amount of money. IPv4.Global has experience developing Financial Strategies for Universities with Surplus IPv4 Addresses. University CTOs and administrators are often surprised to learn How Education Institution Sell Unused IPv4 Addresses for Millions.
Read on to learn some of the history, and the process to unlock this hidden value.
From 1983 until approximately 1993 the IPv4 space was allocated in classes. There were effectively three sizes of address space, small (Class C or /24; 256 addresses), medium (Class B or /16; 65,536 addresses) and large (Class A or /8; 16,777,216 addresses). Most higher education institutions were clearly larger than the small size, so they were allocated a Class B.
Eventually CIDR addressing was put in place to delay the predicted runout of IPv4 space and to allocate more appropriately sized blocks. This technology also allowed institutions to use their allocations more frugally than before. Adding NAT technologies could allow the university to only need a very small amount of IP address space, perhaps a /22 (1,024 addresses).
The process to unlock the value in an institution’s IPv4 space will be unique to each situation. IPv4.Global can tailor its approach to each institution to specifically meet their needs. There are some common elements seen with all institutions.
Most importantly, these steps need to happen without disrupting the educational mission of the institution. IPv4.Global has the experience necessary to guide this process so that students, faculty, staff, and administrators see no interruption in their service.
To access the usage and value of IPv4 assets a proper inventory is required. Some institutions have detailed records, often in the form of IPAM (IP Address Management) systems like Solarwinds, Infoblox or BlueCat. Some institutions have incomplete historical records and may not have a usable inventory. Even with detailed records it can be prudent to verify that the deployed network matches the documentation.
IPv4.Global’s ReView tool uses network scanning techniques to discover all the address space in use in the organization. This can serve as an audit of the existing IPAM data or provide brand new insight for institutions that have lost historical records.
In addition to inventorying the IPv4 address space, it is also important to inventory the network equipment. Existing equipment may be reconfigured for NAT or IPv6, and it is important to ensure the hardware and software are capable of their tasks.
The ReView tool is a local tool that runs on your network, no information is sent to the Cloud or IPv4.Global. Best of all, this resource is free (registration required)!
Most institutions will have to do some amount of renumbering to maximize the value. Typically this involves determining if a particular use needs a public or a private IP address, and then consolidating network addresses for things that do need public IP addresses. An action plan can be created to efficiently complete the engineering and deployments necessary.
While many institutions’ existing staff can implement the action plan there should be a review if that is the best use of their time. IPv4.Global can provide consulting services for part or all the work allowing the existing staff to keep other initiatives on track.
An important, often overlooked step in the preparation is to check the reputation of the IPv4 address space and clean up any entries on Reputation Block Lists (RBLs). This step is particularly crucial if the IPv4 space has been used for student access. Buyers of IP address space will check if the space is listed on blocklists, reducing their bids if the space needs to be cleaned up. IPv4.GLOBAL can provide a report from major RBLs for an institution’s addresses, and supporting clean up negative information.
The deployment of IPv6 might also be a key element to freeing up IPv4 address space. IPv6 is operational across the Internet today. An institution with a mature IPv6 deployment may be able to move internal services to IPv6, knowing that all users are on IPv6 capable networks. If an institution has not fully deployed IPv6 part of the action plan can be completing the deployment.
A typical action plan would have the following steps:
What is an IPv4 Broker and Why Are They important? A broker acts as the essential lubricant for the frictional market, greatly streamlining the previously-cumbersome process of pairing buyers and sellers together. There is no requirement to use a broker but navigating the process without one can be daunting and error prone. Brokers can serve to protect your interests, including getting top dollar for the address space.
A top broker will provide reliable and transparent information and services. Ideally, they’ll be able to facilitate transactions of various IPv4 block sizes, ranging from smaller online transactions to much larger private transactions.
IPv4.Global is an experience broker that knows what The Best IPv4 Brokers should do for their clients. Knowledgeable in IPv4 Address Prices & Pricing to balance getting top dollar with selling in a reasonable timeframe. IPv4.Global also offers a multi-tiered platform in addition to private brokerage services.
The Transfer Process
IP address space is managed by five regional RIRs (Regional Internet Registries). While ARIN (American Registry for Internet Numbers) is the most well known in North America, when IP space is transferred it may involve one of the other RIRs depending on the location of the buyer and seller. Each RIR has its own rules for how these transfers must be processed.
IPv4.Global is an ARIN Qualified Facilitator, a trusted intermediary for this process. During the process IPv4.Global will assist in verifying the Chain of Title of the IP space. This critical work provides assurance that the transfer will meet all the rules and requirements of the RIRs and be processed quickly for both buyer and seller.
IPv4.Global has already helped multiple higher education institutions complete this process. Lewis & Clark College identified the address space, took steps to monetize its inventory of IPv4, including moving multiple services behind a NAT, and eventually was able to sell some of their IPv4 space via IPv4.Global’s IP Marketplace.
IPv.4 Global also helped Hartwick College with a similar process. In this case IPv4.Global was able to provide a tailored financial package to help the college renumber and realize the benefits of their holdings.
It appears midsize and small block price declines are slowing and may have leveled off. No /16s were traded on our platform in November. As a result, /16 prices are represented here as unchanged.
by Leo Vegoda
There were about 2,000 IPv4 transfers in the European region in 2022. But since inter-region transfers became possible, companies in the region have transferred 756 blocks originating in other regions. And they have transferred 350 blocks out to companies in other regions. Inter-region transfers aren’t the majority of the market but they are a significant part of it.
That’s because of the distribution of IPv4 address space. ARIN, the registry for North America, manages about 100 /8s of IPv4 space. The registries for the Asia Pacific and Europe manage 53 and 50 respectively. Nine more /8s are managed by the registries for Africa and Latin America.
Anyone buying or selling IPv4 address space has a bigger market when they consider an inter-region transfer. It has been exercised enough that there are strong processes in place. An inter-region transfer is very similar to an intra-region transfer.
Some people might hesitate to involve a second registry in their transfer transaction. But with years of experience, these processes are now mature and efficient.
There are five Regional Internet Registries (RIRs). They manage, distribute, and register IPv4 and IPv6 addresses and Autonomous System Numbers in their regions. Each region is roughly continental.
The IP addresses you use are registered in an RIR database. A transfer happens when the registration is updated to reflect a new owner for the block – or when the block moves from one RIR’s database to another. So the RIR must manage the transfer process.
Their policies are decided by their communities. Anyone with an interest can participate in RIR policy development, which happens on email discussion lists and at public meetings. The five policies are broadly similar with regional variations.
Fig 1: The geographic boundaries of the five RIRs
| RIR | Full name, geographic scope, and membership size |
| AFRINIC | The African Network Coordination Centre was established in 2005, is based in Mauritius and serves Africa. It has over 2,000 members. |
| APNIC | The Asia-Pacific Network Coordination Centre was established in 1993, is based in Australia and serves the Asia Pacific. It has almost 24,000 members. |
| ARIN | The American Registry for Internet Numbers was established in 1997, is based in the USA and serves the United States, Canada, many Caribbean and North Atlantic islands. It has over 17,000 members and over 15,000 organizations that got addresses before ARIN was formed. |
| LACNIC | The Latin American and Caribbean Internet Addresses Registry was established in 2002, is based in Uruguay and serves Latin America and the Caribbean. It has over 12,000 members. |
| RIPE NCC | Réseaux IP Européens Network Coordination Centre was established in 1992, is based in the Netherlands and serves Europe, the Middle East and parts of Central Asia. It has over 23,000 members. |
The RIRs are all operationally and financially independent. But they cooperate on shared activities that serve their common stakeholders through the Number Resource Organization.
It was established in 2003 and its mission is to contribute to an open, stable and secure Internet, through:
Inter-RIR transfers are an example of this. Its engineering teams have coordinated to ensure that a registration is removed from one database when it is added to another. This is vital to avoid confusion over which organization is responsible for an address block. This is often referred to as “uniqueness.”
All five RIRs give the accuracy of registration data a top priority. In the 1990s and early 2000s they focused on ensuring that organizations did not get more space than they could justify under the policies. Now that their IPv4 pools are empty they make sure they have accurate information for the organizations behind the addresses in their registries.
The RIRs’ Know Your Customer checks protect everyone. The RIRs won’t let a transfer go ahead unless they can tie the addresses to the organization selling them.
In contrast, industry blogs often report court cases about domain names that might have been stolen being sold in that secondary market.
Inter-RIR transfer policies were developed about 10 years ago. The policies and the processes to implement them have been refined since then.
APNIC, ARIN, and the RIPE NCC all have mature inter-RIR transfer processes and they are reciprocal. This means that the recipient of the transferred addresses must demonstrate that they need them. The criteria for the need are the same as if it were an allocation from the RIR.
One example of the maturity of these processes is that live, routed addresses can be transferred without an interruption to service. APNIC staff reported this in the informal RPKI Discord community in September 2023. This means that behind the scenes things, like IRR and RPKI entries must be coordinated.
AFRINIC’s board has not yet adopted a policy for inter-RIR transfers. A new board will be appointed early in 2024 and approving an inter-RIR transfer process is likely to be one of the first policy items on their agenda.
LACNIC implemented a policy allowing inter-RIR transfers in July 2020 but not many had been completed by mid-2023. LACNIC was the source of 20 transfers and the recipient of 28.
Transactions involving LACNIC typically take several months and require a wet ink signature. This means moving a paper document around the world. It can take several days or weeks to get responses for LACNIC transfer tickets. This longer process often drives a lower price for IP address transactions involving LACNIC.
While the policies and supporting processes vary between the RIRs, they are reciprocal. This means the main differences buyers and sellers will experience are the forms they complete.
The origin RIR will make sure the organization transferring the addresses away has that right. When the RIR allocated those addresses itself this is easy. When the addresses were allocated by someone else – another RIR or a pre-RIR registry – they will check the chain of custody. In some cases this is simple. For instance, educational institutions are less likely to be involved in mergers and acquisitions. But commercial organizations often are.
The RIR will check that the block of addresses being transferred is properly controlled by the organization selling them. Sometimes this involves checking company registry information and looking at other sources.
The RIRs want to avoid transferring resources when there is any dispute as to their status.
The recipient of the transfer will be subject to a “needs based assessment” by the receiving RIR as that is where the addresses will then be registered. This assessment will check that the buyer intends to use the addresses on an operational network.
It will also check that the network makes efficient use of the addresses. This means using at least 25 percent straight away and half within a year. This means checking an addressing plan. IPv4.Global has experts who can advise on how to design and document an addressing plan.
Each RIR manages its own fee schedule. Some have specific transfer related fees. APNIC and ARIN require their fees to be paid in advance. LACNIC’s fees can be paid in installments.
| RIR | Fees and payment requirements |
| APNIC | 20% of the Annual Fee applicable to resources being transferred. It must be paid by the buyer for incoming transfers and seller for outgoing transfers. APNIC’s fees are denominated in AUD. |
| ARIN | The seller pays ARIN $500 and the buyer pays a fee based on the size of the address block. |
| LACNIC | There is a $200 filing fee for the request. If the request is approved there is an additional $1,000 fee for blocks of up to 8,192 addresses (a /19), and $1,500 for anything larger. |
| RIPE NCC | There are no transfer fees but the seller must have paid its membership fee. |
The RIRs want IPv4 addresses to be used on networks. They don’t want them to become an investment vehicle.
| RIR | Limitations |
| APNIC | Allocations from 103.0.0.0/8 must be held for five years before being transferred. There is no hold period for transfers from other blocks. |
| ARIN | ARIN requires addresses to be held for five years after being issued from the waitlist, or 12 months for other space. The hold does not apply to addresses acquired through mergers and acquisitions. |
| LACNIC | Transferred addresses must be held for a year before being transferred again |
| RIPE NCC | IPv4 addresses must be held for two years before being transferred, including addresses acquired through M&A. The hold does not apply for legacy addresses if treated as a legacy update. |
You can buy or sell IPv4 addresses in the larger inter-RIR transfer market in just five steps. Of course, you might have particular needs. We can help you with them and provide help beyond these five process steps.
Inter-RIR transfers offer a larger market for buyers and sellers. As a Qualified Facilitator, IPv4.Global can smooth your journey through the process. We have brokered over $1 billion of sales and can help buyers and sellers complete their transaction.
Call us on +1-212-610-5601 or write to info@ipv4.global. We can help you achieve your business objectives.
by Leo Vegoda
Mark Zuckerberg changed Facebook’s motto to “move fast with stable infrastructure” in 2014. He told Business Insider that they’d continue to move forward “even if we move a little bit slower.” Considering how and where to move is a part of maturing.
IP address registries have matured. Once they were central to rapid innovation; now they are foundational network infrastructure. Their tools have become better and more reliable because users test them every day. The RIRs improve the tools when users get stuck and ask questions.
Tool development is often rapid but governance moves slowly. Governance is tested less often. APNIC’s Executive Council (EC) meets just four or five times a year. APNIC members elect new EC members for two-year terms each year. That slow pace is reflected in the number of changes to its by-laws since 1998: two.
Why does this matter? How could an unstable APNIC impact network operators and ordinary internet users?
One way to answer this question is to look at comparisons. IP addresses are a bit like land. So, APNIC is a bit like a land registry. Landowners could lose title to their land if a land registry is poorly run. All the services that rely on land registry data would become less reliable.
Governments spend money so everyone has internet access because it’s so important. And as more business relies on the internet, its security becomes more important. APNIC and the other RIRs issue digital certificates linking IP addresses to owners. Many networks now use them to increase the integrity of the paths data takes across the internet. The integrity of these RPKI certificates is more important each day.
Revoking an RPKI certificate – or even sustained interruptions to service – would be bad for the network operators. It would also impact the users who rely on the services those networks support. Flight plans and taxes are essential functions that are now filed on the internet.
APNIC isn’t handing out much IPv4 space now. The little they issue comes from space they reclaim. All five Regional Internet Registries (RIRs) see a trickle of space coming back to them when organizations close. The precise amount varies but it hovers around 100,000 IPv4 addresses per year. That’s a bit more than a /16, often known as a Class B.[1]
IPv4 addresses are worth at least $35 each and AWS’s new pricing prices their use at $47 each per year. At those prices, APNIC’s trickle of space is worth millions, and there’s a little more of it each year.
The stability of the RIRs depends on company law, organizational by-laws, and implementation.
APNIC adopted a code of conduct for EC candidates in December 2022. Clause 8d forbids using whois or lists “for electioneering or spam (for example, by using whois data to send unsolicited emails).” Nonetheless, there were reports of candidates spamming voters in the 2023 election campaign. Others worried that four of the candidates came from just one organization.
APNIC warned members about the unsolicited calls impersonating it. Its warning explained that it “will never call Members to discuss EC election candidates.” It ended up hiring a law firm – Maddocks – to oversee the election code of conduct.
None of the four linked candidates was elected but the experience scared some members. Australian computer scientist, Karl Kloppenborg, proposed a set of governance reforms. He reasoned that they were so important that it was important to engage the APNIC members based outside the region who tend not to vote.
Karl Kloppenborg’s proposals focused on ensuring diversity, reducing the risk of candidates having a significant conflict of interest, and formally defining who is accountable for ensuring a free and fair election.
APNIC’s members urged the EC to act on them. It did. Their governance review took his proposals and turned them into by-laws changes. Members voted on them at APNIC 56 in Tokyo – and online.
A quarter of APNIC’s 9,700 members voted. They overwhelmingly supported the five changes. In the future:
25 years ago, when APNIC’s membership was much smaller, the first four would have been easy. Candidates’ employers tended to be smaller. APNIC was a less attractive prize.
But the industry is bigger now. Consolidation means that some companies are huge global corporations. And APNIC as both an internet “land registry” and a key component in internet security is increasingly attractive to a wide group of people whose interests aren’t aligned with the needs of most members.
These by-law changes were well designed and should help protect APNIC’s integrity for years to come.
by Lee Howard & Peter Tobey
November 29, 2023
Predicting rational behavior on the part of market participants invites two problems into the resulting projections. First, people almost always include some element of irrational thinking in their decisions. Second, no predictor can know every variable – even only the rational ones – or weight those they know with perfect accuracy.
So, good predictions are good guesses made by experienced market observers. At IPv4.GLOBAL we consider ourselves unusually well exposed to the marketplace and so, well-informed about its works. These are our guesses about the future.
During the past twelve months, supply of IPv4 addresses has outpaced demand. The IPv4.GLOBAL marketplace – the largest and so most-representative in the world – now lists over 200 blocks for sale where in the recent past this number was 50 offerings. Some of this supply may be the result of several connected influences.
During the past three years IPv4 prices have, overall, risen. These higher prices enticed reluctant sellers into the market, especially as economic stress following the pandemic moved organizations to monetize available assets. At the same time, network operators, aware of the increased value of IPv4 inventory, have focused on efficiency. More efficient networks lead to more unused inventory that is available for sale and reduces the demand for additional address space.
We do not anticipate any change in either of these two factors.
Beginning in early 2022, IPv4 address prices have inverted: large blocks are selling for more than smaller ones. Since then, they have also diverged, with the difference between small to mid-size blocks and larger ones becoming very significant. The per-block price of large blocks currently hovers at $52 per IP address and smaller blocks change hands at +/- $36.
While some premium for large blocks is reasonable in light of their relative scarcity, the difference in price between small and large blocks appears to be larger than could be expected. The significance – some say irrationality – of the spread shown above is unlikely to persist.
The above illustrates an associated-but-different phenomena: Prices have not simply diverged, separating large block prices from all others, they’ve scattered. Until mid-2021 all IP addresses traded in a fairly narrow price range. There was some significant difference between large blocks and all others (large blocks commanding lower prices per IP address). But the per address price difference among all address block sizes was small and individual blocks within any given class traded very consistently.
The 2021 and thereafter scattering of prices for smaller blocks has continued. That is, the variability of pricing even among recent transfers of the same block size can be quite different. Today, we regularly see small-block transactions varying from $30 to $40 per IP address in the same week.
We expect to see the broad price difference between large blocks and all others reduced in the next twelve months as prices converge. This disparity will be closed either by falling large-block prices, rising small and mid-size prices, or a combination of both. It should be noted that recently, small and mid-size block prices appear to have stabilized, perhaps in anticipation of a recovery.
Put differently, the per-IP price of a /16 is currently 50% higher than the per-IP price of a /17. While there is an understandably greater value to the larger block to sizable networks, this disparity is greater than we expect will be the case in the long run.
Resisting any fall in the price of large blocks, seller expectations may prove sticky. During the past two years supply appears to have expanded, probably in response to higher prices. It is difficult to predict how those expectations will slow or otherwise resist the changes outlined above.
Finally, it remains likely that the variety of prices currently traded for small and mid-size blocks will persist. The result is likely to be a consolidated but still broad band of per IP prices going forward.
AWS has announced they will begin charging for every IPv4 address an account is allocated or using on the platform, starting February 1, 2024. That’s a change from the current scheme, which only charges for addresses a customer reserves, but aren’t using, or if the account reassigns the same address over a hundred times a month. We expect Alibaba, Cloudflare, Google, and Oracle to have similar policies or plans.
With AWS’s price over $40 per address per year, we expect businesses to buy addresses on the market and bring them to the cloud. This will noticeably increase demand, especially among small blocks. That increase will contribute to the continuing stabilization of these blocks’ prices and/or their increase.
In sum, we expect prices to – overall – remain stable but the disparity in pricing among different block sizes to be reduced. Price increases may occur, overall, but we expect them to be small and result in broadly converging prices across all block sizes.
November 27, 2023
On September 4, 2023, Jeroen Lauwers of A2B Internet, and Tore Anderson of Redpill Linpro submitted the policy proposal “Add AGGREGATED-BY-LIR status for IPv4 PA assignments” to the RIPE community. This proposal seeks to standardize the application of the RIPE policy across all internet resources, regardless of status and decrease the workload for LIRs when registering their IPv4 resource assignments.
RIPE policy currently dictates that an LIR needs to register each IPv4 assignment on an individual basis, with exception to addresses that are “used solely for the connection of an End User to a service provider (e.g. point-to-point links)”. These assignments are then shown as part of the service provider’s infrastructure. This exception is sometimes applied to addresses that are not only used to establish a connection between an End User and their service provider, to avoid registering many small assignments. Thus, if an LIR is completely compliant with the RIPE policy, the amount of labor needed to maintain their organization’s account is high.
The proposal will add a status for IPv4 address space called “AGGREGATED-BY-LIR” which will allow LIRs to create one INETNUM object to represent multiple IPv4 assignments that have the same contact information and purpose. Thus, LIR compliance with RIPE policy will increase as other uses for IPv4 assignments are covered by the new status. The IPv4 policy for “AGGREGATED-BY-LIR” would mimic the IPv6 policy for the status of the same name. However, the policy will not require the use of the “assignment-size” attribute as it is mainly used to calculate an LIR’s HD-ratio (which is not currently utilized for IPv4 address space).
The discussion phase for this proposal lasted from September 4, 2023, to October 3, 2023, during which concerns were raised and community support was found. One concern was that the requirement for the “assignment-size” attribute is not included which leaves the assignment boundary between end-users to be unpublicized. Therefore, if someone is receiving spam from a specific IP address, they are not able to block the whole assignment the IP comes from, and not the other parts of the aggregation assigned to other users. Another concern is that the End-Users of these assignments will be anonymous as the contact information for each aggregation will be the LIR’s. These concerns have raised questions around the importance of this information to the RIPE community and the operation of the RIPE database as the provision of this information seems to already be lacking. Despite these concerns, most of the community seem to support this proposal.
RIPE determined that these concerns did not require a new discussion phase, and a proposal document was drafted on October 3, 2023. RIPE is now on to the review phase as of October 27, 2023.
This proposal will be discussed at the RIPE 87 conference in Rome, Italy on November 29, 2023. A Live Stream is available; to join the conversation online, free registration is available. Other topics to be discussed include the purpose of IPv4 assignment registration, the future of IPv6 policy, and updates from RIPE registration services, RIPE policy, and NRO NC / ICANN ASO AC.
by Leo Vegoda
Every device connecting to the internet must have a numerical address. That address is part of a block of addresses used by a network. The smallest block that can be used on the internet is 256 IPv4 addresses.
Rules for numbering (addressing) devices are called the Internet Protocol (IP). These rules define the format of an address so data can travel from network to network and arrive at the intended destination. Nearly all internet-connected devices each have a unique IP address.
Internet Protocol version Four (IPv4) was the first version of the Internet Protocol put into production. Almost all the IPv4 addresses have already been allocated. It is still the most popular version of the Internet Protocol. IPv6 is newer but less than half of all internet traffic uses it.
Each continent has a registry that lists who is using IPv4 and IPv6 addresses. This helps to ensure that one IP address isn’t duplicated anywhere. It also helps network operators coordinate with each other when there is a technical problem.
These Regional Internet Registries (RIRs) perform a similar function to a land registry. They make sure that the registrant is a real person or organization. They make sure they have contact details for the registrant. They have rules, developed by the public, detailing who is eligible to get how many addresses.
Since the RIRs have given out all of the IPv4 addressses, the only practical source of IPv4 addresses is other networks. Motivating someone with a network to renumber and given up an asset requires compensating them, so RIR policy allows for organizations to transfer their addresses in part or in whole to another organization.
In the early days of the internet computing was expensive and addresses were free. IPv4 addresses were allocated in three block sizes: large, medium, and small (Class A, B, and C) to make things easier for the slow and expensive computers of the time.
But computing is now much cheaper. As the RIRs saw that they would run out, new technology was developed to allow sizes in between large, medium, and small. This meant the RIRs could give out only as many addresses as were immediately needed. This increase in efficiency delayed the IPv4 runout for many years. What’s more, an organization that had a medium size block might be able to sell half of it. One network can use multiple blocks of different size if they are needed.
Some RIRs have policies to help new market entrants get some IPv4 addresses from a small, reserved pool. Most of this pool comes from addresses returned when organizations go out of business. RIRs typically see about 100,000 IPv4 addresses come back each year – but it varies.
Getting IPv4 addresses directly from an RIRs’ is less costly than buying them on a marketplace but this comes at the cost of a long wait. To get a small number of addresses direct from an RIR, you’ll wait at least two years after joining the ARIN or RIPE NCC waitlists!
IPv4.Global reviews the organizations we do business with. We make sure the seller has the addresses and the buyer is real. We look at the individuals representing those organizations to make sure they are actually employed there. RIRs also review this information as a part of their due diligence checks. The RIPE NCC documents what they check. The other RIRs check these things, too, each with slight nuances.
IPv4.GLOBAL protects both buyers and sellers with an escrow service. It also offers a third-party alternative through its partner escrow.com. IPv4.GLOBAL has negotiated a 20 percent discount on the escrow.com fees for our clients.
With IPv4.GLOBAL, you can pay on a card for transactions up to $30,000. In 2023, that’s enough to buy up to a /22 (1,024 addresses). Learn more about IPv4 block sizes and CIDR.
AFRINIC does not support inter-region transfers yet. AFRINIC policy does allow transfers within the region but there have not been many. AFRINIC policy requires organizations to return addresses that are not being used, and so transfers are uncommon.
ARIN has an efficient transfer process. Transfer tickets typically take less than a week. Some have completed in a single business day. Providing all organizational background documents speeds up the ARIN process. Our transfer experts can advise you on the documents you’ll need.
APNIC has an efficient transfer process. Clients in Europe and the Americas should be aware that APNIC’s business day ends before theirs starts. So inter-RIR transfers involving APNIC take a couple of extra days. APNIC’s responses typically come the day after a message from Europe or the Americas.
The RIPE NCC has an efficient transfer process. Transactions typically take just a couple of days. We can guide you through their process.
LACNIC’s process is still developing. Transactions typically take several months. Transactions require wet ink signatures from all parties. This means moving a paper document around the world. Response times on tickets are often several days or weeks. This longer process often drives a lower price for IP address transactions involving LACNIC.
The RIRs want IP addresses to be used for internet connections. To reduce speculation by investors who won’t actually use the addresses, some of them require organizations to hold the addresses for a period before transferring them again.
Some organizations got IP addresses before the RIRs existed. Those IPv4 addresses have a special legacy status. One advantage of the legacy status is lower fees or no fees. But it comes at the cost of access to fewer services. For instance, organizations using legacy IP addresses can’t get RPKI certificates for them from ARIN without signing an agreement.
When legacy addresses are transferred within ARIN, APNIC, or LACNIC they lose their legacy status. But when they are transferred within the RIPE region they can retain their legacy status. This also applies to legacy transfers from APNIC to RIPE. This is advantageous for some organizations, like treaty organizations or government bodies who cannot become a member of another organization. It also means that the hold timer does not apply, and the buyer can immediately transfer their address space.
Some organizations value legacy status and will pay a premium for legacy addresses. Many others don’t care.
Many companies rely on knowing where an IP address is to provide a service. Some video streaming is only available to specific regions. Some banks see hacking attempts from other countries and block addresses listed there. Some web sites simply use the best known location of the IP address to decide what language to show.
Information about the geographic location of a device based on IP address (GeoIP) comes from several sources, and is sometimes unreliable. Network operators can publish information giving information about GeoIP in an appropriate level of detail to help their users and these other services. IPv4.GLOBAL can help in publishing this information.
Anyone can run an internet network. When a new network comes online, they “announce” their IP addresses to their neighboring network(s). To protect against mistakes bringing a network offline or addresses being announced by the wrong network, many network operators register their internet connections in Internet Routing Registry (IRR) databases. Networks build filters that limit the scope of misconfigurations. It’s important to register a policy and IPv4.GLOBAL can show you how.
Misconfigurations can cause outages. RPKI was developed to provide a more secure version of the IRR databases. It uses digital certificates to reduce “fat finger incidents” or intentional hijacking. It’s a way to link IP addresses with the number identifying the network announcing them. That number is an Autonomous System Number (ASN). The RIRs are making it easier to create and renew your RPKI records. IPv4.GLOBAL can help get it set up.
Some people send spam and attack networks. Several databases have been established to collect and report information on the reputation of the IP addresses where this happens. Organizations use them when deciding whether to accept mail, or even let their users load certain web pages.
IPv4.GLOBAL can help assess the reputation of IPv4 addresses, and can help clean up that reputation when the bad actors have been removed and vulnerabilities have been blocked.
/16 average prices have held very steady, varying by pennies each month. Prices for small and medium blocks are falling slower than they had been, and appear to be finding a bottom.
October 31, 2023
At ARIN 52 in San Diego, all policy proposals were discussed with no conclusions. Since these proposals were all “Draft Policies,” under ARIN’s Policy Development Process, they are too new to get a sense for whether the community supports them.
Before we jump into the policies, we wanted to provide some insight on the ARIN waitlist at this time. It was addressed at the meeting that as of this past October there are 705 ARIN members on the waitlist and the wait time is expected to surpass 3 years. Currently ARIN receives around 150 requests quarterly and of those they only fill 30-50. Some potential improvements discussed were lowering the maximum allocation from a /22 and lower holdings down from /20.
Draft Policy ARIN-2023-2: /26 initial IPv4 allocation for IXPs
It was addressed that this was based off an APNIC proposal that couldn’t meet a consensus and operators “won’t waste time with /26 exchange”. The author of this proposal brought up a few edits not part of the draft, one of which was that the data used came from Peering DB which is not an accurate representation of IXP Peers, according to members in the community. A concern raised was whether this would affect previously acquired /24 blocks, to which it was clarified that this would only apply to new ones, filtering out existing. Several people who chose to participate opposed, even with edits, because they don’t want to hurt small startup IXPs. The majority of those who provided feedback were against this policy proposal. One person did suggest that with development dollars going into new internet builds, there may be many more IXPs coming online in coming years.
Draft Policy ARIN-2023-4: Modernization of Registration Requirements
Changing “reallocations” to “reassignments” was thought to collide with a previous proposal to delete assignment as reassignments still exist. In ARINs NRPM reallocations are defined as IP addresses sub-delegated to an organization by an upstream provider for the purpose of subsequent distribution by the recipient organization to other parties while reassignments are defined as IP addresses sub-delegated to an organization by an upstream provider for the exclusive use of the recipient organization. One member responded saying that reassignments would still be in policy and was unrelated to this change. Another topic addressed in this section was the need for further clarification on the new time frame of 14 days, no real reasoning behind the change, just provide more time.
Draft Policy ARIN-2023-3: Amendment of the waitlist agreement to include a restriction on leasing
Majority who participated did not support this proposal. The general feedback was there needed to be a formal and agreed upon definition of “leasing” made available somewhere. While those who did support felt this was not worth pursuing or the time involved in doing so would not be well spent. APNIC’s inability to come up with a consensus on their version of this policy was referenced as well.
Draft Policy ARIN-2022-12: Direct Assignment Language Update
Many felt this proposal to update the language surrounding the fee structure needed additional editing in order to be considered further, while others felt it was not needed to begin with, as they consider it to be adding to the problem instead of its proposed purpose of solving problems.
Draft Policy ARIN-2023-1: Retire 4.2.1.4 Slow Start
This draft policy proposal discussed removing 4.2.1.4, Slow Start and was generally supported by the community because it hasn’t been used in recent years and likely won’t be of use in the future. Additionally, the concern of it affecting operations was addressed, with the response it shouldn’t have any impact.
Draft Policy ARIN-2023-5: Clean-up of NRPM Sections 4.3.4, 4.4, 4.10 and 6.10.1
It was stated there would be no change in allocation process just a clarification of the text as the proposals goal is to clean-up complex language. This proposal was supported as drafted by many who decided to participate in the open forum. Some brought up the concern of what an “editorial” change should be defined as. An “Editorial Update” is defined in the PDP as “a non-substantive change to the NRPM” (Number Resource Policy Manual, that is, ARIN’s policies), but guidelines on “substantive” may be needed.
Draft Policy ARIN-2023-6: ARIN Waitlist Qualification
There was not much discussion on this proposal during the open forum, which addressed the requirements needed to receive space off the waitlist, neither for nor against. A suggestion brought up was to put these requirements in the waitlist section and get rid of this section entirely as it’s seen as no longer relevant.
Draft Policy ARIN-2023-7: Clarification of NRPM Sections 4.5 and 6.11 Multiple Discrete Networks and the addition of new section 2.18 Organizational Identifier (ORG ID)
The proposed changes were mostly supported by those in attendance. One concern that was brought up was that the definition of “org-id” needed to be expanded on. However, it was stated there is no org-id definition in RSA, if one was created it may create a conflict. The proposed benefit to provide clarity was seen as unnecessary to some. Org-id in NRPM under section 4.5 was said to be clear to some who participated in the discussion so many felt it didn’t need to change or be added to. Overall, the importance of proper punctuation was stressed, many agreed the cleanup would help if done appropriately.
October 31, 2023
Almost 1,400 people participated in LACNIC 40, which took place in Fortaleza, at the start of October. The LACNIC community discussed four policies: two focused on obtaining addresses, one focused on cleaning up records from addresses returned to LACNIC, and one focused on the Policy Development Process.
RIPE allows leasing, as does ARIN, although not as justification to obtain more address space.A similar proposal was rejected at APNIC 56.
LAC-2022-2 v3: Clarification: The lease of resources is not allowed under the policies in force.
LACNIC no longer has any IPv4 addresses left for allocation. Some organizations would like to buy addresses but LACNIC’s transfer market is tiny. Organizations without the capital to buy addresses sometimes need to lease them. This proposal would only allow addresses leases that come with internet connectivity. This wording is used because “lease” also describes the temporary assignment of IP addresses on a local network using protocols like DHCP.
LAC-2023-6 v1: Special exception for global critical infrastructure providers
The networks that serve the DNS root are an example of global critical infrastructure. Everyone benefits from them, wherever their organizational home is. This proposal would let LACNIC make assignments to global critical infrastructure providers. The goal of the proposal is to diversify the source of addresses rather than fill an unmet need. This kind of diversity is more important because RPKI is becoming more important in network operations. Each RIR is the apex of a hierarchy of RPKI digital certificates. Having some of the addresses issued by LACNIC and using its RPKI service spreads the risk across the whole system.
The author has clarified that the policy goal is to let root DNS service operators switch to LACNIC issued addresses despite not being legally established in the region.
LAC-2023-5 v1: Elimination of ROA in case of recovered resources
Organizations document how they use addresses in the Internet Routing Registry (IRR). They are also documenting how they use addresses with digital RPKI certificates called ROAs. This proposal will require LACNIC to remove stale records from the LACNIC IRR and delete ROAs from its RPKI repository when IP addresses are returned.
This proposal has been modified as of September 18th and received some comments in the September mailing list. Overall, there is a general consensus that the ROA removal should be explicitly stated in the policy manual though there is a question about the practical application of regulating the IRR database.
LAC-2023-3 v1: Considerations for Declaring a Proposal Abandoned
LACNIC’s policy development process does not have a mechanism for clearing out proposals that hang around with a status of “Did not reach consensus.” This proposal will empower the chairs to clear these proposals from the system when their authors are not responsive.
The LACNIC community’s feedback on the mailing list has been supportive with one caveat. They want the period extended from 10 months to a year, so that there would be two public forums within that time.
LAC-2020-6: Miscellaneous Modifications to the PDP
LACNIC will implement this policy proposal, which was ratified in August. This proposal modified the policy development process by:
The implementation will require minor software changes to LACNIC’s software.
.
October 30, 2023
A company joining ARIN’s IPv4 Waitlist today should expect to wait at least three years, John Sweeting, ARIN’s Chief Customer Officer reported this at ARIN 52 last week.
There are about 150 requests each quarter. But ARIN can only fulfill 30-50 requests. There are more than 700 companies on the list today.
ARIN asked the community to consider reducing the maximum allocation and maybe simplifying the policy. That could let more organizations get some IPv4 space and reduce waiting times. ARIN projects that reducing the maximum allocation from a /22 (1,024 addresses) to a /24 (256 IPv4 addresses) could reduce wait times by almost two-thirds.
In a separate discussion, Aaron Wendel, the Executive Director of the Kansas City Internet eXchange, noted a problem. He said that the BEAD program money is making peering a new buzzword. He described a proposal for 140 new Internet Exchange Points (IXP) in the US alone. This would create additional demand for addresses from ARIN’s address pool reserved for critical infrastructure.
Sweeting had previously confirmed that reserved pool replenishment takes precedence over the IPv4 Waitlist. This means the rapid creation of a hundred or more new IXPs could extend wait times for addresses through the IPv4 Waitlist.
by Leo Vegoda
IP addresses identify the network interfaces connected to a network. But which network?
In the beginning, all data networks were local, so all network addresses were local. Before Vint Cerf led DARPA’s Internetting Project, a globe spanning network of data networks was impossible.
For a network to be global, the devices on it each needed a unique address (or identifier) so that data could flow to and from one device and one device only. After some false starts, Internet Protocol version 4 (IPv4) was created. Then, a system of global registries were developed to keep track of each IP address. This system provides the following:
The early internet was small. Most of the users were its builders, or worked alongside them. It was also culturally cohesive. Security was less important than developing the technology.
That changed in 1989. The US National Science Foundation allowed commercial traffic on its internet backbone. This signaled a change in the nature of the internet. It was no longer small and the diversity of its users was growing fast. So fast that engineers started to worry the IPv4 address space (about 4 billion addresses) was not going to be adequate.
They began developing strategies for IPv4 exhaustion in March, 1992. They discussed the possibility of some addresses only being unique within a local (closed) network. This meant the same address could be used in multiple local networks. By 1994, three blocks of addresses had been reserved for use on private networks. They provide just over 17 million IPv4 addresses: enough for all but the largest of networks.
But internet engineers did not standardize the technology for connecting private networks and the internet. Many considered the concept heretical. They wanted “every system to be globally accessible” and knew this required “a globally unique addressing system.” Clearly, the ideal of universal access and re-use of IP addresses locally was in conflict.
Before the protocol for the use of private IPs, the impact of this conflict was quite simple: network operators might, from time to time, use an IP address that had not been allocated to them when creating a private network. If and when this network connected to the internet, multiple users of the same IP address conflicted. Data would then flow in irregular, unreliable ways to both locations using that IP address.
John Mayes, a consulting engineer, worked with networks for clients. Often, the networks he was involved with had used unallocated IP addresses for a private network. When they were then connected to the internet they experienced address clashes.
In 1995 he and Brantley Coile developed the first commercial Network Address Translator (NAT). It solved their clients’ technical problems. A NAT is an intermediary between the local, private network and the internet. It provides a layer where private identifiers are replaced with temporary, public ones. This process replaces the private IP address with the NAT’s own public and unique address on outgoing packets. It rewrites the local, private destination address on incoming packets and forwards them to your local, “private” device. The NAT maps the internal address to an external address for the duration of a session, which could be under a second and could last for days.
But the number of sessions is limited by the NAT’s hardware capacity and the size of the pool of unique addresses it has available. Networks that generate many simultaneous flows, or many long lived flows, will need a bigger pool of unique addresses.
A NAT provides an internet access gateway for the otherwise local devices that need it. As a result, some private IP addresses are completely isolated and others (those associated with a NAT) are protected against data conflicts.
Importantly, a NAT has a default deny rule for incoming traffic that’s not part of a session established by a device on the inside network. This very basic level of protection was missing from many networks at the time and was their first stepping stone towards a proper firewall. This was the PIX, or Private Internet Exchange, named to riff on PBX running telephone networks inside a business.
We now have two types of unique (public) addresses and two types of non-unique (private) addresses. To recap: there is no technical difference between private and shared addresses. The distinction is down to the intended use case. Private addresses are intended for use on end-user networks. That means anything from a domestic WiFi connection to a large bank’s internal server infrastructure.
Public addresses are those that devices use to connect directly to the internet.
Public IPv4 addresses are published in their appropriate registry and are unique on the internet. They identify one device only. There are somewhat more than 4 billion of them.
Public IPv6 addresses are like IPv4 in regard to their unique status on the network. There are 340 trillion trillion trillion IPv6 addresses.
As noted here, there are about 17 million IPv4 addresses set aside for repeat (private, non-unique) use. That is, they can be deployed on private networks and may or may not communicate with the internet via a NAT
Two /8s were set aside for private use in IPv6 but only one is designated as being “active”. Private addresses are assigned in /48 blocks. Each /48 has 16 bits of space for LANs, meaning 65,536 /64 networks because all IPv6 LANs are /64. This means there are 1,099,511,627,776 /48s in the /8 used for private addresses, which is just over a trillion. They key concepts to communicate here are:
Everyone uses unique addresses for private networks in IPv6
As long as everyone uses a suitable prefix generator, there is almost no chance of an address clash
The risk of an address clash between any two networks using this private IPv6 space is about one in a trillion even if the private network is given internet acess. That chance increases with the number of networks. The risk of a clash between any thousand networks is about one in 40 billion. Popular services, including Apple’s consumer products and Google’s cloud services automatically generate random prefixes, reducing the chance of error.
Unlock Value and Manage Risk
In 2022 and the first half of 2023, buyers paid between $40 and $60 per IPv4 address. This means that even a block of 256 addresses – the smallest that can be transferred – brought in over $11,000. Larger blocks are even more valuable per IP address. (We publish the pricing of IPv4 address blocks from our marketplace monthly. In fact, IPv4.Global runs the largest and most transparent IPv4 marketplace in the world. For more historical data, see Reports.)
Many people know that they can sell spare addresses but not everyone knows that unused IPv4 addresses can be a risk. The most benign risk is having an unused asset doing nothing. But actively managing IPv4 inventories controls two other, more serious risks.
Unmanaged networks bring unmanaged risk – and cost – with them.
The most important risks relate to security. The devices on unmanaged networks might be running unlicensed or unpatched software. In the worst case scenario, an unmanaged network with insecure devices can act as a bridge to the rest of your network.
Newspapers are full of stories about poorly configured networks leading to data loss and fines.
Most people would think that not using something is a good way to keep it safe. That’s not the case for IPv4 addresses. They are a risk because bad actors build up a picture of which addresses are allocated, which are used, and which are not.
They target the addresses that are not used because they won’t be monitored. That means they have more time to misuse the hijacked addresses. They leave a reputational mess behind them.
Controlling the risks associated with IP address management also delivers opportunities.
Sometimes organizations discover that unmanaged networks are there to perform unmanaged processes. Because they aren’t managed, they are often inefficient. Solving the IP address management problem opens a door to business optimization opportunities.
IPv4 addresses were once free and plentiful. People used them without worrying about cost or efficiency. They would generally record the use in an IP address tracking spreadsheet, or better a true IP Address Management (IPAM) system, so colleagues did not use the same address.
This is an asset allocation problem. When unique public IPv4 addresses are used for devices that should not receive inbound connections, they could be replaced with private IPv4 addresses or IPv6 addresses.
Private IPv4 addresses are free to use, although there are only about 18 million of them. There is a nearly limitless supply of unique private IPv6 addresses. And uniquely registered IPv6 addresses are available for relatively low registration fees.
Releasing IPv4 addresses to the market turns a sleeping asset into cash.
Managing IP addresses is managing risk. It is also a lens you can use to identify business processes that need improvement, or sleeping assets that can be converted into cash.
IPv4.Global’s ReView tool, developed in collaboration with 6connect, will help you audit and then manage your IP address space. The tool runs on Windows, Apple, or Linux. Go here to request a free download today.
If you have any questions, contact us at info@ipv4.global or call +1-212-610-5601.
September 15, 2023
IP addresses are identifiers. Devices use IP addresses to communicate with other devices. At first, each address was unique but clever engineers have added nuance. The internet is a network of networks. Often, the address announced to the internet hides a wealth of private addresses behind it. Those private addresses are only locally unique while the address that hides them is globally unique. In other words, many millions of networks can use the same private addresses. Specifically and only with one device. On a network like the internet, the address of a device is announced to the entire system so that anyone, anywhere can find and communicate with that location. Which means that an IP address used on the internet must be unique and known worldwide.
On a smaller network, the IP must be unique on the network in question. And therein lies the rub. There are multiple networks in the world and not all of them are directly connected.
The most widely understood network address is the “public” IP address. In this address, the unique identifier can be reached from anywhere on the internet because it has been published and is unique on the system.
A private IPv4 address is structurally identical to a unique, public address. But there are differences: it is unpublished in RIRs (the address books of the internet) and it is not unique to a single device. A private IP is often duplicated many times, used on many closed networks of various sizes. So, a single private IP likely exists in many millions of homes, cafes, and hotel lobbies around the world. For instance, your phone might have the IP 192.168.0.73. But there will be millions of other devices using the same address, simultaneously.
The advantage of a privately-used IP is that the same one can be deployed many times. It’s cheaper. It is unique only within the confines of its “private” network. Within that walled garden it identifies only one device. But to communicate more widely some intermediary is needed.
When a private IP address must communicate with the outside world via the internet (that is beyond a private, closed network) it does so using a Network Address Translator (NAT). This replaces the private IP address with its own public and unique address on outgoing packets. It rewrites the destination address on incoming packets to the private IP when it forwards them to your local, “private” device.
When the world had a limited number of internet-connected devices and a (seemingly) unlimited number of IPv4 addresses, public, unique addresses were used on just about everything connected to the network. This included:
The internet was still small, so there was no shortage of IPv4 addresses. If you already had a large block of them, you’d use them for anything that would communicate with something on a network.
When the looming shortage of addresses became clear, some more efficient use of the limited supply was needed. John Mayes and Brantley Coile developed a commercial Network Address Translator in 1995. This allowed multiple-use private IP addresses in wide network use. It had another advantage: when dumb devices are on the internet they can behave stupidly. So to speak.
As the internet boomed at the turn of the century, the risks associated with “internal” devices with full internet access became much greater. Even a relatively dumb device, like a camera, could give a miscreant access to your network. This increased the risk of data exfiltration, criminal spamming from your infrastructure, and simple malicious damage.
Using private IP addresses behind a NAT provides enough network security for many types of user. Organizations with more complex needs will need a more robust security approach. The IPAM (IP Address Management) system manages which addresses are used on a network and the NAT (Network Address Translator) provides an internet access gateway for the devices that need it. As a result, some private IP addresses are completely isolated and others are protected through the intermediary of the NAT.
In 2023 IPv4 addresses are at a premium. An old Class B address block (65,536 addresses) is worth as much as $3 million. So, replacing valuable unique addresses with something less costly will pay for itself and leave a lot left over.
To use IP addresses most efficiently, consider the following:
by Leo Vegoda
There are two basic kinds of businesses that use IP addresses and domain names. One kind provides the content of the internet, hosting and delivering it – normally in the form of a website. The other sort of internet business serves the eyeballs that consume that content. That is, it provides users with access – usually an ISP (internet service provider).
The send-and-receive relationship surrounding websites is different from that of email. In the case of email, users generate content for one another and rely on email services to transmit that content. But in both cases of data being sent and received, some point of entry into the internet is required for the dispatch of good content and bad.
In response to an increasing number of bad actors on the internet stage quite early in its development, various proposals were offered in the 1990s to curb or eliminate the delivery of that content. The primary target of this effort was email, especially spam or other objectionable material. The best ideas proposed sought to identify senders and disseminate information about them that might block their distribution capabilities.
Computer scientist Paul Vixie created MAPS, the first real-time blocklist, in 1997. Its goal was to identify the IP addresses that send bad material. And, it let those who provide access to users block those who send it by blocking those sending IP addresses. The core idea was to publish the IP addresses of bad actors in the form of lists so they could be blocked from successfully delivering their content.
Today, reputation lists evaluate domain names as well as IP addresses. Their goal is to give engineering teams information to help them decide whether to accept a message, or other data traffic. They are important at helping companies filter out security threats, like phishing and botnets as well as mundane spam.
Mail and other messaging services are mostly operated by a few centralized service providers. But even marketing messages are uniquely tailored to each recipient in many outreach efforts. So, while content-based filters can be useful, knowing whether a sender generally sends messages that people want to read is very useful.
Some reputation list managers, like Spamhaus, are nonprofit. Others are commercial businesses. The key similarities are that they provide datasets of IP addresses and their characteristics. Users can send dynamic queries to the list or arrange for a regularly updated local copy.
The factors to check for when evaluating lists include:
The right blocklist providers will depend on your business needs. These are worth evaluating.
Barracuda Reputation Block List
These blocklists are often used alongside allow lists. The allow lists ensure that temporary problems don’t result in problems sending and receiving legitimate mail.
DNS blocklists run spam traps and honeypots – addresses used to detect spam – and list the servers sending mail. But they don’t have just one list. Typically, they will have several including:
If your IP address is listed, then fixing the problem should result in an automatic delisting. If it does not, the blocklist owner should provide an explanation of why an address was listed. They should also provide a way to request removal from the list.
Charging fees to list subscribers is considered fine. This is “the definition of a commercial DNSBL.” But charging to achieve or expedite removal from a list steers perilously close to notions of extortion, blackmail, or a ‘protection racket’. Internet engineers recommend that lists imposing these fees should not be used.
Reputation is about more than just spam and malware. Banks, retailers, and content networks use GeoIP location data when evaluating how they’ll serve their customers. Banks and retailers use GeoIP location data as a part of their risk management. Content networks use it to comply with contractual responsibilities.
Banking websites know where you normally do business from. If you change location they can use that as input to their overall risk management. The greater the change the greater the risk. A bank might decide not to limit payment orders made from a higher risk location. Similarly, retailers use GeoIP data in their automatic fraud risk evaluation for sales. They don’t want to deliver goods or services bought with a stolen card.
Content networks can be a bit more relaxed. They obviously want to localize user interface and advertising based on location. United States based account holders will see French user interfaces in France, along with local advertising.
But content is often licensed per territory, so streamers need to use GeoIP to limit access from outside permitted territories. Research into content unblocking VPNs has demonstrated that this is a highly dynamic set of services. Evolution in action. The rights for sports content sell for the highest rates, so sports content enforcement is stronger.
DNS blocklists, like Spamhaus, only list your IP addresses if they see spam from them and you don’t resolve the issue.
If you are new to managing network abuse issues, take the RIPE NCC’s free webinar.
We have found a floor for IPv4 prices on small blocks. Most medium blocks were consistent with recent trends, but a few outliers show a dip in the chart. Large blocks (/16 and larger) continue holding their value, with significant premiums for larger aggregates.
by IPv4.Global Staff
Any university looking to tackle strategic initiatives faces a key hurdle—sustainable funding. Whether it’s increased operational costs to maintain building facilities, declining student enrollment, or decreased government funding, higher education institutions nationwide grapple with various financial challenges.
An often-overlooked opportunity for university funding is the surplus of unused IPv4 addresses many of these institutions hold. These IP addresses are valuable and can provide the financing needed to fund strategic higher education initiatives.
Below, we’ll dive into the finance strategies institutions can leverage to monetize excess, unused IPv4 address blocks.
Today, IPv4 addresses are valuable due to circumstances tracing back to the ‘90s. At that time, the internet was primarily a tool used by educational institutions to conduct research.
These institutions received large allocations of IPv4 addresses. For instance, it was common for some universities to receive 65,000 addresses. However, many universities that received these large blocks of IPv4 addresses currently only use a small portion of their addresses to manage their internet traffic. These unused addresses, valued anywhere from $10 a piece in 2015 to $55 a piece in 2022, present significant untapped value.
For this reason, it’s crucial for any institution with stockpiles of IPv4 addresses to conduct a thorough assessment of its IP address inventory to identify surplus address blocks that may be unused—and currently overlooked or forgotten.
It all starts with implementing effective IP address management across the organization, evaluating all networks to ensure every inventoried, accounted-for IPv4 address is active or is part of the institution’s network expansion plans.
Tools exist for such an evaluation. A free one is available for download here.
So, what happens if an institution realizes it’s sitting on surplus IPv4 address blocks?
The best option is to sell these valuable addresses on the IPv4 market through the use of an IPv4 broker. An IPv4 broker can provide expert knowledge and guidance to help institutions navigate the fast-evolving IP address market.
A brokered sale of unused IPv4 assets can help a university gain significant value from selling these address blocks in a competitive market. And partnering with a trusted IPv4 broker can ensure that universities with large inventories of unused IPv4 blocks realize their monetary value.
Let’s consider the case of Hartwick College, a private liberal arts college in Oneonta, New York, which received large blocks of IPv4 addresses in the internet’s early days.
In partnership with IPv4.Global’s research team, Hartwick College discovered it had significant numbers of unused IPv4 addresses. The university supplied users with IP addresses via a local internet service provider and didn’t need the large blocks of IPv4 addresses in its inventory.
Here’s how Hartwick monetized its surplus IPv4 address blocks:
As an alternative to selling surplus IPv4 addresses, a university can lease them for recurring income. IP address leasing is a suitable option if an institution is uncertain about expanding its network in the near or long term.
Ultimately though, selling—rather than leasing—IPv4 addresses may be ideal if an organization has a vast inventory of these addresses that it doesn’t anticipate using anytime soon.
Thinking strategically, a university with surplus IPv4 addresses can monetize these to generate income to finance other critical projects.
If a university only requires a handful of IP addresses to meet its network connectivity needs, earning revenue from a one-time sale can help fund university initiatives such as:
Any university with a surplus of IPv4 addresses can monetize them to fund various initiatives. With the help of an IPv4 broker like IPv4.Global, institutions can sell these addresses competitively while avoiding the hassles of completing the sale and transfer themselves.
Whether an organization chooses to sell surplus IPv4 address blocks on IPv4.Global’s online marketplace or opt for our private brokered solutions, we streamline every sale to ensure a successful transfer of each address sold.
Contact us today to learn more about monetizing IPv4 addresses.
September 22, 2023
APNIC 56 took place over two weeks at the start of September in Kyoto, Japan. Five proposals were scheduled for the meeting.
prop-148 Leasing of Resources is not Acceptable – Did not reach consensus, abandoned.
This proposed that leasing IPv4 addresses is not acceptable without defining the term, “leasing.” It would then have required APNIC to take action against anyone leasing their addresses. They would either have to reclaim the space or force the recipient to rejustify it. Commenters were concerned about the cost of implementation. The chairs told the proposers to abandon the proposal, instead of coming up with a sixth version, as there was not enough support.
prop-152 Reduce the IPv4 delegation from /23 to /24 – Did not reach consensus
This proposal sought to make some IPv4 space available at low cost for more new entrants to the market. One speaker worried that by reducing the allocation size APNIC would limit their members. In contrast, another stated that it would help new businesses start and grow. The market could provide any additional space they need. There was a lack of support, so the proposal was abandoned.
prop-153 Proposed changes to PDP – Did not reach consensus
This proposal came from the chair and was intended to avoid problems with proposals getting agenda time when they arrive after the deadline. Time-zone issues, exacerbated by misunderstanding the language of the policy process, have caused problems in the past. This proposal set the deadline as five weeks before the meeting, with proposals that miss the deadline not getting agenda time. These proposals would be dropped and have to be resubmitted. Some argued that five weeks was too long. Proposals are translated and discussed in local communities before APNIC meetings. But speakers from Japan indicated that three weeks would be enough time. There was a lack of support so the proposal was abandoned.
prop-154 Resizing of IPv4 assignment for the IXPs – Did not reach consensus –
This proposal is similar to RIPE’s 2023-01. The idea was to make space available for more Internet Exchange Points (IXPs) – the interconnection facilities where networks meet and exchange traffic with each other. It would do this by assigning smaller networks. Most IXPs use less than half of the space assigned to them, so this seemed like a good way of making space available for more IXPs. But APNIC staff noted that they do not maintain a separate reserved pool of IPv4 space for IXPs. IXPs’ assignments come from the same pool as everyone else. There was a lack of support so the proposal was abandoned.
prop-155 IPv6 PI assignment for associate members – Reached consensus
This proposal would made it easier for APNIC associate members to get their own block of IPv6 addresses. As long as the member plans to use the addresses within a year, they would qualify for a block even if they had no IPv4 address space. Speakers discussed whether the addresses could be transferred. The proposers clarified that the addresses could not be transferred apart from through a Merger and Acquisition process. The proposal was supported and achieved consensus. APNIC’s implementation is dependent on the APNIC EC changing the Tiers and Voting Rights for APNIC Members.
There were also resolutions to the APNIC By-laws that were to be voted on in a special members’ meeting. A quarter of APNIC’s 9,700 members voted. They overwhelmingly supported the following five changes. In the future:
September 15, 2023
An IPv4 address identifies your connection to the online world. IP addresses make it possible to host websites, manage secure communication, and engage in countless other essential, internet-related activities.
Typically, when migrating to a new cloud provider, a business has only one path: lease the provider’s IP addresses.
But what if a business already has a block of IP addresses?
That’s where BYOIP (Bring Your Own IP) comes into play as a compelling second option. Today, many leading cloud providers have implemented BYOIP policies that allow previous owners or lessors to pair their legacy IP addresses with the new cloud resources.
But what does that entail? What are the benefits of a BYOIP approach?
Here’s what businesses need to consider before they begin the migration process.
As the name implies, BYOIP is a set of policies that grants an organization the rights to use its own existing IP addresses within the cloud provider’s infrastructure.
Put simply, if a business already owns and uses a block of IP addresses on its legacy system or server, it can then retain all or part of those publicly routable addresses when they migrate or integrate with the new cloud provider.
For instance, if a business sought to migrate to a major provider like Amazon Web Services (AWS) or Google Cloud, either provider allows clients to provision their own public IPv4 addresses. Then, after those IP addresses were imported, the cloud provider would manage them in the same manner as a Google or Amazon-provided address. As Google notes, the only exceptions are:
Generally speaking, when the time comes to perform the transfer process involved with migration, an organization must:
That said, the exact onboarding process for how to migrate existing IPv4 addresses to a new cloud provider will depend on the provider. Each one has its own infrastructure and requirements that might lead to variations in the procedure. For example, AWS has a two-phase, three-step process:
Some of the tangible benefits of BYOIP include:
Implementing BYOIP—although beneficial—carries its own set of unique challenges and limitations that organizations must carefully weigh before committing to this policy. Common issues include:
Onboarding process – The actual process of bringing your own IP address into a cloud provider like AWS EC2 is not complex and can be accomplished by an experienced network engineer in less than a full day. The process includes:
Provider limitations – Not all cloud providers support BYOIP.
AWS is permitting BYOIP on its platform. For information on how to take advantage of this opportunity, see our AWS-BYOIP blog.
For any cloud migration, businesses may opt to BYOIP rather than buying or leasing their IP addresses from the cloud provider. This policy allows for increased flexibility, control, and efficiency in managing IP assets. By leveraging existing IP addresses, organizations can preserve their established reputation, ensure seamless compatibility with applications, and meet regional-specific regulatory requirements.
But what if a business has legacy IP addresses it wants to transfer, but lacks the expertise to perform the migration?
IPv4.Global can assist. As the world’s leading IPv4 broker, we can help you appraise, sell, lease, or even transfer your IP addresses to a new server. To learn more about the migration process, contact us today.
by Leo Vegoda
Innovators and early adopters had telephones in the late 19th century but it took a century for everyone to have access. The internet’s rollout has been faster. But even in California, eight percent of households do not have access or a device to use it. That grows to 19 percent in Mississippi and New Mexico.
Households without reliable internet access are cut off from commerce, education, government services, and healthcare. Communities without good internet experience all this and lose people to better connected places. It’s a downward spiral.
That’s why the US government has allocated $42 billion to grow high-speed internet access across the country. Its Broadband Equity Access and Deployment (BEAD) program is open to every state and six territories.
The states and the territories will be making grants from their allocated funds. The states can make initial proposals for how to spend the money until the end of 2023.
BEAD is designed to deliver high-speed internet access to areas without service. Grants can be awarded for upgrades to existing networks and new builds. In some cases, electrical coops will use their existing network to deliver internet access.
Grants are on offer to fill the gaps the market has missed. Because they are grants and not loans, the providers should be able to provide much more affordable service. The initiative comes with subsidies for low-income households to ensure this.
When everyone has internet devices and access they can become digitally literate. BEAD emphasizes the importance of projects to expand learning and development approaches that meet the needs of the targeted communities. This is important because BEAD grants are intended to bring people together and reinvigorate communities.
The US government hopes BEAD will be transformational. Giving communities reliable, high-speed internet does more than increase their access, it makes the communities themselves more accessible to the world at large. It will give businesses and schools new opportunities. It will also improve healthcare in places where it can take professional hours or days to reach patients.
Decentralized government means that processes will differ. But the BEAD program provides a guiding framework so, many states will have a similar approach. It’s worth examining California’s plans for spending the money.
California’s Public Utilities Commission is running its implementation. Their application process will start next year. The application window could open early in 2024 with the first fifth of grants being awarded from June.
California’s BEAD Program implementation timeline, with grantmaking starting in mid-2024.
Look at the table below to find out how much money your state or territory has been allocated. Then look for the answers to these three questions:
We run the world’s most trusted IPv4 marketplace, so we have unique experience from all sorts of networks. We help you get the IPv4 addresses you’ll need for your project and we can connect you with engineering talent you need. We’ll get you started on your journey to a grant award.
Call us on (212) 610 5601 or write to us at info@ipv4.global.
| State | Amount Allocated |
| Alabama | $1.4 billion |
| Alaska | $1 billion |
| Arizona | $1 billion |
| Arkansas | $1 billion |
| California | $1.8 billion |
| Colorado | $826 million |
| Connecticut | $144 million |
| Delaware | $107 million |
| District of Columbia | $101 million |
| Florida | $1.2 billion |
| Georgia | $1.3 billion |
| Hawaii | $149 million |
| Idaho | $583 million |
| Illinois | $1 billion |
| Indiana | $868 million |
| Iowa | $415 million |
| Kansas | $452 million |
| Kentucky | $1 billion |
| Louisiana | $1.3 billion |
| Maine | $272 million |
| Maryland | $268 million |
| Massachusetts | $147 million |
| Michigan | $1.5 billion |
| Minnesota | $652 million |
| Mississippi | $1.2 billion |
| Missouri | $1.7 billion |
| Montana | $629 million |
| Nebraska | $405 million |
| Nevada | $417 million |
| New Hampshire | $197 million |
| New Jersey | $264 illion |
| New Mexico | $675 million |
| New York | $665 million |
| North Carolina | $1.5 billion |
| North Dakota | $130 million |
| Ohio | $794 million |
| Oklahoma | $797 million |
| Oregon | $689 million |
| Pennsylvania | $1.2 billion |
| Rhode Island | $109 million |
| South Carolina | $552 million |
| South Dakota | $207 million |
| Tennessee | $813 million |
| Texas | $3.3 billion |
| Utah | $317 million |
| Vermont | $229 million |
| Virginia | $1.4 billion |
| Washington | $1.2 billion |
| West Virginia | $1.2 billion |
| Wisconsin | $1 billion |
| Wyoming | $347 million |
| American Samoa | $38 million |
| Guam | $157 million |
| Northern Mariana Islands | $81 million |
| Puerto Rico | $335 million |
| U.S. Virgin Islands | $27 million |
When the time comes to sell, buy, or lease an IPv4 address, multiple factors will come into play. The reputation of an IPv4 address block is a factor that is poorly understood and often ignored. Neglecting this factor can result in a block of addresses that have a limited usefulness and requiring significant additional effort to be usable.
An IP address’ reputation can significantly impact its utility and worth in the digital marketplace. A tarnished reputation can hinder email deliverability and even prevent businesses from operating online.
IP address reputation is a measure of the trustworthiness of an IP address based on the past behavior originating from that address. In some reputational systems the behavior of neighboring addresses will also affect the reputation.
Address reputation scoring is a measurement of the address’s historical behavior and associated activities. It functions similarly to a credit score in two significant ways. Like credit scores, there are multiple entities that assess the reputation and they do not always agree. The reputation is also generally reduced to a simple numerical metric to aid in decision making.
While this reputation might be invisible to the casual user it is an integral part of the defensive protections in many service providers. Networked systems import reputation lists and use them in combination with the operator’s policy to decide how to treat communication from IP addresses. While the most popular use of reputation is to evaluate if e-mail is spam, it can be used for other purposes including blocking all traffic completely.
IBM uses several classifications for types of behavior that will lead to a negative reputation:
Much like a bouncer at a bar checking IDs at the entrance, IP address reputation is used to decide whether to accept email or let consumers buy products. Access is denied when an address is on an RBL (Realtime Block List). But addresses with a clean reputation are welcome. Many organizations configure the IP addresses of their business partners and other important networks to an allowlist to avoid service interruptions.
When it comes to IP reputation management, three primary factors are impacted by address reputation:
Organizations use IP address reputation in combination with their own policy when deciding whether to accept or reject mail and other data traffic.
Several elements are factored into the reputation equation, including:
Similar to credit reporting companies tracking financial history, RBLs track the digital history of an address. These databases maintain an active list of addresses that have been associated with unscrupulous behavior. If an address is granted this ignominious honor, it signals to all other sites and bots that the address may not be a trustworthy source. Most RBLs will automatically remove IP addresses shortly after they stop acting maliciously. All reputable RBLs provide a way to request a manual review and will not charge a fee for doing so.
Prominent RBL providers, such as Spamhaus, SpamCop, and SURBL, use different methodologies to evaluate IP address reputation. Some focus on the volume of spam, others on the nature of the spam, and yet others might look at additional factors such as user reports.
If an IP address block lands on an RBL, that status isn’t permanent. Addresses may cycle from malicious to benign and back several times over.
As WebRoot notes: “When looking at the top 50k IP addresses that recurred on our “malicious” list in 2020, 97.3% were caught displaying at least four distinct risk factors, such as spam sources. Almost half (45%) of the top 50K recurred during at least 2 different months, while 25.8% were seen doing something malicious every single month.”
It’s worth noting that IP address reputation isn’t a perfect system. It’s not infallible and can be prone to false positives and false negatives. Innocent IPs may be flagged as malicious, whereas bad spammers go undetected.
When purchasing an IPv4 address, itsreputation should be a guiding touchpoint rather than a final judgment on its trustworthiness.
Additionally, IP reputation isn’t static. It can be improved over time.
There are actionable steps an IP address owner can take to improve its reputation, including:
Whether you’re looking to buy an IPv4 address block with an assuredly clean reputation or looking to repair a block’s reputation before or after a sale, IPv4.Gobal is the trusted market leader. Our experts will guide you through the transfer process, which is a foundational step in improving a negative IP address reputation. We can also connect you with specialists who can help you contact blocklist operators if you need extra help.
Remember, an IP address’s reputation isn’t set in stone. If an IP address has a less-than-savory reputation—just as with a credit score—it can be gradually improved with time.
To discover more, reach out to our team today.
by Leo Vegoda
“They always say time changes things, but you actually have to change them yourself,” according to Andy Warhol.
Manual tracking of IP address allocations has a long history. Many organizations used a spreadsheet to manage IP addresses. Having already paid for office productivity software why not use it as much as possible?
Gone are the days where IP address tracking was as simple as making sure sysadmins were told unique addresses. IP address allocations are used to configure DNS, DHCP servers, geolocation information and more. Automation is essential for networks of any size. The world is changing to require more data, which makes automated data maintenance more compelling.
The world today is completely different. As interdependencies grow and data quality needs increase automation is required. Automation not only reduces workload but enforces consistency as the data is consumed.
IP Address Management, or IPAM, is the name given to tools that manage IP address allocations and interlinked information like DNS, DHCP scopes, and geolocation information.
IP Address Management (IPAM) automation tools all provide three core functions that are useful for all networks:
A recent addition is the need to manage geolocation data. In the 1990s all users could access services anywhere on the internet. Today some services are only available in particular areas. One example is live streams of sports events which are often licensed for specific territories. IPv4.Global has written about this before and also described a free public tool for checking published geolocation information. The bottom line is that changes in the way GeoIP service providers get information will mean IPAM tools needing to support these capabilities. You can find a list of providers and their automation status here.
Today networks need both IPv4 and IPv6 addresses. And most networks have more than one block of each. ARIN’s statistics show that most networks have 2.5 blocks, while the RIPE NCC’s show that organizations in Europe have more than 3.
Many organizations deploy hosts with both IPv4 and IPv6 addresses. That often results in duplicating all the data entries. IPAM software can allocate IPv6 addresses to existing IPv4 hosts automatically and will ensure that IPv4 and IPv6 addresses for a host are updated at the same time when changes are made.
RIRs use two words to describe IP address registrations. An allocation is a block of addresses assigned to a particular company. As the company divides that block into specific uses they call it an assignment. Assignments might go to different internal teams, or different customers.
Some network operators encourage each other to register assignments. They use this information to inform automated policy implementation, like working out if they can provide a service. RIRs also require assignment information when processing additional requests for space including IPv4 transfer requests.
Figure 1 shows how allocations, assignments, and the actual uses of IP addresses fit together.
Even small networks are likely to need four or five assignments for each allocation. It is not uncommon for an organization to update dozens of assignments and separate geofeed files on a regular basis. The answer is not to follow Andy Warhol’s advice and “change them yourself.”
Whether you’re building a brand new network and need addresses or simply want advice on IPAMs, contact us. We run the most transparent and trusted address brokerage. And we can connect you with engineers who can help you select the right tools for your organization – including IPAM tools that provide automatically generated GeoIP feeds as part of your provisioning process!
by Leo Vegoda
IPv4.GLOBAL’s marketplace and auction platform filters scores of open auctions in several ways. One is by block size where the smallest block is a /24 (256 IPv4 addresses). But why /24?
IPv4.Global Auction Platform showing the block-size filter
One answer is that this is the smallest block that some RIRs will transfer. But that doesn’t completely explain the rationale or history for why this is true. Underlying the transfer rules is the fact that it is very difficult to use anything smaller than a /24 on the internet. But why?
On January 1, 1983, the ARPANET switched from the Network Control Protocol (NCP) to TCP/IP, a date known as “flag day”. To understand the mindset of the engineers at this time it is important to remember that the network had on the order of 100 nodes. The concept of a LAN was brand new, with Ethernet becoming commercially available in 1980. It’s likely no one could even imagine the Internet of today.
RFC 791 is the initial addressing specification. Internet engineers cut the IPv4 space into three sizes of network.
IP addresses were distributed to networks in these three sizes only. The notion of these three address sizes was designed into additional protocols. The Exterior Gateway Protocol (EGP) was used at the time for global routing, and it only new how to deal with networks of these three sizes.
Over time the network started to grow. The next inflection point was the creation of the NSFNET in 1986 to create a general-purpose research network. A trend emerged, the research institutions were too large for a Class C, they all received Class B addresses. There started to be concern over the exhaustion of the Class B address space.
In parallel, the Border Gateway Protocol (BGP) was developed to replace EGP. Eventually BGP version 4 became the BGP we know today, able to route networks of any size. There was no longer a class dependency in the routing protocol.
Things rapidly changed in the early 1990s. Commercial use of the Internet began with many of these new commercial entities receiving Class C address blocks. These commercial entities often came back for more address space, as a Class C was small, and the Internet was starting to grow exponentially. This created a new concern, the size of the routing table.
A proposal for a new approach came in 1993.
The new approach, known as Classless Inter-Domain Routing (aka CIDR) and offers more granularity. Engineers recognized that many different sizes of address block were needed, and that the old boundaries were arbitrary. With the new thinking, the boundary between “network” and “host” address could be placed at any bit in the 32 bit space:
This delivered three advantages.
The early Internet was a series of cooperating research intuitions. There was a collegial collective effort to make the network functional. The connection of commercial entities to the network began to change that dynamic in multiple ways. Commercial networks were driven by making money and keeping their customers happy. Newly minted “network engineers” focused on growth rather than cooperation, and on managing their very expensive bandwidth.
Traffic engineering began to result in large blocks being announced as /24s. Traffic for an organization’s addresses might not be spread evenly. One /24 could get a disproportionately heavy load. The network’s operator might want that heavy load to use one path and the rest of the traffic to use another. Although the organization had received a single large block via a CIDR allocation they were once again taking up many slots in the global table by routing it as individual /24 networks. This is called deaggregation. Keeping all addresses in a single announcement is called aggregation.
The example network ensures that most traffic for 10.31.8.0/24 comes from Upstream 2 telling it about the more specific – smaller – /24. The whole /19 network is announced to both upstreams.
The internet engineers who developed the CIDR strategy in 1993 described two benefits. One was that “more-appropriately sized blocks” could stave off depletion. The other was “an immediate decrease in the number [of] routing table entries”. The networks carrying traffic for those downstream networks need to have what internet engineers call the full ‘default free’ routing table. With the table size growing rapidly, as well as traffic increasing exponentially the equipment of the day was strained.
Network operators always encouraged each other to minimize the number of routes they advertise. This is because the cost of routes is paid for in router upgrades. Since the mid-1990s, engineers have been sharing a weekly CIDR Report. It showcases the networks that could reduce the size of the routing table by aggregating better.
AS7007 famously caused a major internet outage in 1997 when it leaked, or unintentionally deaggregated, 72,000 routes. Outages like this are a result of sudden, unplanned growth in routes exceeding the capabilities of deployed hardware. In some cases the network could not automatically recover, engineers would have to manually reset the routers to recover from these events.
Network operators also began to filter routing advertisements motivated both by limiting the growth of the table to extend the life of equipment, but also protecting themselves from these route leaking events. There were a wide range of approaches early on, but gradually some standard practices emerged. One practice was “nothing smaller than a /24”. That was the smallest unit allocated by RIRs at the time, and the feeling was no one needed to deaggregate intentionally or accidentally smaller than that size.
The early IPv4 distribution policies noted that conservation and routability are often “conflicting goals.” Traffic engineering could be added to that.
A full history of the Regional Internet Registries (aka RIRs) would be much longer than the history of the /24. It is important to understand that each of the RIRs developed some form of a “community consensus” approach to managing the address space. They each have a policy process guiding how IP address space is distributed and transferred.
Their history is intertwined with the technical history, and as a result the /24 boundary feature prominently in many RIR policies. The specific answer as to why an RIR does not allow smaller than a /24 to be transferred is that such a restriction is codified in their policies. Those policies in turn are a direct result of the path taken by the technical evolution of the Internet.
The /24 boundary comes not from any one decision, but a confluence of different decisions over time. The original choice of a Class C network at a /24 boundary was clearly an influence. The need to limit the size of the global table resulted in a /24 being seen as a reasonable cut off point. The need to protect the global routing system led to widespread deployments of filters at the /24 boundary.
Each Internet network is independent. There is no rule saying a network can’t advertise or accept longer prefixes. Today, Geoff Huston’s BGP Routing Table Analysis Report shows about 3,000 routes for blocks smaller than a /24. These tend to be short lived route leaks. At 0.3% of the whole routing table, these are not a problem. Most ISPs will filter these announcements and never see them. However, if two networks want to exchange more specific routing information they can, and sometimes do!
Large-block prices have remained steady-to-slowly-rising. Medium and small-block prices appear to have stabilized and may be rising, too.
September 6, 2023
APNIC56 is in Kyoto, Japan September 7 – 14. This year there are four new policies being proposed and an edit to a policy previously discussed several times.
prop-148 revolves around leasing and whether the RIRs, specifically APNIC, should put anti-leasing terms into effect. This Prop has had four previous versions. Not all criticisms of prior versions have been addressed in this version. The author states that the other RIRs do not allow leasing as justification for space. This position effectively disallows IPv4 leasing in general. Further, the author poses that if a member, who validly justified space in the past, is no longer using the delegation for the justified purpose (i.e. leasing) this violates policy and the address space should be revoked and returned to the RIR. Discussion on this proposal varied from minor support to opposition. Most of those in support nevertheless believe there needs to be further clarification on leasing in general. Distinctions are made between leasing broadly and those with “legitimate” business cases (for example, businesses may also lease subnets smaller than a /24 to customers who may have a business internet service).
prop-152 speaks about reducing the minimum delegation from /23 to /24. More precisely, the author would like to make this change once the current pool of 2,792,192 (the final 0.3% of the 103/8 pool) of IPv4 addresses is depleted. An interesting note within the discussion of this proposal is APNIC’s recent reclamation of 700,000 addresses. APNIC has gone through their entire database and reached out to all IPv4 owners in order to clean up and reclaim any unused IPv4 addresses to be later delegated to those on the waitlist. This policy proposes that any new space be delegated to only new account holders, including NIR Members.
prop-153 is a proposal where the author is looking to clarify and improve on the proposal process. Specifically, changes to Step 1 of the Policy Development Process (PDP) where the deadline for proposal submissions is not clear.
prop-154 discusses decreasing IXP’s delegation size from /22 to /26. The main reason: it is unlikely an IXP will need to use the full 512 addresses and by reducing the allocation amount there is more available for those in need. If an IXP needs further space down the line they will be eligible for a /22, provided they return the original delegation. The discussion board for this policy was filled with many differing views on whether IXPs are generally under-utilizing the space or will need more to grow into.
prop-155 seems to be universally supported by those that commented on the discussion board. The proposal points out that it is made more difficult by APNIC policy to receive an IPv6 PI assignment if a member has no other address space. If they already have IPv4 they require little to no justification to receive IPv6.
Regarding APNIC Executive Council, there will be a special meeting of APNIC members on September 14 2023 at 14:30 (UTC+9). During this time, APNIC will be conducting its ordinary business meeting regarding budgets and reports. At this time, they will also be open to questions and feedback on the APNIC EC and Secretariat. The five Resolutions being proposed are all regarding the running for, and regulation of, the Executive Council (“EC”). A quick summary of the resolutions is listed below.
All to be voted on by members in attendance of the meeting.
by HiveDigital
Chief financial officers (CFOs) and their corporate finance teams are constantly on the hunt for innovative strategies to better manage cash flow, plan for growth, mitigate risk, and ultimately, drive ROI. As experts in financial planning, analysis, and reporting, finance teams are expected to be adept at navigating the mercurial financial landscape. Yet, achieving peak financial performance requires that they have a comprehensive accounting of all assets within the organization, including those beyond the traditional financial sphere.
CFOs often leverage the expertise and insights of other key members within an organization, such as the chief information officer (CIO) and the IT department, to identify novel opportunities.
For instance, the rise of the digital era has ushered in an entirely new asset class—intangible tech assets. From cloud storage rights to software licenses and IPv4 addresses, these assets have the potential to become invaluable revenue sources capable of funding project budgets, offsetting overhead expenses, or powering company growth.
Yet, the true potential of such assets often goes unnoticed and untapped.
In a world increasingly influenced by digital innovation, traditional asset classes have expanded to incorporate intangible tech assets. As the name suggests, these are non-physical, digital assets that can provide the company with value of some sort. According to common accounting standards, to be eligible to be recognized as an intangible asset, they must be:
Typically, these intangible assets are either developed internally, purchased by the business outright, or acquired as a part of a larger M&A deal. Common examples include:
Let’s focus on one of the more commonly overlooked intangible assets: IPv4 addresses. These represent the bedrock of connectivity in the digital ecosystem, with every device on a network requiring one to function online.
Couple a nearly exhausted supply of IPv4 addresses with historic consumer demand and it’s no wonder why prices have surged fivefold in less than a decade.
Many companies are currently sitting on a large inventory of IPv4 addresses—potentially worth hundreds of thousands of dollars—and many don’t know they own these assets, let alone understand their market value. Balance sheets tend to exclude any mention of IPv4 address blocks, or they are looped into some “miscellaneous” category along with other intangibles.
However, with the right knowledge and a strategic approach, these IPv4 addresses can be leveraged to drive ROI. Selling them outright, leasing them for a steady revenue stream, or using them as collateral for business expansion are all viable ways to tap into their potential value.
Because a CFO may not always have real-time visibility of every asset under their purview, they often outsource this task, relying on other trusted leaders and specialists within the organization to help them spotlight opportunities.
One such crucial ally is the CIO—the organization’s digital pathfinder. With their tech expertise and ideal vantage over the company’s technological landscape, including its intangible tech assets, CIOs can play an instrumental role in providing support to the CFO. In that capacity, their role extends beyond simply maintaining the existing tech infrastructure; rather, it involves actively pinpointing underutilized resources as well as potential opportunities for strategic tech investments.
By conducting comprehensive audits and assessments, they can flag potential goldmines for the CFO and suggest potential avenues to maximize the value of these often-overlooked assets, such as IPv4 address monetization strategies.
Once a tech asset has been successfully identified, the baton passes to the CFO and their finance team whose task it is to understand, assess, and evaluate the new-found resources. Harnessing their vast financial acumen, the CFO can then decipher the potential value and implications these assets may have on the organization’s bottom line.
A CFO’s expertise—grounded in financial planning and risk management—allows them to extract and translate these technological assessments into strategic financial insights. Moreover, having a complete, accurate, and up-to-date snapshot of the company’s total asset portfolio, including intangible tech assets, enables the CFO to make the most informed and beneficial decisions for the organization.
In today’s business environment where technology drives value and competitive advantage, the CFO and CIO relationship becomes paramount. Effective collaboration between these roles can lead to better alignment of IT investment with strategic growth plans and improved business performance. However, as Deloitte notes, fostering such a relationship is often challenged by differences in communication styles and perspectives. To that end, here are some strategies they suggest to strengthen this essential partnership:
Navigating the complex world of IPv4 addresses on your own can be daunting. Whether you aim to invest in IPv4 addresses or maximize the value of addresses your business already owns, partnering with a reliable and seasoned IPv4 address broker alleviates all major concerns. Common benefits include:
Effective collaboration between finance and IT teams can help unlock the untapped potential of intangible tech assets, especially IPv4 addresses. By working together and aligning their strategic goals, CFOs, CIOs, and their respective departments can identify, evaluate, and monetize these assets to boost the business’ bottom line.
For reliable brokerage services and support, contact us today.
by HiveDigital
Normally, a business generates, acquires, and manages various assets—including both the tangible (physical) and intangible (non-physical). While the innate value of tangible assets like cash or property is easy to see and understand, the same can’t always be said for intangible assets.
Take IPv4 address blocks for example. This intangible asset class may be worth a great deal, especially given recent market demand. However, many corporate finance teams are entirely unaware of the potential goldmine that may exist in their IT department. Certainly, they will know little about how to extract its full value. Balance sheets commonly miss any specific mention of IPv4 addresses, whether they are forgotten outright or sorted into a vague category that is easily overlooked when it comes to a merger, acquisition, or divestiture.
IPv4 addresses are the building blocks of connectivity within the digital landscape. Every device on a network—be it a smartphone, a server, or a router—requires an IPv4 address to access and be reached on the internet.
As such, IPv4 blocks have long been considered a prized asset for any business aiming to expand its network. But the price of these internet addresses has skyrocketed in recent years due to their utility and scarcity, especially as major companies like scramble to acquire millions of them.
In 2015, the average price of an address ranged between $7.50–$10. Now, less than a decade later, they range between $40–$60.
But what factors impact pricing?
Another factor in IPv4 valuation and management is the block size.
In the past two years, the larger the block of adddresses, the more each IP address included in it was worth. However, i n recent years, there have been fluctuations in the value of different-sized IPv4 blocks.
For example, in 2020, a significant price gap emerged between larger and smaller blocks. According to a report by IPv4.GLOBAL: “From June 2020 through August 2021, the price gap between large and small blocks ranged from 2.4% to 17.5%. This dynamic led to sellers breaking up /16 blocks to be sold in multiple transactions of smaller blocks since this netted more per address for the seller.”
Since late 2021 a curious price inversion has occurred in IPv4 markets. The long-term trend that discounted large blocks has reversed. Blocks of 65,000 addresses and more now trade for 20-35% more than small blocks.
If a business is currently sitting on a large inventory of IPv4 addresses, it is in good company. Many business owners are surprised when they uncover a vast surplus of unused IPv4 addresses—more than they could ever hope to utilize to their fullest extent.
Rather than simply letting those intangible assets lie dormant, many companies opt to monetize their address stockpile to fund both immediate and big-picture endeavors.
Typically, most businesses will select one of two monetization pathways:
Which option is best for a business?
| Sell Addresses | Lease Addresses | |
| Revenue Stream | One-time | Ongoing |
| Risk Level | Low | Medium |
| Control Over IPv4 Addresses | Transfer ownership | Retain ownership |
| Time Commitment | Low (once sold) | High (continuous) |
| Flexibility | Low | High |
| Time Commitment | Low (once sold, management ends) | High (continuous management of lease agreements) |
| Market Dependency | High (dependent on current market rates for sale) | Medium (depends on ongoing demand for |
IPv4 addresses can be thought of as a piece of art or memorabilia that’s been sitting in the attic, gathering dust for years. Overlooked and forgotten, they remain buried in the company’s ledger, lumped in with the “miscellaneous” section of the company’s intangible assets. That is, until an asset audit—usually during the lead-up or aftermath of an M&A deal—brings them to light.
Suddenly, that “piece of junk” is actually worth a fortune. In some cases, IPv4 address blocks are passed on and rolled over from multiple merger and acquisition deals, having been looped in as miscellaneous assets over and over again. As previously mentioned, many balance sheets exclude any specific mention of these IPv4 addresses prior to a sale, so it is crucial to take inventory and potentially uncover these surplus IPv4 blocks that can be liquidated for significant financial gain.
Corporations that own IPv4 address blocks can utilize them to drive business expansion. Benefits of these intangible assets include:
In the modern financial landscape, IPv4 addresses represent valuable intangible assets that can help drive business growth and financial stability. Yet, harnessing their full potential requires strategic insights and expert management.
As an ARIN-qualified facilitator, IPv4.Global can help your business navigate the complex marketplace while maximizing the ROI of its intangible assets. With more than 60+ million addresses brokered, we’re the world’s leading broker for appraising, selling, or leasing IPv4 blocks.
For transparent, experienced, and reliable brokerage services, contact us today.
August 17, 2023
From 2014 until 2019, it was very easy to get multiple blocks of 1,024 IPv4 addresses – a /22 – from the RIPE NCC. Each member could have multiple accounts, called LIRs, and get a /22 for each one.
This policy was intended to minimize the barrier to entry for new organizations. They could build a small network with some IPv4 addresses. While new entrants had some protection, the market price for IPv4 addresses more than doubled. It was about $10/address in 2014 but over $20/address in 2019.
The impact was substantial. RIPE NCC LIR numbers more than doubled from 10,000 members to 25,000. About 20,000 /22s were distributed. And from 2013 the RIPE NCC had a low, flat fee per LIR. While the precise numbers vary each year, there has been a sign-up fee and the annual flat fee has been about €1,500-1,750.
This means that LIRs were paying about $7/address, which they could sell on the market for a considerable mark-up after holding for just two years.
The last /22 was distributed in November 2019.
Some believe that the RIPE NCC’s supply-side management impacted market pricing. Two years after the last /22 was allocated the price peaked at over $60/address. The RIPE NCC’s membership rolls are reducing, too. Membership numbers have dropped by about 2,000 members in the last two years.
New members still pay about the same amount but they get less for their money. They can be added to the IPv4 Waiting List to get 256 IPv4 addresses – a /24. There are over 1,000 LIRs in the queue and the first one on the list has been waiting for over 400 days.
This is a concern for the RIPE NCC’s Executive Board. In their consultation on the 2024 charging scheme they stated that “we expect many members with multiple LIR accounts who received resources in 2021 to merge these accounts in the coming year.” While they proposed a tiered model with fees ranging from €650 to €10,000 based on the resources under management, that is not what the members voted for.
In 2024, RIPE NCC members will pay €1,550 per LIR. New members will also pay the €1,000 sign-up fee.
We expect large numbers of /22s to come to market in the coming months.
by Leo Vegoda
Jewelers are eager to buy up old jewelry and recycle the metals and gems into something new. Gold and silver are too precious to send to landfill. APNIC is doing something similar with IPv4 addresses.
But while some organizations will get low cost IPv4 addresses, everyone benefits from better quality data about who has IP addresses and how to contact them.
In February 2021, APNIC’s board resolved that anyone whose APNIC-registered IPv4 addresses pre-date APNIC would need to become a member. They gave this small group until the start of 2023 to sign-up. Those who didn’t could lose their addresses.
APNIC contacted the registrants and users of the addresses, explaining the situation.
There wasn’t much pre-APNIC address space in this situation: about 4,000 blocks. Almost 80% were /24s (256 addresses) but there were 85 /16s, previously known as Class Bs (65,536 addresses). It added up to just over 7 million addresses.
APNIC’s work achieved two goals.
Registrants updated their organizational details and contact information for addresses they use. Networks use this contact data when they need to debug and resolve connectivity problems. APNIC reclaimed and will reallocate some addresses that aren’t needed, or that were allocated to organizations that don’t exist now.
So far, the process has delivered on both fronts. Over 400 organizations, with 2 million addresses, updated their records. APNIC also removed 1,009 registrations: almost 750,000 addresses.
The project is not over. APNIC is still working on the status of over 2 million addresses that aren’t routed and more than 1.5 million that are.
Some of those addresses could come back to APNIC while others will stay with their current users. Any addresses that stay with their current users will have had their registrations checked. The contact information published in APNIC’s whois database will be more reliable than at the start of the process.
The five RIRs registered transfers of about 90 million IPv4 addresses in 2022. That is more than five of the top-level /8 blocks. While 3.5 million more addresses could come back to APNIC for reallocation, that’s a tiny fraction of demand.
The demand comes from two places.
The RIR communities developed policies to ensure that they can provide small blocks of IPv4 space to new market entrants. That’s why they make very small allocations and run waiting lists.
APNIC will allocate new members up to a /23 (512 addresses). The APNIC community is discussing a proposal to halve this and will decide at APNIC 56, in September 2023.
But new entrants are a small part of the market. The market is the other part of the policy formula.
As long as some networks need IPv4 space, the largest networks will need it. And because they will need it they will need a lot. These organizations work with sellers and often support them with renumbering and associated work.
The five RIRs worked with ICANN on an Identifier Technical Health Indicators (ITHI) project. The project focused on measuring the quality of a wide range of services. The RIR registries were a part of this, alongside the way the domain name system works.
The RIRs developed a set of three metrics and set a target of 100% for each:
Perfection is a tough target. And it’s not possible in a world where things change. But activities like APNIC’s review of historical resources help sustain a high level of data quality.
Another APNIC process serving this purpose is the six-monthly check of abuse contacts. APNIC tests that the contact is accurate and contactable. Members have a very generous 15 days to respond. Most experts expect abuse reports to be acted on within minutes or hours: not weeks.
RIRs can only allocate small blocks of IPv4 addresses and the waiting time is often over a year.
The only predictable way to get IPv4 space is in the market. The market relies on high quality registry data about the organizations with IP addresses. Work like APNIC’s review of historical resources helps push towards the 100% targets defined in the RIRs’ ITHI metrics.
IPv4.Global’s platform offers the most transparent pricing. We can help at every stage, so contact us for help with your addressing needs.
by Lee Howard
On Friday, July 28, 2023, AWS announced they would begin charging for every IPv4 address an account is allocated or using on the platform, starting February 1, 2024. That’s a change from the current scheme, which only charges you for addresses you reserve, but aren’t using, or if you reassign the same address over a hundred times a month.
The rate is $0.005 per hour per IP. Assuming 30 ½ days per month, the cost of a single IP is $3.66 per month. If you only have one address, that’s a minor increase to your monthly AWS bill. However, some enterprises and universities have moved hundreds of systems to the cloud. With current IPv4 prices for small blocks in the low $30s per address, buying a /24 (256 addresses) pays for itself in less than a year.
AWS also encouraged users to consider, “accelerating your adoption of IPv6.”
To see how many IPv4 addresses you’re using on AWS, log into the console, under your name on the top right choose Billing > Cost & usage reports > Create Report, enter a Report name, check Include resource IDs, Next. Choose an S3 bucket or create a new one. You may have to wait up to 24 hours to see your report under “Cost and Usage Reports.”
Warning: scary technical content follows!
After you buy your /24, here’s how you get started using it. AWS has a free way to Bring Your Own IP (BYOIP):
$ openssl genpkey -aes256 -algorithm RSA -pkeyopt rsa_keygen_bits:2048 -out private-key.pem$ openssl rsa -in private-key.pem -pubout > public-key.pem$ openssl req -new -x509 -key private-key.pem -days 365 | tr -d "n" > certificate.pem,/code>-----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----text_message="1|aws|123456789012|192.0.2.0/24|20241201|SHA256|RSAPSS"signed_message=$( echo -n $text_message | openssl dgst -sha256 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:-1 -sign private-key.pem -keyform PEM | openssl base64 | tr -- '+=/' '-_~' | tr -d "n")aws ec2 provision-byoip-cidr --cidr 192.0.2.0/24 --cidr-authorization-context Message="$text_message",Signature="$signed_message" --region us-east-1aws ec2 describe-byoip-cidrs --max-results 5 --region us-east-1 to look for the block.aws ec2 advertise-byoip-cidr --cidr 192.0.2.0/24 --region us-east-1The whole process, except waiting for AWS to provision, should take less than 20 minutes. Text in consolas font above should be pasted exactly, after replacing text in red with your specific values.
To download a Word file of the above, click here.
Demand for /16s has kept prices even, perhaps marginally higher. Demand for /20 – /17 blocks is up slightly, enough to find a price equilibrium. The volume of small blocks available is high and prices have continued to slip.
Considering long term trends, prices increased at a very steady rate 2014-2018, before flattening in 2019-2020 then spiking in 2021. At this point, prices of small blocks have returned to the level they would achieved had the original (2015-2018) steady rate of increase simply continued.
by IPv4 Staff
Companies sell (or transfer) assets in many different ways, not always in the normal course of business. Sometimes distress causes bankruptcy or liquidation. Other circumstances for asset transfers occur during mergers, acquisitions and various forms of reorganization. It is often the case that multiple classes of assets are transferred in a “bundle” including a number of valuable things, of differing varieties. An entire portfolio of assets can change ownership in a single documented sentence.
Because the variety of assets bought and sold can be considerable, many types move without anyone being fully aware of them. During mergers, language in purchase agreements may include, “and all other assets” to cover anything being transferred that is not explicitly included in an inventory of things bought and sold. Which means, “everything else not listed here” is being sold by one entity to the acquiring entity.
Intangible assets, like patents or copyrights, are transferred in such exchanges more or less invisibly. IP address blocks are similar but not the same. They are frequently unused, under-used, or overlooked. So, they move from one company to another without much notice, invisible to all the participants.
IP address transfers present their own official requirements. These “challenges” aren’t busy paperwork. ARIN (and the other RIRs) are deeply concerned with illicit use of IP addresses. To stop such use they are sensitive to and watch for the illegitimate transfer of addresses. So, RIRs require different kinds of proof of ownership when approving an official transfer.
When multiple, undocumented, out-of-sight sales or mergers of companies have happened, this can be a problem. Put simply, for transfers to be recognized by ARIN, ownership, documented in a title transfer, must be established. This is a baseline requirement in order for ARIN to recognize the transfer.
A “chain of title” is the record of ownership, documenting the sequence of transfers of ownership of any property. It is an historical timeline that documents – ideally without gaps – who the owners of something have been and who they are now. Of course, many kinds of things can be assets and so, therefore, can be owned. Obvious examples include real estate or automobiles. But intangibles such as copyrights or patents can also be owned and so frequently include a proof of ownership: a title. Even “rights” are traded. The right to farm a piece of land one doesn’t own might be an asset that is owned by a person or entity.
A ”registration” is not a “title.” That is, registering a vehicle with a state department of transportation almost always requires a proof of ownership: the title to the car. But the reverse is not true: one can sell an automobile, transferring the title without informing the state in which it is registered. If the title to the thing was transferred correctly, proper notary and signatures in place, title has changed but the registration hasn’t. The registering agency is in the dark.
In a further anonymizing of asset ownership, possession and use can become vague or even invisible. The 1937 Cord your grandfather won in a poker game and stored in his barn but has never driven or registered is a pretty invisible asset. Especially if, getting older, he forgets it’s behind the third stall on the left. If grandpa’s land (and the barn and the car) passes to his children, probate will likely see to it that the title to the real estate is transferred to a new owner. But the car – though probably now the legal property of his estate – will have no formal transfer of title. And no valid registration. Any attempt to register it will likely fail.
The ARIN community has developed policies to govern IP address transfers. Most are rigoroius but largely routine. However, complexity can arise in two broad categories: transfers arising from mergers & acquisitions, and reorganizations. ARIN’s role in either case is to confirm that there is a chain of title from the original registrant to the new registrant.
ARIN performs this task using only supplied paperwork. The purpose here is to discover and reject illegitimate claims to title and/or attempts to use another, legitimate owner’s addresses.
To validate ownership, ARIN accepts authenticated copies of documents describing the transfer of assets, such as:
In the case of name changes, ARIN accepts documents such as amended articles of incorporation, or a government verification of the change.
ARIN’s CEO, John Curran, has publicly explained that they look for consistency and coherency in validating documentation.
This sounds simple enough but can become quite complex when multiple mergers, liquidations or other corporate transactions happen. Simple matters such as typographical errors, missing or non-existent documentation can frustrate the process. Nevertheless, the scope the internet and networks generally, plus the occasionally nefarious behavior of some players in this field makes caution necessary.
It wasn’t always this way. The internet’s early registration practices were less formal. Everyone knew everyone and so more casual naming was used. For instance, an early IANA registration illustrates the early off-handedness that has been rinsed from the process. The registration for 12.0.0.0/8 lists “AT&T Bell Laboratories.” But ARIN’s registration was updated last year and shows “AT&T Services, Inc.” along with current contact information. Informal registration records from the past don’t prohibit IP addresses from being transferred. But thorough reviews of the the chain of title take time. Where the chain of title is murky or entirely undocumented, the process gets progressively more complex.
by Lee Howard & Peter Tobey
Previously, we’ve described the inversion of large block and small block address pricing. By the end of 2022, the divergence had been going on for 18 months and increased until there was a 20% premium on /16s and larger.
In the first six months of 2023, that trend has continued, with larger block prices hovering between $50-55 per address and smaller blocks continuing to fall in price. The difference in recent months has grown to 30-35%, with some small blocks dramatically less expensive than they have been since early 2021.
However, the very tight trading range for IP addresses in general that existed from early 2016 – when IPv4.Global’s auction site began publishing trade data – until mid-2021, has disappeared. Large blocks trade in a tight range. Smaller blocks have traded in a wider range of prices. Small block prices moved in a haphazard – if downward – fashion from mid-2021 through Q1, 2023.
Demand for /16s has kept prices even, perhaps marginally higher. Demand for /20 – /17 blocks is up slightly, enough to find a price equilibrium. The volume of small blocks available is high and prices have continued to slip.
Large blocks (/16 and larger) have remained costly. Smaller blocks have fallen in price but seem to be consolidating around more narrow bands.
Speculating on broad marketplace causes and effects is best introduced with caveats galore. Too often, correlation is mistaken for cause in any financial analysis.
The following are influences we see as likely impacting the market. To what extent each does so, we are uncertain.
Many shrewd observers of the IPv4 market will opine that demand for this crucial element of network expansion varies independently of price for the addresses. That is: folks who need addresses buy them. The overall need for addresses is immediate and outweighs variation in price. Relatively small price variations don’t dampen need in this theoretical scenario.
Of course, this does not always prevail. Those with multi-year expansions often have fixed maximums on their spending plans and will often bargain shop.
However, supply may very well influence pricing. And pricing impacts supply. It is simply true that the increase in IPv4 prices that followed rising demand in late 2020 and early 2021 encouraged the expansion of market supply. Rising prices surely prompted some additional sales. But that price increase was followed by falling demand during most of 2022. (Higher prices often dampen demand, even when the commodity is essential.) Unquestionably, that reduced demand has resulted in falling prices.
This chart shows lower volume (in blue) through 2022, perhaps resulting in falling prices. Note the earlly 2023 increase in volume and prices.
During much of 2022 (and most dramatically during mid-year) blocks smaller than /16s experienced a decline in demand – and a natural trough in transfers resulted. As demand softened, prices at first stabilized and then declined. This end to rising prices and the long, slow trend of falling values began in October 2021 and has continued until today.
It is important to note that prices continued to rise for a time (Q4 2021) even as demand softened. Such lags in supply/demand relationships are not unusual. It is possible that future demand increases will be followed by price increases only after some similar delay in market reaction. Reporting is also a factor: Price changes are a leading indicator. Note that the price date is the date a sale is agreed upon and the volume date is the date the transfer is complete, which is often weeks or even months later.
Beginning in March, 2023 activity in these smaller block sizes increased. This trend is too recent and short-lived to draw sound conclusions from it. However, in connection with some possible stabilizing of small-block prices, one might speculate that rising small block demand, and therefore the prices of them, may continue.
From 2014 until 2019, it was very easy to get multiple blocks of 1,024 IPv4 addresses – a /22 –free from RIPE NCC. Each member could have multiple accounts, called LIRs (Local Internet Registry), and get a /22 for each one. This policy was intended to make sure new networks were still able to get some IPv4 addresses, even as the RIPE NCC was running out. It was about $10/address in 2014 but over $20/address in 2019.
The impact was substantial. RIPE NCC LIR numbers more than doubled from 10,000 members to 25,000. About 20,000 /22s were distributed.
From https://www.ripe.net/analyse/statistics/number-of-lirs
To make this even more attractive, from 2013 the RIPE NCC had a low, flat fee per LIR. While the precise numbers vary each year, the sign-up fee and annual flat fee has been about €1,500-1,750. This means that LIRs were paying about $7/address, which they could sell on the market for a considerable mark-up after holding them for just two years.
RIPE NCC distributed its last /22 in November 2019.
Some believe that the RIPE NCC’s supply-side management impacted market pricing. Two years after the last /22 was allocated the price peaked at over $60/address. The RIPE NCC’s membership rolls are declining, too. Membership numbers have dropped by about 2,000 members in the last two years.
It is possible that the large numbers of /22s that became available for resale around and after 2020 and 2021 has contributed to the steady decline in prices since. The leveling of prices in 2021 may well have spurred sales of these blocks, increasing supply and lowering prices.
Beginning in March, 2022, the Federal Reserve began raising the federal funds rate, causing all other interest rates in the U.S. – and worldwide – to rise. At the same time the Fed forecast more rate increases and has fulfilled that promise by raising rates from 0.25% to the current 5.5%.
In anticipation of these rate increases most financial prognosticators (from bankers to media) anticipated much higher borrowing costs and, most likely, a recession varying from mild to not-so-mild. Without question, recession fears impacted long-term investment planning in some areas of the economy. It is reasonable to assume that network expansion plans, especially those not deemed essential or pressing, were delayed. Such a delay would reduce the demand for IPv4 addresses and therefore impact the marketplace cost of them.
The variables impacting prices are complex. Predicting future prices nearly impossible. The observations here suggest that small and medium-size block prices are stabilizing. If that were true it is anyone’s guess where they will venture going forward. So, the best course is to monitor sales and pricing going forward and be alert to opportunities. Under no circumstances would we predict that prices will remain the same as they are today.
by IPv4 Staff
The American Registry for Internet Numbers (ARIN) is one of the five major regional RIRs responsible for managing the distribution of IP addresses. This includes IPv4, IPv6 and AS numbers. As the name implies, ARIN covers the North American region, including the US, Canada, and many Caribbean and North Atlantic islands.
In response to today’s active market in IPv4 addresses, and the many and diverse buyers and sellers for these assets, ARIN has fielded many inquiries about the often-complex transfer process. In addition, it is among their core functions to assure legitimate, efficient transfers of IP addresses. So, in response to that need, the status of Qualified Facilitator was created.
As John Sweeting, Chief Customer Officer at ARIN, explains, “Buyers and sellers will be able to access our list of qualified facilitators, which should improve the overall customer experience and address concerns raised by community members about transfer support, as well as streamline the transfer process with ARIN Registration Services.”
ARIN created the Qualified Facilitator Program (QFP) to be “a resource for the community to assist in identifying Qualified Facilitators engaged in brokering the transfer of IPv4 or Autonomous System Number (ASN) resources in accordance with ARIN’s Number Resource Policy.”
Under the QFP program, a Qualified Facilitator (QF) is recognized by ARIN as a uniquely trustworthy intermediary capable of assisting in and facilitating the smooth transfer of IPv4 addresses between entities—whether that means buying orsellingddresses. A Qualified Facilitator can provide services like:
In short, the ARIN QF status signals an organization’s competence, trustworthiness, and adherence to best practices and ethical standards in the management of IPv4 resources. In the first month the QFP was available, only four organizations have received this accreditation, which only serves to underscore the rigorous requirements and high standards imposed by ARIN.
An ARIN Qualified Facilitator can play an essential role in ensuring the stability and integrity of the IPv4 marketplace. They can help foster an environment of trust and transparency, making it easier and safer for organizations to navigate the often-complex process of IPv4 address transfers.
Using a Qualified Facilitator may be a good option for:
When you work with a Qualified Facilitator, you can operate confidently knowing that you have a trustworthy and experienced IPv4 brokers in your corner.
Advantages of partnering with a QF include:
Historically, the IPv4 address transfer process could be a lengthy and complicated affair, especially if it was brokered by an underqualified facilitator.
From start to end, a QF like IPv4.Global can ensure that the entire transfer process is conducted with maximum efficiency. We have the expertise to handle the myriad technical complexities, providing clients with peace of mind and extra time to focus on their core business operations.
By entrusting IPv4 address transfers to a Qualified Facilitator, clients can benefit from a smooth, efficient, and compliant process bespoke to their unique needs and requirements.
Additionally, it’s important to note that ARIN has stringent transfer requirements. Compliance with these rules is essential for ensuring a smooth and legally-binding transfer of IPv4 resources.
As a requirement of the status, a Qualified Facilitator must be familiar with ARIN’s rules and regulations. They must have completed the ARIN qualification process. (Note that awarding the qualification is based on an interview and review by General Counsewl and ARIN’s Chief Customer Officer.) A QF’s dedicated team ensures that all transfer procedures adhere to these regulations, and that all contractual obligations are met and transfer fees are paid, thereby minimizing the risk of legal or regulatory noncompliance, potential penalties, or delays in the transfer process.
A Qualified Facilitator can also pull back the curtain to provide total visibility over the entire transaction process. This includes:
ARIN is in regular contact with Qualified Facilitators—whether it’s sharing the newest updates or best practices, their mission is to ensure that QFs adhere to the most stringent and up-to-date standards.
This continued support and collaboration ensures that customers receive the assistance and guidance they require to confidently navigate the intricacies of IPv4 transfers while proactively addressing any concerns that might crop up.
Put simply, this dual support ensures that clients experience a streamlined transfer process with enhanced support at each step of the journey.
IPv4 became an ARIN Qualified Facilitator in June 2023. As a QF, IPv4.Global provides clients with a reliable and transparent transfer experience.
With more than 60+ million addresses transferred, IPv4.Global already was the world’s most trusted broker for appraising, selling, or leasing IPv4 blocks. And now that we’ve been named as a Qualified Facilitator, there can be no doubt about our commitment to excellence.
by Leo Vegoda
In the beginning, all data networks were local, so all network addresses were local. Before Vint Cerf led DARPA’s Internetting Project, a globe spanning network of data networks was impossible.
The early internet was small. Most of the users were its builders, or worked alongside them. It was also culturally cohesive. Security was less important than developing the technology.
That changed in 1989. The US National Science Foundation allowed commercial traffic on its internet backbone. This signaled a change in the nature of the internet. It was no longer small and the diversity of its users was growing fast. So fast that engineers started to worry the IPv4 address space was too small.
They began developing strategies for IPv4 runout in March 1992. They discussed the possibility of some addresses only being unique within a local network. By 1994, three blocks of addresses had been reserved for use on private networks. They deliver just over 17 million IPv4 addresses: enough for all but the largest of networks.
But internet engineers did not standardize the technology for connecting private networks and the internet. Many considered the concept heretical. They wanted “every system to be globally accessible” and knew this required “a globally unique addressing system.”
John Mayes, a consulting engineer, regularly renumbered networks for clients. Often, they had used unallocated IP addresses for a private network. When they connected to the internet they experienced address clashes. Data didn’t flow reliably.
In 1995 he and Brantley Coile developed the first commercial Network Address Translator (NAT). It solved their clients’ technical problems. It also provided a stateful firewall, which many networks of the time were missing. This was the PIX, or Private Internet Exchange, named to riff on PBX running telephone networks inside a business.
We now have two types of unique addresses and two types of non-unique addresses.
When you get your IPv4 or IPv6 addresses from a registry, you are paying for three things:
This means you can publish GeoIP information about your network and share the names used on your network. Reverse DNS is helpful for network troubleshooting and testing.
There is no technical difference between private and shared addresses. The distinction is down to the intended use case. Private addresses are intended for use on end user networks. That means anything from a domestic WiFi connection to a large bank’s internal server infrastructure.
Internal network communication can use the private addresses. Communication from the internal network to the internet must be supported by a NAT. The NAT maps the internal address to an external address for the duration of a session, which could be under a second and could last for days.
But the number of sessions is limited by the NAT’s hardware capacity and the size of the pool of unique addresses it has available. Networks that generate many simultaneous flows, or many long lived flows, will need a bigger pool of unique addresses.
Shared addresses are intended for use on service provider networks. Engineers agreed to reserve an extra 4 million IPv4 addresses for shared use because many service provider networks had already used all the private addresses.
IPv6 is so big that its private addresses can be unique. Internet engineers have reserved a /8, which is 0.4% of the IPv6 address space. That doesn’t sound very much but provides over a trillion blocks and they could be used if that was necessary. This is because they are used one-by-one and not organized as hierarchies.
The risk of an address clash between any two networks is about one in a trillion. It increases with the number of networks. The risk of a clash between any thousand networks is about one in 40 billion.
But avoiding address clashes depends on users generating a properly random prefix. There are online tools and freely available code to help anyone manually generating a prefix. But popular services, including Apple’s consumer products and Google’s cloud services automatically generate random prefixes, reducing the chance for human error.
A second /8 was also reserved but should not be used now. It was originally intended as a place where people could register a prefix for a small one-time payment. This approach was abandoned because of the huge challenge of ensuring an organization running the service could survive for at least a century.
July 10, 2023
Every US state will get at least $107 million to deliver high-speed broadband access to everyone by 2030. Bigger states will get more. California gets $1.9 billion and Texas will $3.1 billion.
This spending comes from the American Rescue Plan and the Bipartisan Infrastructure Law.
President Biden says that 35,000 projects have been funded or already started. Hundreds of them are in rural and Tribal communities.
He described it as “the biggest investment in high-speed Internet ever.” He then noted that “Internet access is just as important as electricity was or water or other basic services […] it’s become an absolute necessity.”
The White House wants internet access for 8.5 million locations in under-served and rural communities. It says that 24 million Americans do not have high-speed internet access. Millions more only have slow or unreliable access.
Prices continued the trends seen through 2023, with /16 pricing holding steady and smaller space easing.
by IPv4 Staff
In recent years, the IPv4 address market has witnessed a surge in demand and value, with IPv4 address prices reaching historic highs. As the market inched ever closer to supply exhaustion, prices rose from an average of $10 in 2015 to an astounding $55 in 2022.
Even before the surge, IPv4 addresses were widely recognized as valuable intangible assets. However, with the average value now having increased fivefold in less than a decade, their significance and worth have reached entirely new heights in the modern digital landscape.
But here’s the thing. Because IPv4 addresses are intangible assets, many major institutions may inadvertently and unknowingly sit on a veritable treasure trove of unused IPv4 address blocks. Educational institutions in particular may find themselves in a prime position as potential sellers in the current market.
The question then arises: How have educational institutions come to possess vast reserves of untapped IPv4 addresses, potentially worth hundreds of thousands, if not millions of dollars?
In the Internet’s earliest days, the world wide web was not in the public eye. For the first decade or so, it was predominantly used as a research and educational tool.
As early adopters and pioneers of this technology, universities and research institutions were among the first to be assigned IPv4 addresses. Allocations of addresses were quite generous, with some institutions assigned class A address blocks with more than 16,000,000 IPv4 addresses each.
But why were they given so many addresses?
There were a few reasons for this:
Today, a great deal of IP address space remains dormant simply because too many addresses were distributed to some networks. Even major universities with significant network traffic and devices can’t hope to fully utilize every address in their stockpile.
Knowing that, instead of letting these address surpluses simply collect digital dust, many educational institutions have taken purposeful strides towards monetizing these intangible assets in order to finance both immediate needs as well as long-term projects.
Typically, most universities will have one of three available pathways:
But how do they decide on what’s the best option?
Here’s how these paths stack up:
| Selling Unused IPv4 Addresses | Leasing IPv4 Addresses | Using IPv4 Addresses as Collateral | |
| Financial Gain | One-time lump sum payment | Recurring income | Access to funds for loans/investments |
| Control Over IPv4 Addresses | Transfer ownership | Retain ownership | Retain ownership (risk of loss in case of default) |
| Flexibility | Limited (once sold, no longer owned) | High (can lease to different businesses) | Moderate (contingent on loan/investment terms) |
| Risk Level | Low (once sold, no further obligations) | Moderate (ongoing management and potential disputes) | Moderate to High (contingent on loan/investment terms) |
| Selling Unused IPv4 Addresses | One-time lump sum payment |
| Leasing IPv4 Addresses | Recurring income |
| Using IPv4 Addresses as Collateral | Access to funds for loans/investments |
| Selling Unused IPv4 Addresses | Transfer ownership |
| Leasing IPv4 Addresses | Retain ownership |
| Using IPv4 Addresses as Collateral | Retain ownership (risk of loss in case of default) |
| Selling Unused IPv4 Addresses | Limited (once sold, no longer owned) |
| Leasing IPv4 Addresses | High (can lease to different businesses) |
| Using IPv4 Addresses as Collateral | Moderate (contingent on loan/investment terms) |
| Selling Unused IPv4 Addresses | Low (once sold, no further obligations) |
| Leasing IPv4 Addresses | Moderate (ongoing management and potential disputes) |
| Using IPv4 Addresses as Collateral | Moderate to High (contingent on loan/investment terms) |
While myriad factors impact IPv4 pricing, ultimately, IPv4 addresses are subject to the most basic of macroeconomic principles—the price movement falls in line with supply and demand. Supply has steadily approached exhaustion while demand has increased exponentially.
The reason for the supply crunch is glaring. In the early 2010s, the Internet Assigned Numbers Authority (IANA) depleted its pool of available IPv4 addresses that could be assigned to RIRs. Soon after, the other five Regional Internet Registries (RIRs) also depleted most of their entire stock.
Put simply, the supply is capped, with no new IPv4 addresses being created. In response, existing owners are less willing to part with these increasingly valuable commodities.
On the other side of the price equation is demand—it’s shot up. And, there are several factors that contributed to this precipitous rise:
July 6, 2023
ARIN issued about 45,000 addresses to 63 organizations on 5 July 2023. 617 organizations remain on the list, waiting for addresses. This is an increase of 56 since April 2023.
ARIN reports that almost 700,000 addresses have been transferred between ARIN region organizations so far this year. Just over 1 million addresses have been transferred in and out of the region in the same period.
The organization that has been waiting the longest, joined the queue in June 2022. They will have to wait at least until the next distribution in October 2023.
On average, they want 669 addresses but would accept 648. This is almost the same as last quarter. It means their average need is a /23 and a /24. This is because IPv4 addresses are issued in CIDR blocks. The smallest block size available is a /24, which is 256 addresses.
June 14, 2023
ARIN warned that the wait time for IPv4 space from its Waitlist is years, not months, at NANOG 88 in Seattle.
There were 632 requests on the list at the end of May 2023 and it grew by 429 requests in the last year.
The long wait comes despite ARIN fulfilling 136 requests in Q1 2023. This compares with 151 in the previous three quarters. John Sweeting, ARIN’s Chief Customer Officer explained that this is the result of an influx of reclaimed IPv4 space that is unlikely to be repeated.
ARIN completed 373 transfers by the end of May 2023. This is about 75 per month, while 2022 saw about 80 per month.
ARIN introduced a Qualified Facilitators program at the start of June. Its goal is to “get a transfer completed” so this number could grow by the end of the year.
July 5, 2023
ARIN is consulting with its community on integrating fees for ASNs into its regular fee structure.
The proposal would cost an extra $100 a year for 6,800 organizations whose only resource from ARIN is one ASN. These organizations would move to the lowest 3x-Small fee tier.
This fee tier allows up to three ASNs as well as IPv4 and IPv6 addresses. Organizations with more than 256 ASNs would be categorized as Medium and pay $4,000.
ARIN expects about 15 multi-resource customers to end up paying more and over 300 to pay less. They would save between $50 and $1,750.
This consultation closes on 30 July.
July 5, 2023
Organizations with legacy IPv4 addresses but no ARIN contract will need to pay more to access some ARIN services after December 31, 2023.
Organizations with legacy IP address space must sign a contract with ARIN, called an LRSA, to access services like RPKI. ARIN caps fee rises for organizations with legacy IP address space when they sign an LRSA. Fees, now $175 a year, will rise by no more than $25 each year.
ARIN has not yet announced the fees for LRSAs signed next year.
by Leo Vegoda
RIRs have always supported IP address transfers arising from corporate mergers and acquisitions. The affected networks focused on two things: removing duplication of core services, like DNS, mail and storage, and aligning security policies.
The market adds the opportunity to realize the asset value of unused and poorly used IPv4 addresses. What are the key steps to take when integrating networks?
You can’t control resources you do not know about. Turning hidden assets into a windfall is nice but a complete view of your network is essential to identify precisely its configuration, utilization and general health. If you can’t control resources through allocation and configuration, you can’t implement your network security policy and manage required improvements.
A good IP Address Manager (IPAM) will not just act as a database for recording where addresses are supposed to be used. It will scan your network for actual use and help you plan for future use. Combining a real time view of your internal network with logging and business planning will reduce the risk of undocumented devices causing problems.
If you’d like to scan your IP inventory using a free tool designed for viewing but not maintaining a network’s IP use, try ReView. It doesn’t perform many of the functions of a robust IPAM but will offer an excellent overview of your network’s utilization.
Many IPAMs integrate with DHCP and DNS. This means your devices get registered, get an IP address, and a name. Automating these administrative tasks lowers operational costs. IPAM and DNS integration is particularly useful when deploying IPv6 as IPv6 addresses are long and client devices frequently change addresses.
Consolidating IPv4 addresses into one contiguous block both simplifies security policies and makes it easier to transfer (sell) the remainder through the market.
Your organization’s public services, like web and mail, still need IPv4 for the foreseeable future. It often makes sense to host these externally with specialist providers.
Client devices also need some IPv4 addresses for internet connectivity. But the devices themselves don’t need unique addresses – they can share pools. There are multiple technologies and tools available to translate between IPv4 and IPv6, including NAT64 and 464XLAT.
Fig 1: Deploying IPv6 opens a gateway to the future and makes valuable IPv4 addresses available for sale.
IPv4 is valuable because it is scarce. There is no IPv6 scarcity, and perimeter security translates between IPv4 and IPv6 just like it translates between RFC 1918 and unique IPv4 addresses.
Keeping separate blocks for providing services, for addressing gateways, and for internal infrastructure is useful. External hosted services will often rely on data or decisions hosted on your network. These limited access services might need unique IPv4 addresses when the external provider does not support IPv6.
There are just over 17 million private IPv4 addresses. Many large organizations have used them all and also squat on large allocations that are not announced on the internet. It is always likely that private IPv4 addresses will clash with those in use by partners, vendors, or a future buyer. So, it’s best to design networks so that renumbering can be automated. That requires an IPAM for managing addressing and a configuration management system to ensure that infrastructure, like DNS, uses the new addresses and clients know them.
There is no shortage of IPv6 address space. The /48 prefix most enterprises will get by default contains 65,635 subnets. And plenty more is available. Less than one percent of the total IPv6 space has been allocated so far.
Private IPv6 addresses, called Unique Local Addresses (ULAs), are available for free. The key difference is that they are unique. When the process for selecting a prefix is followed properly, the likelihood of a clash with another network is about one in a trillion. There are online tools that will implement the prefix generation process suggested in RFC 4193 for you. Using that or a similarly random process is essential for minimizing the risk of a future clash.
Organizations that prefer to buy certainty can get globally unique IPv6 addresses from a Regional Internet Registry. This will generally incur a small annual fee, like the $250 per year charged by ARIN.
One key advantage of getting IPv6 addresses from an RIR over a ULA is the reverse DNS domain can be delegated to your organization. If you use a ULA and want to use reverse DNS internally, your local resolvers will have to be configured to answer those queries.
Not all buyers are the same. Some buyers will actively support sellers through consolidating and transferring addresses. This can include renumbering to a new, smaller block. Of course, the responsibility for identifying and remedying reputation issues and consolidating subnets is ultimately with the seller. However, qualified brokers can help with both issues.
When freeing up a large amount of IPv4 space, speak with brokers and ask how they can help your organization both realize the value of a hidden asset and mature technical operations. Using IPv4 wisely in this way can help you save money in the longer term through improving security and deploying IPv6, which will be staying for decades to come.
Running a university isn’t easy on the pocketbook. Between salaries, services purchased, benefits, depreciation, supplies and equipment, and real estate, total annual operating costs for a major university can run into the hundreds of millions of dollars.
So, it’s no surprise that many colleges struggle to find sustainable funding sources necessary to keep their doors open and maintain quality education. Traditional methods such as tuition fees, government grants, and private donations may not always be sufficient to cover their financing needs.
Enter the world of IPv4 address blocks—a hidden treasure trove that many universities don’t realize they possess. This intangible asset could be the key to unlocking much-needed funds for dream programs and state-of-the-art campus facilities.
Higher education institutions are no strangers to financial hurdles. Even before the pandemic shook up the college landscape, many universities were already close to running over a fiscal cliff. But COVID accelerated the issue, according to CNBC:
“In a survey conducted by the Association of American Colleges and Universities, 74% of respondents said the most significant challenge facing their school is financial constraints. Smaller schools were more likely to report these concerns. A significant 79% of schools with fewer than 5,000 students said financial constraints are a significant challenge, compared to 52% of those from schools with more than 30,000 students.”
In the aftermath, colleges and universities are dealing with rising costs due to inflation, supply chain constraints, rising interest rates, and increasingly complicated compliance burdens. And these external pressures only compounded the existing financial challenges faced by universities, such as:
IPv4 addresses are a unique string of 32-bit numerical values that identify devices on a network that uses the Internet Protocol version 4 (IPv4) communication protocol, known more colloquially as the internet. These addresses enable devices to communicate with one another over the internet or a local area network (LAN).
When the internet was first created, it was largely designed for research and education. And its earliest adopters were often universities.
Consequently, a significant number of these institutions were granted extensive allocations of IPv4 addresses, known as address blocks. These allocations often comprised tens and even hundreds of thousands of unique addresses, far exceeding the needs of the universities, then and now. And so, millions of IPv4 addresses were left to sit and gather digital dust—unused and, over time, forgotten.
For many universities, this oversight has turned into good fortune.
In the early internet, the concept of IPv4 address exhaustion was unimaginable. 4.3 billion unique addresses seemed to be a more than adequate supply.
As we know now, that’s certainly not the case. The internet grew over the decades and more and more devices began to connect to it—as such, the supply of available IPv4 addresses started to dwindle.
Today, IPv4 addresses are a scarce and valuable resource. In recent years, prices have increased by nearly 20% annually, rising from $10 in 2015 all the way to $60 at their peak in 2021.
While prices have dropped from the historic heights of 2021, they still hover around the $40 to $55 dollar range. With a block of 65,536 unused addresses—often found in higher education institutions—there are millions of dollars worth of potential funding opportunities for universities and their big-picture goals.
Even at a large institution, chances are, you won’t ever fully utilize all of the addresses that were originally allotted. Instead of letting them go to waste, several forward-thinking universities have taken actions to monetize these assets, thus allowing them to finance their campus projects.
If you think you’d like to join the ranks of those cashing in some of their IP assets, consider the following. In most cases, you’ll have one of three available pathways to IPv4 monetization:
Sell the unused IPv4 addresses outright – Some universities opt to sell IPv4 blocks. In exchange for a one-time lump sum payment, they then irrevocably transfer ownership to the new buyer.
Lease the IPv4 address – Other universities prefer to lease out their unused IPv4 blocks, rather than selling them.
Use IPv4 addresses as collateral for loans or investments – Want to secure a loan for a major project? You could also use your IPv4 addresses as a form of collateral to back the loan or investment. Of course, this carries a measure of risk—if you default on the loan, the addresses could then be seized. Also, were the assets to decline in value the lender might require additional collateral.
When it comes to selling or leasing your intangible assets, the most critical decision is who you’ll trust to broker the deal. The IPv4 market is frictional. Brokers make it less so by bringing buyers and sellers together.
A high-quality broker can provide reliable and transparent information and services. They can act as a trusted partner, helping you:
Faced with mounting operational and funding hurdles, universities must get creative when it comes to securing funding. Monetizing IPv4 addresses is one such solution that is often overlooked but could be the optimal funding mechanism.
As the world’s leading broker of IPv4 addresses and more than 55+ million addresses moved, the IPv4Global team can work with you to create a brokered solution that secures funding when you need it.
To learn more, contact our team today.
The History of Internet Administration
by Leo Vegoda
The internet grew slowly, at first. The original four ARPANET nodes were connected in 1969. Computer networking grew through the 1970s and there was demand for commercial connections by 1988. The Washington Post reported that there were 500,000 internet users that year[PT1]. Users who enjoyed access while at university or work, wanted to retain access for the social connection it provided.
Although registry data was collected as early as 1971, the first recorded use of the term Internet Assigned Numbers Authority (IANA) was also in 1988.
While the name IANA references numbers, it manages three sets of data (and their [PT2] functions) for the internet. These are:
But any reasonably complex system requires management. Organizations also need rules by which to operate consistently and efficiently. Which is to say, the administration of the internet needed a kind of civil service. The internet’s civil service had been established in one man: Jon Postel. But because the internet was so small, he both set and administered policy.
History suggests that a system involving large numbers of people ought to separate the policy making for that community and the administration of those policies. Doing so avoids conflicts of interest and worse. So the growing internet needed separate policy making. Quite naturally, the pressure for resource management policies grew with the reach of the internet.
The increasing globalization of the internet led to guidelines for new registries outside the US. RIPE NCC, serving an area centered on Europe, was established in 1992 and APNIC, serving the Asia Pacific, followed a few months later. InterNIC managed both domain name and IP address registration in North America from 1993 until 1998, when ARIN was the third Regional Internet Registry (RIR) to be established.
LACNIC, serving Latin America and parts of the Caribbean, was established in 1999 and recognized by ICANN in 2002. Three years later, AFRINIC was recognized and became the fifth RIR, serving Africa and the Indian Ocean.
Fig 1: By 2005 there was a professional and impartial RIR serving each continent
ICANN, the Internet Corporation for Internet Names and Numbers, was established in 1998. It was created to reduce the US government’s direct responsibility for the internet. ICANN took on the IANA functions and created a policy for recognizing new RIRs.
By way of broad description, ICANN offers the following overview and graphic element on the internet:
“The Internet itself is a globally distributed computer network comprised of many voluntarily interconnected autonomous networks. Similarly, its governance is conducted by a decentralized and international multistakeholder network of interconnected autonomous groups drawing from civil society, the private sector, governments, the academic and research communities, and national and international organizations. They work cooperatively from their respective roles to create shared policies and standards that maintain the Internet’s global interoperability for the public good.”
Fig 2: Registries are run by formal organizations but standards and policy development is
ICANN, IANA, InterNIC, and the RIRs all maintained public registries identifying which organizations used internet resources. They also provided standardized, non-discriminatory, processes for requesting new resources and updating registration information.
The regionalization of registration provided several benefits. Firstly, international bandwidth was still expensive, so distributing the service lowered costs. Having a registry in roughly the same time zone as users allowed for telephone conversations. And each registry created a regional forum for the exchange of expertise and development of policy.
ARIN’s policies for North America could reflect its specific needs.
The RIRs all provide the same core services.
Some of the RIRs also provide technical training and forums to discuss internet management issues, like IPv6 adoption.
When John Postel was the IANA he used his good sense when allocating blocks of IP addresses. Policy development had to be formalized as the internet grew in importance and administration was distributed around the world.
Fig 3: Jon Postel – Photo by Irene Fertik, USC News Service. © 1994, USC.
These policies had to be anchored in the capabilities of the networking technology. At first, this meant distributing addresses in three block sizes because that is what the routing protocol demanded. We’ve written more about the development of routing technology here.
CIDR, which allowed more granularity, was introduced in 1993 as the RIRs were being formed. The RIRs soon created policies that reflected the adoption of CIDR. (Read more about CIDR in the blogs CIDR in Networking and Making CIDR.)
In 1996, RFC 2050 documented the four goals that have guided policy ever since:
ARIN now supplements these with two goals. One addition is stewardship. This is to ensure that addresses go to those who will use them. The other is reserved pool replenishment. This is to ensure that addresses can be allocated when returned to ARIN.
The policy details varied between the RIRs but the direction of travel was to make the policy less generous as IPv4 became more scarce.
IPv4 exhaustion was first predicted at the San Diego Internet Engineering Task Force meeting in 1992. Improved technology and policy have continued to push the date further into the future.
IANA allocated 19 /8 blocks – each about 16 million addresses – in 2010: about 8 percent of the available total. There are about 8 billion people in the world and only 3.7 billion IPv4 addresses available for use.
The internet’s ability to deliver valuable personalized communications, information, and entertainment at low cost was unprecedented. It was a huge market success. The size of the IPv4 space was seen as very generous when IPv4 was developed. Most network protocols of the time allowed for 256 or 65,000 connections. The inventors could not have anticipated that everyone in the world would want to connect.
IANA allocated its last five /8s blocks in 2011.
IANA started allocating the RIRs smaller blocks in 2014. Each RIR got just 256 addresses in [1] [2] 2019 – the last crumbs.
ARIN and the other RIRs implemented waiting lists, so that new organizations could get some IPv4 addresses for the cost of a membership.
The waiting list is currently long but serves a purpose. Sometimes an organization closes without transferring its addresses away. ARIN reclaims those addresses and can then allocate them to a new organization through the waiting list.
They also manage transfer processes. One recognizes transfers that result from corporate mergers and acquisitions. The other lets organizations transfer addresses to a specified recipient.
ARIN vets and approves Qualified Facilitators. These are organizations that help organizations that need addresses from the market. Facilitators must now pass a certification program. The goal is to ensure that facilitators can get a transfer completed. ARIN wants them to provide robust assistance to organizations transferring space away or in[3] [4] [5] .
The key requirements are:
The journey from 1969 to 2023 connected more than half the world’s people. We still need to connect the other half. Multiple agencies and businesses are also developing plans for permanent, automated and humanly-occupied bases on the moon, which is close enough for real time communication. IPv4 has been spread very thin but is unlikely to stretch far enough to connect everyone and everything that people want from the future internet.
IPv6 is the more spacious solution to IP addressing.
ARIN began allocating IPv6 addresses in 1999. It was a global bootstrap process to learn from the first 100 allocations. This experience could be used to develop the policy needed by organizations deploying IPv6 in their networks.
ARIN’s community joined the APNIC and RIPE communities to use that experience to develop a coordinated policy. It was ready in 2002. The key differences from IPv4 policy are the overwhelming importance of the aggregation goal and a new goal: minimizing overhead.
The core of IPv6 policy developed in 2002 has worked well. Google reports that almost half of its traffic now comes over IPv6. Despite this, barely 0.5% has been allocated for use because there is so much IPv6 address space.
Each new ARIN member’s default allocation is enough to serve at least 6 million residential subscriber customers. And they can get more if they need them.
The major challenge of internet use worldwide isn’t the availability of address space. It’s making sure that the low density and island nation communities have good internet service.
The internet’s civil service has proved itself a reliable steward of the internet’s number resources over the last 35 years.
ARIN and the other RIRs have reliable processes for requesting and managing both IPv4 and IPv6 addresses. They support community-led policy development while ensuring their people do not advocate for policy outcomes.
They operate reliable infrastructure. The public has access to registry data and members can manage that data through web portals and APIs.
ARIN and the other RIRs are consistently improving their support for RPKI, the digital certificate technology used to improve the security of internet routing.
When Jon Postel proposed recording “Sockets in use” in 1971, this kind of registry function was innovative for computer networking. ICANN, IANA, ARIN and the other RIRs have made the management of internet number resources a mundane piece of infrastructure. Their services are highly reliable and are used by most consumer and business internet services.
They have smoothly managed the transition from a free pool of IPv4 addresses to a market based transfer system. IPv4 addresses remain available to organizations that need them.
If your organization falls into this category, IPv4 Global is a trusted partner you can rely on. We’re a fast and transparent broker of IPv4 addresses.
Contact us today to learn more.
June 21, 2023
ARIN’s Advisory Council has started a discussion on a policy proposal to disallow the leasing of space obtained from its waitlist.
Organizations getting space from the waitlist cannot transfer it for five years. The only exception is for corporate mergers or acquisitions. This proposal would expand that restriction. Those organizations would not be able to lease it, either.
The community is discussing the proposal on ARIN’s PPML. It will also discuss the proposal at ARIN 52 in October 2023.
The proposal can only advance to the next stage if there is community support. ARIN will publish a staff and legal review on the proposal ahead of ARIN 52.
A Terrific IPAM Auditing Tool
IP address management (IPAM) is a crucial investment for organizations with growing network ecosystems. An expanding network likely means network managers are routinely keeping track of anywhere from hundreds to many thousands of IP addresses and the devices connected to these addresses.
If poorly managed, a busy IP address infrastructure can result in network chaos and deepen network inefficiencies. With the right IPAM tools, any organization can successfully improve network visibility, save IP address space, and implement stricter privacy and security control over network traffic.
ReView, a recently released IPv4.Global product, stands out in the IPAM space for its robust IP address visibility. ReView simplifies the assignment and allocation of IP addresses, streamlining network management for operators and administrators. Unlike most cloud-based IPAM tools, ReView is a local application, meaning users have more control over data sharing and privacy.
This brings us to the question: just how does ReView streamline IP address management and enhance your IPAM tools?
To understand the importance of efficient IP address management, imagine tracking all the IP addresses assigned to devices on a network daily. That’s all the workstations, laptops, mobile devices, IoT devices, and web servers connected to the networks in a company’s infrastructure. In any enterprise setting, this process is too cumbersome to remain effective in the long term. Before IPAM tools, network managers were tasked with organizing and tracking all of this using spreadsheets and text files, which was an overwhelmingly cumbersome and inefficient process that could become so deeply established as a management routine it was nearly-impossible to pull away from.
Enter IPAM systems, which automate this process by integrating with the Dynamic Host Configuration Protocol (DHCP) to assign devices static or dynamic IP addresses, tracking each of these assignments to minimize network chaos.
As each device connects to a network, the DHCP provides a static or dynamic IP address, enabling network administrators or operators to track devices until they disconnect from a network. Using IPAM to map an entire, up-to-date network infrastructure is helpful if an enterprise’s network is rapidly growing, with users routinely accessing the internet via their networks.
Even with a growing number of IPAM tools on the market today, network inefficiency related to IP address management remains a concern. Many organizations still track IP addresses manually, creating a high potential for service interruption, security risks, and time-consuming network updates.
ReView was developed in partnership with 6connect to resolve these concerns. It provides users with audit-based visibility of their IP address holdings, revealing inefficiencies such as unused IPv4 address blocks that can be monetized for additional revenue. Beyond improving network visibility, ReView enables faster IP address block segmentation and streamlines network expansion.
Broadly speaking, ReView does what one would expect an IP address audit tool to do: identify inefficiencies in IP address management and offer potential solutions. Looking at the bigger picture, ReView optimizes network management strategy and provides long-term cost savings through sheer transparency. There is no other tool that exists which can audit and provide a completely accurate inventory of IP address blocks to the extent ReView can.
Let’s dive into how ReView empowers IPAM:
For a network administrator, it’s crucial to understand how their organization assigns or allocates IP addresses, especially as it pertains to security and operational efficiency. ReView’s address visibility and management features simplify IP address recordkeeping, helping network admins to visualize network dynamics—especially as they evolve.
Whereas a 10-person startup can operate effectively with a single network admin keeping track of IP addresses, chances are this person will be overwhelmed when the organization grows to 100 people. Even with a dedicated team of network operators manually managing IP addresses, this 100-person company might encounter challenges when:
A tool like ReView can address these IPAM challenges head-on, minimizing time, operational, transparency, and financial constraints.
When conducted routinely, an audit of an IP address management infrastructure will spotlight inefficiencies and unused or underused IP address blocks that could save money or provide revenue from these hidden, dormant assets.
In many cases, hidden IP address blocks can be uncovered in this way and sold for significant returns in today’s competitive market. Likewise, if an organization is aware of, and doesn’t anticipate using, its unused IPv4 addresses, it can sell or lease them to minimize any additional operational costs it currently incurs.
Whether it’s a growing organization looking for new IP addresses or a company interested in unique IP addresses compatible with older devices, chances are there is a ready buyer or renter. In 2022, single IP addresses could be sold at $50+ each—a dramatic increase from $20 in 2019.
Ultimately, well-organized IP blocks will save time and money in the short and long term. That said, it is challenging to achieve maximal network efficiency without the help of an IPAM audit tool like ReView.
Here, companies can realize cost savings when consolidating IP addresses. For instance, a growing company looking to purchase new IP addresses in order to meet the demands of its next expansion phase might actually discover there’s sufficient network space post-IPAM audit—saving on potentially significant capital expenditure.
IP address consolidation is also more efficient with ReView’s network visibility features. Network admins and operators can extensively review their current IP address allocations and determine the feasibility of purchasing new space or divesting unneeded blocks.
As the internet grows, speed matters. Whether it’s faster networks or security scans, automation makes a difference when optimizing IPAM operational efficiency.
Unlike manual IPAM processes for discovering networks, automated IPAM tools are efficient and provide real-time information about IP address block usage. Conveniently, one can import configuration details into ReView to ensure they meet network discovery needs.
On top of being a fast, automated network scanner, ReView takes IP address management to the next level by improving IP address visibility across enterprise networks, increasing network efficiency, and identifying cost savings opportunities. It’s also a local app, meaning there’s no need to worry about cloud security risks or the privacy intrusions that come with data sharing.
Download ReView (free) and discover the scope of its auditing abilities.
Prices for /16 blocks are holding steady. Demand for medium sized blocks (/20 – /17) is lower than larger and smaller blocks, so just a few transactions can change reporting. Broader trends continue, with smaller block trending toward a slightly lower price than larger blocks.
May 30, 2023
The RIPE NCC’s members did not approve new charges for transfers or ASNs at its May 2023 General Meeting.
The RIPE NCC had proposed a €500 charge for each transfer and a €50 charge for each ASN.
The members adopted the lowest cost membership option: a flat fee of €1,550 for the member’s own address space. There is an extra €50 charge for each PI assignment managed by the member.
The alternative options included two higher fixed fees. The RIPE NCC’s preferred option was a tiered system with charges ranging from €400 to €10,000.
May 30, 2023
The RIPE NCC expects to make about 300 /24 allocations in the next six months. About 1,000 members are waiting for allocations and the member at the top of the queue has been waiting over a year.
When the waiting list opens again, they expect a two year wait.
This is because most waiting list allocations come from de-registrations. These are decreasing. They mainly come from member and end user verification work. They have verified almost all registrations. When that work is complete the stream of addresses coming back to the waiting list is likely to dry to a trickle.
The RIPE NCC closed its waiting list to new entries in April, ahead of the vote on a new charging scheme at RIPE 86, in May 2023. Its board worried that the tiered model might create a rush to submit new applications.
The board expects to open the waiting list again, after the vote.
by Leo Vegoda
Above: Francis Greenway on the front of Australia’s $10 banknote, circulated from 1966 to 1994
Issuers have given important documents, like paper money, more security measures over time. There’s a constant battle against forgers. (Pictured above is Francis Howard Greenway, an English-born architect who was exiled to Australia for forgery.) Issuers face the risk that people will reject legitimate documents when they cannot distinguish them from fakes. Users face the risk that they accept a forgery or reject a real document, losing value in both situations.
Banknotes are a mechanism for communicating value between participants in a transaction. They are one set of identifiers used in the baking system. Traders might decide to reject customers who regularly supply fake banknotes.
That said, recent research notes that “people accept banknotes […] without consciously verifying authenticity.” Checking the validity of each dollar bill given in change might not be necessary. But as Suzanne Massie explained to Ronald Reagan, we can, “trust but verify.”
That’s why cashiers will sometimes run a banknote under a UV light or mark it with a special pen. Modern banknotes have a variety of security features that allow users to check that they are real.
But it’s not practical to check every banknote in a fast-paced retail environment. Low denomination banknotes arriving in the morning are likely to go out as change that same day. The cost of verifying each note manually means that retailers often have policies to only check banknotes above a certain value.
For many years it was standard practice to require a Letter of Authorization when announcing IP address space for someone else. For instance, researchers measured the unauthorized use of unallocated IPv4 addresses in the runup to the last IANA allocations. They asked for Letters of Authorization (LOA) to use the addresses they would use for the research.
The researchers, the RIRs, and the networks announcing the addresses knew each other. But networks don’t always know their customers. They have to trust the paperwork.
The paperwork for a LOA is much easier to forge than a banknote. No-one expects security features like a hologram. In 2016, APNIC’s Chief Scientist, Geoff Huston described the process as, “a matter of ASCII artwork.” He went on to say that it is, “no surprise that this practice is being abused by address hijackers.”
Verifying legitimate control of IP addresses was hard to do. But the impact of not verifying is significant.
People notice both hijackings and ‘fat fingers’ events – i.e. errors. Most of the time, the authorized user of the resources notices: they get less traffic. But the rest of the internet notices, too. These events get written up by non-profits and multiple commercial services.
The routing protocols we rely on today were developed in a much friendlier environment. NSFNET, which grew into the internet, allowed commercial traffic in 1991. This is the same year the initial BGP protocol description stated that “Security issues are not discussed in this memo.” BGP is the routing protocol that ties the internet together.
Its protocol developers probably did not anticipate that their designs would still be in use more than 30 years later. But they did anticipate that networks would want some level of control. In an accompanying document they noted that political, security, or economic considerations might influence interconnection policy. And that “policies are provided to BGP in the form of configuration information.”
We now have 18 routing registries where organizations can publish their policies in a standard format. This proliferation creates a complex environment. People ask for advice on discussion forums when they get confused. When they get things wrong, they can end up disappearing from the internet or attracting traffic they don’t want.
Some of this can be fixed by automating verification.
We’ve talked about the slow deployment of the Resource Public Key Infrastructure (RPKI) before. This is the technology that allows network operators to sign digital certificates that communicate very simple policy statements about IP addresses. At the moment, these have three elements:
Each of the RIRs has a portal for managing certificates and the objects they sign, along with places to publish them.
Because RPKI uses cryptographic certificates, organizations now have a much better tool than old fashioned LOAs. No amount of ASCII artwork can trick software into validating a bogus certificate. And because RPKI uses standard cryptography, validation can be automated.
If LOAs are the equivalent of paper banknotes, RPKI is like Chip-and-PIN card payments.
We call the object that connects a block of IP addresses with a network’s Autonomous System Number (ASN) a ROA. That is a Route Origin Authorization. It also allows the network to communicate if it will announce a smaller part of the address block, known as a more specific route.
An ROA certifies the link between IP addresses and the network that can use them.
Address holders can create ROAs authorizing their transit provider to announce their address space. They can also create a ROA for a big block of addresses while allowing announcements of smaller parts of the address block – the more specific route.
Other network operators can automatically validate these certificates and the objects they sign. They can use the results of the automatic validation when implementing policy in their router configuration. This automated validation limits the risk posed by both address hijackers and fat fingers incidents.
RPKI can be a part of increasing trust on the internet because it enables automation and is chained back to the IP address registries.
One element is implementing what we already have: ROAs. These let you validate that the network announcing addresses is authorized to do so. Another part of it is updating the routing protocol itself. BGPSec is an extension to BGP that validates the whole path a packet takes.
Implementing BGPSec will take years because it requires routers to get new cryptographic certificates. Large networks have thousands of routers and that’s a lot to manage.
It will also require significant development by the RIRs as most organizations rely on their hosted RPKI services.
In the meantime, the RIRs are planning to implement RSC. This is a technology that will let you sign any file with your RPKI digital certificate. It will make it easier for partners, suppliers, and customers to validate that the organization controlling the IP addresses is also the organization buying transit, connecting to an IXP, or agreeing to peer with you.
As we move away from trusting beautifully designed pieces of paper and towards cryptography, we also need to put more trust in the organizations that issue the new digital certificates. Their management of the trust anchors must be verified. That’s why the RIRs are investing in audits.
This is the manual element our automated trust architecture is chained back to.
You can watch the RIPE NCC’s free webinar on BGP and RPKI. This will introduce you to the technology.
You can also look at implementing tools to reject BGP announcements that don’t match up with RPKI certificates. APNIC has published a guide to doing this. And the shared RPKI documentation site lists relying party software tools and when they were last updated, so you know the tool you choose is being maintained.
May 22, 2023
RIPE 86 – ROTTERDAM, The Netherlands, 22 May 2023 – IPv4.Global, the largest, most trusted and transparent IPv4 marketplace in the world, today announced the release of ReView, a new, first-of-its-kind digital IP address audit tool at RIPE 86. ReView was developed in collaboration with 6connect, the authors of revolutionary provisioning and IP address management software.
Many organizations have disorganized IP address holdings and are deterred from performing a detailed inventory by the potential time and expense. ReView, a new, free audit tool from IPv4.Global, allows network operators and administrators to quickly and easily gain visibility of their IP address allocations, and more effectively manage their records. ReView allows users to easily understand how their IP addresses are allocated and assigned.
While many companies have turned to IP address management (IPAM) software to help them manage IP address allocations in increasingly dynamic networks, a significant proportion still attempt to track their IP addresses manually. Ineffective manual management of IP addresses results in increased risk of service interruptions, creates potential security risks, and makes updates to the network more time consuming. IPv4.Global’s ReView delivers the information needed to optimize network efficiency and unlock cost savings.
With ReView, organizations can quickly gain a clear picture of their entire address holdings. In addition, a thorough address audit delivers additional financial benefits as address consolidation avoids unnecessary purchases of new addresses and often reveals hidden, unused IPv4 address blocks which can be monetized.
“Efficiently utilizing IP address space streamlines operations and reduces costs, sometimes even generating revenue,” said Lee Howard, Senior Vice President, IPv4.Global. “Our new audit tool – a first-of-its-kind – lets network managers review how their address blocks are used, allowing them to renumber if necessary, so they can more efficiently plan to acquire new space or divest unneeded blocks more effectively.”
With well-organized IP blocks, network administrators can easily group devices with the same rules and permissions into consecutive addresses or blocks, ensuring faster network updates and reducing the likelihood of accidentally creating security risks by omitting devices from updates. Additionally, network expansion is more efficient as new addresses can be rolled out quickly and optimally.
Aaron Hughes, CEO at 6connect added: “Our focus is on solving today’s network management challenges by helping automate manual processes. This latest digital tool, developed in collaboration with IPv4.Global is another dynamic platform that simplifies the process of IP address discovery, eliminating the laborious process of checking each connected device in turn.”
To perform an IP address audit using ReView, users need to sign up for a free account, download and run the app from Windows, Apple, or Linux. They then choose their preferred network discovery approach – which is performed either via a fully automatic network scan, or by importing configuration details directly to their local ReView app. The app then lists the IP blocks that are in use, allowing users to see how efficiently their IP address blocks are being consumed.
IPv4.Global, a division of Hilco Streambank, is the most trusted IPv4 marketplace in the world. We operate the only transparent, public marketplace to ensure our buyers and sellers get the most value for their transactions. Our multi-tiered platform, backed by the most experienced team of transfer analysts, facilitates transactions of varying IPv4 block sizes, ranging from small public to large private transactions. IPv4.Global provides credible, transparent services to our buyers and sellers, making it the most trusted marketplace worldwide. For more information, please visit https://ipv4.global/
6connect’s SaaS solutions provision, manage and discover IPv6 and IPv4 addresses, DNS/DNSSEC zones, DHCP pools, and networked or virtual assets for service providers and enterprises. Our policy-based, one-click provisioning, discovery and asset management software unifies and automates critical network and virtual asset workflows that underpin cloud infrastructure stability. The 6connect platform is available as a highly scalable cloud or on-premise solution, saves significant amounts of the time normally spent on these tasks, and provides significant operational savings over legacy appliance providers of DDI, IPAM, and cloud infrastructure hardware. https://www.6connect.com/
For Additional Information:
John Walker
404.626.0051
by Leo Vegoda
John Locke’s labor theory of property states that we create property by mixing our labor with something natural. He uses the example of a person owning an apple after they have picked it from an unowned tree. Which makes perfect intuitive sense for everything that can be considered “substantial” in the sense that it is made of a material substance.
But there is an entire class of intangible things. These aren’t exactly natural, in Locke’s sense, but are nevertheless real. Many can be classified as intangible assets, with a further subset of those known as intellectual property. This is a sizable universe of stuff: copyrighted art, music and writing, patents, trademarks and brands, etc. But in spite of being the products of human effort – insubstantial – these forms of intellectual property are commonly owned by someone or some entity.
IPv4 addresses are what the World Intellectual Property Organization calls “creations of the human mind.”
But unlike artistic creations, or patents, IP addresses aren’t subject to invention. IPv4 addresses are just numbers, starting at zero and ending at 4,294,967,295. They are the range of numbers specified in the protocol developed by Vint Cerf and Bob Kahn. There are a very large, if finite number of them. In the case of IPv6 addresses, there are a practically unlimited number of them, and they are all free. But each IPv4 and IPv6 IP address is unique and therein lies its value. Because they are unique, IP addresses are used to deliver packets of data to specific locations. Very specific locations, the one designated by the sole controller of its use.
Does this specific use make IP addresses “property?” If a “property right is the exclusive authority to determine how a resource is used” then IP addresses probably don’t fit.
IP addresses are identifiers in a communications system. Because it’s a system, multiple organizations must use the identifiers. The sender, intermediate networks and the receiver.
In order for IP addresses to universally function as extremely targeted destinations two things must be true about them. First, each must be identified in a generally-available list of destinations and, second, only one user may use it. An IP address (number) is the internet’s version of a GPS coordinate. It is based on a generally accepted convention and marks only one spot on the globe.
Early in the life of the internet there was some confused use of identifiers used by pre-Internet Protocol networks. Rules about who was using which were unclear. This, inevitably, led to confused message delivery. RFC 417 from 1972 is five lines long. But those lines explain the value of a registry. TENEX systems were using “link numbers outside the allowed range” – identifiers not assigned to them. Jon Postel, as the IANA, published the RFC – by postal mail – to get the problem fixed.
Nearly 30 years later, an internet service provider (ISP) contacted the internet registry RIPE NCC when its IPv4 address range was announced (used) by another ISP. The RIPE NCC learned that the offending network had used all of its allocated IPv4 address space and just kept going into new territory. They started using addresses from the next block of addresses because they didn’t know that they couldn’t.
After a conversation with the registry, they stopped announcing the other ISP’s addresses. They requested more addresses and the problem was solved.
These two short tales illustrate why sole use of unique numbers is critical to the network. To insure that exclusive use, something has to keep track of the users and their numbers. So, having a trusted authority who keeps records of who has what IP address space is vital. That’s why we have registries for physical property like land and aircraft, and registries and patent offices for intellectual property. Registries are an essential component of a rules-based order. They assign control (and sometimes ownership) to the intangible.
In 2011, Microsoft obtained a large block of IPv4 addresses through the Nortel bankruptcy. The agreement involved defined the seller’s rights as: “Seller’s exclusive right to use the Legacy Numbers Blocks, Seller’s exclusive right to transfer the Legacy Number Blocks, and any other legal and equitable rights that Seller may have in and to, the Legacy Number Blocks.”
Milton Mueller, an economist specializing in the internet, who runs the Internet Governance Project, reported on the Microsoft/Nortel agreement. Mueller that the language used in it established the transfer as involving asset control that was the same as in real property rights.
Not everyone immediately agreed. For many, the extent of the rights in an IP address described as the same as property rights were questioned. The exclusivity of use was assumed. But the absolute ownership of the address was at issue. Clarification by way of judicial decision was required.
The registries, network operators, and the judicial system have gained experience since the Microsoft/Nortel agreement. Nine years later in 2020, in a different case, a Dutch court recognized an order from a German court and bailiffs served it on the RIPE NCC. In effect, a court determined that the rights to an IP address registered to one entity could be litigated as property and transferred by court order. In the ruling the court distinguished between ownership of the number and control of its registered use. Importantly, it found that “the resources were not owned by the member and that it was the right to the registration which could be seized.” The RIPE NCC complied.
The result is that the registration an IP address is unique, worldwide. Registration maintains uniqueness in the sense that it makes clear who is the authorized controller of an IP address. Registration includes the ability to transfer IP address use to someone else, subject to the policy of the registries, in return for payment. Thus, “ownership” is of the registration, not the address itself.
by Leo Vegoda
“It is not necessary to change. Survival is not mandatory.” – W. Edwards Deming
Deming’s joke hides a tough truth. We have to adapt because the world around us is always changing. That is the situation the internet’s architects found themselves in at the start of the 1990s.
The ARPANET had become the NSFNET when it moved from Defense Department oversight to the National Science Foundation. It became the internet in 1991 when the US government allowed anyone to connect. As soon as business could connect, rapid growth became inevitable. That growth threatened the architects’ initial addressing plan.
The threat was the result of the distribution system in place for doling out “blocks” of addresses. The system in place at the time subdivided all the available IP addresses into three flavors. Those flavors included 16,777,216 (Class A), 65,536 (Class B) and 256 (Class C) addresses. These very different sized packages of addresses left the distributors of them few choices, Any organization with modest-but-not-small address needs could receive multiple Class C blocks (256 addresses each) or one Class B (65,536). Since dealing with multiple small blocks presented its own challenges (and IP addresses were abundant and free) many were simply given Class B allocations. Far more than they needed.
When businesses became involved, demand soared. Soon, there were not enough mid-sized address blocks to support the rate of growth of the internet. In fact, when the Internet Engineering Task Force (IETF) met in San Diego in June 1992 they projected that there were “less than 2 years” of these address blocks left.
They also noted that the routing system was creaking at the seams. Older routing protocols, like EGP and RIP, “were designed for a much smaller number of networks” and the routers deployed at the time were reaching their memory limits.
The story of the design considerations that lead to this situation is an interesting one.
When the Internet Protocol was introduced, it was part of an experiment in computer networking. Computers were slow and expensive. So, the architects divided up the address space into three main areas, called classes. Each class had a limited number of possible networks in it and those networks were all the same size.
This meant the routers would know which network any address belonged to based on the first eight bits of a Class A network, the first 16 bits of a Class B network, and the first 24 bits of a Class C network.
Fig 1. Addresses in a Class C network are identified by the first 24 bits
A router, the specialized computing device that directs traffic across networks, would know that all addresses starting with 192 have 24 bits of network address. This leaves eight bits for host addressing, meaning 256 addresses.
Fig 2. The Class B space was the best for most organization but just 25% of the total space[1]
Class D was reserved for a special technology called multicast: a way to send a packet once and have it go to multiple destinations. It was widely used in video delivery and financial services.
Class E was reserved for future use and has never been officially allocated.
This architecture had two key benefits. Routers could make decisions more quickly. It also made deciding how much address space an organization needed simpler. In most cases, the answer would be obvious.
The downside was that the Class B space was the best available fit for most organizations connecting to the internet. That said, most organizations did not make efficient use of their Class Bs because it was frequently larger than their needs. Plus, as there were just over 16,000 Class Bs, there was a very real limit to future growth unless the architecture was changed.
By 1993 the IETF had a new addressing architecture. Among the needs it addressed was the ability to assign more accurately appropriate-sized blocks of addresses to networks needing them. They called the new architecture Classless Inter-Domain Routing, or CIDR (pronounced cider).
It was based on aligning addressing – the numbers used by network interfaces – with topology. This meant that IPv4 addresses would be assigned hierarchically, based on the shape of the network. In other words, this is the origin of the IPv4 addressing policy concept of aggregation.
This architecture made some assumptions. While these assumptions were made before relatively cheap computing or international connectivity, they broadly still hold true today.
These included:
The new architecture got rid of the fixed class boundaries. A really big network could have just seven bits of network prefix – the equivalent of two Class A networks. Similarly, a very small network could use just two addresses – 31 bits of network.
This led to better fitting address allocations to networks. In 1996, the newly formed Regional Internet Registries allocated networks with a 19 bit prefix by default. This was the equivalent of allocating 32 Class Cs and a total of 8,192 IPv4 addresses.
Over time this minimum allocation continued to shrink.
There is an inevitable tension between making more efficient use of the limited IPv4 space and routing.
In December 1992 there were 8,561 routes advertised. This was almost 50 times the number reported about four years earlier, in July 1988. By 2014 this had reached about half a million. In March 2023 we are approaching a million IPv4 routes.
This is a consequence of the business impact of the greater precision available with CIDR. It doesn’t just allow more networks to connect to the internet. Networks can also use the same technology to influence how traffic gets to them.
Border Gateway Protocol, the routing protocol that glues the internet together, tries to find the shortest path to a destination. But it will always prefer the most specific route to an address. If there are two paths to the same address but one advertises just 256 addresses while the other advertises 8,192 addresses, the path to the block of 256 addresses will win. This is called deaggregation.
Deaggregating enables traffic engineering. Networks can break up their addresses and have traffic for different groups of addresses take different inward routes. They do this to have traffic come in over cheaper transit providers or to improve the experience of specific customers.
But the same feature of BGP can cause problems. For instance, in 2008 Pakistan Telecom announced some of YouTube’s IPv4 addresses. Their more specific announcement caused a temporary service outage.
Some networks use the service impact of this kind of incident as a justification for announcing multiple routes to small blocks of addresses instead of just one to the whole address block. The advantages accrue to the address holder but the costs are borne by all other networks.
APNIC publishes a regular report detailing how networks deaggregate their address space. In March 2023, one network was announcing almost 9,500 more routes than needed for the addresses they use. This is more than the total number of routes reported on the internet in December 1992.
In March 2023 there are about 75,000 internet networks that manage their own routing. About 52,000 advertise a more specific prefix. The average number of addresses advertised is just over 3,000 addresses.
In the early 1990s the internet transitioned to a decentralized management structure and new architecture in a couple of years.
Change is harder in the 2020s. There are many more participants and most of them aren’t involved in the technology of the internet itself.
One technology might limit the need for deaggregation: RPKI. Its Route Origin Authorization object can tell other networks how specific routing announcements will be. But RPKI is a way to digitally sign assertions not to force compliance. Networks don’t have to use RPKI and NIST shows that about 60% don’t.
One program that might help is the Internet Society’s MANRS. It defines four sets of actions designed to improve the security and resilience of the Internet’s global routing system. By working with network operators, IXPs, CDN and cloud providers, and equipment vendors they drive improvement through some of the most important organizations on the internet.
The warning from 1993 was to “consider the memory requirements [from more routing] information.” The day where some networks see more than a million routes is fast approaching. Some networks will choose to buy bigger, better routers. Others will need to apply filters, much like we saw in 2014 when we crossed the half a million routes boundary.
“Survival is not mandatory.”
By IPv4 Staff
May 11, 2023
Many universities have large pools of unused or under-utilized IPv4 address space. How much is it worth? Why do many universities have unused address space? How can they free it up?
IPv4 addresses ranged in value between $40 and $60 in 2022. A university that transfers about 65,000 IPv4 addresses (a common /16 block of addresses) can raise $3.5 million from a dormant asset.
The internet is an experiment that escaped the lab.
Early support for large-scale networking by the US government focused on Open Systems Interconnect (OSI), which was being developed by telecommunications companies. This system was complex and expensive. Standards were slow to develop even though there was a need for a workable system, especially among the academic and research communities.
In response, academia created the Internet Protocol to serve a simple but pressing need: identifying devices on a network and exchanging data among them accurately. The earliest device-identification and location system dates from 1973, with the creation the very first versions of addressing identifiers. However, it wasn’t until the development of IPv4 by ARPA in 1981 that a system (protocol) gained widespread use. Although it is called IPv4 it is actually the first “Internet Protocol” version assigned. Versions 0 and 1 are reserved and versions 2 and 3 were never assigned. This system – in use worldwide today – identified devices on the new network. IPv4 offers approximately 4.3 billion possible unique identifying number configurations, which was considered more than sufficient at the time.
In the early use of IPv4 – and so the distribution of addresses – was limited because use was among a relatively small group of researchers and academics. These users relied on a single record-keeper, Jon Postel, to keep track of who had which addresses. (He kept a notebook.) Organizations needed to be insiders to connect to the early networks, ARPANET and then NSFNET, so there was no reason to deny requests for addresses. There were, after all, billions. Far more than it was imagined might ever be needed. In 1991, the US government removed restrictions on who could connect to the early internet. Even then, there was no strong demand for IP addresses.
At that time, computing was expensive and slow. One consequence of this was a need to simplify routing protocols. Protocol developers did this by having just three sizes of network, which they called classes.
When organizations needed multiple Class C networks, they would get a Class B, even if they’d only use a small portion of it. An organization that needed just 2,000 IPv4 addresses would have needed eight Class C networks.
Many universities found themselves in this position. They needed a few thousand IPv4 addresses and so ended up with a Class B: about 65,000 addresses.
Because they did not need all those addresses, they could afford to put administrative convenience ahead of conservation. In some cases, this resulted in lots of unused or underused addresses in a patchwork of internal assignments.
Example of a Class B network with large amounts of free space distributed across it.
Due to the early purpose of the Internet, research institutions were given large numbers of addresses. Which meant colleges and universities were distributed overly-large classes of addresses. Many have them today, under-utilized and very valuable.
A more finely sub-divided system of address “blocks” was needed. The system that was created to respond to this problem, CIDR (Classless Inter-Domain Routing), is a routing system in which network engineers can distribute IP addresses based on the size of their specific network.
CIDR (pronounced ‘cider’) was introduced in the early 1990s and is a classless domain routing system. This new system empowers organizations to only get the amount of IP addresses they need in their networks, without wasting unused space. This is more efficient than the previous system because it doesn’t distribute excess addresses.
CIDR blocks permit owners of IPv4 addresses to subdivide and transfer (sell) there excess holdings if they possess a large “class.” The trick is that the numbered addresses one intends to sell must be consecutive. Transferred blocks have to have sequential integrity to have practical value.
For more information about CIDR, see the following:
When looking to access the value in unused IPv4 address space it is worth looking at the alternatives to. They are:
It is possible to transfer blocks as small as 256 addresses. Universities could decide to leave things as they are and just transfer unused space. This could look attractive but it comes with costs. It requires more transfer transactions and adjusting routing and security policies. This means it could have higher risks and costs.
Another approach is to place everything that needs IPv4 addresses in one part of the existing address block. This leaves a large and contiguous range of addresses available for transfer.
IPv4.Global can connect sellers with skilled consulting engineers who can help them renumber their network. The university would then have all its infrastructure in a single, continuous block and a large contiguous block available for transfer.
Larger blocks are attractive and likely to attract a premium, making the renumbering doubly valuable.
For more information on renumbering, see Renumbering IP Addresses.
The previous two options don’t change how much IPv4 address space the university uses. But it is now possible to reduce IPv4 address requirements. Integrating address sharing technologies – generally called NAT – with IPv6 can dramatically reduce the need for IPv4 addresses.
Client devices, like laptops or phones, have all been IPv6 ready for over a decade. Most client devices don’t need a permanent unique address. And security policies often don’t allow client devices to have a unique address, anyway.
Introducing address saving technologies alongside renumbering can more than pay for itself. Client LANs are generally far easier to renumber than routing and server infrastructure, so this can be a quick win.
by Logan Maurer & Akshat Biyani
The term Intellectual property (IP) is used to describe intangible assets that can be legally owned, protected, and monetized. Typical intellectual property assets include trademarks, brands, patents, copyrights, domain names, and internet protocol addresses. IP assets of every kind are a valuable currency in today’s innovation-driven world. They can prove especially important during mergers and acquisitions (M&A) when transacting parties sign off on a change of IP ownership as a part of the deal. That’s because intellectual property adds to a company’s asset portfolio, increasing its value proposition for the acquiring company.
However, it would be wrong to assume that IP rights are automatically transferred during an M&A process. A famous case in point is the 1998 acquisition of Rolls Royce by the German automaker Volkswagen. It was only later that Volkswagen realized it had purchased Rolls Royce without the right to use its trademark, which had been sold earlier to rival carmaker BMW.
The reverse is even more likely: that ownership of intangible assets changes hands without the acquiring company being aware of the transfer. Purchase agreements typically include language referring to the sale of “all other assets” of the target firm. This catch-all includes assets unknowingly owned and so unknowingly sold. So, one may buy an asset and be unaware they have done so. Plus, if unused, and either cost-free or inexpensive to maintain, the asset may go unnoticed for many, many years.
Managing IP assets during an M&A process is, therefore, crucial.
Any large business entity is likely to hold a complex IP portfolio with multiple owners, licenses, and agreements. The transfer of these assets during an M&A deal involves a host of legal, financial, and practical challenges.
Here are some of the most common IP-related challenges your business could face during M&A transactions.
An accurate estimation of a business’s IP portfolio and the risks of infringement with it warrant concrete documentation. That could be related to:
The absence of critical IP data can hinder an acquirer’s due diligence process during an M&A transaction. Developing and maintaining such rigorous documentation is a complex and time-consuming process that businesses may not want to undertake unless expressly advised. Failure to do so can adversely impact the transparency of IP ownership and potential infringement risks during an M&A deal.
Unlike tangible assets, IP portfolios often have a volatile monetary value. Evaluating that value accurately depends on:
There is no standard method for estimating either one of these values. The absence of a closely comparable IP in the open market can make it difficult to estimate an IP asset’s current market value. On the other hand, the value of its future benefits and drawbacks depends on unpredictable factors such as market trends and consumer behavior.
A number of consultancies specialize in the valuation of IP assets. Typically, this valuation process is performed for the benefit of a lender or borrower where the assets will be collateral against a loan. However, valuation services may be in order to benefit the either party in a merger or acquisition deal. Knowing the worth of such assets, both in liquidation and in fair market value, can be critical information for both parties in M&A.
Many IP assets within a company’s portfolio might be licensed rather than owned outright. That binds the owner of such assets to the terms and conditions listed in the licensing agreements. These terms govern the use and transfer of the IP and are likely to affect the acquiring business’s ability to monetize them. In some cases, the acquirer may need to renegotiate the terms with the licensor to ensure the validity of the transfer.
A related issue is the transfer of ownership of jointly owned IPs. When multiple parties share the ownership of an IP asset, a transfer of ownership requires the consent of all owners and may involve negotiating a buyout of their ownership interests.
Incomplete knowledge of licensing and ownership agreements and regulatory compliance measures related to an IP transfer can expose the acquirer to severe legal and regulatory risks.
These include:
Internet Protocol Version 4 (IPv4) addresses are highly valuable. At the same time, they may warrant special attention during a transfer of intellectual property portfolios. Here are a few things acquirers should consider when assuming ownership of IPv4 addresses during an M&A transaction.
IP portfolios can make up for a significant part of the value generated by an M&A transaction. This is especially true for technology-dependent businesses that could derive most of their value through intangible IP assets such as IPv4 addresses. Such deals require proactive management of IP transfer processes.
Here are a few effective solutions that can help with this:
Due diligence is crucial to protecting an acquirer against litigation and regulatory risks during the transfer of IP assets. An effective IP due diligence process would involve the following steps:
Once every IP asset has been duly identified and assessed, the acquirer should develop integration plans and strategies to manage their acquisition. These plans include:
Next, the acquiring company must obtain clear titles to the IP assets acquired, including associated patents, trademarks, copyrights, trade secrets, and domain names. Licensing agreements should also be carefully reviewed during this stage to ensure the viable transfer and enforcement of all ownership terms and conditions. This helps the acquiring company evaluate whether to continue, modify, or terminate existing licensing agreements.
IPv4 addresses are valuable resources that can generate significant value during an M&A deal. Further, the ownership of these addresses can be critical to the acquiring company’s business operations. Acquiring full ownership of all IPv4 assets is crucial in case the acquirer wishes to continue or merge these operations.
The American Registry For Internet Numbers (ARIN) prescribes several regulatory measures that both parties must follow while transferring ownership of IPv4 addresses. Additionally, a thorough valuation must be conducted to estimate the monetary and operational value of these Internet Protocol addresses. This will help the acquirer determine how many of the acquired addresses would add value to the acquisition over the long term. Surplus addresses can be readily sold on marketplaces worldwide.
A majority of the assets owned by businesses today are intellectual property-related. So much so that IP assets can be considered a key driver of the modern economy. Evaluating a target company’s IP assets is crucial to generating positive value during any M&A transaction. That is because IP assets can produce substantial revenue and operational benefits for the acquirer.
At Hilco Streambank, we help clients identify, preserve, and extract value from intellectual property with industry-leading experience, diligence, and creativity. We offer monetization and valuation services that help both parties in an M&A deal conduct successful and economically viable negotiations. Our service catalog includes:
Visit us to learn how we leverage our extensive buyer network and years of experience to negotiate M&A deals.
Prices for /16 and up have been holding steady, with larger blocks fetching premium prices. The pullback on smaller blocks continues, with some sellers setting aggressive prices. It would be logical for prices to remain stratified, as they are currently, where a smaller block is always cheaper than a larger block. Otherwise, higher prices would encourage sellers to split their blocks.
Medium-sized blocks took an unexpected downturn, which may or may not be the onset of a continuing trend lower for small and medium-sized blocks.
April 27, 2023
The RIPE NCC will ask its members to choose a new charging model in late May 2023. This selected model will be used for 2024.
They will specifically ask about introducing a fee for transfers. If approved, it would be paid by members when they submit a transfer request. It would be non-refundable, in addition to the annual membership fee, and set at €500 in 2024.
Work on transfers would only begin after payment is received. They project that transfer fees could bring in €1.2 million.
Members will also be asked to vote on a new charge of €50 per ASN. They project that ASN fees could bring in €1.8 million.
The options for the vote are the outcome of a consultation that started in March 2023.
The four charging models members will choose between are a tiered charging model and three different versions of the current model. Members currently pay a fixed fee for each account, called an LIR.
The three fixed fee options are to:
The RIPE NCC’s board would like members to choose the tiered charging model.
April 27, 2023
The RIPE NCC has closed its IPv4 Waitlist to new applications. Existing applications are not affected by this change.
The RIPE NCC’s board made this change because members will choose a new charging model in late May 2023. They worry that if members choose a tiered charging model there could be a rush of new applications.
They intend to open the IPv4 Waitlist to new applications after the vote. They will discuss an analysis of the options with the community.
1,107 LIRs are on the IPv4 Waitlist. This is 100 more than in October 2022. The LIR at the front of the queue has been waiting for 372 days. The RIPE NCC has previously reported that it expects waiting times to reach two years, soon.
April 11, 2023
ARIN issued addresses to 136 organizations on 4 April 2023. 561 organizations remain on the list, waiting for addresses. The organization that has been waiting the longest, joined the queue in April 2022. They will have to wait at least until the next distribution in July 2023.
On average, they want 690 addresses but would accept 670. That means their average need is a /23 and a /24. This is because IPv4 addresses are issued in CIDR blocks. The smallest block size available is a /24, which is 256 addresses.
ARIN reported over 1,100 transfers within the ARIN region in 2022. They also reported 338 inter-region transfers.
April 10, 2023
RIPE 86 is approaching. It’s happening in Rotterdam between 22 and 26 May. You can influence the consensus on the policy discussions whether you attend or not.
There are three active policy proposals. There are also active discussions that could lead to policy proposals. One is about representing country information in the database. The other is about improving IPv6 policy.
Policy Process
RIPE’s policy development process uses the same definition of consensus as the IETF. Consensus is viewed as a path rather than a destination. It’s a discovery process. But while all issues in a discussion must be addressed, it’s possible that some cannot be accommodated.
You don’t have to pay to attend the meeting over the internet. But you also don’t need to attend the meeting to discuss policy.
Most RIPE policy discussions happen on email lists. Everyone is welcome to join and take part. But meetings are a good way of increasing understanding. They can be vital in developing a consensus.
Proposals & Policies
The Global NOG Alliance manages an interactive web page showing the last decade of RIR policy development. You can use it to search for active proposals that are relevant to you in any region. You can also use it to find the origin of current policies that affect you. It’s a good place to start if you want a policy change.
This proposal would reduce the default size of an assignment to an Internet Exchange Point. New IXPs currently get 256 addresses. This proposal would reduce the default to 64 – but with the option to get a larger assignment.
An Internet Exchange Point is a network for exchanging traffic between more than three networks. Because the networks meet at a common location they can reduce cost and latency. Some IXPs connect over 1,000 networks while others connect just three or four.
The proposal came about after the RIPE NCC reported on the rate at which the reserved pool for IXPs was being used. One way to stretch it further is to drop the minimum size of the assignments. One of the key issues brought up in the discussion so far is the complexity of getting lots of networks to renumber if a new, bigger block of addresses is needed.
This proposal aims to help internet researchers get a routable temporary assignment. An experiment often needs just a handful of IPv4 addresses.
This is a problem when the smallest block of addresses that can reliably be used on the open internet is a /24 (256 addresses). The current policy requires a requester to show a need for 128 addresses if they want 256. This is because CIDR blocks double in size, so if under half of the addresses are used, a smaller block would be more efficient.
This proposal balances the public benefit of academic research against the principle of efficient address assignments.
A small group reported on some areas for improvement in IPv6 policy at RIPE 84, in May 2022. They focused on problems to be fixed. The working group is now discussing the policy outcomes needed and their relative priorities.
Some of the issues are focused on making it easier for access providers to get the addresses they need to serve their subscribers. But provider independent address space is also an issue. Tobias Fiebig recently shared his story of trying to get some IP address space for a measurement network.
This proposal would let address holders stop addresses from being transferred for a predefined period. The RIPE NCC’s board already approved the service on a temporary basis. If approved, this proposal would give community support to the service.
This proposal has been strongly supported by Ukraine’s government. But its proposers hope it will help people in several territories in the RIPE region. They report that some people have been forced to approve IP address transfers at gunpoint.
The ongoing discussion on country codes in the RIPE Database is likely to continue in Rotterdam. The RIPE NCC now uses the country code for the legal address of the organization using address space in the “org:” object. But this can be a different country from where the addresses are used. And many networks are international.
While technology can provide tools to help, the lack of business requirements or defined meaning is a problem that needs to be resolved.
The demand for IPv4 addresses (addresses that allow devices to communicate on the internet) has reached an all-time high. Universities across the country including Penn State, MIT and Harvard and many others are selling large blocks of IPv4 addresses that they do not need (ie. are not using) for millions of dollars.
Yet, most institutions are not yet aware of the amount of unused IPv4 they have, and how much capital they could gain to help support growth initiatives. This article will break down how schools and universities can start selling IPv4 addresses that they aren’t using in a way that maximizes value and eliminates roadblocks in the complex trading process.
The scarcity of IPv4 addresses is driving up their value as demand continues to rise. The Internet Assigned Numbers Authority (IANA) has run out of new IPv4 addresses to allocate, making it more difficult for organizations to obtain new IPv4s for their devices. This has resulted in a high demand for the limited supply these addresses, driving up their value in the marketplace.
Recent data collected by IPv4.Global shows:
With the increased demand for IPv4 addresses, schools and universities sitting on unused IPv4 have a valuable opportunity to generate funds for their campuses. Selling IPv4 can seem daunting, but it doesn’t have to be. Here’s a step-by-step guide for how to sell unused IPv4:
When it comes to selling IP, it’s always in an institution’s best interest to work with a trusted IPv4 broker like IPv4.Global. IPv4.Global is currently helping schools and universities across the country by guiding them through the process in a way that helps them identify the value of unused IPv4 addresses they’re sitting on and using their expertise to get them the best possible prices.
To find out more about how to sell your unused IPv4 addresses, contact IPv4.Global today.
The internet’s device-identification and location system dates from 1973, with the creation of the first version. However, it wasn’t until the development of Internet Protocol version Four (IPv4) by ARPA in 1981 that the system gained widespread use. IPv4 offers approximately 4.3 billion possible unique identifying number configurations, which was considered more than sufficient at the time.
But as the number of connected devices and services has grown exponentially, the system has faced exhaustion. To manage the numbering convention, the Internet Assigned Numbers Authority (IANA) became the central authority, coordinating IP addressing and domain name management. In 2011, IANA distributed its last IPv4 addresses to the five Regional Internet Registries (RIRs).
IPv4 exhaustion refers to the moment when the Internet Assigned Numbers Authority (IANA) ran out of available IPv4 addresses, which could be assigned to Regional Internet Registries (RIRs) and then to connected devices worldwide. This depletion inevitably filtered down to the regional distributors of addresses, the RIRs mentioned above. They are:
All four ran out of their respective supplies of available IP addresses in subsequent years.
As a result, the low supply of IPv4 addresses has driven up prices to unprecedented levels. This scarcity has become one of the most significant factors impacting global connectivity, leading to waiting lists and extended wait times for IP address allocation.
IPv4.Global offers exclusive benefits for members of E&I Cooperative Services: a non-profit member-owned purchasing cooperative that serves nearly 6,000 colleges, universities, K-12 schools, and research institutions across the United States.
E&I provides these institutions with a wide range of cost-saving solutions and services, including contract negotiation, procurement, and supply chain management. They also provide members with:
For information about the E&I Hilco Streambank contract, click here.
by Leo Vegoda
“I’m not lost for I know where I am. But however, where I am may be lost.” – Winnie the Pooh
Many organizations have this problem when they get new IP addresses. They know where their network is. They put the right information in the relevant databases. But key services, like governments, retailers, and video streamers block those addresses because they think they are located outside of their service region.
Read on to learn how to share this information automatically when it changes. And how to contact real people when automation isn’t enough.
Sometimes IP addresses associated with a particular place are denied service. In other cases, providers only deliver services to IP addresses associated with one specific place. The issue revolves around GeoIP filtering.
Organizations implement these filters for different reasons. In some cases, they must comply with regulations. In others there are geographic licensing agreements. And sometimes it’s just down to managing the risk of fraud.
Whatever the reason, filtering based on apparent location can be a challenge when starting to use IP addresses that were previously used elsewhere.
We have written about this before and explained some of the ways to fix the problem. One of these remedies is a relatively new standard (RFC 9092) for sharing location information in structured data.
In March 2023 there were almost one million IPv4 address blocks routed on the internet. (The precise number depends on which part of the internet you look from.) If most or all these networks used the new protocol for finding and using geofeed data, the problem would be close to being solved. Sadly, that’s not the case. But the power of measurement and transparency has been deployed.
Three engineers, Massimo Candela, Emanuele Candela, and Lorenzo Ariemma are reporting on takeup. Their tool, called geolocatemuch.com, lets you test your own geofeed when you are getting it ready. It will check that it is discoverable and properly formatted. If it is, it will report back what it sees to you.
They currently report that more than 63,000 IP address blocks have geofeeds. That’s just over five percent of the total, when IPv6 address blocks are included. This number might seem low. But it’s worth noting that nine of the 11 services they track have adopted the file format. Seven of them will automatically discover the files. Some discover changes every day. Others take up to seven days.
There is a good chance that market pressure will force adoption by the rest.
Of course, this only solves half of the problem. The commercial GeoIP services compete on the quality of the data they provide their users. One way to drive adoption is to implement this protocol and let the GeoIP service providers know on social media. There is a link for this next to each provider’s listing.
This protocol and this tool help solve half of the problem: getting the right information to the organizations that collate the data. The other half of the problem is updating service configurations based on it.
Each data user has their own schedule and priorities. They might update every day but they might only update each month.
This is a problem that can’t be solved with technology because it’s about organizational priorities. Some organizations want to completely automate while others only want to make updates on scheduled dates after they have been signed off by a change advisory board.
This is why The Brothers WISP provides a page listing contact information for the major GeoIP services and some of the most important content and gaming users.
There are four things you can do to reduce the pain of GeoIP filters.
A spate of sales in the medium to large range suggests prices may return to trading in a tighter band.
For years, prices rose at a steady rate. If that trend had continued at a linear rate, (if we smooth out the 2019 price slump and 2021 price spike), prices would be around $35/address. Prices were never quite linear: a best fit curve would put prices around $50-$55/address now. So the spread of prices reflects the fact that some buyers are more price sensitive than others.
By Peter W Tobey
March 7, 2023
Internet Protocol (IP) is a set of rules for addressing and routing data so it can travel through networks and arrive at its intended destination. Internet-connected devices each have a unique IP address.
In the early development of the internet there appeared to be a virtually unlimited number of IP addresses. The design of the version used in the 1990s – the version still most widely used today – included 4.3 billion addresses. Since the internet was thought to be a research and educational tool, colleges and universities were allocated very large numbers of addresses—free of charge.
Many institutions today have 65,000 or more IPv4 addresses and use a small fraction of them. The surplus is currently valued at approximately $50 each on open markets. So, the holders of these addresses are selling the rights to them in order to finance current needs and long-term projects.
Individual IP addresses are unique identifiers most often, but not always, associated with a specific device. Though used one at a time, they are transferred in “blocks” that may include many IP addresses. Possession of a block includes unique registrations of addresses in registries worldwide. These registries maintain uniqueness in the sense that they make sure it’s clear who is the authorized user of a block of IP addresses. Registration includes the ability to transfer IP address use to someone else, subject to the policy of the registries, in return for payment.
Data traveling on the internet is divided into pieces, called packets. IP information is attached to each packet so that each can arrive in the right place. Almost every location (a device or domain) that connects to the internet is assigned an IP address.
Data packets travel from one machine to another, directed by routers. These read the IP information in each packet and interpret it to send that packet one step closer to its destination. The system relies on each router, including a table of information that correctly determines the next closer route to a packet’s destination.
The first major version of IP, Internet Protocol Version 4 (IPv4), is the dominant protocol of the internet. A key benefit of IPv4 is its ease of deployment and widespread use, but a drawback is the limited number of addresses it can define.
Due to the growth of the internet, there aren’t enough IPv4 addresses available for all the devices on the system. Its successor, one that defines more address space, is Internet Protocol Version 6 (IPv6), which was introduced in 2006.
Due to its design, IPv4 allows for a maximum of 4,294,967,296 unique addresses. At the time of the protocol’s creation, this appeared to be enough for the indefinite future. It was in this spirit that the early internet was modestly managed. Organizations with networks were required to apply for IP addresses, but they were free and readily available. In fact, in the 1980s, a business would simply ask Jon Postel for the addresses it needed. He assigned them and made a note of the assignment in his spiral notebook. In the 1990s and 2000s, a business could get addresses from Regional Internet Registries, which had community-developed policies that defined the requirements for getting a block of the ever-shrinking pool of available addresses.
By 2010 the internet was exploding with new “smart” devices—iPhones, watches, TVs, and even refrigerators with internet capabilities. All of these devices required unique IP addresses. As a result, the supply of IPv4 addresses has become insufficient to describe the location of all the machines on it. IPv6 was created to deal with this problem. The two protocols aren’t perfectly compatible, however, so those with established IPv4 networks have sought additional addresses.
This has created marketplaces where those with a surplus of addresses “sell” or lease them to others. Some growing organizations need more addresses and new organizations may prefer them. Organizations with a surplus can sell or rent any IPv4 addresses they no longer need.
The demand for IPv4 addresses has increased dramatically since 2020. Single addresses that exchanged hands for $18 in 2019 were available for as much as $60 in 2022.
Millions of IPv4 addresses are exchanged every year. In 2022, a total of 51,000,000 were traded (not including merger and aquistion transfers). They are bought and sold in lots ranging in size from 256 to 4,194,304 addresses. The exchange involves a number of steps to maintain their singularity of ownership and use. What’s more, markets have been developed for the private and public sale and lease of these assets.
IPv4.Global is the leading online auction site and exchange service for IPv4 addresses worldwide. We consult with and assist buyers and sellers who wish to maintain some privacy in the process.
We also team with E&I to offer participating members help and discounts. For more information, please submit this form and your E&I Member Representative will be in touch with you shortly.
by IPv4.Global Staff
If IPv4 addresses were postal mail, an autonomous system number (ASN) would be the postal code for the area it lives in.
An ASN is a unique identifier that’s assigned to “a group of one or more IP prefixes run by one or more network operators that maintain a single, clearly-defined routing policy.” Each group is known as an autonomous system. ASNs help these autonomous systems exchange routing systems with one another as well as Internet Service Providers (ISPs). Simply put, an ASN can be thought of as a “unit of routing policy in the modern world of exterior routing,” according to RFC 1930 Section 3.
Routing Policy
The set of rules a network administrator implements. Those rules control the paths data takes when it exits to other networks. It can influence but not control the paths incoming data takes.
ASNs come in two formats:
But why do ASNs matter, and when does an organization need one?
Network operators decide which networks they will connect to. This means that decision-making is decentralized. When networks connect to each other, they identify themselves with their ASN and they communicate which IP networks they can reach and the routes they would use to get to distant networks.
Autonomous Systems
Defined by numbers instead of names to avoid two key problems. Names cannot be guaranteed to be unique and they change. Changing the identifier for a routing policy involves cost and risk. Using numbers means networks don’t need to change their routing policy when a company rebrands.
Routers are the specialized devices that forward data packets through networks. They communicate with other routers using routing protocols that automate the process of finding the best route for reaching IP addresses.
Border Gateway Protocol (BGP) is the protocol used to communicate how to get from one part of the internet to another. It uses ASNs to identify each independent network.
You will need an ASN if your organization wants to manage how it connects to other networks. Examples include:
You can register an ASN with your Regional Internet Registry (RIR). You must meet the policy requirements. One RIR serves each region
APNIC and LACNIC both have National Internet Registries (NIRs). They implement the same policies as the RIR but provide a more local service.
ARIN draws its definition from RFC 1930, Section 3 (https://www.rfc-editor.org/rfc/rfc1930). It’s fine to use the ARIN citation as readers don’t need to be aware of the backstory but it’s good to know that ARIN is using the definition found in the IETF’s guidance on assigning ASNs.
RFC 1930 also uses the phrase “unit of routing policy in the modern world of exterior routing” which is a succinct explanation of the ASN’s purpose.
Fig 1: The 5 RIR service regions.
The core policy requirement is that you must have credible plans to connect to two or more networks. This means you have a unique routing policy. This phrase sounds daunting but it does not mean your network cannot connect to the same internet providers used by other organizations. As long as you have your own address space your policy will be unique.
Fig 2: Organizations using the same internet providers have unique routing policies
IPv4 Global is the world’s leading broker in IPv4 addresses, and provides a reliable and transparent exchange platform buyers and sellers can use to buy ASNs or monitor their sales.
Whether a company wants a private brokered solution or access to an online auction marketplace, contact our team of IPv4 brokers today.
Here are a few observations on the state of the IPv4 marketplace during 2022. All the statistics here exclude transfers of IPv4 addresses involved in mergers and acquisitions.
An in-depth discussion of price trends, including causes and effects, is in the blog Prices & Pricing.
From 2021 to 2022, the total number of IP addresses transferred increased 35%.
In 2022 the number of IP transfers (block transactions) declined 28%.
Last year the average number of IPs transferred per transfer increased 89% to over 10K IPs/transfer.
During the past five calendar years prices have risen 300%.
During the past two years the relative price of small and large blocks has inverted.
Worldwide, new entries in routing tables for both IPv4 and IPv6 versions declined in 2022.
Recipient RIRs for 2022 transfers (transactions). Note that the average size of RIPE transfers was considerably smaller than those in ARIN.
In 2022, 92% of transfers worldwide were intra-RIR transfers.
Recent history suggests that the near-term price of IPv4 addresses is unpredictable. The influences on pricing in the IPv4 market are at cross-currents with one another. The marketplace, as a whole, is clearly strong and vibrant. But war, supply chain issues, rising interest rates, inflation and recession fears have combined to slow infrastructure expansion, if only temporarily. (For more on this subject, Prices & Pricing,)
While IPv4.Global provides more complete and transparent data than any other market resource, even seasoned experts are wary of guessing at future prices. Generally, we advise that, when you’re ready to buy or sell, we’ll provide you with information and options so you can make the smartest deal vailable.
To download a copy of this overview, click here.
by IPv4.Global Staff
In a typical merger and acquisition event, once a buyer and seller have expressed mutual interest in the exchange, financial information is shared and assessed to find value for both parties. The ultimate goal for the seller in any M&A deal is to maximize the company’s pre-sale value, so understanding the worth of all the assets in the transaction is important. The same is true for buyers, but secondary assets sometimes are overlooked or ignored by them as well. As a result, the primary goal of the acquisition may not include all the value inherent in the business.
In the past, it was easier to gauge a potential M&A’s worth because the business valuation mix was more heavily weighted towards tangible assets and goodwill. But in recent times, all that has changed and intangible assets—non-financial assets that lack physical substance—comprise a much larger share of the M&A pie.
These assets are easily overlooked and frequently excluded in a given company’s financial inventories. While some assets, such as brands or patents, are often included on balance sheets, others may be unaccounted for. Plus, even though they are valuable and capable of identification, there’s often no paper trail (either quantitative or qualitative) to demonstrate the assets’ true value. As a result, a seller could be sitting on an intangible asset goldmine and not even realize it. What’s more, a buyer may acquire value without any explicit knowledge or understanding of the transfer.
Businesses may have millions of dollars of valuable intangible assets hidden in plain sight, and here’s what they need to know before any M&A deal occurs.
Dozens of intangible assets may not be included in the company’s balance sheet, but still play an essential role in the company’s success, worth, and reputation. These assets can be worth lots of money; however, a business must first identify them before they can begin to quantify their value.
Some of the more valuable intangible assets include intellectual property and other intanglbles such as:
As mentioned, intangible assets are often not included on a company’s balance sheet. To make matters even more complicated, such assets can be either acquired unknowingly via purchases or exchanges or they may gain significant value over time and without being recognized as more valuable.
It’s within the acquisition process that incredibly valuable assets can frequently go unnoticed.
For instance, decades-old mergers between businesses may have resulted in the transfer of intangible assets, like large blocks of IPv4 addresses, that all relevant parties then forgot with time and disuse. This is especially true of IP addresses since their original costs were often at or near zero, and the fairly recent increase in their worth isn’t something CFOs tend to monitor.
There is also a potential snowball effect from multiple mergers and acquisitions to consider, which may muddy the intangible asset valuation waters even further.
In such cases, an IPv4 address block may have changed hands several times. But, because they aren’t included in the original inventories or balance sheets (rather looped in as some sort of “miscellaneous” item), they could remain completely overlooked and undervalued throughout several M&A deals. This means additional IPv4 blocks can be added from any one of these deals, that are then passed on in the next.
When the Internet was first established, its creators specified a system of approximately 4.3 billion unique, 32-bit IPv4 addresses that devices would then be assigned and are still used to connect to the internet. They thought this would be an adequate number of addresses, but the popularity and ubiquity of the Internet surpassed their wildest expectations.
With the rise of digitalism, the world is facing an IPv4 address crunch. According to Asia Pacific Network Information Centre (APNIC), the market has been rapidly exhausted over the past decade:
“All of the Regional Internet Registries (RIRs) have either limited supplies or have run out of available IPv4 addresses. ARIN and the RIPE NCC ran out of their available supply in 2015 and 2019 respectively, with APNIC, LACNIC, and AFRINIC rationing supplies according to their community policies.”
Today, 99.6% of IPv4 addresses have been delegated.
But business demand hasn’t dwindled—companies often still prefer IPv4 addresses as they seek to expand their already-established IPv4 infrastructure. And so, in light of rising demand with limited supply, the market valuation for IPv4 address blocks has skyrocketed. In just the past three years alone, the average value of an IPv4 address has increased by 300%, going from less than $20 a sale in 2019 to nearly $60 per sale in 2022.
As a result of all this, a business could potentially own a block of tens of thousands of IPv4 addresses worth several million dollars.
When companies know where to go mining for valuable intangible assets, what happens if they strike gold?
This is what the IPv4 address market is for. Today, there are IPv4 marketplaces and brokers—such as IPv4 Global—that can bring buyers and sellers together.
In the marketplace, a business can track IPv4 prices, receive an appraisal for their IPv4 blocks, offload or sell IPv4 addresses, and more. By performing this due diligence, businesses can ensure that they receive fair value for their valuable intangible assets—whether companies include them as a piece in the M&A deal or simply sell them outright.
In either case, IPv4 address blocks are an incredibly valuable asset to any business, but only if they know that they’re sitting on them in the first place.
For any M&A sale, the sell-side company has a duty to derive as much fair market value from the deal as possible. To do that, they must account for all of their assets, especially the intangible ones.
So, before sellers initiate a sale, they should first check to see whether or not they’re sitting on an IPv4 gold mine. Experts in intangible valuation, like Hilco Streambank, may be able to help evaluate holdings of all kinds of assets. IPv4.Global specializes in IP address valuations and transfers.
February 15, 2023
Network operators have consistently asked ARIN to improve its legal agreements for RPKI. RPKI is a way to associate a digital certificate with a block of IP addresses. It is increasingly important for reputation services and internet routing.
The most recent improvement came this month. It came the day before Christopher Yoo, a legal scholar from the University of Pennsylvania, spoke at NANOG 87.
He noted that ARIN has now resolved the legal issues he identified. ARIN is working with the other RIRs to standardize operational practices and APIs. This will help multinational networks.
Key improvements include:
by IPv4.Global Staff
In June of 2022, President Biden signed the American Rescue Plan.
Carved out in that bill is $25 billion in funding meant to expand access to affordable, high-speed internet. This funding was in addition to the $65 billion previously allocated to close the digital divide in the Bipartisan Infrastructure Law, with various other provisions, grants, loans, and incentive programs designed to reduce project costs and risks.
America’s electric cooperatives (co-ops)—whose original mission was to provide electricity to remote locales and have since expanded to providing high-speed internet—welcomed this news. Bills such as these would afford them the tools required to make the dream of high-speed, fiber-optic internet a reality for tens of millions of Americans.
Naturally, this massive broadband expansion will have downstream effects on the IPv4 market, particularly in terms of supply, demand, and pricing. But before delving into that topic, it is important to understand the role co-ops will play in the nationwide push for broadband expansion first.
Electric co-ops are a type of utility company owned and controlled by the people they serve.
These non-profits were formed for the express purpose of providing electricity (and now high-speed broadband internet) to rural or underserved areas, where it may not have otherwise been financially advantageous for a traditional investor-owned utility company to operate.
As a part of their charter, a co-op is required to fulfill the following requirements:
According to the National Rural Electric Cooperative Association (NRECA), electric co-ops:
Today, co-ops are uniquely positioned to serve the very communities these bills were created to address, which is why a significant portion of the funding will go to them.
But what specifically makes them the ideal candidates for spearheading the push for broadband expansion? Why are they the ones entrusted with billions of dollars in federal funding?
There are several reasons for making them the de facto leaders of this admirable cause, including:
So, what will they use these funds for?
As previously mentioned, the goal of this capital is to provide reliable, affordable, high-speed internet access to all Americans. But what this may look like will depend on the specific community and project.
For example, on May 13 Arkansas co-ops united to form the Diamond State Networks, which pledged to combine the fiber-optic networks of its members to increase bandwidth and save costs. This coop partnership is made up of 13 Arkansas electrical cooperatives, including OzarksGo, Clay County Connect, Farmers Electric Cooperative Corporation, Enlightened, etc[1] . The Diamond State Networks announced that it sought to invest more than $1.6bn in broadband communication infrastructure, exclusively in fiber-optic networks for more than 600,000 potential customer locations.
We can make another list here of all 13 if desired, but I figured listing some names and linking to the page of members that makes up Diamond State Networks would suffice
For regional co-ops, there are significant price and demand change implications on the horizon.
Even before the federal push for broadband expansion, IPv4 exhaustion was already a pressing concern. But now, more than 53% of regional ISPs expect to run out of IPv4 addresses needed to meet anticipated growth within the next three years.
Because of increasing demand and looming supply concerns, IPv4 prices have skyrocketed over the last decade.
IPv4 address price history from IPv4.Global
This trend in rising prices is unlikely to reverse in the near future. Now that electric co-ops will be sitting on billions of federal dollars, IPv4 price inflation is a strong likelihood.
Going forward, co-ops will need to carefully monitor the availability and prices of smaller IPv4 blocks. Seeing as they’re smaller companies, co-ops typically prefer to buy these smaller, cheaper blocks. But, with a likely increase in demand for smaller block sizes, it’s reasonable to assume that their prices may experience a concurrent rise.
For millions of underserved Americans, the expansion of broadband via electrical co-ops is an exciting prospect.
While we can speculate, the exact impacts such efforts will have on the IPv4 market remain shrouded in uncertainty. In the future, interested parties will need to keep a close eye on IPv4 prices and activities, as well as news related to broadband expansion efforts.
IPv4.Global is one of the best and most trusted sources for up-to-date industry news, online auctions, and private brokered solutions.
For more information on IPv4 auctions or news on IPv4 broadband expansion, visit https://ipv4.global/ to get connected.
by Leo Vegoda
There are two sorts of information to inform buying decisions when choosing groceries. Consumers can compare prices per unit and nutritional information on a standardized label. This is helpful because supermarkets offer a range of brands for shoppers to choose from. There’s often a market leader, a store brand, and a local or imported brand.
The Federal Communications Commission (FCC) is now heading down this path. New “Broadband Facts” labels will start appearing at the point of sale beginning in mid-2023. This is when larger providers have to share this information. Smaller providers have until the start of 2024 to prepare their labels.
The FCC-formatted label.
Clear, standardized information on prices, speeds, and data allowances will help families choose a service based on price. But it’s only useful when there is a meaningful choice. And consumers need to understand how broadband providers differ as well as their price.
The new labels are a good first step.
In large parts of the US there is limited competition between broadband providers. Cable companies hold regional monopolies. Phone companies’ DSL services have struggled to keep up with the speeds provided by cable. Satellite services have historically been slow, expensive, and with high latency. This last is particularly important.
Latency is the time it takes for data to travel between the sender and the receiver. Latency depends on the path taken by the data. The speed of light in fiber optic cables is about a third of the speed of light in a vacuum. But the distance between a geostationary satellite and the Earth is about 22,000 miles. Anything sent through a satellite travels an extra 44,000 miles (up and back) and this adds about a quarter of a second. Data traveling through fiber from New York to San Francisco travels about three times faster than through a geostationary satellite.
Latency is not a problem when streaming music or video but it makes conversations and gaming harder.
But consumers, especially in rural areas, are starting to get more choice. Rural electricity co-ops are eligible for grants to fund broadband services. And new Low Earth Orbit satellite services, from companies like Starlink, can provide lower latency. This is because they are much closer to Earth, reducing the distance the data needs to travel.
Focusing on pricing is important because US broadband prices are relatively high. The International Telecom Union’s (ITU) regularly compares broadband prices across the world. Its 2021 analysis shows that US consumers pay more than those in Europe. They found fixed line broadband services had an average US price of $54.42. It was just $36.05 in Italy, also a highly industrialized economy.
More competitive markets have lower prices. Ukraine has over 800 ISPs and the average price there was just $5.44.
Price is not the only important factor in making decisions. Consumers care about technical support, the online services they can use, and whether they can opt-in to child friendly filters.
The new “Broadband Facts” label has a lot of important information. But it won’t help consumers choose based on how they want to use the service.
Patrik Fältström is Technical Director and Head of Security at Netnod, a Swedish provider of critical internet infrastructure. In 2007 he presented a Swedish proposal for “color coding” internet services.
Its goal was to simplify making informed choices, so consumers can buy the service for their intended use. For instance, if they want to do video conferencing then they need low latency. But consumers shouldn’t have to understand the technology. The providers should label their services with codes that show what they are good for.
This is like the Health Star Rating System food labels used on the front of packets in Australia and New Zealand.
An example of a health star rating placed on packaged foods under an Australian Government initiative.
These labels tell consumers whether a product is high or low in each of five metrics. This puts real power into consumers’ hands. They don’t need to know how much sugar is a lot of sugar. They can rely on simple labels to help them select the products they want.
The full set of metrics is also available on the side or back of the pack. But the consumer can filter based on the front of pack labels. They don’t have to compare between as many products.
Making pricing clearer to consumers is important. We can expect the FCC’s new labels to help lower the cost of broadband services. When that is achieved, the next step will be to help consumers choose the kind of service that’s right for them.
Families who need streaming services and web-filters for children could select between providers offering those options. While someone with a home office might need to upload large amounts of data and need a different set of options from their provider. Knowing what kind of service you’re getting is important before signing the contract.
The FCC has taken an important step towards empowering consumers. There’s more that can be done when this first step has improved the market,
by IPv4.Global Staff
Electric cooperatives are a unique type of utility company that are owned and controlled by the members they serve. Their interests perfectly align with their customers’. Which means, providing robust, reliable broadband service along with supplying power has become central to co-ops’ mission.
Now, through hard work, ingenuity and the help from government, many electrical cooperatives also supply internet and broadband services to areas with limited access. This has benefited co-ops and the communities they serve. However, the process of starting and growing broadband networks can be difficult without some guidance. This blog will cover:
There are several benefits for electric cooperatives to provide internet and broadband services to their communities.
Providing broadband service requires a diverse range of expertise among electrical co-op staff. Some of the key areas of expertise that may be needed include:
It is not necessary for the co-op staff to have all these skills, but it is important to have a team with a good mix of expertise and experience. Additionally, the co-op may need to hire additional staff or contract with outside experts to provide the necessary expertise.
Electrical cooperatives can apply for government funding to supply broadband to rural communities through various federal programs:
It’s important to note that these are some of the main programs to fund broadband expansion and there might be more programs that are specific to a state or region. It’s also worth noting that these programs are subject to change over time and new programs may be added.
Once you have your internet service plan in place, it’s important for electrical cooperatives to keep growing their broadband network in order to serve more communities, and maximize revenue. Follow these tips to get started:
Electrical cooperatives have a growing demand for IPv4 addresses in order to provide internet service to their customers. IPv4 addresses are necessary for connecting devices to the internet and as more devices are connected, the demand for IPv4 addresses has grown.
This has led to a shortage of available addresses, making it more difficult for organizations like electrical cooperatives to acquire the addresses they need to provide internet for their customers. This article will cover the best way that electrical cooperatives can obtain IPv4 addresses in order to deliver internet services to the communities they supply.
There are several benefits for electrical cooperatives when trading addresses through IPv4 brokers:
IPv4.global is one of the most well known IPv4 brokers in the marketplace, and helps some of the world’s most successful businesses and electrical co-ops find the addresses they need, with prices and plans that match their goals. They offer a wide range of services including buying and selling IPv4 addresses, IPv4 leasing and IPv4 consultations.
by IPv4.Global Staff
Selecting an IPv4 marketplace is a challenge, whether it’s an online store, auction site, private service, or some combination of them. Most buyers and sellers understand their general goals in these transactions but are often unsure about how to accomplish those ends. Even in a seemingly straightforward commodities market like IPv4 addresses, there are lots of variables.
On the broadest, least-discriminating level, brokers can be found under the listings of some Regional Internet Registries (RIRs). Broadly speaking, RIRs do not recommend or otherwise endorse any particular broker and are often ready to note that one is not necessary to complete a transfer. That said, brokers are listed on the RIR websites listed below and their comments have been summarized as well:
“The registered IPv4 brokers are listed on this page as having signed an agreement with APNIC to act in the manner described in the Guildlines for IPv4 brokers. They are not APNIC’s agents. APNIC does not sponsor, endorse or approve the services provided by any broker.”
The ARIN list includes all of the facilitators who have registered as part of ARIN’s Specified Transfer Listing Service, and who offer support to companies seeking to perform a specified transfer. Facilitators will help accomplish a specified transfer per ARIN policy.
RIPE notes that is members’ responsibility to find and organise a transfer of IPv4 address space. They note that, “some members may decide to use a broker to find an organisation offering or seeking address space and to help facilitate the process by advising on the procedures and policies that need to be followed.”
The essential formats of IPv4 transfer marketplaces include auctions, storefronts or “buy now” sorts of markets, and private brokerages. A very few of these may extend financial assistance to sellers or buyers under certain circumstances. In addition, some services provide leasing options (for both lessees and lessors) and lease-to-purchase opportunities.
Different broker services have varying advantages. Each format is different in execution and offers differing benefits. However, size matters. Larger markets advantage buyers by offering a greater number of sellers from which to choose, sometimes keeping prices from swinging wildly or escalating because small markets sometimes suffer shortages. Large marketplaces attract many and varied buyers and so – potentially at least – produce bidding competition that can aid sellers. Whether it’s price, available selection or other factors, a market or service of any kind that is substantial offers benefits to both sides of a buy-sell transaction.
Brokers may solicit requests for specific blocks and thereafter make an effort to source those blocks. This arrangement offers a number of advantages. First, the process can be managed up to the point of actual transfer anonymously. Either a buyer or seller (or both) can inform the broker of their wishes in confidence and the transaction can be arranged, and price negotiated, without the marketplace in general or even the other party being aware of the identity of the buyer or seller.
Some marketplaces operate very much like dynamic catalogs. Which is to say, they inventory a certain number and variety of IPv4 blocks and offer them for sale in a dynamic, “live” environment. Blocks move into and out of the store more or less frequently. And some of these brokers raise and lower the price of blocks – even blocks previously or currently for sale – depending on the demand for them. More often, the sellers of blocks set pricing and term expectations for their offerings and the storefront simply makes those available.
Sites of this kind (generally) offer prices that persist over time. Which means approvals for expenditure by finance departments can be processed given a known selling price. In large organizations especially this stable pricing environment can be important in securing approvals to purchase.
IPv4 auctions operate similarly to any live, online bidding site. Blocks are offered for sale, sometimes with a minimum acceptable price, and information about the specific block may or may not be posted. Buyers, normally qualified by the auction site, then bid on those offerings of interest to them.
Significant variables in the auction process often include the public information about the offered blocks. Some sites provide good information about blocks for sale to any browser. More in-depth information – often very specific data – is available to registered users only, if at all. The relative openness and detail of the information buyers can view prior to purchases is a significant distinguishing factor in the process.
The information available to both buyers and sellers varies by brokerage. IPv4.Global makes ongoing auction prices visible plus posts anonymous recent data regarding purchase price and blocks sold on a regular basis. Plus, the site includes historical data on recent months – current month – and prior months by price and block range and historically. This market transparency can be critical to those new to the market and in need of background on block size pricing and trends.
You are not required to use a broker. If the buyer and seller know each other they can directly agree to transact. Of course, they’ll also need to work with the RIR on its processes. If the transfer moves space between regions, they’ll need to work with both RIRs.
The best IPv4 brokers will be thoroughly familiar with the process and its legalities. They can save both the buyer and seller valuable time. They can also do background checks, perform ongoing administration, manage escrow transfers of funds and other added-value services.
by Lee Howard & Peter Tobey
IPv4 address pricing has followed varied paths during the past few years. On a long-term, macro level, prices have risen dramatically. On closer examination, recent trends, including relative pricing and variations in block-size costs, tell a different, less predictable story.
Transfers are public knowledge, published regularly by the systems’ governing bodies, the Regional Internet Registries (RIRs). However, the prices at which transfers are completed are not. So, information about IPv4 address pricing can be substantial but is nevertheless somewhat anecdotal. In 2014 IPv4.Global began publishing information about the online platform’s experience – including prices at which transfers occur on its marketplace. This transparency remains unique and – along with public sources of transfer information – allows some significant and useful analysis.
At the time of the internet’s early development, a device-identification and location system was instituted. The first version was created in 1973. But the first widely-used version of it, Internet Protocol version Four (IPv4), was designed by ARPA in 1981 and includes about 4.3 billion total possible unique identifying number configurations. This quantity of identifiers was deemed more than adequate. At the time of its development, the idea of many billions of internet devices in use today seemed unlikely. Of course, now there are tens of billions of connected devices and services.
As the system grew, the central authority on the numbering convention became the Internet Assigned Numbers Authority (IANA). It coordinates many of the core functions of the internet, including IP addressing, domain name management at a base level and IP resources. IANA distributed its last IPv4 addresses to the five Regional Internet Registries (RIRs) in 2011.
The phrase “IPv4 exhaustion” refers to the moment when the Internet Assigned Numbers Authority (IANA) depleted its pool of available IPv4 addresses that could be assigned to RIRs and so thereafter to connected devices globally. Of course, the exhaustion of supply at the regional distributors (the RIRs) inevitably followed.
Not long thereafter APNIC (the Asia-Pacific registry) exhausted all its available IP addresses. RIPE (Europe) ran out in 2012, LACNIC in 2014 and ARIN in 2015. AFRINIC, the African registry, has nearly depleted its supply. It now offers blocks of addresses ranging from /24 (256 addresses) to /22 (1,024 addresses) only to those requesting them. Other RIRs have established waiting lists with varied wait times. Because of this, we can clearly identify one of the most obvious factors that contributes to currently high IPv4 prices: they are in unprecedented low supply.
As mentioned, IP addresses allow communication among connected devices. Everything connected to and using the internet must have an IP connection. This includes computers, phones, servers, plus – recently – televisions and refrigerators. To distribute these identifiers, the five regional authorities (RIRs) each distribute IP addresses to IPS (lnternet Service Providers) who act as local registries. They allocate to clients.
As the number of devices has grown, and the supply via the original distribution channels evaporated, other markets arose. Holders of sometimes large quantities of addresses found themselves with unused IPs. Some estimates set the total number of unused IPs at nearly one billion. At the same time, new organizations, and those that are growing, need additional resources. The “cloud” services, large retail users and other national and international providers have created significant world-wide demand for these resources.
It should also be noted that IPv4 is a well-tested, thoroughly mastered protocol that is relatively straightforward and so easy to implement and maintain. The broadly-available skill sets needed to install and manage IPv4 addresses and the general familiarity with them has contributed to the continued use of IPv4.
In response to the pending exhaustion of IPv4 addresses, a task force (The Internet Engineering Task Force – IETF) was formed to respond. In 1995 the IETF delivered IPv6 (Internet Protocol version Six). Its configuration is vastly more expansive than IPv4 as it is built on a 128-bit address layout that permits trillions of trillions of unique addresses. However, while it was created to replace IPv4, adoption of it has been slower than anticipated. Among the challenges to IPv6 adoption is significant conversion costs, conversion and management skill levels and hardware considerations.
Some older devices simply will not operate using IPv6. Plus, the two protocols are unable to communicate with one another without an intermediary. There are solutions to this problem. But among the impacts of operating the protocols in tandem is that doing so has effectively extended the life of IPv4. So, the two are functioning today across many networks.
The above describes a technology environment that lives in the midst of huge information and business developments. Demand for connectivity in general, with easy, cheap and compatible connections among devices that can be deployed quickly, has grown steadily. So, the challenges of IPv6 have buoyed demand for available IPv4 addresses. Along with demand, and faced with limited supply, prices have risen.
IPv4.Global pricing data.
The graph shown above illustrates IPv4.Global’s online marketplace pricing experience. Information published by the site – and so made publicly available – undoubtedly contributed to the narrow band of variation between high and low costs that developed beginning in early 2016. Market information is always an influencer of pricing. The market’s clear understanding of prices for blocks of all sizes seems to have helped maintain a consistent range of unit prices for the assets. What’s more, prices rose steadily, if relatively slowly, during the following five years.
It should be noted that inflation in the US was generally low during the period 2015-20. And while, in retrospect, prices of IPv4 addresses rose gradually (in comparison to later increases) the rate of growth was nearly 20% per year. Per IP prices rose from about $10 to $25 during the period.
IPv4 prices paused their gradual rise in 2019, with various block sizes trading at a slightly wider range of prices. Then, the first half of 2020 saw many existing networks stopping their growth as the pandemic swept the world. New networks and network expansion slowed or stopped entirely and along with it much of the demand for IPv4 addresses.
In early 2021 much of the vaccinated world restarted. New network builds happened and expansions resumed. This clearly produced an increase in demand for IPv4 addresses as their convenience – relative to IPv6 – prevailed.
At the same time, much of the potential supply remained on the sidelines. Renumbering projects didn’t resume quickly so supply was constrained. Many under-used blocks had been deployed using interspersed allocations of addresses, with wide and unwieldly gaps between them. Renumbering to consolidate use and so make contiguous addresses available for sale did not restart quickly. This was, in part, the case because the process can require six months. Plus, networks deploying addresses inefficiently continue to function perfectly well. So, the urgency to renumber them is not great. With demand high and supply constrained, prices rose. Very rapidly. During 2021, IPv4 prices more than doubled.
Another curious change occurred in 2021. Though pricing remained within a tight band through the first half of the year, at about $40 per address the spread widened. With very short supply, some buyers’ urgency prevailed, and prices rose even faster. Peak pricing reached $60 within months. However, given the high cost of the assets, liquidation urgency also increased: holders wanted to monetize quickly. Some of these sellers demanded maximum prices while, apparently, some were willing to sell below market to careful shoppers.
As is evident in the price graph shown, the second half of 2021 produced wildly varied prices for most block sizes. One market essentially became several of them, with buyers’ various needs and different block sizes producing significant price differentials. The many causes of these changes remain uncertain, even though market watchers can identify sources of pricing influence, certainty as to causes can’t be known. The market is too dynamic and too large to permit that conclusive analysis.
A curious price inversion has occurred in IPv4 markets. The long-term trend that discounted large blocks has reversed.
The graph below identifies /15 and /16 (large) block pricing throughout the period in the form of dark spots. It is evident that, for most of the timeframe here (2014 to the first half of 2021), large blocks sold at a significant discount.
IPv4.Global pricing data.
One might guess that the administrative chores related to large-network needs were most efficiently and cheaply satisfied with these blocks. This would, of course, increase their value. But, perhaps, this influence on pricing was overcome by the relatively high absolute cost of a large block and/or the scarcity of buyers for them. What’s more, simple price-sensitivity may have been more acute for larger purchases. Causation is tricky, here.
It is also possible that the demand for small blocks exceeded their supply, driving prices up. At least relative to the supply-demand relationship of larger blocks. Regardless of the various influences on large block prices, they remained relatively low (cheaper) throughout this period.
However, the discount for these large blocks created an unusual opportunity in a commodities market like IPv4. A large bundle of addresses was cheaper per IP address than the same block, subdivided. During 2020-2021 larger sellers and savvy traders in these assets began to break them up and sell the addresses in smaller, more costly-per-IP batches. This tactic increased the value of a large block when sub-divided.
The lower per IP price of large-block IPv4 addresses ended during 2021 as IPv4 prices began to trade in wider ranges. As that happened, the relationship between large and small block prices changed in many ways. Large blocks became (relatively) more costly than smaller ones but continue to trade in a relatively tight range. Smaller blocks began to be traded in a wider – and generally lower – range.
Today, sellers can expect a higher price-per-address for larger blocks. As noted, the cause of this inversion from recent history can’t be fully known. But it makes sense in terms of scarcity: we know there are more /18s than /16s. Prosperous, aggressive operations in online retail, communications and cloud-based services are growing rapidly and profitably. As a result, the urgency to accumulate IP addresses is acute and their value to operations very high.
Inversion pricing data from IPv4.Global.
Theoretically, a buyer could piece together smaller blocks and resell them as a newly-formed bigger blocks (/16 or more) for a bit of profit. However, locating and combining consecutive small blocks is very difficult. Non-contiguous, cobbled-together bundles of blocks are less desirable to bigger companies since the IP addresses that compose them are not digitally sequential and so present numbering issues.
It’s impossible to know if this inversion will continue, flatten or reverse. What’s more, the relative impacts of a slowing world economy and recession concerns have surely influenced near-term network development. The relative impact the economy and economic expectations may be having on the relative pricing of small, medium and large buyers remains unclear. As a result, the market situation is a curious one – and certainly unpredictable.
As noted above, one thing is undeniable: 2022 was a year of some trepidation on the part of businesses as inflation concerns raised interest rates and recession became a worry. The anticipated slowing of the economy – and especially that of the technology sector in general – caused many companies to reduce their investments.
This is the case because any networking infrastructure investment is likely to be a long-term one. Since the build-out of these investments is often extended, the benefit is delayed. All of which means the expense is current and the improved efficiency or opportunity is deferred. So, the sagging economy in connection with rising energy costs, a war and the global pandemic surely dampened investment in all infrastructure. Not surprisingly, network growth plans have (and continue to) take a hit as a result. The relative effect of this pull-back can’t be measured and its duration is unknowable.
In a nearly-pure commodities market like that for IPv4 one might expect demand to play a very significant role. However, the global economy notwithstanding, transfer volumes at both RIPE and ARIN (Europe and North America) increased significantly 2022 over 2021. Transfer records show that, worldwide, non-merger & acquisition transfers increased approximately 35% one year over the next.
New entries to IPv4 and IPv6 routing tables indicate the overall growth of those networks worldwide. In both cases, growth slowed in 2022 significantly and at about the same rate. This slowing, considering the expanded transfer rates worldwide, is surprising. Plus, the similarity of the rate of change in the two routing tables suggests that some factor is at work other than IPv4 market decline. Put simply, IPv6 deployment rate slowing can’t be due to over-deployed networks and so shrinking markets. IPv6 is far from a saturated market and so other influences must be in effect. Because IPv4 mirrors the slowing of IPv6, one is inclined to believe they are being influenced by similar factors.
Any summaries here are necessarily inconclusive. The influences on pricing in the IPv4 market are clearly at cross-currents with one another. Marketplaces are strong and infrastructure expansion has undoubtedly slowed, if only temporarily. How deep an economic decline may occur and how long it may last remains unknown. How and if that macro-economic impact will impact IPv4 markets is also anyone’s guess.
by IPv4.GLOBAL Staff
When the Internet was originally designed, its creators didn’t imagine how wildly popular it would become. As such, they allotted 4.3 billion unique, 32-bit IPv4 addresses—a figure they assumed would be more than adequate to accommodate all potential users.
They were incorrect. And now, in the wake of IPv4 exhaustion, demand continues to greatly outpace supply.
This scarcity created a budding yet frictional IPv4 market. While there were certainly interested buyers or sellers, there existed a lack of transparency regarding market participants, transfer protocols and legal issues. This made it difficult for the two parties to identify one another and then complete a transaction.
Thus, IPv4 brokers emerged. These knowledgeable intermediaries acted as the digital middleman, connecting buyers with sellers and facilitating the legal transfer of the address.
But what do these brokers do? And why would a company enlist their services?
A company may seek to acquire an IPv4 address block to obtain new internet connectivity, expand internet capacity, create a bigger network, replace exhausted addresses, or obtain a specific block of addresses for enhanced security.
Internet Protocol (IP) addresses are unique numerical identifiers assigned to every device connected to a computer network that uses the Internet Protocol for communication. Other network devices use the IP address to identify, locate, and communicate with that machine.
There are currently two versions of IP addresses in general use: IPv4 and IPv6.
But with so many more available IPv6 addresses, why would a business opt for purchasing an IPv4 address instead of the newer protocol?
Three reasons, in particular, stand out:
Today, universities are one of the largest sellers of IPv4 addresses.
At the outset, the Internet was thought to primarily be a research and educational tool, so colleges and universities were allotted tens of thousands of IP addresses, despite only needing and using a small fraction of these.
But these weren’t the only entities that acquired large pools of IPv4 addresses.
For instance, early adopters were able to acquire large pools of addresses at a time when they were both free and easy to obtain. Alternately, some companies have acquired large numbers of IPv4 addresses as part of mergers or acquisitions.
Whatever the reason, situations such as these created an imbalance in IPv4 distribution, which made these IPv4 addresses more valuable to the owners. Now, a company may find itself with extra blocks and looking to sell for one of several reasons:
Companies can review the price fluctuations of IPv4 addresses to confirm whether now is a good time to buy or sell. November 2022 data, for example, showed that prices since 2019 are still up substantially.
A broker acts as the essential lubricant for the frictional market, greatly streamlining the previously-cumbersome process of pairing buyers and sellers together.
A top broker will provide reliable and transparent information and services, partnering with a business to buy and sell IPv4 blocks. Ideally, they’ll be able to facilitate transactions of various IPv4 block sizes, ranging from smaller online transactions to much larger private transactions.
For instance, at IPv4.Global, we offer a multi-tiered platform in addition to private brokerage services:
At the online marketplace, participants can buy, sell, or lease IPv4 addresses. The address blocks are auctioned off to the highest bidder or made available for a fixed “buy now” purchase price.
How does the sale take place? IPv4.Global provides a fast, easy, and secure five-step process:
Private sales will go unlisted on the online market. IPv4.Global can provide privately negotiated transaction services via phone for an anonymous buyer, which includes:
Whether a business is looking to buy, sell, or lease a series of IPv4 addresses, IPv4.Global can broker to make that happen, acting as matchmakers, market analyzers, contract negotiators, transfer assistants, and legal guides.
With more than 55+ million addresses brokered, and $800 million generated for our clients since 2014, we have completed more IPv4 sales than any intermediary in the world.
Whether a client wishes to utilize our online IPv4 auction marketplace or take advantage of our private brokered solutions, we are the destination for IPv4 sales.
Contact us today if you’re in the market to buy, sell, or lease IP addresses.
by IPv4.Global Staff
The US Federal and state governments are starting programs to distribute $65 billion for rural broadband services. NRECA has encouraged activities like utility pole audits to get ready. But deploying internet services requires an intangible resource, too: IPv4 addresses.
Every internet connected network needs a pool of IPv4 addresses to assign to technical infrastructure and assign to customers.
Co-ops will need to obtain IPv4 addresses, get them ready for use, and decide how they want to manage their internet connectivity.
ARIN is the internet registry that serves North America. It still assigns small blocks of IPv4 addresses to organizations on a waiting list. But the wait is growing. ARIN reported in October 2022 that the list is growing by about 120 a quarter. Over 1,000 organizations were expected to be on the list by the end of 2023. Just 69 waitlist requests were fulfilled in Q3 of 2022.
Co-ops who want to deploy broadband services to customers in 2023 will need to go to the market for addresses. In the 1990s many organizations got large pools of IPv4 addresses. Many never need all they were allocated. In other cases, technical improvements since then mean they can run their networks with fewer addresses. So they can sell the rest to other organizations.
IPv4.Global can help co-ops get up and running by brokering a sale or a lease. Our auction platform provides transparent pricing and our experts can walk you through the transfer process.
Once you have your IPv4 address you need to get them ready for deployment. This means making sure they have a neutral or good reputation and are known to be in use in the geographical area you serve.
Unfortunately, malicious actors send spam and distribute malware. The IPv4 addresses they use gain a poor reputation in databases used by many respectable organizations. They use these databases to decide whether to accept connections from users of those IPv4 addresses.
Content networks, retailers, and banks also want to know where the users of an IPv4 address are located. This helps them ensure they provide content in the right language and informs anti-fraud algorithms.
Updating geolocation information and following self-service removal processes for reputation lists is an important first step in getting IPv4 address space ready for use.
It’s not enough to have a good clean block of IPv4 addresses. It’s important to manage how it is deployed across your network. This is done with modern IP Address Management (IPAM) tools. Whether you choose a free or paid IPAM service, they offer four key benefits:
Connecting a broadband network to the internet can be done by directly connecting to an upstream provider. They will ensure your users can connect to services across the internet. But connecting to multiple upstreams can provide resilience and help with cost management. If you want to do this you’ll need to get an Autonomous System Number (ASN) from ARIN.
When you have an ASN you can take more control of your network’s connections with other networks. PeeringDB is the go-to location for interconnection data. It lists 160 Internet Exchange Points (IXPs) in the United States. These are physical infrastructures allowing many networks to exchange Internet traffic, lowering costs and reducing latency.
Euro-IX, the European trade association for IXPs, has a learning portal to help new networks learn how to get the best from IXPs.
This report only describes our online marketplace sales. The flat-lined large block report is the result of such transfers being conducted privately toward the end of the year and were therefore not included in this graph. Privately sold /16s transferred at around $52.50 in December. Smaller block sizes – as noted – changed very little in price.
by IPv4.GLOBAL Staff
Hilco Streambank’s IPv4.GLOBAL has sourced IP blocks on behalf of buyers for many years. Our staff assists in locating resources that satisfy specific needs in terms of RIR, price, transfer schedule, and – of course – price. Requests vary.
Requests are made in all shapes and sizes. Often, we source a single block. We also search for multiple blocks – both large and small – available either immediately or over an extended acquisition schedule. These searches are efficient, often timely means of targeting a need and fulfilling it.
As most regular observers of the IPv4 market understand, 2022 has seen significant price volatility. So, both buyers and sellers have sometimes been subject to unwanted swings in pricing, only to see those swings reversed days or weeks later. Having us source space for you in a programmatic way will help you manage these swings effectively.
In an effort to add valuable features to our sourcing services, we’ve instituted a program of sourcing IP addresses that offers buyers even greater flexibility and certainty. Plus, the opportunity to save along the way.
Our baseline buyer agreement specifies a block size (or sizes) needed and a maximum acceptable price for the assets. Based on the size and term of the engagement, we set a flat dollar-per-IP fee. So, a request might be, “An ARIN /20 at $48 per address or less with a fee to IPv4.GLOBAL of an additional $1.50 per address.” The term on such agreements is open to discussion and acceptance of a block, once located, is subject to the buyer’s approval at the time it becomes available. Put simply, this is a detailed request without an obligation to buy.
When sourcing IP resources we sometimes encounter sellers whose circumstances result in a discounted asking price. Since we are sourcing on the buyer’s behalf, we can extend a lower-than-requested price to that buyer. We can build in an incentive fee for a percentage of the savings over your baseline price. We are rewarded for our successful search and the buyer gains significant additional savings.
This program offers buyers the world’s largest marketplace and our private brokerage as a resource for their specific needs. It establishes a maximum price and acceptable delivery schedule and is subject to the buyer’s acceptance at every step of the way. Plus, there is the very real opportunity to discover savings by acquiring discounted resources as a result of our expertise and focused search.
So, we offer:
For more information, email RKassin@hilcoglobal.com or complete the contact form to the left.
December 13, 2022
APNIC has announced fee increases for 2023. The fee charged per address will go up but the base fees for members and non-members will not change. APNIC charges 20% of the annual fee for transfers. Its annual fees, which have increased slightly this year, have many tiers and it has a fee calculator on its website. There are also discounts for organizations based in some economies. APNIC gives three examples of fees for transfers:
There is no change to the fees for those with the smallest allocations – 256 IPv4 addresses. They will remain at AUD 1,180 in 2023.
Organizations with 8,192 IPv4 addresses will have to pay an extra AUD 171. The new fee will be AUD 4,552. Bigger networks will pay more. An organization with 65,536 IPv4 addresses will pay an extra AUD 609. The new price will be AUD 10,234.
The percentage increase varies depending on the total amount of address space you hold. APNIC provides fee calculators for both members and non-members in addition to the table in its blog post.
Buyers of /16 and larger blocks have gone on vacation (or bought smaller space), which might presage softening /16 prices. Larger blocks still see higher prices, as shown in the chart. Last year, prices were at their peak at the end of the year and began falling in the first quarter, but past performance is no guarantee of future returns.
ARIN has introduced a new sliding scale for transfer fees, starting in January 2023. ARIN will bill these fees. IPv4.Global will follow ARIN policy in this matter going forward and both buyers and sellers will be responsible for their appropriate RIR fees.
ARIN will charge $500 to the source of a transfer. They will also charge recipients on a sliding scale, based on the size of the transferred block.
Recipients of the smallest blocks, 256 addresses, must pay $187.50. This grows to $750 for 1,024 addresses and $6,000 for blocks larger than 65,536 addresses. The theoretical top fee is $192,000 for recipients of blocks of more than 67 million addresses.
APNIC charges 20% of the annual fee for transfers. Its annual fees have many tiers and it has a fee calculator on its website. There are also discounts for organizations based in some economies. APNIC gives three examples of fees for transfers:
LACNIC charges sellers US$ 1,000 for transfers of between 256 addresses and 8,192 addresses. Transfers of more addresses cost US$ 1,500. Sellers must pay a $200 deposit at the start of the process.
The RIPE NCC does not levy a special transfer fee. It requires members to pay the full annual service fee for all their LIRs (accounts) before the transfer.
by IPv4.GLOBAL Staff
Ever since IPv4 exhaustion, these addresses have become a much-sought-after commodity. As a result, the price to acquire additional addresses has risen dramatically. To cut down on the cash flow impact of expanding IPv4 holdings, especially if IPv4 addresses aren’t required for an extended period of time or future needs are uncertain, other options are attractive.
IPv4 leasing is an option that might fit the bill. Depending on one’s needs, it may be a cheaper option while still fulfilling the same requirements as buying a block of IPv4 addresses. The benefits of an IPv4 rental option are significant and so warrant a close look.
A company with IPv4 holdings can choose to lease its IPv4 address blocks instead of selling the ownership rights to them. Essentially, this means they can “rent” them out over a set period of time rather than passing them along to a new owner indefinitely.
The leasing decision is not unlike deciding whether to buy or rent a house. One can pay a large, one-time lump sum to own a house (or incur significant debt to do so) or pay a lower rate month-by-month to rent it. For shorter term living, or if long-term needs are uncertain, a rental option may save the most money in the long run and will preserve cash in the near term. Both considerations are important if future needs are uncertain or if cash (or affordable credit) is in short supply.
Either option may be beneficial if it aligns with a company’s needs. Depending on the nature of a company’s requirements, upcoming device rotations, and amount of capital available, one may be better than the other. Businesses should choose IPv4 leasing or rental if:
On the other hand, businesses should consider purchasing IPv4 addresses if:
There are other factors that may play a role in the decision to lease or purchase IPv4 addresses. But overall, the preferences between the two options are governed by whether or not an organization has long-term certainty and the available funds for a purchase.
Much like buying or selling IPv4 addresses, these assets can also be leased through an IPv4 broker.
After IPv4 exhaustion, it became clear that IPv4 addresses were becoming a valuable resource since demand for them was high and rising despite their supply having run out. However, it was difficult for sellers to find buyers and vice versa, in addition to the hassle of drawing up their own contracts, completing transfers, moving funds and addressing other legal concerns.
This is why IPv4 brokers formed. They help companies who are interested in trading their IPv4 addresses find each other quickly and efficiently while taking care of the legal and regulatory sides of things, cutting down the time spent during the process. They quickly became a reliable way to buy and sell IPv4 addresses. If looking to buy, sell, or lease IPv4 addresses, finding a trusted IPv4 broker is the best way to go about it.
As far as leasing vs. purchasing IPv4 addresses, first gauge the scope and timelines associated with IP address needs. There are benefits for both options, in the form of saving money in the short term with leasing or saving in the long term by outright purchasing IPv4 addresses. Drawbacks in the form of money lost usually come from a mismatch of a company’s goals and choosing the less efficient option, e.g. purchasing IPv4 addresses when they’re only needed in the short-term.
To learn more about leasing vs. buying IPv4 addresses or getting started with either, visit IPv4.Global for more information.
Prices seem to have stabilized, with a premium for /16 and larger blocks. Will they remain stable, or will there be an end-of-year frenzy?
October 28, 2022
ARIN 50 kicked off with a report on the slowing pace of allocations through the IPv4 Waitlist.
ARIN reported that it only fulfilled 69 Waitlist requests in Q3 of 2022. On average, organizations got just 850 addresses. The total allocated space was less than 60,000 addresses.
ARIN reported that the Waitlist is increasing by about 120 requests a quarter, with just 60 allocations. It projects that over 1,000 organizations will be on the Waitlist by the end of 2023. It cannot project beyond the end of 2023 because it bases projections on revoked space. ARIN does not know how much space will be revoked in the future.
Participants discussed two proposals to simplify transfers.
2020-6 should help organizations downsize to a smaller block. The freed up space can then be transferred to other organizations. 2022-3 should lower the administrative burden in processing a transfer. It removes the need for an officer of the company to sign an attestation on the documentation provided to ARIN. ARIN is confident that removing this requirement will not impact its ability to pursue cases of fraud.
Both proposals were well supported and are likely to be adopted.
by IPv4.GLOBAL Staff
During mergers or the acquisition of another organization, digital assets play an ever-expanding role. There is a greater variety of these assets to be considered and they play a more important role in business than at any time in the past. Technology develops at an exponential rate, creating new types of digital assets all the time, further complicating intangible asset valuation. Of course, their valuation, impacting a purchase or merger, has become more crucial, too.
Many digital assets have a clear developmental history and current role in their organizations making it clear what makes them valuable. However, there may be some “hidden” assets that require a bit more due diligence to evaluate their worth. In some cases, companies may not conduct this research and could be sitting on a veritable gold mine of digital assets, either as seller or potential buyer, they are not aware of. One asset in particular has seen a relatively recent – seemingly quiet – surge in value.
In short, anything that is stored digitally can be considered a “digital asset,” such as audio files, spreadsheets, slide shows, etc. Obviously, many of these do not hold significant monetary value, but are considered digital assets nonetheless. Here are some examples of more common digital assets of value:
There are plenty of other examples of digital assets with variable value, but there’s a particularly valuable one that is oftentimes “hidden” to companies as they’ve either been overlooked or are sitting around unused: IPv4 addresses.
The IPv4 format was the structure of the first IP addresses that were publicly used when the Internet was created in the early 1980s. However, the popularity of the Internet was underestimated, and the 32-bit structure of the IPv4 format did not allow for enough unique IP addresses for all of the devices that would eventually seek to connect. This led to IPv4 exhaustion, i.e. there were few if any IP address blocks available for distribution by the organizations managing the system.
Thankfully, the IPv6 format was created before the world hit IPv4 exhaustion, with a 128-bit structure that allows for such a large number of IP addresses that we won’t likely hit an exhaustion again. However, since so many connected devices and websites are built on the IPv4 infrastructure, there are compatibility issues and conversion costs to abandoning or integrating IPv4 with IPv6. So, there is a widespread reluctance for businesses to adapt the IPv6 format.
If companies want to expand their connected devices network without integrating with IPv6 or converting their entire network’s infrastructure to the IPv6 format, they must find more IPv4 addresses. These have become a scarce resource. It is this very demand that has driven the value of IPv4 addresses to unprecedented heights.
Currently, IPv4 addresses are worth as much as $58 per address. When looked at individually this may seem to be a small amount, but IP addresses are usually acquired in blocks, denoted by symbols such as /24 or /16. The larger the number after a “/,” the smaller the block, and the smallest blocks tend to be valued in the tens of thousands of dollars while the largest blocks can be valued in the tens of millions.
This means that, in the event of a company acquisition or merger, if an unused block of IPv4 addresses is acquired, chances are high that it holds significant value.
Finding buyers for IPv4 addresses can be difficult, as it takes time to find an interested party that is qualified, draw up legal contracts, negotiate terms, etc. To avoid these headaches (and potential pitfalls), the most common way businesses trade IPv4 addresses is through a broker. IPv4 brokers pair sellers with buyers, or vice versa, and allow listings of all sizes on their platforms while taking care of most legalities and regulations. Escrow services are used to manage payments between parties. Registered IPv4 brokers are trustworthy facilitators to transfer IPv4 address blocks between two interested parties.
For more information on IPv4 address value, or to buy or sell IPv4 addresses, visit https://ipv4.global/.
October 28, 2022
Over 1,000 organizations are each waiting more than 300 days to get a block of just 256 IPv4 addresses – a /24 – in the RIPE region. The RIPE NCC warned that the wait time will soon reach 24 months despite allocating 900 /24s in the last year.
In December 2021, 330 member organizations were waiting for a /24. But half of those members had multiple accounts. More than half of waiting members now have just one account.
Each request from a member with multiple accounts delays what the RIPE NCC described as “real newcomers” by 1 to 2 days. They asked whether the community wants to change the policy.
The Database Working Group discussed adding geolocation as a purpose in the RIPE Database Terms and Conditions. Another suggestion was to place geolocation in a separate, independent, database. Users rely on the “operational purposes” term now but this is hard to interpret. The Database Working Group co-chairs will now decide how to manage this discussion.
Ukraine’s government requested help from the RIPE NCC earlier in October 2022. The RIPE NCC described several ways it could protect members in distressed areas from forced transfers. They asked the RIPE community to develop a policy for this issue. But the community pushed back and asked the RIPE NCC and asked the RIPE NCC board to take action.
The subject has generated a wave of discussion on the RIPE NCC Services Working Group list.
by IPv4 Staff
There is a general consensus IPv4 exhaustion occurred sometime in 2010. This varied by region, of course. RIPE announced that all IPv4 addresses had been allocated in 2019. This was anticipated and there was already a new format in place in preparation for this moment: IPv6. However, most companies still rely on the IPv4 format since it has been in existence for far longer than IPv6, and is, essentially, the foundational format for the vast majority of connected devices.
This led to a widespread reluctance to switch to the IPv6 format, as a majority of networks relies on the IPv4 infrastructure already in place. IPv6 conversion requires a lot of time, retraining, capital, etc. that many companies are unwilling to accommodate. This led to a rise in IPv4 demand, and thus the rise in its financial value.
Depending on a company’s IPv4 assets, they could be sitting on a valuable asset and lucrative opportunity. Whether there are unused IPv4 addresses from a company merger or an educational institution sitting on freely distributed assets that are now unused, it is important to understand the IPv4 inventory in any organization.
Other than the financial impact to be made from the sale or lease of available IPv4 address blocks in an IPv4 inventory, there are many reasons why having a thorough understanding of a company’s IPv4 addresses is important, especially as it pertains to IP address management. These include:
The saying “knowledge is power” rings true for why one should aim to have an all-encompassing IPv4 inventory for their institution. It will help bolster security and save precious time when seeking to expand a network with more connected devices. Conducting a thorough IPv4 inventory may also uncover hidden, unused IPv4 address blocks, which can then be used to fulfill any number of purposes, including their sale.
Depending on a company’s needs, one thing they could do is save them for later use. It helps business owners and employees rest easier knowing these IPv4 addresses are now accounted for and their network enjoys some bolstered security, along with all sorts of benefits like those mentioned above. On the other hand, they could sell them for a potentially large profit.
Companies don’t actually sell IPv4 addresses themselves. Rather, they sell the rights to their exclusive use. Regardless, there are many companies trying to buy IPv4 addresses at their substantially increased current price, e.g. tech giants like Amazon which has been buying large numbers of IPv4 addresses.
Image by IPv4GLOBAL
Looking at the above price chart, the leap in financial value IPv4 prices have experienced is all too obvious. Recently, the price hovers around the $50 mark per address, depending on the size of the IPv4 address block an entity is considering buying or selling. In many cases, this price level values holdings in the hundreds of thousands, millions and even tens of millions of dollars.
Selling the rights to IPv4 addresses is something that has been going on for quite some time. The advent of IPv4 exhaustion gave rise to the IPv4 marketplace and the idea of trading IP address ownership, and to facilitate this process IPv4 brokers were created.
Registered IPv4 brokers are trustworthy entities that act as a mediator between buyers and sellers of IPv4 addresses. They can save a lot of time and legal headache through playing this role, since companies had to find each other through more cumbersome processes and draw up their own contracts before IP address brokers came into existence.
To learn about IPv4 address inventory, or about buying, selling, and leasing IPv4 address blocks, visit IPv4GLOBAL for more information.
A slight bounce on small and medium blocks may mean we’ve hit the pricing floor. Large blocks might seem to have pulled back slightly, but that may simply be reflecting the mix of individual /16s compared to larger blocks, which fetch premium pricing.
The IP transfer process can be daunting if one is not familiar with the information required by each RIR. A number of reasons drive the detailed requirements for a transfer, including privacy, security and transparency. All reasonable goals, certainly. But in order to satisfy these requests, fairly precise steps must be taken to transfer an IP block between user entities.
Our team has experience in the process. We have successfully completed thousands of transfers and assist buyers on a daily basis. We provide a streamlined transfer process without sacrificing clear communication and procedural accuracy. Not surprisingly, to ensure a fast transfer, client cooperation is key. In order to make transfers more understandable, and therefore comfortable, the following describes the transfer process for IPv4 buyers in an APNIC-to-APNIC transfer.
1-3 days
Create an APNIC account
Register your APNIC account: Before making your purchase on IPv4.Global, your organization should have an active account with APNIC (and your local NIR, if applicable)
To discover if you have a registered account, please go to the APNIC website, and type your company name.
If you do not have an account with APNIC, please visit login.apnic.net and click “Register” to get started. To acquire IP addresses and/or ASNs, you must be an APNIC member.
An organization object will be created automatically for all APNIC account holders upon membership approval. This is the identifier unique to your organization. Please see Organization Object FAQ on APNIC’s website for details on Org ID usage and management.
Note: Please make sure the Org. Name registered on this account matches the legal name on your Company Registration Paperwork with your local Chamber of Commerce. Changing organization names or getting a new Org-ID after the purchase of the block will drastically delay the transfer process.
APNIC membership sign up fee is AUD 500 and Annual Membership fee is dependent on the number of addresses the organization holds. See APNIC Membership Fee details here.
1-2 weeks
APNIC Pre-Approval
Submit Pre-Approval Request:
If this is your first-time purchasing IP addresses, APNIC will request justification information for your 24-months IP addressing needs.
Providing justification after purchasing IP on our website, could extend the transfer process, so we recommend submitting a Pre-Approval request to APNIC beforehand.
See instructions on how to submit the APNIC Pre-Approval Request here. (Pre-Approval Validity: 2 years)
Note: Once the two years are up, you will need to file for justification once more to maintain pre-approved status. The recipient will also be required to provide additional justification when the size of transfer to receive is larger than what has already been pre-approved.
1 day
Register Account on IPv4.Global
Register Account: Register with us at IPV4.Global. During this step, one of our analysts will review your registration. If all checks out, our analyst will reach out for Buyer in-take.
When registering your account, it is best to provide the following information to gain approval:
Note: If we are not able to approve your account with the information already provided, we will reach out to confirm your details.
~ 1-3 days
Set up IPv4.Global in your accounts payable system.
Please contact our team if your accounts payable team requires any information or documentation to complete the set up.
We hold the funds in Escrow until the internet resource(s) are transferred to the recipient ensuring the security and reliability of our transfers.
Once the internet resource(s) are successfully transferred to your organization’s APNIC account, we will release the funds to the seller.
Note: It is extremely important that this step is done before the purchase of the block on our site, as late payment could severely impact the transfer process leading to delays or cancellations.
~ 1 – 3 weeks
Purchasing IPv4
(~1 – 5 days) Once you place your purchase, a transfer analyst will reach out to you to begin the payment process and will serve as a liaison between you and the seller throughout the entire transfer.
On the invoice generated by our platform, you will be given the option to remit payment into escrow via wire transfer, ACH, and Escrow.com. Purchases under $30,000.00 USD can be paid by credit card.
Note: Payment deadline is 5 business days after the sale has ended.
Gather all the required information and documents for the seller and forward it to your transfer analyst.
Recipient’s Information:
If you have Pre-Approval:
(~1 day)
– Notify your transfer analyst of Pre-Approval and provide the Pre-Approval Ticket Request Number and Expiration Date.
If you do not have Pre-Approval:
(~1-2 weeks) Please wait for APNIC to request justification paperwork after the Seller submits their transfer request.
*Note: Supporting documents includes: network plans, diagrams, equipment invoices, service agreements with upstream providers, etc.
(~1-2 days) Await approval: Once APNIC approves the transfer, they will issue a transfer fee invoice to your account in the APNIC portal.
You can see the APNIC transfer fee structure here and calculate your potential fee here. Please see APNIC’s payment options here, we recommend paying the transfer fee with a credit card.
If your organization requires a purchase order for payment, please have your accounts payable team prepare beforehand so as to not delay the transfer.
After the transfer fee has been paid, APNIC will proceed with the transfer of the resource(s). Upon transfer completion, APNIC will update the Whois database.
Step 6
~ 1 day
Transfer Completion
Completion Notice: Our Analyst will notify you that the transfer is complete and announce the release of funds to your account.
by IPv4.GLOBAL Staff
As the scarcity of IPv4 addresses – combined with demand for them – continues to drive up their value, IPv4 buyers have expanded the scope of their searches for these assets. Similarly, sellers have broadened their willingness to consider a wider geographic range of transfers. This has led many buyers to search outside their Regional Internet Registries (RIR) for transfers that satisfy their needs.
So, to the question, “Can I transfer IPv4 addresses between RIRs,” the short answer is yes. Trading and transferring IPv4 addresses between RIRs, often called inter-RIR transfers, is completely legal and has been going on for some time. Based on the RIR, there are different policies, fees, required information, and processing times that IPv4 buyers and sellers will have to account for when transferring IPv4 blocks between different RIRs.
The Registries that permit inter-RIR transfers are ARIN, LACNIC, RIPE and APNIC. The fifth RIR, AFRINIC, doesn’t have a policy allowing inter-RIR transfers.
The approval process for an inter-RIR transfer will vary depending on the RIRs IPv4 addresses are being transferred between, but the broader strokes will be the same. Step-by-step, the approval process looks something like this:
There may be some differences depending on the RIR, but these are the essential steps to any inter-RIR IPv4 transfer. These transfers vary in the time they take, but the process at ARIN, RIPE and APNIC can require up to a month or perhaps a little longer to conclude. LACNIC transfers require at least two month and may require up to ten months.
Other than justification from the buyer and transfer confirmations in an inter-RIR IPv4 trade, RIRs will request various documents to confirm the validity of the transfer and the legitimacy of the parties involved with the trade. Depending on the RIR, they can request membership documents, proof of registration, information of the buyer or seller’s organization, company director or equivalent role when necessary, etc.
Additionally, RIPE offers an inter-RIR transfer template which will need to be filled out by the seller. Others may require submission through their portals.
As expected, the amount in membership, transfer and processing fees organizations will be asked to pay varies depending on their respective RIRs transfer policies. The size of the IPv4 block in question can also have an effect on the amount charged.
For information on specific RIR transfer fees, see below:
In addition to the typical intra-RIR restrictions, there are additional factors that may lead to the disqualification of an IPv4 transfer or a breach of contract. This may be obvious, but if transfer fees aren’t paid in full by both parties the inter-RIR trade cannot proceed and could potentially be called off altogether. Additionally, both parties must be sure to update the relevant databases to reflect the new allocation of IPv4 addresses when the transfer is complete for public record, as this can also be considered a disqualification if ignored.
If you want to learn more about inter-RIR transfers or are looking for an IPv4 broker to assist you with one, visit https://ipv4.global/.
The IP transfer process can be daunting if one is not familiar with the information required by each RIR. A number of reasons drive the detailed requirements for a transfer, including privacy, security and transparency. All reasonable goals, certainly. But in order to satisfy these requests, fairly precise steps must be taken to transfer an IP block between user entities.
Our team has experience in the process. We have successfully completed thousands of transfers and assist buyers on a daily basis. We provide a streamlined transfer process without sacrificing clear communication and procedural accuracy. Not surprisingly, to ensure a fast transfer, client cooperation is key. In order to make transfers more understandable, and therefore comfortable, the following describes the transfer process for IPv4 buyers in an RIPE-to-RIPE transfer.
1-3 days
Create an RIPE account
Register your RIPE account: Prior to purchasing IPv4 for your organization, you should make sure to have a registered account in your local regional internet registry (RIR).
To discover if you have a registered account, please go to the RIPE Database, and type you company name.
To register an account, visit my.ripe.net to get started.
Create an Org-ID: This is the identifier unique to your organization.
Visit Creating Organization Objects on RIPE’s website for information on how to create and manage Org IDs.
You will be asked to enter a contact such as Admin, Tech, or Abuse contact for your organization.
You will also be asked to provide a signed Registration Service Agreement by an authorized person at your organization.
Note: Please make sure the Org. Name registered on this account matches that of the legal name on your Company Registration Paperwork with your local Chamber of Commerce. Changing organization names or getting a new Org-ID after the purchase of the block will drastically delay the transfer process.
1 day
Register Account on IPv4.Global
Register Account: Register with us at IPV4.Global . During this step, one of our analysts will review your registration. If all checks out, our analyst will reach out for Buyer in-take.
When registering your account, it is best to provide the following information to gain approval:
1-3 days
Set Up Vendor Purchase Order between your organization and IPV4.Global
Set up Vendor Account: During this step, we provide your accounts payable team with any information/documentation they may need to set up payment to us.
To get started, please reach out to one of our Transfer Analysts or contact us through our Contact Us forms.
As agents, we hold the funds in our Escrow until the addresses are completely transferred to our recipient ensuring the security and reliability of our transfers.
Once the block is successfully transferred to the recipient’s RIPE account, we will release the funds to the seller.
Note: It is extremely important that this step is done before the purchase of the block on our site, as late payment could severely impact the transfer process leading to delays or cancellations.
~ 1-3 weeks
Purchasing IPv4
(1 – 5 days) Remit payment. Standard methods include wiring into Escrow or using Escrow.com.
Once purchased, our analysts will serve as liaison between you and the seller and provide guidance through the entire transfer process until completion.
(1-7 days) Gather all the required information and documents for the seller:
Buyer Information
Business Registration Papers
Please note that if your company is registered outside of RIPE, the business registration papers must be less than three months old.
(1-3 days) A RIPE Transfer Agreement will be sent out to both parties to review and sign.
(1 day) The seller will go onto their LIR account on the RIPE NCC portal and request a transfer. The seller will submit the information and documents gathered earlier in their transfer request.
Please note that if you are If you are not an LIR, you will need your sponsoring LIR to submit the document on your behalf.
(1 – 7 days) RIPE will review the seller’s request
During this time, RIPE will contact you to confirm that you want the space transferred to your organization’s account and ask for any additional information they may need.
(1 day) Once the due diligence process is completed, RIPE will transfer the block and update the database.
Note: Payment deadline is 5 days after block’s sale ended.
1 day
Transfer Completion
Completion Notice: Our Analyst will notify you that the transfer is complete and announce the release of funds to the seller.
To help ensure you have all the documents you will need ready before your IP purchase, download our Buyers’ Checklist by clicking here.
The IP transfer process can be daunting if one is not familiar with the information required by each RIR. A number of reasons drive the detailed requirements for a transfer, including privacy, security and transparency. All reasonable goals, certainly. But in order to satisfy these requests, fairly precise steps must be taken to transfer an IP block between user entities.
Our team has experience in the process. We have successfully completed thousands of transfers and assist buyers on a daily basis. We provide a streamlined transfer process without sacrificing clear communication and procedural accuracy. Not surprisingly, to ensure a fast transfer, client cooperation is key. In order to make transfers more understandable, and therefore comfortable, the following describes the transfer process for IPv4 seller in a RIPE-to-RIPE transfer.
1 day
Ensure RIPE account details
RIPE account: Make sure you have access to your RIPE account.
Merger & Acquisition: Check to see if your company has undergone M & A.
Block Listing: Check for announcement, spam, and block listing. Read more on block listing here.
1 day
Register Account on IPv4.Global
Register Account: Register with us at IPV4.Global. During this step, one of our analysts will review your registration. You may list your block for pre-sale review at the same time.
When registering your account, it is best to provide the following information to gain approval:
1-3 days
Submit Block for Review
Block Review: Once your blocks are submitted, they will be reviewed by an analyst.
If the block is transferable, you will receive an Engagement Agreement (EA) from us for you to review.
The EA includes our terms, commission, and other legal details.
Onboarding: After signing this agreement, you will go through our onboarding process.
During this step, we will see if your block has gone through M&A, discuss pricing strategies, etc.,
Note: Blocks in RIPE are transferable only after they are held for two years after registration
~ 1-3 weeks
Transferring IPv4
(1 – 5 days) Await buyer’s payment: Once payment is received, our experienced analysts will serve as liaison between you and the buyer and provide guidance for the entire transfer process until completion.
(1 – 7 days) Buyer’s information and registration papers are gathered for the transfer request.
(1 – 3 days) A RIPE Transfer Agreement will be sent out to both parties to review and sign.
(1 day) You will go onto your organization’s LIR account on the RIPE NCC portal and request a transfer. Submit both parties’ information, registration papers, and the signed transfer agreement with the transfer request.
(1 – 7 days) RIPE will review the seller’s request
During this time, RIPE will contact the buyer to confirm that they wish to receive the space and ask for any additional information they may need.
(1 day) Once the due diligence process is completed, RIPE will transfer the block and update the database.
1 day
Transfer Completion
Completion Notice: Our Analyst will notify you that the transfer is complete and announce the release of funds to your account.
To help ensure you have all the documents you will need ready before your IP sale, download our Sellers Checklist by clicking here.
The IP transfer process can be daunting if one is not familiar with the information required by each RIR. A number of reasons drive the detailed requirements for a transfer, including privacy, security and transparency. All reasonable goals, certainly. But in order to satisfy these requests, fairly precise steps must be taken to transfer an IP block between user entities.
Our team has experience in the process. We have successfully completed thousands of transfers and assist buyers on a daily basis. We provide a streamlined transfer process without sacrificing clear communication and procedural accuracy. Not surprisingly, to ensure a fast transfer, client cooperation is key. In order to make transfers more understandable, and therefore comfortable, the following describes the transfer process for IPv4 buyers in an ARIN-to-ARIN transfer.
1-3 days
Create an ARIN account
Register your ARIN account: Prior to purchasing IPv4 for your organization, you should make sure to have a registered account in your local regional internet registry (RIR).
To discover if you have a registered account, please go to whois.arin.net, and type you company name with asterisks side by side.
For example, if your company name is ‘Example’, please type *Example*
Create an Org-ID: This is the identifier unique to your organization.
Visit Creating an Org-ID on ARIN’s website for information on how to create and manage Org IDs.
You will be asked to enter a Point of Contact (POCs) such as Admin or Tech for your organization.
You will also be asked to provide a signed Registration Service Agreement by an authorized person at your organization.
Note: Please make sure the Org. Name registered on this account matches that of the legal name on your Company Registration Paperwork with your local Chamber of Commerce. Changing organization names or getting a new Org-ID after the purchase of the block will drastically delay the transfer process.
1-2 weeks
ARIN Pre-Approval
Submit Pre-Approval Request:
If this is your first-time purchasing addresses, ARIN will request justification information for your 24-month IP addressing needs.
See instructions on how to submit the Pre-Approval Request here.
We advise that you review ARIN’s Quick Guide to Requesting Resources before filling out the justification form.
Click here to see Example Justification Form.
(Pre-Approval Validity: 2 years)
Note: Once the two years are up, you will need to file for justification once more to maintain pre-approved status.
1 day
Register Account on IPv4.Global
Register Account: Register with us at IPV4.Global. During this step, one of our analysts will review your registration. If all checks out, our analyst will reach out for Buyer in-take.
When registering your account, it is best to provide the following information to gain approval:
1-3 days
Set Up Vendor Purchase Order between your organization and IPV4.Global
Set up Vendor Account: During this step, we provide your accounts payable team with any information/documentation they may need to set up payment to us.
To get started, please reach out to one of our Transfer Analysts or contact us through our Contact Us forms.
As agents, we hold the funds in our Escrow until the addresses are completely transferred to our recipient ensuring the security and reliability of our transfers.
Once the block is successfully transferred to the recipient’s ARIN account, we will release the funds to the seller.
Note: It is extremely important that this step is done before the purchase of the block on our site, as late payment could severely impact the transfer process leading to delays or cancellations.
~ 1-3 weeks
Purchasing IPv4
(1 – 5 days) Remit payment. Standard methods include wiring into Escrow or using Escrow.com.
Once purchased, our analysts will serve as liaison between you and the seller and provide guidance through the entire transfer process until completion.
Submit 8.3 Transfer Request to ARIN. A ticket number will be generated from this submission.
If you have Pre-Approval:
(1 day) Provide the Hilco your Pre-Approval Ticket Number.
Add Seller’s ticket number to your ticket once received.
(1 day) ARIN will notify you of transfer approval once they approve the ticket on the seller’s side and perform their due diligence.
(1 day) After ARIN performs one final review, they will notify you of the completion of transfer.
If you do not have Pre-Approval:
(1- 2 days) Review: ARIN will review your request.
(1 week) Justification: You will need to provide a reason for the need of this block. Please see Step 2 for details.
(1 – 3 days) Officer Attestation: After reviewing the block and documentation, ARIN will ask an authorized person from your organization to review, sign and notarize the Officer Attestation form.
(1 day) After ARIN performs one final review, they will notify you of the completion of transfer.
Note: Payment deadline is 5 days after block’s sale ended.
1 day
Transfer Completion
Completion Notice: Our Analyst will notify you that the transfer is complete and announce the release of funds to your account.
To help ensure you have all the documents you will need ready before your IP purchase, download our Buyers’ Checklist by clicking here.
The IP transfer process can be daunting if one is not familiar with the information required by each RIR. A number of reasons drive the detailed requirements for a transfer, including privacy, security and transparency. All reasonable goals, certainly. But in order to satisfy these requests, fairly precise steps must be taken to transfer an IP block between user entities.
Our team has experience in the process. We have successfully completed thousands of transfers and assist buyers on a daily basis. We provide a streamlined transfer process without sacrificing clear communication and procedural accuracy. Not surprisingly, to ensure a fast transfer, client cooperation is key. In order to make transfers more understandable, and therefore comfortable, the following describes the transfer process for IPv4 seller in an ARIN-to-ARIN transfer.
1 day
Ensure ARIN account details
ARIN account: Make sure you have access to your ARIN account.
Merger & Acquisition: Check to see if your company has undergone M & A.
Block Listing: Check for announcement, spam, and block listing. Read more on block listing here.
1-2 weeks
ARIN Pre-Approval
Submit Pre-Approval Request:
As a source there is no pre-approval transfer. You can submit an 8.3 (or 8.4) transfer without designating a recipient. ARIN will review this as though it were a real transfer.
In this step, you should submit Transfer Fee and Officer Attestation in advance. Download the Officer Attestation Template here.
Note: If you submitted an 8.3 Transfer Request, this block can only be transferred within the ARIN region. Thus, if your block was bought by an RIR other than ARIN, you will have to create an 8.4 Transfer Request later. ARIN will allow the transfer fee to be applied to this new ticket)
1 day
Register Account on IPv4.Global
Register Account: Register with us at IPV4.Global. During this step, one of our analysts will review your registration. You may list your block for pre-sale review at the same time.
When registering your account, it is best to provide the following information to gain approval:
1-3 days
Submit Block for Review
Block Review: Once your blocks are submitted, they will be reviewed by an analyst.
If the block is transferable, you will receive an Engagement Agreement (EA) from us for you to review.
The EA includes our terms, commission, and other legal details.
Onboarding: After signing this agreement, you will go through our onboarding process.
During this step, we will see if your block has gone through M&A, discuss pricing strategies, etc.,
Note: Blocks in ARIN are transferable only after they are held for a year after registration
~ 1-3 weeks
Transferring IPv4
(1 – 5 days) Await buyer’s payment: Once payment is received, our experienced analysts will serve as liaison between you and the buyer and provide guidance for the entire transfer process until completion.
Submit 8.3 Transfer Request to ARIN: A ticket number will be generated from this submission.
If You Have Pre-Approval:
(1 day) Provide the Hilco your Pre-Approval Ticket Number. Add Buyer’s ticket number to your ticket once received.
(1 day) ARIN will notify you of transfer approval once they approve the ticket on the seller’s side and perform their due diligence.
(1 day) After ARIN performs one final review, they will notify you of the completion of transfer.
If You Do Not Have Pre-Approval:
(1 – 2 days) ARIN will review your request.
(1 – 2 days) ARIN will send you a Transfer Fee Invoice. You will forward this Invoice to our analyst who will pay the transfer fee invoice on behalf of the buyer
(1 – 3 days) Officer Attestation: After reviewing the block and documentation, ARIN will ask an authorized person from your organization to review, sign and notarize the Officer Attestation form.
(1 – 3 days) After ARIN reviews the OA, they will approve the transfer.
(1 day) After ARIN performs one final review, they will notify you of the completion of transfer.
1 day
Transfer Completion
Completion Notice: Our Analyst will notify you that the transfer is complete and announce the release of funds to your account.
To help ensure you have all the documents you will need ready before your IP sale, download our Sellers Checklist by clicking here.
The IP transfer process can be daunting if one is not familiar with the information required by each RIR. A number of reasons drive the detailed requirements for a transfer, including privacy, security and transparency. All reasonable goals, certainly. But in order to satisfy these requests, fairly precise steps must be taken to transfer an IP block between user entities.
Our team has experience in the process. We have successfully completed thousands of transfers and assist buyers on a daily basis. We provide a streamlined transfer process without sacrificing clear communication and procedural accuracy. Not surprisingly, to ensure a fast transfer, client cooperation is key. In order to make transfers more understandable, and therefore comfortable, the following describes the transfer process for IPv4 sellers in an APNIC-to-ARIN transfer.
1 day
Ensure APNIC account details
Make sure you have access to the APNIC account of your Corporate Contact and Secondary Contact. Click here to view the transfer requirements in detail.
Merger & Acquisition: Check to see if your company has undergone M & A.
Block Listing: Check for announcement, spam, and block listing.
~ 1 day
Register Account on IPv4.Global
Register Account: Register with us at IPV4.Global. During this step, one of our analysts will review your registration. You may list your block for pre-sale review at the same time.
When registering your account, it is best to provide the following information to gain approval:
1-3 days
Submit Block for Review
Block Review: Once your blocks are submitted, they will be reviewed by an analyst. An Engagement Agreement (EA) will be sent to your email through Adobe Sign to be reviewed and signed. If there are any questions about the transferability of your block, we will contact you to request more information.
The EA includes our terms, commission, and other legal details.
Onboarding: After signing this agreement, you will go through our onboarding process.
During this step, we will see if your block has gone through M&A, discuss pricing strategies, etc.,
Note: 103/8 addresses are transferable only after they are held for five years after delegation.
~ 1-3 weeks
Transferring IPv4
(1 – 5 days) Await buyer’s payment
Once the block is purchased, our experienced analysts will serve as liaison between you and the buyer, and provide guidance in collecting the required documents to complete the transfer. Buyers are given five business days to remit payment into escrow.
(1 day) Post-payment
Once payment is received in Hilco’s Escrow account, our analyst will provide instructions to submit the APNIC Transfer Request. During this process, you will complete and email the following template to admin@apnic.net.
Upon successful submission, an email will be sent to you with the assigned ticket reference number. Please forward this ticket number to your Hilco Analyst or Cc Hilco Analyst in your email thread for best assistance.
(1 – 7 days) APNIC review Seller’s transfer request
During this time, APNIC will review the email you sent and request additional information when necessary. (Please prepare your Company Registration Paperwork for this step)
Once the due diligence process is completed, APNIC will request a transfer fee which is dependent on the block size. After they process the transfer fee payment, APNIC will inform ARIN the approval for transfer.
~ 1 – 5 days
Await ARIN
APNIC will work with ARIN to confirm the prefix transfer.
Once ARIN is satisfied with the information and justification provided to them by the ARIN recipient, they will perform one last due diligence and approve the transfer.
~ 1 day
Transfer Completion
Once both RIRs approve of the transfer, they will agree upon a mutual date and time to update their registries.
Completion Notice: Our Analyst will notify you that the transfer is complete and announce the release of funds to your account.
The IP transfer process can be daunting if one is not familiar with the information required by each RIR. A number of reasons drive the detailed requirements for a transfer, including privacy, security and transparency. All reasonable goals, certainly. But in order to satisfy these requests, fairly precise steps must be taken to transfer an IP block between user entities.
Our team has experience in the process. We have successfully completed thousands of transfers and assist buyers on a daily basis. We provide a streamlined transfer process without sacrificing clear communication and procedural accuracy. Not surprisingly, to ensure a fast transfer, client cooperation is key. In order to make transfers more understandable, and therefore comfortable, the following describes the transfer process for IPv4 buyers in an APNIC-to-ARIN transfer.
1-3 days
Create an ARIN account
Register your ARIN account: Prior to purchasing IPv4 for your organization, you should make sure to have a registered account in your local regional internet registry (RIR).
To discover if you have a registered account, please go to whois.arin.net, and type your company name with asterisks side by side.
For example, if your company name is ‘Hilco IP Services, LLC’, please type *Hilco IP Services, LLC*
Create an Org-ID: This is the identifier unique to your organization.
Visit Creating an Org-ID on ARIN’s website for information on how to create and manage Org IDs.
You will be asked to enter a Point of Contact (POCs) such as Admin or Tech for your organization.
You will also be asked to provide a signed Registration Service Agreement by an authorized person at your organization.
Note: Please make sure the Org. Name registered on this account matches that of the legal name on your Company Registration Paperwork with your local Chamber of Commerce. Changing organization names or getting a new Org-ID after the purchase of the block will drastically delay the transfer process.
1-2 weeks
ARIN Pre-Approval
Submit Pre-Approval Request:
If this is your first-time purchasing addresses, ARIN will request justification information for your 24-month IP addressing needs.
See instructions on how to submit the Pre-Approval Request here.
We advise that you review ARIN’s Quick Guide to Requesting Resources before filling out the justification form.
Click here to see Example Justification Form.
(Pre-Approval Validity: 2 years)
Note: Once the two years are up, you will need to file for justification once more to maintain pre-approved status.
1 day
Register Account on IPv4.Global
Register Account: Register with us at IPV4.Global. During this step, one of our analysts will review your registration. If all checks out, our analyst will reach out for Buyer in-take.
When registering your account, it is best to provide the following information to gain approval:
~ 1-3 days
Set Up Vendor Purchase Order between your organization and IPV4.Global
Set up Vendor Account: During this step, we provide your accounts payable team with any information/documentation they may need to set up payment to us.
To get started, please reach out to one of our Transfer Analysts or contact us through our Contact Us forms.
As agents, we hold the funds in our Escrow until the addresses are completely transferred to our recipient ensuring the security and reliability of our transfers.
Once the block is successfully transferred to the recipient’s ARIN account, we will release the funds to the seller.
Note: It is extremely important that this step is done before the purchase of the block on our site, as late payment could severely impact the transfer process leading to delays or cancellations.
~ 1 week
Purchasing IPv4
(~1 – 5 days) Once you place your purchase, a transfer analyst will reach out to you to begin the payment process and will serve as a liaison between you and the seller throughout the entire transfer.
Step 5.1: Make payment: On the invoice generated by our platform, you will be given the option to remit payment into escrow via wire transfer, ACH, and Escrow.com. Purchases under $30,000.00 USD can be paid by credit card.
Note: Payment deadline is 5 business days after the sale has ended.
Step 5.2: Submit 8.4 Recipient Transfer Request to ARIN. A ticket number will be generated from this submission.
Step 5.3: Forward the following information to your assigned Hilco Analyst
Recipient organization name:
Recipient organization address:
Recipient organization contact name:
Recipient organization contact phone:
Recipient organization contact email:
Recipient organization’s ARIN Org-ID:
If you have Pre-Approval:
(1 day)
– Provide Hilco your Pre-Approval Ticket Number & your most recently retrieved Company Registration Paperwork.
– Submit 8.4 Recipient Transfer Request to ARIN. A ticket number will be generated from this submission.
If you do not have Pre-Approval:
(1- 2 days) Submit 8.4 Transfer Request: ARIN will review your request and you will receive an 8.4 ticket number upon submission. Please forward this ticket number to your assigned analyst along with your most recent Company Registration Paperwork.
(1 week) Justification: You will need to provide a reason for the need of this block. Please see Step 2 for details.
(1 – 3 days) Officer Attestation: After reviewing the block and documentation, ARIN will ask an authorized person from your organization to review, sign and notarize the Officer Attestation form.
(1 day) After ARIN performs one final review, they will notify you of the approval of the transfer of the block.
~ 1 – 2 weeks
Await APNIC
(~ 1 week) The seller will submit their transfer request to RIPE and RIPE will work with the seller to collect the necessary documents required to approve the transfer of the prefix.
(1 day) ARIN will notify you of the transfer once they get notified of the transfer approval from RIPE.
(1 – 3 days) Officer Attestation: After reviewing the block and documentation, ARIN will ask an authorized person from your organization to review, sign and notarize the Officer Attestation form.
Note: IPv4.Global provides an in-house e-notary service at no cost to you, so you may request this service from your assigned analyst if neccessary.
(1 day) ARIN will invoice a transfer fee dependent on the block size. Once paid for, ARIN performs one final review, they will notify you of the approval of the transfer of the block.
(1 day) After ARIN performs one final review, they will invoice a transfer fee dependent on the block size. Once paid for, they will notify you of the approval of the transfer. ARIN will contact RIPE to agree upon a mutual date to update their registries and complete the transfer. Note: Please refer to the ARIN Transfer Fee Schedule for the transfer fee.
~ 1 day
Transfer Completion
Once both RIRs approve of the transfer, they will agree upon a mutual date and time to update their registries.
Completion Notice: Our Analyst will notify you that the transfer is complete and announce the release of funds to your account.
The IP transfer process can be daunting if one is not familiar with the information required by each RIR. A number of reasons drive the detailed requirements for a transfer, including privacy, security and transparency. All reasonable goals, certainly. But in order to satisfy these requests, fairly precise steps must be taken to transfer an IP block between user entities.
Our team has experience in the process. We have successfully completed thousands of transfers and assist buyers on a daily basis. We provide a streamlined transfer process without sacrificing clear communication and procedural accuracy. Not surprisingly, to ensure a fast transfer, client cooperation is key. In order to make transfers more understandable, and therefore comfortable, the following describes the transfer process for IPv4 buyers in an RIPE-to-RIPE transfer.
1-3 days
Create a RIPE account
Register your RIPE account: Prior to purchasing IPv4 for your organization, you should make sure to have a registered account in your local regional internet registry (RIR).
To discover if you have a registered account, please go to the RIPE Database, and type your company name.
To register an account, visit my.ripe.net to get started.
Create an Org-ID: This is the identifier unique to your organization.
Visit Creating Organization Objects on RIPE’s website for information on how to create and manage Org IDs.
You will be asked to enter a contact such as Admin, Tech, or Abuse contact for your organization.
You will also be asked to provide a signed Registration Service Agreement by an authorized person at your organization.
Note: Please make sure the Org. Name registered on this account matches that of the legal name on your Company Registration Paperwork with your local Chamber of Commerce. Changing organization names or getting a new Org-ID after the purchase of the block will drastically delay the transfer process.
1 day
Register Account on IPv4.Global
Register Account: Register with us at IPV4.Global . During this step, one of our analysts will review your registration. If all checks out, our analyst will reach out for Buyer in-take.
When registering your account, it is best to provide the following information to gain approval:
~ 1-3 days
Set Up Vendor Purchase Order between your organization and IPV4.Global
Set up Vendor Account: During this step, we provide your accounts payable team with any information/documentation they may need to set up payment to us.
To get started, please reach out to one of our Transfer Analysts or contact us through our Contact Us forms.
As agents, we hold the funds in our Escrow until the addresses are completely transferred to our recipient ensuring the security and reliability of our transfers.
Once the block is successfully transferred to the recipient’s RIPE account, we will release the funds to the seller.
Note: It is extremely important that this step is done before the purchase of the block on our site, as late payment could severely impact the transfer process leading to delays or cancellations.
~ 1-3 weeks
Purchasing IPv4
(1 – 5 days) Once you place your purchase, a transfer analyst will reach out to you to begin the payment process and will serve as a liaison between you and the seller throughout the entire transfer.
On the invoice generated by our platform, you will be given the option to remit payment into escrow via wire transfer, ACH, and Escrow.com. Purchases under $30,000.00 USD can be paid by credit card.
(1-7 day) Gather all the required information and documents for the seller while awaiting ARIN approval.
Buyer Information
(1-2 days) Once the due diligence process is completed, RIPE will transfer the block and update the database.
Note: Payment deadline is 5 days after block’s sale ended.
~ 1 day
Transfer Completion
Completion Notice: Our Analyst will notify you that the transfer is complete and announce the release of funds to the seller.
The IP transfer process can be daunting if one is not familiar with the information required by each RIR. A number of reasons drive the detailed requirements for a transfer, including privacy, security and transparency. All reasonable goals, certainly. But in order to satisfy these requests, fairly precise steps must be taken to transfer an IP block between user entities.
Our team has experience in the process. We have successfully completed thousands of transfers and assist buyers on a daily basis. We provide a streamlined transfer process without sacrificing clear communication and procedural accuracy. Not surprisingly, to ensure a fast transfer, client cooperation is key. In order to make transfers more understandable, and therefore comfortable, the following describes the transfer process for IPv4 sellers in an ARIN-to-RIPE transfer.
1 day
Ensure ARIN account details
ARIN account: Make sure you have access to Admin or Tech POC’s ARIN accounts and are able to create tickets for the transfer(s) of your block(s). Click here to view the Requirements for the Source Organization in detail.
Merger & Acquisition: Check to see if your company has undergone M & A.
Block Listing: Check for announcement, spam, and block listing. Read more on block listing here.here.
1-2 weeks
ARIN Pre-Approval Rquest
As a source there is no pre-approval transfer. You can submit an 8.3 (or 8.4) transfer without designating a recipient. ARIN will review this as though it were a real transfer.
Note: 8.3 tickets are for domestic transfers, 8.4 are for international transfers. If you submitted an 8.3 Transfer Request, this block can only be transferred within the ARIN region. Thus, if your block was bought by an RIR other than ARIN, you will have to create an 8.4 Transfer Request later.
In this case, you are transferring your block into RIPE (Inter-RIR). Please create an 8.4 transfer ticket. After creating your ticket, you may submit a non-refundable Transfer Fee and Officer Attestation in advance. Download the Officer Attestation Template here.
Note: We advise paying the ARIN transfer fee once a buyer is determined.
~ 1 day
Register Account on IPv4.Global
Register Account: Register with us at IPV4.Global. During this step, one of our analysts will review your registration. You may list your block for pre-sale review at the same time.
When registering your account, it is best to provide the following information to gain approval:
1-3 days
Submit Block for Review
Block Review: Once your blocks are submitted, they will be reviewed by an analyst.
You will receive an Engagement Agreement (EA) from us for you to review.
The EA includes our terms, commission, and other legal details.
Onboarding: If the block is transferable, you will receive a countersigned agreement and an assigned transfer analyst will take you through our onboarding process.
During this step, we will see if your block has gone through M&A, discuss pricing strategies, etc.,
Note: Blocks in ARIN are transferable only after they are held for a year after registration. If the block was received from the waitlist, there is a five year hold period.
~ 1-3 weeks
Transferring IPv4
(1 – 5 days) Await buyer’s payment: Once payment is received, our experienced analysts will serve as liaison between you and the buyer and provide guidance for the entire transfer process until completion.
Submit 8.4 Transfer Request to ARIN
(1 – 2 days) Submit your 8.4 Transfer Request (if you did not already raise a ticket in Step 2) with the RIPE recipient information included. Your assigned Hilco Analyst will provide the RIPE recipient information to you.
A ticket number will be generated from this submission. Please forward this ticket number to your assigned Hilco analyst.
(1 – 3 days)
Submit Source Acknowledgement: After reviewing the block and documentation, ARIN will ask an authorized person from your organization to review, sign and notarize the Source Acknowledgement form.
Transfer Fee: ARIN will invoice a transfer fee shown in the schedule here which must be paid before the transfer is approved.
(1 – 3 days) After ARIN reviews the Source Acknowledgement, recipient information, and processes the transfer fee payment, they will approve the transfer if no other documentation is needed.
(1 – 2 days) Once approved, ARIN will reach out to RIPE and RIPE will then contact the recipient’s point of contact for confirmation and collect necessary documents.
Wait for RIPE’s approval.
Once approved, ARIN and RIPE will agree upon a mutual date to update both registries.
~ 1-3 days
Transfer Completion
Completion Notice: Our Analyst will notify you that the transfer is complete and announce the release of funds to your account.
The IP transfer process can be daunting if one is not familiar with the information required by each RIR. A number of reasons drive the detailed requirements for a transfer, including privacy, security and transparency. All reasonable goals, certainly. But in order to satisfy these requests, fairly precise steps must be taken to transfer an IP block between user entities.
Our team has experience in the process. We have successfully completed thousands of transfers and assist buyers on a daily basis. We provide a streamlined transfer process without sacrificing clear communication and procedural accuracy. Not surprisingly, to ensure a fast transfer, client cooperation is key. In order to make transfers more understandable, and therefore comfortable, the following describes the transfer process for IPv4 buyers in an RIPE-to-ARIN transfer.
1-3 days
Create an ARIN account
Register your ARIN account: Prior to purchasing IPv4 for your organization, you should make sure to have a registered account in your local regional internet registry (RIR).
To discover if you have a registered account, please go to whois.arin.net, and type your company name with asterisks side by side.
For example, if your company name is ‘Hilco IP Services, LLC’, please type *Hilco IP Services, LLC*
Create an Org-ID: This is the identifier unique to your organization.
Visit Creating an Org-ID on ARIN’s website for information on how to create and manage Org IDs.
You will be asked to enter a Point of Contact (POCs) such as Admin or Tech for your organization.
You will also be asked to provide a signed Registration Service Agreement by an authorized person at your organization.
Note: Please make sure the Org. Name registered on this account matches that of the legal name on your Company Registration Paperwork with your local Chamber of Commerce. Changing organization names or getting a new Org-ID after the purchase of the block will drastically delay the transfer process.
1-2 weeks
ARIN Pre-Approval
Submit Pre-Approval Request:
If this is your first-time purchasing addresses, ARIN will request justification information for your 24-month IP addressing needs.
See instructions on how to submit the Pre-Approval Request here.
We advise that you review ARIN’s Quick Guide to Requesting Resources before filling out the justification form.
Click here to see Example Justification Form.
(Pre-Approval Validity: 2 years)
Note: Once the two years are up, you will need to file for justification once more to maintain pre-approved status.
1 day
Register Account on IPv4.Global
Register Account: Register with us at IPV4.Global. During this step, one of our analysts will review your registration. If all checks out, our analyst will reach out for Buyer in-take.
When registering your account, it is best to provide the following information to gain approval:
~ 1-3 days
Set Up Vendor Purchase Order between your organization and IPV4.Global
Set up Vendor Account: During this step, we provide your accounts payable team with any information/documentation they may need to set up payment to us.
To get started, please reach out to one of our Transfer Analysts or contact us through our Contact Us forms.
As agents, we hold the funds in our Escrow until the addresses are completely transferred to our recipient ensuring the security and reliability of our transfers.
Once the block is successfully transferred to the recipient’s ARIN account, we will release the funds to the seller.
Note: It is extremely important that this step is done before the purchase of the block on our site, as late payment could severely impact the transfer process leading to delays or cancellations.
~ 1 week
Purchasing IPv4
(1 – 5 days) Once you place your purchase, a transfer analyst will reach out to you to begin the payment process and will serve as a liaison between you and the seller throughout the entire transfer.
On the invoice generated by our platform, you will be given the option to remit payment into escrow via wire transfer, ACH, and Escrow.com. Purchases under $30,000.00 USD can be paid by credit card.
Note: Payment deadline is 5 days after block’s sale ends.
Submit 8.4 Transfer Request to ARIN. A ticket number will be generated from this submission.
If you have Pre-Approval:
(1 day)
– Provide Hilco your Pre-Approval Ticket Number & your most recently retrieved Company Registration Paperwork.
– Submit Seller’s information to ARIN
This information will be provided to you by your assigned analyst.
If you do not have Pre-Approval:
(1- 2 days) Submit 8.4 Recipient Transfer Request: ARIN will review your request and you will receive an 8.4 ticket number upon submission. Please forward this ticket number to your assigned analyst along with your most recent Company Registration Paperwork.
(1 week) Justification: You will need to provide a reason for the need of this block. Please see Step 2 for details.
~ 1-2 weeks
Await RIPE
(~ 1 week) The seller will submit their transfer request to RIPE and RIPE will work with the seller to collect the necessary documents required to approve the transfer of the prefix.
(1 day) ARIN will notify you of the transfer once they get notified of the transfer approval from RIPE.
(1 – 3 days) Officer Attestation: After reviewing the block and documentation, ARIN will ask an authorized person from your organization to review, sign and notarize the Officer Attestation form.
Note: IPv4.Global provides an in-house e-notary service at no cost to you, so you may request this service from your assigned analyst if neccessary.
(1 day) ARIN will invoice a transfer fee dependent on the block size. Once paid for, ARIN performs one final review, they will notify you of the approval of the transfer of the block.
(1 day) After ARIN performs one final review, they will invoice a transfer fee dependent on the block size. Once paid for, they will notify you of the approval of the transfer. ARIN will contact RIPE to agree upon a mutual date to update their registries and complete the transfer.
Note: Please refer to the ARIN Transfer Fee Schedule for the transfer fee.
~ 1 day
Transfer Completion
Completion Notice: Our Analyst will notify you that the transfer is complete and announce the release of funds to your account.
The IP transfer process can be daunting if one is not familiar with the information required by each RIR. A number of reasons drive the detailed requirements for a transfer, including privacy, security and transparency. All reasonable goals, certainly. But in order to satisfy these requests, fairly precise steps must be taken to transfer an IP block between user entities.
Our team has experience in the process. We have successfully completed thousands of transfers and assist buyers on a daily basis. We provide a streamlined transfer process without sacrificing clear communication and procedural accuracy. Not surprisingly, to ensure a fast transfer, client cooperation is key. In order to make transfers more understandable, and therefore comfortable, the following describes the transfer process for IPv4 sellers in an RIPE-to-ARIN transfer.
1 day
Ensure ARIN account details
RIPE account: Ensure RIPE account details: Make sure you have access to the RIPE account of your Admin or Tech POC. Click here to view the transfer requirements in detail.
Merger & Acquisition: Check to see if your company has undergone M & A.
Block Listing: Check for announcement, spam, and block listing. Read more on block listing here.
~ 1 day
Register Account on IPv4.Global
Register Account: Register with us at IPV4.Global. During this step, one of our analysts will review your registration. You may list your block for pre-sale review at the same time.
When registering your account, it is best to provide the following information to gain approval:
1-3 days
Submit Block for Review
Block Review: Once your blocks are submitted, they will be reviewed by an analyst.
You will receive an Engagement Agreement (EA) from us for you to review.
The EA includes our terms, commission, and other legal details.
Onboarding: If the block is transferable, you will receive a countersigned agreement and an assigned transfer analyst will take you through our onboarding process.
During this step, we will see if your block has gone through M&A, discuss pricing strategies, etc.,
Note: Blocks in RIPE are transferable only after they are held for two years after registration
~ 1-3 weeks
Transferring IPv4
(1 – 5 days) Await buyer’s payment: Once payment is received, our experienced analysts will serve as liaison between you and the buyer and provide guidance for the entire transfer process until completion.
(1 – 5 days) Post-payment
Once payment is received in Hilco’s Escrow account, our analyst will provide instructions to submit the RIPE Transfer Request and you will submit the following documents on the RIPE NCC portal:
(1 – 7 days) RIPE review seller’s transfer request.
During this time, RIPE will review the documents you submitted and request additional information when necessary.
Once the due diligence process is completed, RIPE will inform ARIN of their approval for transfer.
~ 1 – 5 days
Await ARIN
ARIN will work with the recipient to confirm the prefix transfer, request transfer fee, Justification Paperwork, Officer Attestation, sign the Registration Service Agreement, etc. Once ARIN is satisfied with the documentations provided, they will perform one last due diligence and request a transfer fee from the buyer. Once the transfer fee is processed, ARIN will approve of the transfer and contact RIPE to complete the transfer.
~ 1 day
Transfer Completion
Completion Notice: Our Analyst will notify you that the transfer is complete and announce the release of funds to your account.
The IP transfer process can be daunting if one is not familiar with the information required by each RIR. A number of reasons drive the detailed requirements for a transfer, including privacy, security and transparency. All reasonable goals, certainly. But in order to satisfy these requests, fairly precise steps must be taken to transfer an IP block between user entities.
Our team has experience in the process. We have successfully completed thousands of transfers and assist buyers on a daily basis. We provide a streamlined transfer process without sacrificing clear communication and procedural accuracy. Not surprisingly, to ensure a fast transfer, client cooperation is key. In order to make transfers more understandable, and therefore comfortable, the following describes the transfer process for IPv4 sellers in an APNIC-to-APNIC transfer.
1 day
Ensure APNIC account details
Make sure you have access to the APNIC account of your Corporate Contact and Secondary Contact. Click here to view the transfer requirements in detail.
Merger & Acquisition: Check to see if your company has undergone M & A.
Block Listing: Check for announcement, spam, and block listing.
~ 1 day
Register Account on IPv4.Global
Register Account: Register with us at IPV4.Global. During this step, one of our analysts will review your registration. You may list your block for pre-sale review at the same time.
When registering your account, it is best to provide the following information to gain approval:
Note: If we are not able to approve your account with the information already provided, we will reach out to confirm your details.
Once your registration is approved, an Engagement Agreement will be sent out via AdobeSign to be reviewed and signed by an authorized signatory. The EA includes our terms, commission structure, and other legal details.
1-3 days
Submit Block for Review
Block Review: Once your blocks are submitted, they will be reviewed by an analyst. An Engagement Agreement (EA) will be sent to your email through Adobe Sign to be reviewed and signed. If there are any questions about the transferability of your block, we will contact you to request more information.
The EA includes our terms, commission, and other legal details.
Onboarding: After signing this agreement, you will go through our onboarding process.
During this step, we will see if your block has gone through M&A, discuss pricing strategies, etc.,
Note: 103/8 addresses are transferable only after they are held for five years after delegation.
~ 1-3 weeks
Submitting IPv4 Transfer Request
(~1 – 5 days) Once a block is purchased, buyers have 5 business days to remit payment into escrow. Once payment is received, our experienced analysts will serve as liaison between you and the buyer and provide guidance for the entire transfer process until completion. The funds will remain in escrow until the completion of the transfer.
(~1 day) Request Transfer in MyAPNIC.
Both the source and recipient will receive a notification from APNIC upon submission. Read instructions on the APNIC-Transfer Guide for details.
Note: APNIC to NIR: If you are in APNIC and the buyer is in a NIR, you will need to email a completed transfer template to admin@apnic.net. Once received, APNIC will email you a ticket number.
NIR to APNIC: If you are in an NIR, you will need to contact your NIR to begin the transfer. Your NIR will submit the transfer form to MyAPNIC using a completed transfer template.
~ 1 – 2 weeks
Transfer Process
~ 1-3 days
Transfer Completion
Completion Notice: An analyst will notify you that the transfer is complete and the funds will be released within the next few business days.
Trends in 2022 have continued, with prices for /16 and larger blocks edging slightly higher, while smaller block prices have continued downward. Prices continue to reflect changes in supply and demand, and predicting whether the trends continue is risky.
In recent months, we’ve been working on a number of transfers in and out of the LACNIC region. Because transactions in the region take so long, buyers are less eager to buy, so LACNIC region sellers have to lower their prices below sellers in ARIN, RIPE, and APNIC regions. Those lower prices don’t necessarily reflect market dynamics in other regions, so we have removed LACNIC transactions from this month’s report.
A steady supply of small-to-medium space has resulted in slightly fading prices, while large buyers are bidding competitively over the limited supply of /16 and larger blocks.
October 1, 2022
Hilco Streambank’s IPv4.GLOBAL, the world’s most experienced internet protocol address broker, today announced a program dedicated to helping educational institutions fund their future projects. The program focuses on valuing and monetizing IPv4 addresses. It provides real time information on the value of these assets. Colleges and universities around the U.S. currently have many thousands, often tens of thousands of these assets worth millions of dollars, often barely used.
The program is being launched at EDUCAUSE, a showcase event for U.S. education attended by thousands of technology professionals. The event is being held in Denver, CO October 25-28. Information about each university’s IPv4 holdings and their value is available now to all potential attendees of the conference.
In person inquiries can be made at IPv4.GLOBAL’s EDUCAUSE booth # 1353. Inquiries can be addressed directly to EducationSales@hilcoglobal.com.
“We have been working all year towards this launch and this event,” said Lee Howard, Senior Vice President of Hilco Streambank’s IPv4.Global. “Providing funds to schools to support IT infrastructure projects or other capital expenditures is the kind of work we love to do.”
by IPv4.GLOBAL Staff
When most people think of their IP address, they think of themselves as the owners since they have a device associated with a unique IP address from which they send and receive information. However, this is not the case, as IP addresses are not actually owned by any individual, but rather they are assigned by much larger entities.
It is also worth noting that the ISPs, hardware manufacturers, network operators, etc. who use thousands and sometimes millions of IP addresses don’t own them either. IP addresses can be considered an asset but not one that is strictly “owned.”
Individual IP addresses are unique identifiers. While used one at a time, they are transferred in “blocks” of sometimes many IP addresses. Possession of a block includes unique registrations of addresses in registries, worldwide. These registries maintain uniqueness in the sense that they make sure it’s clear who is the authorized user of a block of IP addresses. Registration includes the ability to transfer IP address use to someone else, subject to the policy of the registries, in return for payment.
An IP address is generally formatted in two ways: those known as IPv4 and those called IPv6. IPv4 (formally Internet Protocol version Four) is the traditional format made up of 4 groups of 8 binary digits, or “32 bits” in total length. The much more robust IPv6 format is 8 groups of 16 bits, or 128 bits in total length. IPv6 came about to deal with the shortage of IPv4 addresses.
The Internet Corporation for Assigned Names and Numbers, or ICANN is ther entity that creates and distributes all IP addresses of all formats and can be considered the actual owner of them.
ICANN coordinates the maintenance and procedures of databases. They also ensure the network continues to stay stable and perform secure operations. It distributes through the following networks:
Below is an image that displays just how the various RIRs are split up across the globe:
Image by IPv4GLOBAL
Image by RIPE
Note, when we refer to these organizations assigning IP addresses, we’re talking about IP address blocks, i.e. bundles of sometimes tens of thousands of individual IP addresses. However, blocks of IPv4 addresses have recently become limited in supply and have experienced a leap in value as an intangible commodity. Why is that?
As previously mentioned, the IPv4 address format was made up of 32 bits, which allowed for a total combination of 4,294,967,296 unique IP addresses. In the early 1980s, the popularity of the Internet was severely underestimated, and it was widely thought that this total amount of allowable IP addresses would be enough.
However, as more connected devices were created and more addresses were assigned to them with the passage of time, it became clear that this number was far too low of a limit. In short, the growth of the internet, early distribution patterns, coupled with the limitation in possible combinations of binary digits in the IPv4 format led to its exhaustion. There simply was not enough supply to go around, and we’ve reached the point where they’ve all been assigned. This is what we refer to as IPv4 exhaustion.
Image by ARIN
IPv6 came about in the early 1990s in response to predicted IPv4 exhaustion. The IPv6 format’s 128 bit structure allows for a new maximum number of addresses that is far beyond what was possible with IPv4,. Though it is still a finite amount of addresses, the number is so great that the problem is effectively solved.
Long story short, there are compatibility issues with IPv6. Namely, that devices using IPv4 addresses cannot communicate with devices that are IPv6 assigned unless a translator is involved. Businesses and organizations with large established infrastructures built around the legacy format, and with enough IPv4 addresses to absorb any growth, may be reluctant to deploy IPv6. The business case for IPv6 may not overcome the amount of time and costs required to deploy for format.
So, rather than a nation-wide migration to embrace IPv6, we have instead seen many institutions, including the world’s biggest companies, acquiring very large numbers of IPv4 addresses. The resulting demand is huge, and has led to a leap in IPv4 address value and price. Individual IPv4 addresses were transferred for ~$10 on average in 2014 but have rocketed to ~$55 each in recent times.
Tech giants and other powerful institutions have been buying them for various reasons, whether it’s because they plan to expand and want to maintain IPv4 compatibility, or otherwise. But again: technically none of these companies are the actual owners of these IP addresses. Instead, they are paying for the rights to their assignments to devices and the listing of the identifying address in worldwide directories. Because of the many nuances to the transactional aspect of IP address transfers, buyers and sellers usually find it beneficial to make use of experienced IP address brokers, like IPv4Global. Brokers facilitate these deals, sourcing buyers and sellers and coordinating the technical, contractual and financial elements of a transfer.
Eventually, the most widely-used format for IP addresses will be IPv6 as more and more companies and devices are forced to adapt to the new structure to accommodate more devices. However, with IPv4 being bought and sold so regularly and their currently high value, it’s likely to be long time before IPv4 is considered obsolete.
Want to know more about IPv4 address ownership? Looking for an IPv4 broker to buy or sell IPv4 address blocks? Visit our online IPv4 marketplace for more information.
By Leo Vegoda
Some descriptions cool the enthusiasm of any potential buyer. For instance, “as is” or “unrestored” generally raise red flags. “Fixer upper” is less than neutral, signaling the need for repair. In that sense, address blocks can be like houses: the need for immediate repair can lower their value, and along with it the price of the asset. IP address “reputation” is a key characteristic in this regard. Buyers consider the time and money required to update an address block’s reputation when bidding to buy it.
The IP addresses we use for ordinary internet services look like they are interchangeable. But they often are not. Many internet users give each IP address a reputation based on different characteristics, including the history of the IP address’ use. Changing reputations – especially repairing them – can take time and effort. Address conditions or histories that impact value include the following considerations:
Each kind of organization cares about one or more different characteristics of an address. The characteristics they care about – qualities they approve or disapprove – impact whether they’ll accept mail from or serve content to a specific address. And the history of an IP address’ use can greatly influence the utility of its sending and receiving content.
One example of reputation damage is the use of an IP address to send spam or some other form of malicious email. Often, this email is sent using IP addresses properly registered to someone else. Spammers use purloined IPs for as long as they can and move on to newly-stolen IP addresses when the first one is effectively blocked. Other IP hijackers send server malware that infects computers to cause all sorts of damage and/or extort hard cash. Eventually, they stop and leave the legitimate user of the IP addresses with a damaged asset: the IP address.
Many organizations track the behavior of each IP address connecting to their network. They use this information to decide whether they want to accept mail or web traffic from those IP addresses again. Other organizations rely on blocklists compiled by monitors of this bad behavior. It can be time consuming to be removed from one of these blocklists.
The process of email delivery is always changing. Responsible companies work to make sure that they only send email that people want to read.
Their processes change as the nature of the email ecosystem adapts. ISP Feedback Loops played an important role for years. These are a way for mailbox hosts to let senders know when readers report they don’t want a message. These loops balanced the blocklist signals used by email reputation organizations.
The Email Sender & Provider Coalition curates a selection of resources to advise industry participants.
https://www.espcoalition.org/legal-industry-member-resources/industry-resources
It is important to know how much effort it can take to update the reputation for a block of addresses. Some blocklists expire entries if they have not seen any abuse for a while. But where a current blocklist includes an address, the new owner of it or its seller must contact the operators of the lists in question. A third kind of blocking list doesn’t publish a list and an owner will only find out about the negative listing status when reports from customers appear.
One sign of possible abuse is an address block – or parts of it – being routed from multiple networks. This is especially likely if the unusual routing happened for a short time. Pakistan Telecom’s hijacking of YouTube in 2008 is a classic example of this.
IP owners can see this kind of behavior when looking at the routing history in RIPEstat. This is the RIPE NCC’s “one-stop shop” for internet-related information. RIPEstat also gives you information about the location of addresses. But while it is one source of data there are many. The ones that matter will depend on what the intended use of the addresses in question is.
For instance, an access provider will want to make sure the geolocation data is accurate so users can shop and stream as they’d expect. In contrast, a mail services provider would not want their addresses on lists used to record sources of spam, phishing and other mail abuse.
The organizations that maintain reputation lists do so to serve their customers’ needs. Those needs vary and so do the processes they use to update their lists.
The first step in any IP remediation is to make sure the information published in the Regional Internet Registry’s (RIR’s) or National Internet Registry’s (NIR’s) database is correct. Next, signing resources with RPKI will make it harder for other networks to use your addresses.
The RIRs and NIRs want owners to keep their records accurate so they make it easy to update them. Anyone can write or speak to them for help.
There are two main approaches to removal from blocklists: time-based and self-service removal.
The key to both is that any abuse that was detected has stopped. As transferred addresses will be deployed on new infrastructure, this should not be an issue.
Updating geolocation data is often the most time-consuming process. Automated approaches to sharing this data are available but Each network will make a decision based on what is most important to them. Some networks consider the time it takes to get data to your network as most important. Other networks need to consider if their content is licensed for the users of your network. This is because different services have different needs. For example, a VoIP provider cares about latency while a streaming provider might care about distribution rights. One might be happy and legally able to provide cross border services while the other might not.
Many geolocation data providers treat their evaluations as proprietary and do not publish them. But there are publicly available services. These give an indication of at least the country where the addresses are thought to be.
by IPv4 Staff
Businesses often buy IPv4 addresses to expand their connected-devices network, but don’t know how to get started. One of the best and easiest ways to find IPv4 address blocks for purchase is through various brokers. The best of them has online marketplaces and/or auctions. Some will also manage a transaction based on a buyer’s or seller’s custom terms or when privacy is required. One should conduct some research on the broker of interest to ensure the provider is a registered, and therefore trusted, entity (e.g. IPv4.global).
Different purchase options exist, such as public auctions, private sales, “buy now,” and leasing. Private sales usually involve negotiating with and buying a block of IPv4 addresses directly from a particular entity. Experienced brokers will find buyers, source supply and facilitate transfers. “Buy Now” options can be found for nearly any block size on some IPv4 marketplaces (again, e.g. IPv4.global). This feature saves the time and trouble of auction bidding. It also provides a fixed price that can be approved prior to the purchase. Leasing involves “renting” IPv4 addresses, which is usually the best fit for those with uncertain long-term needs and/or cash flow pressures. Sometimes buyers do so as an interim solution to growth needs while converting to IPv6.
But how do I buy IPv4 addresses in public auctions? What does it mean to own an IPv4 address after purchasing? How long does it take before ownership is transferred? Are there any other concerns? Let’s take a closer look at some of the answers to these questions.
As we mentioned in the previous section, the best way to find legitimate IPv4 address marketplace or auction is through an IPv4 address broker registered with the American Registry for Internet Numbers (ARIN) or equivalent entity (RIR) based on region. Companies may also have to register themselves as buyers with whichever broker they choose.
From there, one can browse the listings and different options the broker offers. Some marketplace and auction platforms conduct simultaneous auctions and sales. That is, one can “buy now” and avoid engaging with the auction or bid in an effort to win the addresses. Online markets of this kind often present their inventory of offerings this way:
Image from IPv4.Global
This may look different depending on the broker, but functionality will likely be similar. Often, once a user has registered with a broker, access to detailed information on individual blocks becomes available. This information is often screened from public view.
A reputable broker will vet buyers and sellers prior to admitting them to their online marketplace. This assures everyone of legitimate offers to buy and available inventory being sold. What’s more, confirmation of other business factors may be part of the registration process. In some cases, brokers will individually manage a transfer and facilitate communication between buyer and seller to make sure everyone is on the same page before a deal is finalized. Online, prices are generally shown to all registered users and one is free to browse for the best fit.
Strictly speaking, after someone purchases an IPv4 address block, they are not the direct owner of this asset. Organizations like the Internet Assigned Numbers Authority (IANA) and the Internet Corporation for Assigned Names and Numbers (ICANN) can be thought of as the owners of all IP addresses, as they are the entities that create and distribute them to various regions of the world. So, what does this mean when someone wins an IPv4 address auction or buys an IPv4 address block from another company?
Essentially, the buyer is purchasing the registration rights of the IPv4 address block, i.e. their unique assignment to connected devices, which will be transferred to the buyer from the seller after the deal is given the ok by the appropriate Regional Internet Registry (RIR).
Which is to say, individual IP addresses aren’t actually “owned.” Instead, possession includes the right to a unique registration of each address in directories of addresses, worldwide. It’s those directories that control data routing. “Ownership” amounts to the right to use that unique address and to receive data addressed to it.
All transfers of ownership must be approved by the RIR and they will allocate them accordingly after a sale has been confirmed. Basically, after a deal is concluded between a seller and a buyer, it’s up to the RIR to re-assign these addresses in their systems so they acknowledge that the buying party and its devices are now using (or are entitled to use) the IPv4 addresses purchased. This process takes some time, and buyers will have to provide information to the RIR that involves transparency with how they will use the acquired IPv4 addresses alongside their current IP address assignments.
The amount of time the transfer process takes varies depending on the situation. Buyers may take some steps for pre-approval, which will save them time during the transfer, but as a rule of thumb they can take anywhere between a few weeks to a few months, sometimes longer.
To learn more about the process of transfers, in RIPE and ARIN, consider these blogs:
Some brokers serve their clients by providing Transfer Analysts to smooth the transfer of IPv4 blocks to their new owners. Their expertise can assist in simplifying the closing process at ARIN, RIPE, APNIC and LACNIC.
By Peter Tobey & Leo Vegoda
August 11, 2022
From time to time a party can get out of control. Raucous celebration can become careless, even destructive. Combine a critical number of young people, a certain amount of beer and lots of music and damage often happens. Partygoers leave a mess behind them.
The same thing happens to some IP addresses. Malicious actors use IP addresses properly registered to someone else. They send spam using the purloined IP for as long as they can and move on to newly-stolen IP addresses when the first one is effectively blocked. Other IP hijackers send server malware that infects computers to cause all sorts of damage and/or extort hard cash. Eventually, they stop and leave the legitimate user of the IP addresses with a mess on their hands.
People rob banks because there’s money in them. Hijacked IP addresses are tools used in malicious, often illegal and sometimes very profitable businesses. Senders of content infected with malware or those involved in stealing others Internet users’ identities. Some spam just preys on the gullible. To reduce the amount of emailed spam, system administrators maintain a database of addresses reported to be sending unsolicited bulk email, phishing, or engaged in other malicious activities. The senders of such email are blocked from doing so via publicly available “reputation” data that allows the system to block the IP address of known bad senders of email. (See IP Address Reputation for more information.)
Hijackers use several methods to take control of addresses
They look for addresses that are not used on the internet. This is often the case when organizations use IPv4 addresses for private networks, such as a factory network controlling manufacturing robots. Private networks are not directly connected to the internet. Hijackers can use the addresses on the internet without disrupting the private network. Sometimes addresses are not routed because the registrant is no longer in business.
Universities were among the earliest recipients of IP address space. Often, they would get many more IP addresses than they could ever use. This is because the technology available at the time only allowed three sizes of network: small (256 addresses), large (65,000 addresses), and massive (16 million addresses). So many universities have large amounts of unused address space. As an unused resource it is both an asset and a liability – as it is easier to hijack.
Hijackers look carefully at the details in the public information available in regional registries. Many older registrations were made in a more relaxed era. If the registration has not been updated for many years, there could be data missing that allows another kind of attack.
For instance, if an IP address was registered using a shortened form of an organization’s name there is an opening for an attack.
The attacker could try and forge a Letter of Authority, which would be used to convince a transit network to route the network on behalf of the hijacker. These are simply letters that give a named organization or individual authority to do something. They are often used when ordering cross connects in data centers – but also when making routing announcements.
Forged paperwork can be used to get operators to accept a routing announcement from a malicious operator. More seriously, forged paperwork has been used to try and get registries to give control of a registration to a hijacker.
ARIN and the RIPE NCC started talking to network operators about the problem almost 20 years ago. They asked network operators to make sure that they reviewed and updated their registrations. Putting useful contact information in the public registry doesn’t just help the registries. Other network operators rely on that information – particularly the contact information – when they perform due diligence checks.
The RIRs and the broader network operations community have also encouraged the use of Internet Routing Registries. Network operators use these IRRs to share key information. The most important information is which network should be announcing a block of IP addresses. They can also use IRRs to share detailed routing policy, like connections between networks.
The improvements in due diligence checks have been helpful. A lot of hijacks didn’t happen because of them. That pushed some bad actors to try other approaches. But even more sophisticated attacks were detected and prosecuted with the help of law enforcement.
The fundamentals have not changed. But the community has added new approaches and refinements over time. These help protect against some but not all types of hijacking events. The three top priorities are:
Make sure the registry always has accurate contact information for your organization. They should be able to contact you about requests to make changes. The postal address should be able to receive postal mail.
Email should go to role accounts or ticketing systems rather than someone’s personal inbox. Individuals take time off (or change jobs) and are more likely to miss important messages from a registry.
Publishing your network’s routing policy in an IRR helps other networks filter out malicious use of your addresses. The community maintains open source tools to help network operators use the IRR. There is also a low-traffic email discussion forum where people can ask questions.
A friendly website for exploring what’s in the IRR, complements these command line tools.
The Resource Public Key Infrastructure uses digital certificates to publish which networks can announce a block of IP addresses. RPKI tooling is now quite mature. The US government’s RPKI dashboard shows that almost 40% of the IPv4 space is both RPKI signed and that the routing behavior matches the certificate.
Many organizations track the behavior of each IP address connecting to their network. They use this information to decide whether they want to accept mail or web traffic from those IP addresses again. Other organizations rely on blocklists compiled by monitors of this bad behavior. It can be time consuming to get off one of these blocklists.
During that time, you or your customers might be unable to send email. Your users might have reduced access to banking services and online commerce. Plus, if you wish to transfer a block of addresses with reputation issues you may find buyers unhappy with your wares.
There are two stages to cleaning up a problem to make addresses as attractive as possible to potential buyers.
Firstly, regain control of your address space and correct the registration problems. This means:
Working with the registry to update historic business information can take some time. Registries work hard to make sure that your request to update the company name is not an attempt to steal addresses.
Secondly, use a tool like MX Toolbox to see which blocklists have an entry for your address space. Some blocklists automatically remove entries when abuse stops. For those that don’t, follow the process on their website to have your IP removed from their list.
Some blocklists charge a delisting fee, also known as a ransom fee. Most network operators consider delisting fees to be unacceptable.
If you get stuck and need help, engage with the Mailop community.
By Leo Vegoda
July 27, 2022
Electricity was the 20th century’s essential utility. It remains essential, of course, and electricity’s growing role in everything from heating to transportation means providers, including electrical co-ops, are at the center of the era’s growth. In parallel is the newest must-have “utility” – Internet access. It is the 21st century’s new essential and is growing alongside electricity’s role. Electrical co-ops can provide both to everyone’s benefit.
The National Rural Electric Cooperative Association (NRECA) estimates that there are 6.3 million households in co-op service areas without broadband. Reliable internet access could give them an average of $2,000 in economic benefits each year. NRECA estimates that it’s worth $70 billion in economic value to the communities that co-ops serve when calculated over 20 years.
The means to add broadband to existing systems is readily available. Wires are already in place. In response to this opportunity, beginning in 1982, SkyWrap technology enabled electricity transmission networks to add fiber optic cables. This cable is helically wrapped onto existing overhead power lines. The small cable offers minimal load and low environmental impact. To provide the same access when the existing power lines are supported only by wood or concrete poles, the lighter AccessWrap technology now does the same thing. Electricity co-ops now have a low-cost way of bringing high-speed internet access to their existing customer base.
These technologies matter for a number of reasons. Primarily, though, building a network is expensive. So, when a network exists it’s important to get the most value from it for both the operator and customers. That’s particularly important for co-operatives because they are owned by their users.
Fortunately, last year’s bi-partisan infrastructure deal allocated $65 billion to deliver broadband to rural communities and low-income urban residents. $42.5 billion is reserved for a broadband grant program administered by the states.
The amount of data sent over Internet Protocol networks grows year over year. But there’s one resource that cannot grow: IP addresses. An IP address is a unique identifier for a device on a network, including the internet. IP stands for Internet Protocol which is a set of rules (a protocol), for addressing and routing data so it can travel through networks and arrive at its intended destination. Hence, “address.” Each Internet-connected device has a unique IP address.
The most widely deployed version of these addresses is IPv4 (Internet Protocol Version Four). Its designers gave it a maximum of about 4.3 billion addresses. We can only use about 3.8 billion of them for ordinary internet services. This presents a challenge because there are about eight billion people on earth and many of them use multiple devices. Demand for internet access is only growing but the pool of IPv4 addresses is fixed.
We can tackle the problem in two ways. The first is to make ever more careful use of the IPv4 address space. Network Address Translation (NAT) is one approach that allows users to share addresses. Many networks do this at considerable scale.
Another approach is to deploy IPv6. IPv6 is very similar to IPv4 but has far more addresses available to network operators. But IPv6 is not universally deployed. About half of Google’s US traffic comes over IPv6. But there are many developed European economies where 10% or less of Google’s traffic is IPv6.
Plus, access providers need to offer an IPv4 service because most of the top-ranking websites aren’t served over IPv6. At the start of July 2022, almost three-in-four of these top-ranking websites were only available over IPv4.
New networks need to deploy enough IPv4 addresses to deliver a reliable internet access service to all kinds of users. There are three considerations.
Large Scale NAT, also known as Carrier Grade NAT, may seem attractive to co-ops because it allows each unique address to service multiple subscribers. But sharing addresses between subscribers can be challenging for some services and can increase support costs.
SIDN, the Dutch ccTLD operator, reported Brazilian research into CGNATs in 2019. They found lots of different problems. Gamer forums in 2022 are full of questions about problems with CGNAT and the PlaysStation network. There are new vendor articles on fixing configurations being published, and David Anderson has described some of the architectural problems on APNIC’s blog.
Configurations in one network can impact another networks. Even unjustified decisions from major content networks can have an impact on a co-ops’s subscribers ability to use their internet access to login to their bank or watch a TV show. Blocked IP addresses and any number of other challenges can interrupt local service. So, having enough surplus address space to replace misclassified addresses is useful in keeping subscribers happy by providing uninterrupted service. Put simply, reputation problems become customer service problems and can also increase costs.
Deploying IPv6 alongside IPv4 takes some extra effort but it can be helpful. If your provider decides to have multiple subscribers share each IPv4 address, shifting some of the internet traffic to IPv6 can help improve the overall service quality. This is because more ports—equivalent to a radio frequency—are then available to each subscriber.
But this comes at the cost of some added complexity. There are two network protocols active. This means more configuration and more monitoring.
The organizations that manage the distribution of IP addresses, regional registries, are keenly aware there are not enough IPv4 addresses to go around. Plus, they are aware NAT and IPv6 solutions are not complete responses to the problem and will not – alone – avoid an addressing crisis. So, these governing bodies developed policies to enable transfers of addresses between organizations. Which means those with more IPv4 addresses than they need can transfer them (at a price) to those who need additional addresses.
In the early development of the internet there appeared to be virtually unlimited amounts of IP addresses. Many institutions today have 65,000 or more IPv4 addresses but only use a small fraction of them. So, the holders of these addresses are selling the rights to them.
IPv4.Global has an auction service that connects buyers and sellers of IPv4 addresses. We help organizations use IP addressing to achieve their business goals.
By Leo Vegoda
August 1, 2022
In four out of the five RIR regions, there is no more IPv4 space left in the free pool. You can only get IPv4 addresses from a waiting list or from the transfer market. For those in need of these addresses, the critical question is how practical and effective are these queues?
We recently reported that the RIPE NCC’s waiting list is now 18 months long. LACNIC estimates that the last requesting organization on its list will get addresses in 2027. If ARIN’s July 2022 allocation is a predictor of the future, it will take two years before the organizations on the list have some addresses.
Any organization that needs IPv4 address space in the near future must turn to the transfer market. The alternative is a long wait for very few addresses. The market can supply more IPv4 address space more quickly.
RIRs created waiting lists to provide a way to distribute IPv4 address space that is returned to them. The operating assumption in this creation was that networks with more addresses than was needed might return them to an RIR for reallocation. However, two factors greatly limited the pool of returned addresses. The first and most obvious was the steady increase in the open market value of these addresses. Those with IPv4 addresses are – understandably – reluctant to give away something of considerable value. In addition, those that are returned tend to be from organizations that stop operating altogether.
AFRINIC does not operate an IPv4 waiting list. Organizations can get between 256 to 1,024 addresses, depending on need.
New APNIC members – and only new members – can get up to 512 addresses. It closed the waiting list to existing members in 2019.
ARIN will not allocate space to organizations that already have 4,096 or more addresses. Organizations with less than this can get between 256 to 1,024 addresses, depending on need. If they are approved for 1,024 addresses, they can accept a smaller amount if a precise match is not available.
LACNIC members who already have IPv6 space can get on a waiting list for an initial IPv4 allocation. Organizations can get between 256 to 1,024 addresses, depending on need. If they are approved for 1,024 addresses, they can accept a smaller amount if a precise match is not available.
Organizations cannot transfer address space allocated through LACNIC’s waiting list. LACNIC manages it on a first come first served basis—they do not allow places to be traded.
The RIPE NCC operate a waiting list that serves new members only. They can each get exactly 256 addresses and no more.
The amount of address space flowing back to an RIR is not a constant. Demand for addresses via the waiting list can vary based on economic activity and even attempts to game the system.
The RIPE NCC predicts that organizations applying to its waiting list will need to wait 18 months to receive an allocation.
ARIN has not made a prediction, but it allocated space to 41 organizations in July 2022 and there are 343 organizations waiting. It would be another eight business quarters before they’ve cleared the current waiting list if they continue at the same rate.
LACNIC has over 800 requests in its queue. In July 2022 the oldest entry on its list was from December 2021. LACNIC estimates that the last request on its list will get some addresses in 2027.
RIRs only provide enough IPv4 address space to get an organization up and running. 256 addresses is enough for a small network with some core infrastructure, like a website and a mail server.
When more is available, it is not enough to provide access for a large number of servers or subscribers—even with Large Scale NAT.
One option is to focus on deploying IPv6. That is why LACNIC requires organizations to have IPv6 as a condition for entry to its waiting list. But IPv6 deployment varies around the world. Google gets more than 70% of its traffic over IPv6 in France but under 1% in most of Africa.
Fewer than half of the top 1,000 websites can be reached over IPv6. For a large subscriber network, managing traffic to those sites is likely to stress any kind of address sharing technology.
Getting some IPv4 addresses for a fixed term is one way to meet an immediate need. As an operational cost, the up-front pricing is generally lower. But there are no guarantees that the organization offering the addresses will renew the lease. And if they do, the pricing could change.
This is an approach that works well for projects that only need resources for a fixed term.
The best long-term option is to get IPv4 addresses from an organization with more than it needs. Four of the five RIRs have policies enabling market-based transfers of IPv4 addresses. The market rewards organizations with an excess when they transfer addresses to one who does not have enough.
IPv4.Global runs an online sales platform. You can buy address blocks at a fixed price or bid in an auction. If you need to buy large blocks of IPv4 address space, the firm offers privately negotiated purchases. IPv4.Global has assisted in over 3,000 transactions.
July 29, 2022
When Mike Sendall read Berner-Lee’s memo he noted on it, “Vague but exciting.” The memo was titled, “Information Management: A Proposal.” Sir Tim (as he would eventually be known) wrote the memo to propose a system that would help his co-workers at CERN (a nuclear physics lab) share information. He was 33.
Tim Berners-Lee described his idea as, “a large hypertext database with typed links.” He called the system “Mesh.” Following Sendall’s approval, he developed his initial flowchart into a working model. From that plan he wrote the first version of HTML. And the HTTP application. Plus, a browser and page editor. By 1991 the web was running on servers and in use at CERN.
The diagram from the first page of Tim Berners-Lee’s proposal for the World Wide Web in March, 1989.
Berner-Lee’s “web” wasn’t the internet. That had been around for over 30 years. What his creation added was HTML, the idea of URL addresses and the hypertext transfer protocol (HTTP). His design also made the whole thing decentralized, which may have been the key idea in the proliferation of the system.
As with most great developments in their early stages (the wheel, penicillin, and umbrellas for example), the web had some fun facts associated with it:
Lift a glass – perhaps a CIDR glass – to World Wide Web Day.
By Peter Tobey & Leo Vegoda
June 21, 2022
Anything we own or control can be considered property. Land and buildings are obvious examples of this. But intangible properties like brand names and logos have value and are considered property, too.
Some of the things we regularly refer to as property are slightly more complicated. Frequently property that is intangible has control or ownership subject to terms that differ from more “normal” assets. For instance, most internet names and numbers are provided on fixed or indefinite term contracts. The contract provides a right to an entry in a register. The register is an official record of the association between the registrant and the resource.
The root registry for internet resources is the Internet Assigned Numbers Authority, or IANA. It is the root for all registers for names, numbers, and internet protocols. For instance, web traffic uses a protocol called HTTP. The HTTP protocol uses ports – the internet equivalent of a radio frequency – that have to be registered so they are not used by other protocols. IANA maintains and publishes all those protocol registries.
Each register has a manager. And those managers need to cover their costs. We have to pay registration fees for Internet Number Resources, like IP addresses and AS Numbers.
There are now five regional registries for Internet Number Resources and they charge a range of different fees.
Early in tlhe development of the internet, DARPA (the original, organizing body) contracted with the University of Southern California’s Information Sciences Institute, to perform all IANA functions. They registered the identifying numbers used for all interfaces (locations) on the internet. We call these numbers IP addresses. But the growth of the internet called for change.
The internet was growing up. In 1992, the National Science Foundation allowed commercial traffic on the internet. This change in policy led in two directions. Firstly, more networks from across the world would connect to the internet. Secondly, the US government did not want to pay for centralized record keeping for the domain names and IP addresses. So, US government policy pushed for privatization of the internet’s administrative needs. In October 1992, RFC 1446 called for the “distribution of the registration function” to serve “a more diverse global population.”
Internet network operators worked together to regionalize the registry function for Internet Number Resources. European operators created the RIPE NCC in April 1992. Asia-Pacific network operators formed APNIC, which started operations in January 1993.
The US government announced the privatization of the numbers registry function, through the creation of the American Registry for Internet Numbers (ARIN), in 1997.
We now have five Regional Internet Registries (RIRs) running registries for IP addresses. In some regions we also have National Internet Registries (NIRs) supporting them. National Internet Registries operate under the umbrella of an RIR but serve a specific country. This allows network operators in that country to speak to someone in their preferred language. They can also contract under local law and pay for registration services in the local currency.
There are seven NIRs in the Asia Pacific region and two in Latin America.
Latin American and Caribbean network operators formed LACNIC in 2001. It gained formal recognition in 2022. The same process followed in Africa and AFRINIC gained recognition in 2004.
Each RIR or NIR has its own fee schedule. They charge three main fees:
Most organizations will only pay the annual membership or non-membership fees.
Membership comes with a right to manage the RIR by voting. Organizations that rely on the smooth running of RIRs take this responsibility seriously. But some organizations are not allowed to be members of other organizations. Others just don’t want to get involved in governance.
The members of each RIR elect a board. Each year, the board proposes or sets a fee schedule. In some regions the RIR has authority to set fees itself. In other regions, the board proposes a fee schedule to its members and they vote on it.
Some people would see setting fees for IP addresses as a boring activity. But the diverse global population foreseen in RFC 1446 exists. Changes in the size of fees and the ways they are charged can generate significant interest from the internet’s multi-stakeholder community.
This chart shows what each of the RIRs would charge in 2022 for 65,000 IPv4 addresses, often known as a Class B.
Both the composition of the fee schedules and the size of the fees differs dramatically between RIRs. The RIPE NCC has abandoned differentiated fees for one low fee paid by everyone. In contrast, APNIC has a base fee and applies additional fees and discounts based on how much address space an organization has and where they are located.
The RIRs review their fees each year. Fees are likely to go up in 2023.
AFRINIC has seven levels of membership fee and seven levels of fees for the Internet Number Resources it manages. These range from a combined USD3,150 to USD48,400.
Non-member organizations pay between USD200 and USD2,500 each year.
AFRINIC policy only allows for transfers resulting from mergers and acquisitions.
APNIC charges a base membership fee of AUD1,180. It then applies a formula that accounts for how much address space an organization holds. It halves this fee for organizations based in the Least Developed Countries.
The smallest annual fee is AUD1,180. A /16, also known as a Class B, would cost AUD9,626.
There is a AUD500 sign-up fee.
APNIC charges a fee for transfers. It charges 20% of the annual membership fee for a block of that size.
ARIN has capped its fees to holders of legacy resources to USD150 in 2022. It has stated that it will raise the cap by USD25 a year.
It has 11 fee levels for organizations that have signed its registration services plan. These range from USD250 to USD256,000.
ARIN charges USD500 for transfers.
LACNIC has 23 fee levels for member organizations with IPv4 resources. These range from USD600 to USD365,000. Non-members pay either USD2,500 or USD5,000 for the initial assignment, depending on the size. Then, they pay USD600 each year.
LACNIC offers a discount for paying fees within 30 days.
LACNIC does not charge a transfer fee.
The RIPE NCC has a one-size-fits-all style fee schedule. Holders of legacy resources pay the same as regular members. In 2022 the flat charge is €1,000 to sign up and €1,400 for the year.
The RIPE NCC does not charge a transfer fee.
The RIPE NCC redistributes money to its membership when it has a surplus.
By Leo Vegoda
June 14, 2022
The last few years have shown us how the internet shrinks distances between distributed teams, organizations and families. This poses a challenge for some organizations.
Many of the business relationships and contractual agreements involving the internet have geographical implications and restrictions. Many organizations need information about the physical location of an IP address that may be accessing content of one kind or another. This matters to anyone operating a network. It is most important for networks that get new address space. If your IP addresses are mapped to the wrong country or city for your users, it can be a painful experience for you and them. In other words, an IP must have accurate information about its location.
Recently, the Regional Internet Registries and National Internet Registries (the RIRs and NIRs, see here) have not been able to distribute more than a tiny number of fresh IPv4 addresses to network operators. They implemented these policies to give new market entrants enough IPv4 space for core infrastructure. So, organizations that need additional IPv4 for more than core infrastructure need to transfer addresses from other organizations that don’t have a need for their entire supply.
In the 1980s it was not possible to give networks the precise number of addresses they would need. Many organizations got much larger blocks than their actual requirements. The alternative to distributing too many was to provide too few. Since there was plenty of space available, surpluses were provided to nearly anyone in need. Today, many of these early internet adopters are transferring their excess IPv4 address space to expanding networks.
Lots of databases track every IPv4 address. They record its reputation and its location. And the location is very important if the source and destination of a transfer are distant from each other.
Locating addresses has been an issue for many organizations for years. Network operators want their users to have access to locally relevant services. They want them presented in the right language. And they want content served from nearby for lower latency and potentially lower transit costs. But, when an IP address transfer occurs, updating a database of the address’ locations manually is time consuming and error prone.
So, the IETF created a simple protocol. The file format is CSV – so you can manage data in any spreadsheet or manually. Networks can control the information they publish about their geographic locations. Service providers can regularly check for updates.
IP address owners control where they publish data about their addresses. They control the granularity of the data, too. For instance, one can list a country, a state, or just a city. If a user splits his or her addresses between multiple locations, they can publish different location data for each part of a network.
There are three steps to publishing geographic feed information.
If you want the organizations pulling this data to regularly refresh it, configure your web server to send an “Expires” header. That way, the user will know to check back to see if the data has changed. This is important if your network moves around the world or if you need to move addresses between sites regularly.
One could publish very specific data by including a postal (ZIP) code in the file. RFC 8805, the document that describes the format, strongly cautions against providing data that risks the privacy of individuals. City level data meets the needs of most internet users and service providers.
RFC 9092 describes how to link to a file from the RIR or NIR whois data. RIPE NCC and some other registries have a special “geofeed:” field for this. ARIN does not, so you can link it from a comments field.
Another option is to look at the older “geoloc:” attribute available in the RIPE database and other RPSL-based registries. It works by listing the latitude and longitude for your network in decimal coordinates.
It is very widely used. There were over 35,000 “geoloc:” entries in the RIPE Database in April 2022. But it’s more complex to manage because you need a separate database entry for each location. That could mean a lot of database updates to manage. This, along with the other improvements, is why RFC 8805’s protocol was developed.
Technology is changing to give network operators ways to communicate data in structured and automated ways. But automation is not always perfect. There remain important ways to locate IP data manually instead of using automated processes.
RFC 9092 is new. It was published in July 2021. Many of the shopping, streaming, and financial services sites used by consumers have adopted the new protocol. But not all have. The Brothers WISP is a great resource for consumer ISPs whose address space is rejected by local content distribution services, like video streaming or gaming platforms. They publish a regularly maintained list of databases that manage IP address to location mapping.
If that doesn’t work, asking on a NOG list can help. Other network operators who’ve solved similar problems will share their experience.
By Leo Vegoda
June 10, 2022
The connection between subscriber sites and the central office is the most expensive part of an access network. If you have an existing network and subscriber base, then you have an advantage. Deploying the physical cables is a significant part of that cost. But other elements include getting the right to do so, planning the deployment, and getting potential customers signed up.
Phone companies pioneered access in the early 1990s because the internet required telephones and modems. But technology has moved from a system based on calls to always-on access. Enter the power company.
Advanced metering is a new technology that goes beyond the original metering function of recording how much of a utility service, like electricity, is used. New systems record when the consumption happened. This empowers the subscriber to make better decisions about when to use devices. It also means the utility provider can introduce time-of-day charging and other innovative services.
Utility providers around the world are switching from mechanical to smart meters. These generally need an internet connection. Existing utilities have an advantage here as they already have cables going into the subscribers’ premises. They can provide both advanced metering and subscriber internet access.
IP addresses are the numerical identifiers for network interfaces that send and receive data. IP addressing is a key issue for utilities deploying integrated advanced metering and internet access. This is because there are now far more networked devices than IPv4 addresses.
The most widely deployed internet addressing protocol is IPv4. It has just 4.3 billion addresses, with only 3.8 billion of them available for use by ordinary internet devices. This means there are far more people than addresses. But most people use more than one device, each with an IP address.
In the late 1990s, when there were lots of unused IPv4 addresses, the minimum allocation to a network was over 8,000 addresses. Today, none of the Regional Internet Registries will allocate more than 1,000 addresses to each new member. Quite simply, the supply of newly-distributed IPs has been almost completely exhausted.
The free pool is effectively empty. The last big block of addresses left the central registry, known as IANA, in 2011. The Regional Internet Registries will allocate some small blocks to get new market entrants up and running. But these small blocks of addresses aren’t enough to run a full subscriber network. So, what are the cooperative’s options?
How can one get enough addresses to connect both the meters and the subscribers? If both the meter and subscriber’s router need an IP address the network would need at least two addresses for each premise.
One option is to hide many subscribers behind a single unique IPv4 address. This is similar to how many devices can share a single public IPv4 address to connect to an access provider. The method is called Network Address Translation, or NAT. Access providers can deploy NAT at scale, something known as Carrier Grade NAT, or CGNAT.
There are several alternative approaches available. Each has its own advantages and cost structure. The key factor that binds them all is that they only allow the subscriber to use IPv4.
Another approach is to use a combination of both IPv4 and IPv6. IPv6 is similar to IPv4. The most significant difference is that it has a much larger address, built around a 128-bit address space. It’s hard to understand such a large number. It is not limitless, but big enough to have huge amounts available for at least another century.
IPv6 presents both an advantage and a challenge. IPv6 is plentiful, so a network provider can get all the addresses they could reasonably need. This means an access provider can give all subscribers as much address space as even the largest users would need. And they can have a separately managed network for advanced metering.
The challenge is that a significant proportion of internet traffic still needs to use IPv4. This means the provider needs to manage both IPv4 and an IPv6 network. So, IPv4 access is required.
One approach to this is a technology called 464XLAT. It allows a network operator to connect subscribers using an IPv6-only network but give them access to IPv4-only services. This technology uses the customer premises equipment as a translator. Tailscale’s David Anderson has written an excellent four part blog series on NAT traversal technologies.
Even with a chosen technology and a core network, it’s likely that the address space available from the RIRs won’t be enough. We can help solve that problem. We connect buyers and sellers. We offer expert advice in pricing, the transfer process, and can provide help with renumbering and other engineering tasks.
By: Mina Karimi, Transfer Analyst – IPv4.Global
June 9, 2022
Pricing of IPv4 addresses over the last few months has taken an interesting turn. In recent years, the price per address for small blocks (/17 and smaller) has been greater than the price per address of large blocks (/16 and larger). June 2020 through August 2021, the price gap between large and small blocks ranged from 2.4% to 17.5%. This dynamic led to sellers breaking up /16 blocks to be sold in multiple transactions of smaller blocks since this netted more per address for the seller
Data from IPv4.GLOBAL. To see historical monthly snapshots like the above, go to https://ipv4.global/all-ipv4-pricing-data/.
2022 has seen the inverse of that, with larger blocks selling for a higher price per address. May 2022 has seen the continuation of this trend with an average price of $54.47 per IP address, up from April’s average of $54.25 per address (See the figure above). Conversely, while the price for large blocks has been experiencing an increase, small and medium sized blocks have been decreasing in price through 2022. This resulted in a widened gap in prices after December 2021 of 1.1% in January 2022 to 7.5% in April 2022.
Given this trend, buyers and sellers may want to adjust their buy/sell strategies and make appropriate adjustments. Current trends indicate that the price of large blocks will remain higher than small and mid-sized blocks in the short term as high demand for these large blocks encourages a higher price per address.
With the current pricing pattern, both buyers and sellers should reassess their strategy to better reflect their needs in the IPv4 market. For instance, buyers may ask themselves if it is a better strategy to purchase four /18s for a lower price or one /16 which may be more convenient, could be completed faster, and incur only one transfer fee. For a seller who owns a /16 and only uses a small portion of this space such as a /20, should they buy a /20 and sell the entire /16, or should they sell the unused portion of the /16 in smaller blocks?
The best strategy for a buyer or seller depends on their needs and the market. Since the market is fluid, with changes occurring regularly, it may be advisable for anyone considering the market to monitor it regularly. IPv4.GLOBAL’s online market and its full historical record of prices is available online.
The support team at IPv4.Global can help you with any marketplace questions and can help execute a strategy that best meets your needs. Contact us at (212) 610-5601 or support@ipv4.global.
Buyers of /20 to /17 blocks continue seeing bargains, while other sizes have held fairly steady with strong volume. Holders of /16 and larger are in the best market ever.
By Leo Vegoda
May 31, 2022
A network can fence its own IP addresses or block specific external ones from access. Administrators frequently block access to their own IP addresses to bar unwanted access to content. Individual IPs or blocks of IPs may also be blocked due to unwanted or malicious behavior.
IP address blocking prevents a specific IP address or group of IP addresses from connecting with a server, computer, or application. In general, IP addresses are blocked to prevent unwanted or harmful sites or servers from connecting with an organization’s network, or an individual’s computer.
Alternately, all external access may be blocked. An example is blocking anyone on the Internet trying to reach my accounting server.
IPs inside an organization’s system can also be blocked. For example, a hospital can block internal IPs to protect confidential data from network users who shouldn’t have access to that information.
An outbound block is sometimes required, too. For instance, an accounting server, infected with a bot, may be blocked from trying to reach a command server.
IP blocking becomes problematic when a person or company wants to block an address that’s part of a group. When you want to block a specific IP, the entire group of IPs it belongs to must also be blocked.
A good example is the country of Nigeria. Because so many Internet scams originate in Nigerian IP addresses, many – sometimes all – Nigerian IP addresses are blocked. And so, Nigeria’s legal businesses and Internet users have suffered as a result of mass IP blocking.
Scams are a common reason for IP address blocks but there are countless other reasons for blocking an IP address or group.
Software known as a firewall blocks access based on IP addresses. These applications examine source and destination IPs in every packet of data on a network and compare each to its list of blocked addresses. If the packet matches an IP on the list, it simply discards the packet.
For instance, if a lot of spam is received from a mail server at one address, it may get added to a list. Other lists might include IP addresses that allow any inbound communication (vulnerable to exploitation), or IP addresses that have been used for botnet attacks. These collections of identified bad sources are commonly referred to as Reputation Block Lists, or RBLs. Network or server administrators may decide to block any IP address on certain RBLs.
A similar issue arises with IP addresses that are vulnerable to hijacking as open relays or proxies. These, too, are often included on lists of IPs to be blocked.
Being listed on an RBL lowers the value of IPv4 addresses. While RBLs aren’t universally implemented, inclusion on one or more of them results in an IP being blocked for those who do deploy the RBL.
You’ll have to wait about 18 months to get IPv4 addresses from the RIPE NCC’s waiting list. This is the news from the RIPE NCC at RIPE 84. So, the open market is the only practical option for organizations who need IPv4 addresses they can use now.
The RIPE community created the waiting list to give new market entrants access to some IPv4 space. Unfortunately, some RIPE NCC members have multiple accounts and take multiple slots of the waiting list. Some members have 10 or more accounts. These members took more than half of waiting list slots at the end of 2021. They take just a quarter of them now, with over half going to members with just one account.
People at RIPE 84 discussed options to address this issue. They included running two queues. The first queue would be for members who have not got any IPv4 space before and the second would be for those who have.
Some people see approaches like this as attractive. But they would be complex to implement. We are unlikely to see changes to the waiting list.
If you need any amount of IPv4 address space, you can get it through the market. We run an auction platform with transparent pricing: find out more at www.ipv4.global/
Or call us on +1 212-610-5601 to discuss how we can help you.
The RIPE NCC reported problems when organizations buy IPv4 unofficially. In some cases, recipients contract for address space that was not allowed to be assigned to another organization. For instance, when the official registrant of the space no longer exists and the user is now in limbo.
The RIPE NCC does not make holders of Provider Independent address space contract directly with them. They can contract with a Local Internet registry, which could be a local ISP.
The RIPE NCC only found out about the improper sub-assignment of the address space when a customer of the Local Internet Registry went out of business. The RIPE community set a policy stopping the RIPE NCC from transferring the addresses to the actual user.
One option is for the user to join the RIPE NCC but this is often more expensive than the user planned.
IPv4.Global can help organizations get the IPv4 address space they need legitimately. It will be properly registered to them with the RIPE NCC.
Contact us for help in getting the IPv4 space you need: https://ipv4.global
Some organizations have 256 IPv6 addresses allocated to them. They then need to register the addresses they use in an assignment. This is a legacy from the early years of the internet when most organizations connected through ISPs and used the ISP’s IPv4 addresses.
The problem is that an assignment must be smaller than the allocation it comes from. This causes two problems. The registry doesn’t always hold good contact information for the addresses. That makes it harder to resolve technical problems.
It’s also a problem for organizations leasing blocks of 256 addresses. Registering two lots of addresses is confusing – and in some cases nothing is registered at all!
RIPE’s Database Task Force recommended a change. The Address Policy WG discussed at concept for policy proposal at RIPE 84. The proposal would relax the rule to register assignments for one’s own infrastructure.
There was some support but others felt the key problem was a technical limitation. They want that problem fixed.
At RIPE 84 we learned that about 2 million people have information about them registered in the RIPE database. This is a problem because these people can’t fix technical problems. Listing them makes it harder to find the people who can.
The RIPE database is for connecting teams who can resolve technical problems. They can use addresses like technical@example.com in their entries. They don’t need to list a person’s name or their email address.
A policy to address this problem will be drafted and presented to RIPE’s Database WG. But fixing it will need work from the ISPs that publish the data as well as the RIPE NCC.
By Leo Vegoda
All devices that connect to the internet need unique addresses. The number of IP addresses is limited, creating a demand for addresses worldwide, particularly from the cloud computing industry. This demand has raised the value of IPv4 to levels that the internet’s original developers didn’t predict, in part because the internet was considered an experiment at the time. Of course, use – and so demand – has exceeded anyone’s realistic expectations.
Growing demand for globally unique IPv4 addresses from infrastructure companies means their value has gone up. In 2011 the going rate was about $10 per address. The price is now over $50 per address.
The internet’s routing system now gives network operators much greater flexibility over what can be routed. This means that if an organization can free up some of its address space it has the option to profit.
We use devices to send data across the internet. They have numeric “To” and “From” addresses a bit like how envelopes have addresses on them. They are Internet Protocol, or IP, addresses. The most widely deployed version is IPv4. There are about 4.3 billion IPv4 addresses in total, but ordinary internet devices can only use about 3.8 billion of them.
When the internet was starting, its routing system had less flexibility. An organization that needed just 15,000 IPv4 addresses could not have got a block that closely matched its needs. At the time, there were three sizes of IPv4 address block available. Class C was the smallest with just 256 addresses. An organization that needed 15,000 addresses would have needed 64 of these, which would have been complicated to configure.
Class B gave an organization just over 65,000 addresses. This left lots of room for growth. But even after several decades, they would probably still have lots of unused IPv4 addresses.
Class A blocks contained about 16 million addresses. They were so large that very few were ever allocated.
Many organizations that got Class B address blocks back in the early days of the internet. The routing technology is now more flexible, allowing many different sizes of network to be routed. Unlike earlier routing technologies , with IPv4 we are not limited to the small, medium and large IP spaces of the early years. IPv4 addresses blocks accommodate to the exact amount a company means, which means less excess space, and less risk of needing more.
IPv4 addresses are mostly fungible, but not completely. An IP address block that has been used to send spam or serve malware has less value than a responsibly managed one. Buyers research the reputation of the blocks they are interested in. Blocks that have a negative reputation will probably need work to repair that reputation from the new user. So, a block with a good reputation is worth a premium.
Buyers will also consider whether addresses will be moving to a new geography. Many web services have a default language based on the IP address of the user. Many content services are only available to users in specific locations for licensing reasons. A block from the same country or state can be less work for the buyer.
The United Nation’s probabilistic population projections for 2020 were 8 billion people. Even if the population numbers are a bit lower, we have at least two people for each IPv4 address. Each computer, phone, and increasingly each car or television uses at least one IP address.
Most of those addresses can be “clients.” Clients, unlike devices, don’t need to have globally unique addresses. Instead, they can have what are known as private addresses, which are only unique on local networks. Those private addresses can share a single unique address.
There are registries that provide the same kind of service a land registry does for real property. The key difference is that what is sold is not a piece of property but a right to a registration The registries introduced transfer policies a few years ago. Network operators agreed on transfer policies because accurate registration data is important to operations.
IPv4.Global specializes in helping clients sell, lease and buy IPv4. We help make the process less complicated and time consuming by:
Contact us by calling (212) 610-5601 to speak with an expert for help turning your invisible asset into revenue.
IPv4.Global has an auction service that lets buyers and sellers find out the value of their hidden assets. The market for IPv4 addresses is booming, and buyers and sellers must consider multiple factors to successfully take advantage. How large is the address block? Does it appear on well-known block lists? Does it come from a different geographic region? Whatever your IPv4 trading needs, we can help.
By Leo Vegoda
May 10, 2022
CIDR (Classless Inter-Domain Routing) is a routing system in which network engineers can distribute IP addresses based on the size of their specific network. This is more efficient than the previous system, which assigned IP addresses depending on whether the size of a network fit into one of only three sizes: Class A, Class B, and Class C.
CIDR is a much more advanced system of IP routing that solves multiple issues caused by traditional “classful” routing, including wasting unused space and more secure networks. The Downsides of Classful Routing In 1981, the “Classful Routing” system only allowed for three network sizes:
When organizations needed multiple Class C networks, they would get a Class B, even if they’d only use a small portion of it. An organization that needed just 2,000 IPv4 addresses would have needed eight Class C networks. At the time, the technology required each of those networks to be treated as an independent network on the Internet. Having lots of unused space might seem like an advantage, but it also requires extra caution and monitoring to make sure it isn’t being used by other organizations. Such use can make it harder to send email or use services that are restricted to a particular geography. And sometimes, bad actors use someone else’s addresses for cyber attacks.
CIDR (pronounced ‘cider’) was introduced in the early 1990s as a classless domain routing system. This new system empowers organizations to only get the amount of IP addresses they need in their networks, without wasting unused space.
For instance, a network that would have needed eight Class Cs could have received a /20 (pronounced slash 20), which is just over 8,000 addresses. This would have given them all the addresses they needed and room to double in size. This leaves less space to monitor while still leaving plenty for growth. And, it would have left about 57,000 addresses for other organizations.
In CIDR, the size of the network is determined by its prefix length. IPv4 has 32 bits shared between identifying the network and the number of addresses in that network. The more bits taken by the prefix, the fewer addresses it contains. An old Class B network has 16 bits of prefix and 16 bits left for addresses. The 16 bits of prefix give it just over 65,000 addresses.
This block size is known as a /16 (pronounced slash 16) in CIDR. But cut it in two and you have two /17s, each with about 32,000 addresses. Here’s a table showing all the sizes of all the prefixes introduced between Class B and Class C by using CIDR.
| Prefix Length | Address Count |
|---|---|
| /24 | 256 |
| /23 | 512 |
| /22 | 1,024 |
| /21 | 2,048 |
| /20 | 4,096 |
| /19 | 8,192 |
| /18 | 16,384 |
| /17 | 32,768 |
| /16 | 65,536 |
The Classful Routing system offered some variety in how big a network could be. It offered little flexibility in how those addresses could be routed on the internet. If you had a Class B you could only assign all your addresses to the networks you connected to. You couldn’t allocate half to one network and half to another.
CIDR, and an update to the BGP routing protocol, gave organizations the opportunity to cut up their address space. This lets them influence where traffic arrives. It can improve user experience and cost management.
For example, an organization was struggling to decide how to route the addresses they use. They had sites in two different cities, so they had a tough choice to make with Classful Routing. They could choose to interconnect the sites with a Class B, or they could announce the Class B from one site and have the other site as a dead end. They are forced to route lots of traffic between sites for both of these choices.
But if they cut the network prefix into smaller pieces, they can manage where traffic arrives. Each site can announce the exact prefix it uses. BGP chooses this most specific prefix and so sends traffic directly to the right site. If a site ever loses direct internet connectivity, it can retain internet access through the other site, because both sites also announce the encompassing prefix. BGP will fall back to the less efficient route if the best one fails.
You can optimize your routing and improve risk management if your organization has a Class B network and plenty of unused address space. Renumbering can pay for this.
Renumbering means either using IPv4 addresses from just one part of the Class B, or exchanging it for a smaller block. The current price of IPv4 addresses will generally cover the cost of extra help to do this work and still provide a surplus.
One Class B
In this example, based on the original organization of IP addresses, in a system with two sites, both are assigned to a Class B network, now known as a /16. Other internet networks can reach them through either site but don’t have enough information to choose an efficient route. Traffic for City A will arrive at City B, and vice versa. Losing the inter-site link hinders internet access for both sites, as traffic for both sites is directed to the other.
One City, one Inter-site Connection
Just one site has internet access in example B. Traffic is only directed in a one-way path, so the site in City B has no connection if the inter-site link fails.
CIDR Solution
Both cities connect directly to the internet. They are each assigned their own addresses, so other internet networks will send traffic directly to the right site. And because they both announce the whole /16, both sites have internet access through the other if one internet connection fails. BGP’s routing algorithm lets organizations use CIDR to manage their incoming traffic better. This can improve network performance without reducing resilience.
Peter Tobey & Leo Vegoda
May 4. 2022
The early stages of internet development operated in a culture of independence from outside influence. In fact, as though to commemorate the spirit of the times, in 1996 John Perry Barlow wrote “A Declaration of the Independence of Cyberspace.” In it, he told governments they, “have no sovereignty where we gather.” He went on to state, “Ours is a world that is both everywhere and nowhere, but it is not where bodies live.” Regulators and politicians seemed to agree, and outside control of the development and organization of the internet was managed with a very light touch throughout the 1990s.
Since then, internet regulation has become more thorough. It is definitely not “nowhere.” It is increasingly everywhere and definitely “somewhere” in the sense its bits and pieces live in the very real, very physical world, as do its users. Servers sit in data centers. Those data centers need staff, electricity, and lots of connectivity. Plus, the web has enabled all sorts of behavior, most of it good and useful, some not so much.
Governments have made laws that relate to the internet and to the people who use it. They have always regulated the communications infrastructure, especially international telecommunications systems. These days law makers increasingly regulate the content that is communicated on the internet. In addition, governments band together to establish international norms in the United Nations and other international organizations. These actions generally reach far beyond content moderation or control.
As part of the regulation process, the organizations running the address registries that enable communication on the system work within these laws. Which is to say, the regional internet registries (RIRs) are impacted by laws just like the rest of us.
When organizations agree to transfer addresses (whether within a region or between them), they are not transferring a physical object. Instead, they are transferring the rights for a registration in a database. It is this address data that informs the entire system as to the routing of information among machines on the internet. So, without accurate, up-to-date information, well-coordinated and synchronized across the system, information to or from a machine is stalled. It either fails to move at all or can’t get where it’s supposed to go.
The Regional Internet Registries and National Internet Registries manage those databases. This means that three organizations must agree to the transfer of use from one owner of an address to another owner. (More likely, the transfer of large blocks of addresses, but the principle is the same.)
All three entities must ensure that they can and want to do business with each other for a successful transfer to occur. There are several layers of quality control within the process. But organizations outside the transfer group enforce other controls that often supersede those of the IP registries and the needs – or wishes – of the parties to a transfer.
Those with IPv4 addresses transfer them to others in return for payment. The market for these intangible-but-significant assets has become very large. The recipient must pay the source of the transfer for the use of the addresses. In some cases, there are also fees paid to brokers, like IPv4.GLOBAL, for arranging and helping to complete the transfer.
All such transfers are subject to banking regulations and controls and limited by the cross-border systems available. Chief among those systems is the Society for Worldwide Interbank Financial Telecommunication (SWIFT) messaging protocol used in most international funds transfers. (There are others, including China’s CIPS but SWIFT is by far the most widely used.) If one of the banks is not able to use the SWIFT interbank transfer system, any transaction using it cannot proceed. The recipient of the transfer must also be able to send payment. Thus, blocking either party can stop a transfer of funds.
More broadly, the international banking system has rules that control illegal financial transactions. Transactions from sanctioned entities, and/or countries supporting illicit activities are selectively blocked from using the system. Under normal circumstances, ordinary crime is the main target. Numerous governments, financial institutions, and corporations impose controls to prevent money laundering and the illegal movement of funds. Banks enforce government mandates by conducting comprehensive due diligence on clients, analyzing financial transactions flowing through their operations, identifying suspicious transactions and reporting suspect transactions through SARs (Suspicious Activity Reports) to government regulators. Lastly, banks research trends and patterns in money laundering and terrorist financing activities to improve their transaction-monitoring systems. All this evolves with the changing tactics of target entities.
Difficulties arise when members of a region either run afoul of the regulations or because information about them is incomplete. In these cases, transferring parties can’t confirm an appropriate transfer of funds. This has been an issue for RIPE NCC. In November 2021 it had members who could not be invoiced because banks considered them “…high risk and would prefer not to receive any funds from them.” The RIPE NCC has said it will set up banking in Dubai, where banks are better able to evaluate risks in nearby countries, thereby allowing transfers.
The invasion of Ukraine has lead to efforts to isolate Russia from many of the world’s commercial channels. Among those efforts are financial restrictions across a number of banking networks and protocols. Of course, some commercial pathways remain open to Russian IP owners, while others are closed.
IP holders in Russia (and Ukraine) have been invoiced as normal by their RIR, the RIPE NCC. Their accounts won’t be closed if they cannot be paid in the normal timeframe. The registry in the region (RIPE NCC) states, “We continue to follow all our procedures in the same way as we did before the outbreak of war. We treat all members equally and the same requirements are made of all members in terms of due diligence checks. If we need to make any changes to our procedures, these will be clearly communicated to all members.”
However, other regulations apply. The Dutch Ministry of Foreign Affairs maintains that IP resources are economic resources and so are subject to EU sanctions. IP addresses registered to Russian organizations, then, are functioning but can’t be transferred, either sold or new ones purchased according to the registry in question, RIPE NCC.
It should be noted that Russia (and any other RIPE account) is allowed to pay in any non-crypto currency. The Euro is preferred but not required. This because the ruble remains a legal currency. However, far-reaching banking controls are now in place regarding Russia.
In addition to the above, Australian, EU, UK and US regulators have imposed financial sanctions on Russia. These sanctions freeze assets held abroad by Russia’s central bank and selected Russian commercial banks. Additionally, Russian banks are blocked from the SWIFT messaging system used to facilitate cross-border transactions among banks.
There is a wide range of other sanctions, including seizure of the foreign assets belonging to specific Russian oligarchs and political leaders. If sellers or buyers rely on sanctioned Russian banks to execute payments, their payments will be blocked. Funds at other banks will need to be employed. If this is not an option, the buyer/seller will be financially isolated and unable to pay for anything.
Finally, the world’s financial system is complex. The networks that connect banks, both sanctioned and un-sanctioned ones, are many and strange. So, regulators and governments seeking to restrict the flow of funds to and from the many banking systems and via the world’s byzantine transfer methods are currently in the process of adding controls, step by step. At the same time, sanctioned banks are trying to find ways around those controls. As of this writing, two things are clear: funds transfer to and from Russia are possible and they are becoming increasingly difficult. In any case, before considering such a transfer, consult with your banker and a qualified attorney.
The registries want to maintain authoritative data for the user of IP addresses so that network operators can establish routing policies and communicate effectively with each other. That’s why they have developed policies enabling the transfer of IP addresses: so the transfers are under their control. Registries that are incomplete or inaccurate are less useful. Missing data makes internet crime and other attacks easier.
Registries also must comply with international sanctions laws. In 2018, ARIN’s CEO stated that its due diligence checks “includes verification of the legal entities involved and their pertinent bona fides. ARIN reviews transactions for potential conflict with applicable law and has in the past declined to process transactions that are unclear in that regard and referred parties to US Treasury/OFAC to obtain appropriate clarity or licensing as appropriate.”
The Office of Foreign Assets Control (“OFAC”) of the US Department of the Treasury, “administers and enforces economic and trade sanctions. Its work is based on US foreign policy and national security goals against targeted foreign countries and regimes, terrorists, international narcotics traffickers, those engaged in activities related to the proliferation of weapons of mass destruction, and other threats to the national security, foreign policy or economy of the United States.”
The RIPE NCC regularly updates the document describing the scope of its due diligence checks. It also publishes a quarterly sanctions transparency report. For instance, they reported in January 2022 that 250,000 IP addresses had been frozen in its database. These were registered to a member in Syria and a member in Iran.
Many private organizations perform due diligence checks on new suppliers, customers and other partners. This includes those with whom they transfer IP addresses. Such institutions and businesses want to know that their business partner will be reliable. Some want to know they are reputable. And, many in the IP transfer process have concluded that organizations based in Russia are unworthy partners in any exchange and regardless of permissions available (though there aren’t many) they will not participate with Russian entities. The checks done by institutions, firms, banks and registries do not replace the legal process. They add an extra layer of confidence that any transfer is legal and acceptable to all the participants.
For those with any number of reservations and/or questions about the restrictions involved in transfers generally, please contact IPv4.GLOBAL by email or by phone (212) 610-5601. For specific issues – especially those revolving around sanctions against Russia, contact your attorney for guidance.
The five Regional Internet Registries are subject to the jurisdiction, including sanctions regime, of the countries in which they are based. These are:
The five Regional Internet Registries are subject to the jurisdiction, including sanctions regime, of the countries in which they are based. These are:
Demand for large blocks (/16 and larger) continues to exceed supply, continuing the trend of rising prices. Demand for smaller blocks has slowed a little bit, with prices falling as sellers compete for buyers’ attention.
Lee Howard
April 26. 2022
Recent Department of Defense IPv4 activity and announcements about IPv6 indicate a shift in their perspective and suggest potential impacts on the IPv4 address market. The shift could include the release of up to 175 million IPv4 addresses in coming years, creating a risk of a glut in the market. For perspective, the market has transferred 380 million addresses over eleven years.
In June 2021 the United States Department of Defense (U.S. DoD) adopted the Office of Management and Budget (OMB) directive from 19 November 2020 (DoD DTM 21-004 adopts OMB M-21-07). This directive is different from previous efforts, because it has the support of civilian agency leadership and the DoD.
The OMB memo says both agencies will issue an agency-wide IPv6 policy by the end of 2021. This IPv6 policy must require that, no later than Fiscal Year 2023, all new networked Federal information systems must be IPv6-enabled at the time they are deployed. Plus, the policy will state the agency’s strategic intent to phase out the use of IPv4 for all systems.
Under past efforts, if a vendor checked a box saying a computer or software worked with IPv6, the requirement was met. This directive defines “IPv6-enabled” as “IPv6 is turned on for production use.” Claiming that a device or service is capable of using IPv6 does not satisfy the requirement.
The plan must also include plans for IP-enabled assest on Federal networks:
Again learning from earlier corner cutting, “IPv6-only” is defined as a state where IPv4 is not in use. The memo does allow for IPv4 transition mechanisms (such as NAT64, SIIT-DC, 464xlat, MAP-T, MAP-E), but the backend systems should be IPv6-only.
Phasing out IPv4 means most of those addresses will be useless to the U.S. military and government. Some other activity hints at what they might do with those addresses.
In late 2019, the the U.S. House of Representatives passed the National Defense Authorization Act (NDAA) to fund the DoD for 2021, with text requiring the DoD to sell off all of its hundreds of millions of IPv4 addresses. This line did not survive reconciliation with the Senate, but it shows that some in Congress are aware of the existence of billions of dollars of addresses in government coffers. In reviewing the bill, the Congressional Budget Office (CBO) noted, “DoD would have to amend its existing agreement with the American Registry for Internet Numbers (ARIN), which requires DoD to release unneeded IP addresses to ARIN for redistribution.” This may well have been what killed the line in committee.
Regarding that agreement, ARIN CEO John Curran said in a public email, “The provisions were never intended to constrain the USG/DoD any differently than any other party in the registry and given the availability of the transfer policies in the number resource policy manual we have made plain to the USG/DoD that ARIN is neither encouraging nor an impediment to the transfer of IPv4 number resources at this time.”
So those addresses could still find their way to the address market.
The DoD has apparently take this possibility seriously. In January 2021, a previously unknown company began “announcing” DoD IPv4 space on the Internet (technical jargon for “looks like they’re using it”). In April 2021, the DoD said the announcement was to “assess, evaluate, and prevent unauthorized use of DoD IP address space.”
A surprising number of companies use unannounced DoD IPv4 space for internal, private, or “walled garden” networks—scenarios where the addresses will only be used internally, not on the Internet. But some devices connect both to walled gardens and to the Internet.. If DoD addresses were sold and used on the Internet, those devices would have conflicts: do they send traffic to the private network or the public Internet? So this project is exactly the due diligence one would expect before the DoD released its IPv4 addresses.
If the DoD won’t need 20-80% of its IPv4 addresses in the next 2-4 years, it looks like the Department of Defense will release some of its IPv4 addresses. What then?
Civilian agencies who achieve 20% – 80% IPv6-only deployment between 2023 to 2025, even with some holdback for translation, will find themselves with a surplus of IPv4 addresses. Under federal government rules, those addresses may have to be “returned” to the DoD, who then has an even greater surplus.
If Congress made the DoD offer its 175 million IPv4 addresses on the market, it is likely that the big buyers would buy as much as they need. There would be little remaining demand for /8 – /13 blocks, and DoD might even have to sell down to /16, virtually eliminating the mid market. If civilian agencies with /16 blocks release chunks of their space, there’s a similar threat to the small market. That much address space would sate the market for several years, based on historical transfer rates.
Source: RIR Transfer Logs
Many IPv4 address holders have indicated a desire to lease addresses as prices are rising. This can be a great strategy to maximize returns, but the longer the wait, the higher the risk that the DoD will make those addresses worthless at the end of the lease. The risk is lowest now, and increases year by year.
Of course, a rush to sell now could backfire if the U.S. government and DoD don’t ultimately release their addresses. People in the US government who are advancing the IPv6 initiatives are aware of market dynamics, and may also be reluctant to flood the market with IPv4 addresses just as their efforts to move to IPv6-only are culminating.
Most financial advisors argue against trying to time the market. Don’t worry about price fluctuations: decisions to buy or sell should be based on fundamentals and demonstrable needs.
By Leo Vegoda
April 19, 2022
We refer to the internet services we use with names like hilcoglobal.com but those names hide a layer of numbers. These are internet protocol, or IP, addresses. The most widely deployed version is IPv4. It has a theoretical maximum of about 4.3 billion addresses. Only about 3.8 billion IPv4 addresses are available for use by ordinary internet devices. That means we have about half as many addresses as people on Earth.
An IP address is just a number. People are familiar with IPv4 addresses in “dotted decimal” format. But we could write an address like 198.51.100.42 as 3,325,256,746. We use the dotted decimal format to help us understand quickly and easily where a block (or sequence) of numbers starts and ends.
Blocks of IPv4 addresses used to be assigned in three sizes. The smallest, known as a Class C, contained 256 addresses. The middle size had just over 65,000 addresses and was called a Class B. The largest size had over 16 million addresses and was called a Class A. These dramatically different sizes meant that users were assigned blocks of IP addresses (classes) of very different proportion. What’s more, it resulted in many networks being distributed far more than they needed simply because a smaller block wasn’t enough. Registries gave organizations that needed just a few thousand IPv4 addresses a whole Class B.
Times have changed. IPv4 addresses have significant market value because the registry pools of available addresses have been emptied by ever-growing demand. That heavy use occurred because people have multiple devices. And they use them at home, on the move, and in the office.
Continuously growing demand did not end when the registries’ free pools were emptied. The RIRs introduced policies to support a market where organizations can legitimately exchange IPv4 address blocks. This keeps accurate contact information about network operators available. In 2022, many new organizations and growing cloud services companies are buying IPv4. Prices have risen in recent years and generally more than cover the cost of reassigning an IP address to a new device, a.k.a. “renumbering.”
To put it simply, when additional IPv4 addresses are acquired, the devices that will use those addresses must have their identifying IP changed. This change is known as renumbering and, when large numbers of devices are involved, can be time-consuming.
Any successful change starts by understanding the current situation. An IP Address Management (IPAM) tool will inventory the IP addresses on your network. You can use this to build a picture of what needs to change.
IPAMs are more than databases recording which addresses are used and where. They can discover where IP addresses are used. You can then use your IPAM as part of your deployment by updating DNS and detecting unauthorized devices.
Then you need to centralize and automate configuration.
Using a configuration management and orchestration system will help you maintain baseline configurations. You can then adjust individual configurations as needed and automate updates. And you can audit configurations and deploy improvements when you centralize configuration management.
Organizations are sometimes worried about renumbering because they use static addresses. Some software vendors demand that software be tied to addresses. This is less common now, with online license validation or audits available as alternatives. Where neither of these is offered, it is often possible to use IPv6 addresses instead.
Some organizations periodically stop production to perform maintenance on capital equipment. Planning around these situations before starting to renumber is recommended. If that’s not possible, taking an incremental approach might work well. Start with a small segment and get used to the new tools. Then, expand across the whole network in steps.
Whichever approach is right for your organization, you need to manage renumbering in the following stages:
It is often possible to introduce a new prefix alongside the old one. You can then remove the old prefix once you have the new one up and running and have tested that traffic is using it. You can remove it when you are sure there are no more dependencies on the old prefix.
Some organizations distribute responsibilities for network, servers, and applications to different teams. If yours does this, then your internal communication will be just as important as the technologies you use. People in different parts of your organization will need to actively cooperate.
You don’t need to develop and execute a plan for renumbering on your own. We can help. Contact us so we can get you the experience you need for your team. We’ll help you do three important things:
The IETF has produced a collection of documents that look at renumbering. While they focus on IPv6 networks, most of what they say applies to any network.
The IPv6 Site Renumbering (6renum) Working Group produced documents on:
The IPv6 Operations (v6ops) Working Group produced a document on how to renumber without a flag day.
By Leo Vegoda
April 12, 2022
In the world of networking, internet connectivity is covered by the mass media either thinly or inaccurately. Or both. Most news outlets only publish reviews of consumer products. Ditto publications about personal computers and handheld devices. The internet’s foundations get much less coverage. Only the technology news industry explores topics like server hardware and operating systems in ways that are useful to networking professionals.
Here are lists of the highest-quality web industry blogs and podcasts:
Some technology news blogs and publications are more useful to serious network professionals than others.
In addition, some regional industry publications, like South Africa’s MyBroadband, have done excellent work covering recent events leading to criminal investigations and multiple lawsuits at AFRINIC.
They often include articles about governance, community projects, and standards development. What makes them stand out is their ability to effectively summarize and communicate complex issues to a broad audience.
Here are the most trusted and valuable tech news podcasts that cover internet and network-related topics:
Valuable connectivity news now (sometimes) comes via talking heads on screen:
Good advice on how to start and stay current regarding reputation management is available from Mailop, whose community publishes the best practices and hosts a mailing list for advice and discussion.
DomainIncite – https://domainincite.com
Domain Name Wire – https://domainnamewire.com
IEEE Spectrum – https://spectrum.ieee.org/magazine/
The Internet Protocol Journal – https://ipj.dreamhosters.com
The Register – https://www.theregister.com
MyBroadband – https://mybroadband.co.za/news/
AFRINIC – https://afrinic.net/news
APNIC (main) – https://blog.apnic.net
APNIC (labs) – https://labs.apnic.net
ARIN – https://www.arin.net/blog/
CENTR – https://centr.org/news.html
RIPE NCC – https://labs.ripe.net
Internet Governance Project – https://www.internetgovernance.org
Internet Society – https://www.internetsociety.org/blog/
Internet News – https://www.internetnews.me
Interplanetary Network Special Interest Group – https://ipnsig.org
Netnod – https://www.netnod.se/blog
Cloudflare – https://blog.cloudflare.com
ICANN – https://www.icann.org/en/blogs
Kentik – https://www.kentik.com/blog/
APNIC Ping – https://blog.apnic.net/2021/10/29/have-you-heard-apnic-has-a-new-podcast/
Ask Mr DNS – https://askmrdns.com
Economist Babbage (mainstream technology news) – https://podcasts.apple.com/us/podcast/babbage-from-the-economist/id508376907
LINXcast – https://www.linx.net/news-and-events/linxcast/
NANOG TV – https://nanog.org/news-stories/nanog-tv/
UKNOF – https://www.youtube.com/user/UKNOFconf/videos
Journal of Cyber Policy – https://www.tandfonline.com/loi/rcyb20
Light Blue Touchpaper – https://www.lightbluetouchpaper.org
Six months ago, if you had a /16 to sell, you were better off splitting it into smaller blocks. March saw a price inversion that flips that advice on its head, as /16s sold for more per address than smaller blocks. The converse is: if you’re a buyer needing a /16, you’ll find better bargains by picking up a few /17 or /18 blocks. This is a dynamic market, so keep checking https://auctions.ipv4.global/prior-sales for the latest transactions.
New Agreement makes IPv4.GLOBAL’s auctions, private sales and leasing services available to E&I members in higher education, K-12, and healthcare teaching institutions across the U.S.
New York, NY — April 7, 2022 — Hilco Streambank’s IPv4.GLOBAL, the world’s most experienced internet protocol address broker, today announced that it has been awarded a competitively solicited contract by E&I Cooperative Services (E&I) to provide its members with these often-overlooked educational assets. Premium services – at discounted costs – are available to E&I’s more than 5,500 member institutions across the U.S. The contract is effective immediately, runs through January 31, 2027, and includes a renewal option.
Through this contract, IPv4.GLOBAL provides E&I members with assistance in the private sale or public auction of IP addresses on its web platform. IPv4.GLOBAL will also help the seller of addresses transfer them to the buyer. Escrow services for these transfers will be supplied at no additional charge.
“We’re very happy to be awarded the E&I contract to help serve their members,” said Gabe Fried, CEO of Hilco Streambank and IPv4.GLOBAL. “Hilco Streambank and IPv4.GLOBAL are thrilled to have a cooperative contract vehicle to support the work we’ve done for educational institutions and the services we provide. We look forward to helping these institutions raise much-needed cash through the sale of their surplus IPv4 addresses.”
According to Keith Fowlkes, Vice President, Technology at E&I, E&I members will benefit significantly from finding new revenue through sales of their unused IPv4 address blocks. “Opportunities for revenue generation on campus are increasingly important given the current financial climate. We’re excited about the addition of this new competitively solicited agreement to our technology contract portfolio. Our members now have easy access to their full range of services at discounted contract rates.”
For more information, contact the E&I Team at (703) 673-3518, EducationSales@hilcoglobal.com or www.ipv4.global.
Hilco Streambank provides intellectual property services and expertise at the intersection of intangible assets and corporate finance – identifying, preserving, and extracting value for clients. The firm combines an understanding of how to run a successful disposition project with an extensive network of technical professionals providing research, packaging, and marketing expertise to support the sales process. Hilco Streambank’s appraisal process provides lenders with an accurate recovery estimate under a variety of disposition scenarios. For more information, please visit www.hilcostreambank.com.
IPv4.Global is a division of Hilco Streambank. As trusted marketplace leaders, the company is dedicated to reliable transparent service. It facilitates the purchase and sale of IP blocks, regardless of the size, and have completed more transfers than anyone else in the world. IPv4.GLOBAL’s multi-tiered services facilitate transactions of varying IPv4 block sizes, ranging from smaller transactions through our online platform to large private transactions through our brokerage business. For more information, please visit www.IPv4.Global.
E&I Cooperative Services (E&I) is the only member-owned, non-profit procurement cooperative exclusively focused on serving education. E&I delivers unsurpassed value and an exceptional experience to its members through a broad portfolio of competitively solicited contracts with industry-leading suppliers as well as innovative sourcing solutions. The Cooperative empowers its members to make informed, analytics-driven decisions to capture more spend and optimize their education dollars. For more information, please visit www.eandi.org.
By Leo Vegoda
April 5, 2022
Network operators rely on guidance from IP address experts because not all IP addresses used on the Internet are the same. The “reputation” of email senders is especially important because some are malicious users of the system. But identifying “senders” based on their email addresses or the individual IP address of a user presents issues that are unnecessarily complex.
So, for many years, the people who run the Internet’s email systems have rejected messages coming directly from the IP addresses used by home Internet connections. (There were about 1,300,000,000 wired home broadband connections at the end of 2021.) It would be difficult to maintain a database of addresses belonging to responsible users versus people (intentionally or because of virus or botnet infection) sending unsolicited bulk email, phishing, or engaged in other malicious activities.
As a result, we need to send email through dedicated systems and the system administrators use a variety of tools to measure the reputation of that smaller number of systems.
The same approach is used to monitor IP addresses for their reputation on several dimensions. Not only, “should this address be sending email?” but also geographical location, whether an IP address is infected with malware, is involved in stealing others Internet users’ identities, or an open proxy that can be used by miscreants to do any of those things.
Deploying a new range of IP address space is more complex than just configuring those addresses on equipment and using them on the Internet.
Any significant sized range of addresses will have been used on some other network before. While a transfer to your organization will show up in the Regional Internet Registry or National Internet Registry database, propagating that change through the various types of reputation tracking systems in place is not instant or automatic.
Updating those systems about changes in management, purpose, and geography are important elements in the IP addresses your organization needs.
A sudden transition from one user and purpose to another is less likely to be successful than a careful deployment. Address space in active use immediately before being transferred may be tainted. If it sat fallow for some time before it is more likely not to be on a block list. If you’ll be using the range for the same purpose as the previous registrant, you’ll want to understand what the relevant reputation databases report about it.
Reputation tracking started for addresses that send email and that continues to be important. Good advice on how to start and stay current is available from Mailop, whose community publishes the best practices and hosts a mailing list for advice and discussion.
If your new range of address space was transferred from a different geography and will be used for consumer Internet access you will probably need to contact the companies that manage databases tracking the geographic location of IP address ranges (GeoIP). Most consumer content is licensed for specific markets and these databases help the content distribution networks implement geographic restrictions where they are required by the content owners.
If the address range was previously used in a place where they use different languages than in your region, popular platforms will need to know about the transfer, so they present interfaces using the languages your users prefer.
If you will be using your new address space for a different purpose than in the past, you will need to make sure that reputation systems know about the change, so they don’t characterize your use as unexpected and add your network to lists of blocked addresses. For instance, when an address range previously used for subscriber Internet access is repurposed for cloud servers that are likely to send email, it will need to be removed from various lists. One example is Spamhaus’s Policy Block List, which lists address ranges that should not send email.
The Brothers WISP publishes a regularly maintained list of GeoIP databases. This is a great resource for consumer ISPs whose address space is rejected by local content distribution services, like video streaming or gaming platforms.
The Spamhaus Project maintains lists networks can use to help them decide whether to block traffic from other networks. Its lists are advisory and can be used in conjunction with other services, sometimes proprietary, to make decisions about whether to accept traffic.
Discover the existing reputation of your new address range at the places that matter for you and update where necessary. Actively search for lists and their importance to your intended purpose. Contact the administrators and let them know about how the address range has changed registrant, and whether its geography or purpose has changed.
This will take time and you will either need to include that time in your deployment plan or manage problems with block lists and other reputation databases as they arise.
About Leo: Leo has been involved with the management of Internet Number Resources at ISPs, the RIPE NCC, and in ICANN’s IANA team. He now provides bespoke services to a number of Internet-space organizations, including Euro-IX and PeeringDB.
By Leo Vegoda
March 29, 2022
The IPv4 market is a collection of systems where holders of IPv4 addresses transfer the right to the registry records of those holdings’ addresses to other internet users of them. These rights often transfer in what amounts to a sale. At other times the rights are transferred temporarily, in a leasing agreement. Transfers are sometimes negotiated privately and at other times in public auctions.
An internet “address” indicates to the system the source and destination of information being sent. It can route traffic to a number of different locations but most commonly identifies a specific internet-connected machine.
The early, IPv4 version of “naming” IP (Internet Protocol) addresses, uses a “dotted decimal” format such as “198.51.100.42” which could also be written “3,325,256,746” as it is sequentially in that place in line. The dotted decimal system is used as a convenience to help network administrators understand where one “block” of numbers begins and ends. There are about 3.8 billion IPv4 addresses that can be used for regular Internet connections. About 500 million more addresses are reserved for protocols like multicast, private use, and future uses that were never defined, and which probably never will be.
The IPv4 transfer market was spurred by the exhaustion of the free pool of addresses. This happened because “only” about 4 billion addresses were created in version 4 of the addressing system and the growth of the internet used them up entirely. IANA, the registry at the top of the hierarchy, allocated its final blocks of 16 million addresses in 2011 and it allocated the last crumbs in 2019. Some regional internet registries’ (RIRs) policies attempted to retain small blocks of address space for new market entrants, while others continued a first-come, first-served need policy. But for several years it has only been possible to get enough new addresses to address a large network through the transfer market.
To further complicate the impacts of rapid internet growth, early protocols for connecting independently managed IPv4 networks supported just three network sizes. As a result, “blocks” of addresses were distributed in these sizes. The largest was Class A, which each contained just over 16 million addresses. Then there is Class B and these blocks contained 65,536 addresses. Finally, Class C networks each had 256 addresses.
Engineers developed ways to make more efficient use of address space in the late 1990s and it is now common to see networks of different sizes. The number of addresses in a network is designed by its prefix length, using a slash before the prefix length in bits. Old Class A networks are now known as “/8s” and can be broken up into smaller parts. Those 16 million addresses could be turned into 16 “/12s” of 1 million addresses each – or smaller networks if needed.
When only three sizes of network could be used on the Internet, some organizations got more addresses than they now need. These organizations have been able to retain the addresses they still need and transfer the remainder to other organizations whose deployments depend on them. The alternatives to a market in the registration rights to database entries for IP address space are not very attractive. These include:
One option would have been to try and ignore the market by only recognizing transfers arising from mergers and acquisitions. The organizations that did not need the addresses would have needed to create new legal entities to hold those addresses and market participants could then buy and sell those legal entities.
One major operational downside of this approach would be that it breaks the connection between the registrant of the addresses and the operator of the network. So, it would complicate the communication needed to resolve operational issues. This approach would also add overhead when splitting a larger block up so that the addresses can be used on several smaller networks.
Another approach to this problem might be for the actual registrant of the addresses to rent them to users but not transfer the registration. This shares the operational problems caused by only recognizing mergers and acquisitions, but also removes the incentive for users to use the addresses responsibly. Temporary leases are likely to attract users who want to send spam or engage in other malicious activities and so require careful vetting of lessors by responsible intermediaries.
Responsible facilitators of leasing programs restrict access to this option today. However, the extent of the vetting to qualify potential lessors varies.
Anyone around in the late 1990s will remember the dot-com bubble and the near constant deal making that resulted in small networks being merged into larger organizations. All that merger and acquisition activity needed to be properly recorded in the Regional Internet Registry and National Internet Registry databases so that network operators and Internet users could contact each other when problems arose. Old RIR policy documents, like ripe-185 from 1998, include sections on changes in registry ownership. Four years later, those two paragraphs had become a seven-page document.
Across differing RIRs, the procedure for transfer varies somewhat. Each RIR’s policy is developed by its own policy making community to meet the needs of their specific region and this has resulted in small differences among the policies.
RIPE policy allows the “legacy” status of an IPv4 address block that was obtained before the RIR system was established to stay with the new registrant. This means the new registrant can choose an agreement that protects it from deregistration in some circumstances not available to other registrants.
As of January 2022, AFRINIC’s policy only supports transfers within the AFRINIC region and not between regions. Parts of the AFRINIC policy-making community are concerned that its limited pool of IPv4 address space – the smallest RIR pool – could be exported to networks in wealthier regions. But North America’s RIR, ARIN, generally exports more addresses to other regions than it imports.
ARIN, and other RIRs, publish lists of organizations that can facilitate address transfers. This market helps the Internet’s continued growth as IPv4 addresses can move from registrants who can afford to do without them to those who need them to grow.
About Leo: Leo has been involved with the management of Internet Number Resources at ISPs, the RIPE NCC, and in ICANN’s IANA team. He now provides bespoke services to a number of Internet-space organizations, including Euro-IX and PeeringDB.
After 2021’s meteoric rise in prices, different sizes of blocks were selling for wildly different prices per address; that pricing difference has mostly disappeared. IPv4 address prices have converged around $53-$56 per address, with occasional outliers.
A lot can go wrong when transferring addresses from one company to another. After 2,500 transfers, the team at IPv4.Global has seen it all. Here are some tips to make sure everything will go smoothly.
In General
In the U.S., Canada, Bermuda, and English-speaking Caribbean locations (ARIN Region)
In Europe and the Middle East (RIPE Region)
In Asia and Pacific nations (APNIC region)
In South America, Central America, Mexico, and non-English-speaking Caribbean locations (LACNIC)
In Africa (AFRINIC)
Transferring IPv4 addresses isn’t generally difficult, but because they are so valuable, the RIRs are very careful about their transfer policies. Support from IPv4.Global can help expedite your transfer, and reduce the chance of anything going wrong.
A lot can go wrong when transferring addresses from one company to another. After 2,500 transfers, the team at IPv4.Global has seen it all. Here are some tips to make sure everything will go smoothly.
In General
In the U.S., Canada, Bermuda, and English-speaking Caribbean locations (ARIN Region)
In Europe and the Middle East (RIPE Region)
From my.ripe.net, click RIPE Database, Create an Object, and select “organisation.” Use the mntnr created above. For “organisation” use something like ExampleCo-ripe where the org-name Example Company, Inc.
In Asia and Pacific nations (APNIC region)
In South America, Central America, Mexico, and non-English-speaking Caribbean locations (LACNIC)
In Africa (AFRINIC)
IP address demand has continued to rise, with June ending with over 192,000 addresses sold. The #IPv4 market is not slowing down, and we are seeing record-breaking prices across the board. #IPv4 sellers, list your #IP blocks and get the most value for your addresses.
IP address demand soared during the month of May with over 114,000 sold – our best month of the year so far! Demand for IPv4 addresses is unmatched, and prices are rising across the board with prices exceeding $40/IP. The time to sell your IPv4 addresses is now.
By Lee Howard
May 25, 2021
Pronounced “cider,” CIDR stands for Classless Inter-Domain Routing. CIDR is a method for summarizing IP addresses. Its original goal was to slow the exhaustion of IPv4 addresses and help extend the life of IPv4. It also improved the efficiency of IP address assignments, and overall significantly improved the availability.
Before we cover how CIDR works, it’s important to understand the technology that CIDR replaced.
In the early 1990s, Internet engineers realized they were going to run out of IPv4 addresses. Until then, they had been allocating addresses in one of three block sizes, known as Classes. A Class C block had 256 addresses, a Class B block had 65,536 addresses, and a Class A block had 16,777,216 addresses. If you needed more than one or two Class C blocks, you got a Class B, and so on.
Consider the anatomy of an IPv4 address:
The format on the left is called “dotted decimal” or “dotted quad” notation. Each number is a regular (base 10) number from 0 to 255. The format on the right is the same number in binary.
The network number is the first address. In dotted decimal, it always ends in zero[1]. (The network number for subnets of a Class C can end in other numbers, like 192.0.2.32/27, which means you can assign very few addresses to a network, but assignments from the registries are never smaller than Class C). In binary, the first bits would identify the class of IPv4 address. Technically, if the first bit was 0, it was a Class A block, or 0.0.0.0 – 127.255.255.255.
If the first two bits were 01, it was a Class B block, or 128.0.0.0 – 191.255.255.255.
If the first two bits were 11, it was a Class C block, or 192.0.0.0 – 223.255.255.255.
Class D was reserved for multicast, and class E for experimentation; you will never see them.
With only 128 possible Class As, and 65,536 possible Class Bs, by the early 1990s, it was clear that more specific allocations would be required. So, the class system was demolished and we moved to a classless system.
In Classful numbering, it’s easy to recognize the class from the address: a Class A is identified by the first byte (10.0.0.0), a Class B is identified by the first two bytes (172.16.0.0 and 172.17.0.0 are different Class B blocks) and a Class C by the first three bytes (192.186.1.0 and 192.186.2.0 are different Class C blocks). But, in Classless numbering, the number of bits identifying a block can be any of the 32 bits.
If that address was part of a /24 (“slash twenty-four”), the first 24 bits define the network block, and the last 8 bits are used for individual devices. You would write the network as 192.0.2.0/24, which tells you that the possible addresses are 192.0.2.0 – 192.0.2.255. The number after the slash tells you how many bits are used to define the network.
That’s distinct from a /20:
The network is 192.0.0.0/20, with possible addresses from 192.0.0.0 – 192.0.15.255.
Some addresses in this same /20 network:
A network can be subnetted.
192.0.0.0/20 also contains:
Or, 192.0.0.0/20 also contains:
The main thing to remember is that networks can be subnetted. The smallest network that can be bought, sold, transferred, or generally routed on the Internet is a /24. You will need to refer to this chart often:
Because of the inefficiencies of the class system, CIDR became the solution.
With CIDR, assigning addresses is more efficient as engineers can divide an IP address into subnets, without using many addresses. CIDR addresses have two sets of numbers:
For example, a CIDR address might look like: 192.168.125.23/16
So this network has 16 bits.
And as you may know, IPv4 addresses can have up to 32 bits. CIDR is also used for IPv6, with /64, /48, and /32 prefixes being common; IPv6 addresses can go up to 128 bits.
Companies can take advantage of CIDR’s supernetting. When different parts of the corporate network have /27 networks, a few /24s, and a /23, all of those subnets may be part of one /22 supernet. Your home ISP may only have assigned you one address (a /32 network), but may be summarizing all of their customers as one or more /16s.
CIDR is an efficient way to make the most of your IPv4 addresses. If you’d like more information on the differences between IPv4 vs. IPv6 check out this blog, or if you’d like to learn more about renumbering your network more efficiently so you can sell off some of your IPv4 addresses, please reach out to us today.
Closed off April with more than 38,000 IP addresses sold. The number of addresses paced lower this month, but prices for IPv4 have increased significantly across all block sizes as demand outnumbers supply! View all monthly trend cards and explore our newly updated website with helpful new features.
November 10, 2020
IPv4.Global’s Lee Howard will be a panelist at the Internet Governance Forum’s session, “IGF 2020 WS #327 Believe it or not, the Internet Protocol is on Sale!” Preparing for this session has provided an opportunity to research how the IPv4 address market has affected the deployment of IPv6. To begin, we look at the total addresses transferred and the number of addresses transferred over time.
Chart outlining total transfers since January 2014.
There are a few spikes where a large number of addresses was transferred in a single transaction, most recently from APIDT.org. More broadly, the number of transfers has been slowly increasing over time, though there’s no corresponding trend in the number of addresses. In other words, there are ever more transfers of smaller blocks, a strength of the IPv4.Global online marketplace.
A few organizations have dominated this market.
Pie chart noting IPv4 addresses received in transfers.
Cloud providers continue to dominate the market, roughly in proportion to their market share. A few access providers are represented. There has long been speculation that the IPv4 market has slowed IPv6 deployment.
IPv4 vs IPv6 trend lines.
The “Global IPv6 Percentage” here is taken from Google’s IPv6 deployment statistics, which is widely cited though conservative. It reflects the percentage of his on Google sites using IPv6. There is an annual spike around December 23 – January 2, reflecting holidays where many more people are accessing Google sites from home: residential and mobile providers have much higher IPv6 deployment levels than enterprise IT departments.
The number of addresses is a cumulative total of the number of addresses transferred. The total accelerated in 2017 – 2018 as Charter Communications bought a lot of address space, and when they stopped, the IPv4 transfer growth returned to its previous linear rate.
The fact that these two lines are almost perfectly parallel suggests that the influence of one on the other is minimal: this is the Internet growth rate.
The acquisition by Charter is somewhat similar to the other two access providers among top buyers, although the three are very different companies. Charter is a cable TV and Internet company solely in the U.S. Vodafone may be unfairly grouped, but includes all Vodafone companies globally. Reliance Jio is an Indian mobile company.
IPv4 Acquisition information 2012 to today.
Reliance Jio came into the market like a rocket, which reflects the unique growth curve of their business, and then stopped. Charter made an initial investment, and then went on a two year binge, and stopped. Vodafone companies have been gradually accumulating, at their normal growth rate. IPv6 has seen increasing deployment over the same time period.
2012 to today, IPv6 deployment.
As with its meteoric acquisition of IPv4, Reliance Jio deployed IPv6 in a very short period of time, and nearly all devices on their network are IPv6 capable. Charter consists of multiple independent networks; averaging their IPv6 deployment shows a very gradual deployment rate, typical of churn rates. They did accelerate deployment in 2018-2019, shortly after their final IPv4 acquisitions.
There is no evidence that IPv4 purchases delay the deployment of IPv6.
IPv6 deployment among cloud providers is harder to measure, since they are hosting many different customers’ equipment. Just from researching their IPv6 capabilities, most services offered by Amazon Web Services are IPv6 capable, although Amazon.com and other web properties are not. Google Cloud Platform the reverse, where very few services are IPv6 capable, but most of their web properties are. Microsoft Azure is in the middle, with a few IPv6 cloud offerings, and a mix of IPv6 capability on their web properties. Within that small sample size, IPv4 purchase and IPv6 capability and size all correlate.
Based on this limited view, it would seem that IPv6 deployment and the purchase of IPv4 addresses are complementary responses to growth and scarcity. Companies that buy large amounts of IPv4 addresses also tend to deploy IPv6.
Most of the data above has been taken from the RIRs’ transfer logs, and excludes transfers known to be mergers and acquisitions. IPv6 ISP deployment is from APNIC’s measurements.
The Internet Governance Forum session, “IGF 2020 WS #327 Believe it or not, the Internet Protocol is on Sale!” is on Tuesday, November 10 at 1120 UTC. Attending the session is a free but multi-step process.
By Jack Hazan
October 9, 2020
In a publication released on October 2, 2020, RIPE NCC reported its first seizure of IPv4 registration rights pursuant to a Dutch court order. Pursuant to the order, RIPE NCC effectuated a transfer of the IP Addresses from the liquidating debtor to its creditor. Although these IP Addresses could not be owned – they were apparently not legacy, and thus conferred no “property rights” – the registration rights were deemed an enforceable right that has value, and were to be utilized towards satisfaction of a judgment.
RIPE NCC provided specific guidance for future cases:
In summary, the RIPE NCC will only comply with court orders for the seizure of the right to registration of IP addresses for the recovery of money that:
Finally, it’s worth noting that each order will be reviewed on a case by case basis. If we believe that an order or the third party seeking to enforce the order does not comply with RIPE policies or RIPE NCC procedures, we reserve the right to dispute any transfer.
In any event, this development certainly raises many questions:
It would seem that, subject to a lender getting comfortable with terms and procedure, that this should open the door to more direct lending with IP addresses as collateral.
IPv4.Global by Hilco Streambank is the market leader in IP address transfers, and this is only the beginning of a conversation. No one has more experience in the valuation of intellectual property assets (the other IP) than Hilco Streambank, and we already have a partnership with WRG Finance to provide loans for the purchase of IP addresses. Contact us at IPv4.Global or Hilco Streambank to continue the conversation! Do you have thoughts?
October 8, 2020
One reason the Internet is so robust is that authority is decentralized: every network is run independently. Each network operator, whether a major cable or mobile company or community WISP (wireless ISP) decides who they will connect to. As those networks connect, they tell each other what IP addresses they know how to reach.
In a system as large and complex and ever-changing as the Internet, this can’t be done manually. Instead, routers (specialized devices that figure out the best way to get somewhere on the Internet) tell each other about what IP addresses they know how to reach. They do this using BGP, Border Gateway Protocol. This protocol, like all protocols, defines how they communicate with each other: what kinds of things can be communicated, and how they can be communicated.
A router speaking BGP to another will “announce” or “advertise” what IP addresses it knows how to reach. This is what is meant by what routes are advertised or prefixes are being announced, and so on. That router’s “neighbor” routers will listen to those route announcements, then compare them to routes it already knows. Based on a well-known set of rules (an algorithm), it selects the best path or best route (same thing) to addresses in that network. It then shares that information with its own neighbor routers.
If the neighbor routers are controlled by different organizations they are in different autonomous systems. A simplified route announcement might look like:
192.0.2.0/24 172.18.14.1 65536 65525
In this example, the first section is the prefix: the IP address block being announced. In this case, it’s a /24 network. The second section is the “next hop,” the address of the next router in the path. The last section has two numbers: those are ASNs. ASNs appear in the order your data will cross them. The last number (65525) is always the ASN that “originated the route.” It’s the last ASN in the path, because it’s where the devices with those IP addresses are.
The same ASN can also originate IPv6 addresses:
2001:db8:12: :/36 2001:db8: :1 6536. 65525
This route is only different from the previous example in using IPv6 addresses instead of IPv4.
The Regional Internet Registries (RIRs) have unallocated ASNs available for a nominal fee. For various reasons, some people prefer shorter numbers (maybe they’re easier to remember). IPv4.Global has ASNs for sale on our online marketplace.
As with IP address sales, we list the price of ASN transactions made through the marketplace.
September 23, 2020
IPv4.Global is beginning to lease IPv4 addresses, starting with a /16 registered in ARIN available for a long-term lease. With address prices rising, the reasons you may want to become a lessor are clear: extended predictable revenue. Leasing creates an opportunity to monetize IP addresses and sell an IP block for a higher price in the future versus in the current market – it allows the lessor to keep the IPv4 block in case of future need. But what are the benefits to the lessee (the one receiving the IP address block)? Not as obvious, but still substantial for many businesses, there are a number of advantages, including:
As with any sort of leasing agreement, it’s important to note that while a great option, leasing still has risks. These risks can range from minor timing issues to malicious lessee intent, but are things all parties involved should consider. Potential risks may include:
Generally, the cost of leasing can also be higher than buying addresses long-term. The actual break-even point depends on the terms of the lease, and is something to be considered while making the decision. The team here at IPv4.Global has plans in place to mitigate all of these risks to ensure all clients are happy with their agreement and terms. When leasing address space, every offer must include a monthly price per address and a term length, so the lessor can evaluate offers comparably. We look forward to providing you the space you need! ___ Follow us on Medium.com
September 18, 2020
Recently, I had a conversation with someone whom I would classify as an IPv4 market opponent while I was at the African Network Information Center (AFRINIC) in Nairobi. It was a useful conversation for me, and hopefully for him as well.
Taking a cue from everything I’ve read about productive dialogue, I asked him about his concerns and we proceeded from there. His principal concern was that the presence of IPv4 brokers in the market would cause IPv4 pricing to be higher than it would without the brokers. This is an easy conclusion to reach if you look at the prices that the buyer pays, the proceeds that the seller receives, and the commission that the broker earns in the process. Remove the IPv4 broker commission and there is room for both buyer and seller to improve their outcomes. A larger concern was the existence of a market at all, when Registries already had a mechanism to deal with the allocation of scarce resources that wasn’t purely price. Totally understandable points of view, but it overlooks a few other things that brokers do, which actually improve market outcomes.
But I suspected there was more to his concern, so I asked a probing question: What if you’re right, and IPv4 brokers cause prices to be higher than they would otherwise be? Isn’t IPv4 an old technology at this point? It’s been declared “historic” by the IETF. Who cares if the prices are high?
The answer didn’t surprise me at all, as it’s been at the core of every “soft landing” discussion in each Regional Internet Registry (RIR). He was concerned that new African ISPs who currently did not have access to resources would price the end user out of the market, leaving more end users offline for longer as a result. The lack of access should clearly be a concern to everyone who believes that internet access is socially beneficial and has the potential to enrich lives, further education, enhance standards of living, slow the spread of disease, improve economic efficiency and build communities. For sure, universal internet access is a worthwhile objective, and sooner rather than later is always better. However, it’s not clear to this author that the address transfer market impacts universal access in any way. I share his concern, but think it’s misplaced in the context of the transfer market.
The answer didn’t surprise me at all, as it’s been at the core of every “soft landing” discussion in each RIR.
I asked if $5,000 for a /24 would be prohibitively expensive for new entrant, such as a small ISP, in a poor country who wanted to bring a community online. The answer was unambiguously, “yes.”
At $4,000? Still yes. At $3,000? Yes. This makes the case that having an IPv4 broker in the middle of that /24 transaction has no impact on connecting that poor community. When non-profits such as the Internet Society (ISOC) are involved in building networks, some of their funding will undoubtedly go toward acquiring IP addresses, which diverts the money away from other uses and would clearly have a negative impact on new deployments. The right price for that yet-to-be-connected community is as close to $0 as possible. Or IPv6. Those issues need to be addressed by community policy around the last /8 and continued progress to deploy IPv6. I will return to this point later.
I asked this individual if I could offer a perspective on how I believe we create value in the marketplace, and he graciously agreed to listen. I boiled it down to three quick points.
First, the IPv4 brokers do the digging/mining to find allocated but unused blocks and bring them to the market, which increases supply. If you refer to introductory economics, increases in supply reduce price, (holding everything else constant). This work requires retracing the history of defunct companies, cold calling into organizations to find the right person in charge of the network who might be able to find available address ranges, and working with Registry staff to ensure that there wasn’t fraud perpetrated somewhere along the way. We bring clean supply to the IP address marketplace. When the price is zero, no one has an incentive to hunt for inefficiently used space and facilitate a transfer.
Second, we provide price information to the market that’s more robust and reliable than posting to the local ‘NIC or ‘NOG mailing list to ask if a certain offer you’ve received is reasonable or not. By posting price data going back several years and covering hundreds of transactions, we provide support for those people who need to make a case internally for buying or selling IP addresses. We’ve heard that charts of our data on address sales have appeared in numerous investment memos or requests to sell IPs on the basis that the proceeds will be used to fund infrastructure investments.
Third, we simplify the transaction process. Whether it’s creating standardized documentation, developing relationships with RIRs to get answers quickly, or providing free escrow services, we do everything to save buyers and sellers time (which is money) and aggravation. Most organizations will only buy or sell IPv4 once or twice. Developing the expertise in-house is time consuming and wasteful.
We do everything to save buyers and sellers time and aggravation.
We’re looking forward to bringing our IPv4 transfer market expertise to AFRINIC members in the coming years and working with all of the stakeholders in the community to productively address concerns as they arise. It’s been a pleasure participating as an IPv4 broker in several AFRINIC meetings so far and we look forward to more.
Returning to the issue of available “free pool” addresses for new entrants, the communities of each Regional Internet Registry have developed policies aimed at meeting the specific needs of their region. In the ARIN region, no reserve pool was left for new entrants. In the rest of the world there are reserve pools for either new entrants, incumbent members, or both. All of these regions restrict allocations from these reserve pools. The debate typically revolved around the issue of “need” and putting the needs of existing members either ahead or behind the needs of future entrants. What’s clear from each policy is that the “landing period,” whether “soft” or “hard,” triggered an active interest in the trading market for existing RIR members as well as their downstream customers. The existence of the free pools appears to have little impact on market activity in the short run. Hopefully, those not yet online can get online soon, and hopefully on IPv6, where address space is plentiful and therefore inexpensive.
Some marketplaces create externalities that are not fully built into the price. Some of those externalities are positive, and some are negative. What we’ve found in the IPv4 marketplace is that it creates a business case for migrating to IPv6 for sellers (good!) and provides a cost-efficient way to get started for buyers, who presumably are rational and therefore also advantaged by the process. Increasing overall supply into the marketplace has no impact on available free pools and creates choices for buyers and sellers. The existence or absence of the IPv4 marketplace is an indicator of how ready the world is to abandon IPv4.
August 27, 2020
IPv4, or Internet Protocol version 4, is a set of rules that allows devices, like computers and phones, to exchange data on the Internet. Each device and domain connected to the Internet is assigned a unique number, called an IP address. These addresses ensure data is routed to the correct device.
IPv4 addresses are 32-bit numbers written with four decimals. Between each decimal is a number between 0 and 255. Example: 192.0.2.235 In this article, we cover Internet Protocol and the future of IPv4.
Internet Protocol (IP) are rules, first established in the late 70s by DARPA, for routing or sending packets of data across networks between devices. When data or information travels over the Internet or web, it travels in small packets. IP addresses ensure that devices like computers, servers, domains, etc. route those data packets to the correct place. Domain Name Systems or DNS are like the Internet’s phone book. They translate domain names (like Netflix.com) into IP addresses. So, when you type Netflix.com into your laptop browser, DNS allows your computer to communicate with Netflix’s IP address, and Netflix sends content (via packets) back to your laptop’s IP address.
With 32 bits, IPv4 addresses limit the number of unique hosts to 232—meaning there are roughly 4.3 billion IPv4 addresses available. Turns out, that by 2011, 4.3 billion potential IPv4 addresses wasn’t enough. That year, the Internet Assigned Numbers Authority (IANA) ran out of addresses to allocate to regional registries. And, in 2017, Pew Research found that the median American household had five devices. Just two years later, Deloitte found that the median American household had 11 devices.
Because of the exponential increase in devices connected to the Internet and the lack of new blocks on IPv4, the Internet Engineering Tracking Taskforce (IETF) created a new Internet protocol, IPv6. Below are the basic differences between the two versions.
There are many pros and cons of IPv4 vs. IPv6 (find an in-depth list here). To summarize those pros, IPv4 is what most of the Internet runs on. Because of that, devices running on IPv4 have a more seamless connection to other devices. IPv6 allows for more addresses and will be slightly faster once most of the Internet has converted to IPv6.
Most of the Internet’s traffic today is still routed to IPv4 addresses. Because IPv6 is relatively new, not all devices are configured to communicate with IPv6. For this reason, IPv4 remains in demand for many businesses today. With a definite need to own IPv4 space, and often value in selling the IPv4 addresses you no longer use, IPv4.Global is here to help broker deals and provide the space you need. Contact us today for all your IPv4 needs.
August 18, 2020
The “IP” in IPv4 and IPv6 stands for Internet Protocol, which is a set of rules that determine how devices transmit data packets across the Internet. Internet Protocol also assigns a unique address to each device on the web. These addresses ensure data packets are routed to the correct device.
IPv4 or Internet Protocol Version 4 is the most common protocol for transmitting data packets on the web. IPv4 provides both the identification (IP addresses) for each device on the Internet and the rules that govern how data packets are transmitted between those devices. With IPv4, a typical IP address has 32 bits and is in dotted-decimal form, like this: 192.0.2.235 Because there are only 232 unique hosts in this decimal format, there are only about 4.3 billion IPv4 addresses.
There’s been a massive increase in devices connected to the Internet in the last decade—with a rise from 5 Internet devices per household to 50 Internet devices per household from 2015 to 2020. This prompted the Internet Engineering Tracking Taskforce (IETF) to create a new Internet protocol, IPv6. It was released in December 1998. IPv6 addresses are written in hexadecimal format, like this: 2001:0db8:85a3:0000:0000:8a2e:0370:7334
Despite IPv6 being the newer, updated IP, there are still many advantages of IPv4.
Running short on IPv4 addresses isn’t the only con of version four.
The pros of IPv4, combined with the lack of addresses, created a new marketplace. Today, companies that need IPv4 addresses can buy them through IPv4 Brokers, or a company looking to move to IPv6 can sell IPv4 addresses. When a company needs more IP addresses, they have three options:
There’s much debate around which is better—IPv4 or IPv6. But really, it’s about your specific needs. If you’d like more information on the differences between IPv4 vs. IPv6, or if you’re looking for help with either, please reach out to us today.
By Lee Howard
June 23, 2020
Everyone hates spam. Even worse is malware—something that infects your computer and sends spam out to you and others or tries to hack into systems. In response to these problems, many people began to maintain lists recording who generates spam and malware. An “IP blocklist” is used by most mail servers and some firewalls as a step in deciding whether to accept emails, mark as “Junk,” or just drop traffic altogether.
Different blocklists have different ways of collecting addresses. Some mail servers collect data from users clicking “This is spam” and report this to blocklist maintainers, while other blocklist operators have “honeypots.” Honeypots are systems designed to attract spam, so they can blocklist any IP address from which they receive spam.
A significant amount of spam comes from home computers and other devices that have been infected with malware, making them part of a “botnet.” Some operators even actively scan the Internet, looking for devices with certain vulnerabilities that they know have been exploited by botnets. Residential users and cell phones generally don’t run mail servers, so any indication that an IP address is part of a pool used for those may put an address range on a blocklist.
The main problem with blocklists is collateral damage – traffic blocked that shouldn’t be. A few blocklists intentionally do this, to force large IPv4 block holders to take action in preventing spam from reaching their customers. In some cases, a device got blocklisted for spam, but was later patched and the spam stopped. Many blocklists have an “aging” policy, where if no further problems are seen or reported over a period of time, an IP address will be removed from the list. If it’s reported again, it may take longer to age out next time.
Often, IPv4 addresses for sale will include some that have been blocklisted. Companies looking to buy, should always conduct some diligence. But it is important to remember that IP addresses can be listed (or de-listed) at any time, so a blocklist check two weeks ago may have no correlation with one today.
Most blocklists offer a web page where you can check whether an IP address has been listed. That’s not going to work if you want to check 65,536 IPv4 addresses. A few blocklists allow you to download their list to search locally (or sync with github). For two major operators, SORBS and Spamhaus, you’ll need to script a test.
Both SORBS and Spamhaus operate DNSBLs, for Domain Name Service Block-Lists. They allow queries over DNS and return a code that tells you which list an address is on.
For instance, if I want to find out about 192.0.2.43, I can run the Unix command:
$ dig 43.2.0.192.in-addr.arpa @dnsbl.sorbs.net +short
I may get a response like “127.0.0.6,” which SORBS tells me means it’s on their spam list. The equivalent command in Windows command line console is:
> nslookup -server=@dnsbl.sorbs.net 43.2.0.192.in-addr.arpa
To query an entire block, you’ll need a script that queries every address in that block. IPv4.Global is able and happy to run such a check for our customers.
Every blocklist maintainer has their own mechanism for getting addresses removed that often requires some demonstration that the original cause of the listing has been removed. For several SORBS lists, you have to request a retest:
If the test passes, SORBS will flag the address to be removed. If you don’t have access to that machine, or it doesn’t have a browser, you can try to open a support ticket.
Spamhaus similarly provides a web interface, which tells you which list you’re on with links to clean up.
Fortunately, most blocklist operators recognize that spam doesn’t come from unrouted IP addresses, so simply taking the network offline, as you would in preparation to sell, provides a good reason why you can’t retest and why they should reconsider. Similarly, showing the record of when an IPv4 address block was transferred is often acceptable documentation: the old management may have been lacs, but you, the IP address buyer, are not responsible for their actions.
As with so many parts of buying and selling IP addresses, you can do it yourself, but the help of an experienced broker like IPv4.Global can make your life a whole lot easier. Reach out to us today for all of your IPv4 needs.
We use the term “blocklist” here instead of “blacklist” because that’s how the services refer to themselves. Spamhaus has its DNS Block List (DNSBL) and Spamhaus BlockList, as well as other BlockLists. SORBS stands for Spam and Open Relay Blocking System. We note that historically, a “blacklist” is a list of people who are prohibited from employment or other activity by an authority (such as a government or cartel). The Reputation Block Lists (RBLs) described here take pains to point out that they are not an authority and do not block services themselves; we therefore eschew the use of “blacklist” as inaccurate.
By Jan Zorz
May 14, 2020
May 14, 2020 Resource Public Key Infrastructure (RPKI) is a mouthful. Essentially, RPKI ensures that the network saying, “We are the place to send traffic for network A.B.C.D” really is the right place. It is a way of improving the security of the Border Gateway Protocol (BGP), which uses the Autonomous System Number (ASN) to identify a network, which is a block of IP addresses. It doesn’t matter whether they are IPv6 or IPv4 addresses.
RPKI will validate the origin of the IP prefix (the IP address block in CIDR notation) (“Send traffic for A.B.C.D to ASN 55555”) but can’t do path validation (“The way to get to ASN 55555 is through ASN 55556”). The RIPE.net website defines RPKI as “prov[ing] the association between specific IP address blocks or ASNs and the holders of those Internet number resources. The certificates are proof of the resource holder’s right to use their resources and can be validated cryptographically. RPKI is based on an X.509 certificate profile defined in RFC3779.”
If you’ve ever gone to a website and gotten an error saying that the browser can’t confirm that the website is real, and looked for more information to find that it had an invalid or expired certificate, this is exactly the same thing.The certificate is a document with a cryptographic key in it, and your browser (or RPKI validator) can ask the Certificate Authority (CA) “Is this the right key for what I’m looking at?” The actual cryptography is more complex but isn’t necessary to use the tools.
Why bother with RPKI? Without it, anyone anywhere in the world can just start using your IP addresses. Best current practice is for Internet Service Providers (ISPs) only to accept route announcements that they have checked are correct, but not everyone does that. It’s a bad day when your addresses get hijacked. You’re at least partly off the Internet, and the hijacker is probably spamming the world, so even when they stop, mail servers and firewalls may reject your traffic as having a bad reputation. How to use RPKI Using RPKI is very simple in concept and consists of two parts. You will need:
First you need to sign your IP resources. Login to your RIR LIR portal and find instructions on how to sign your resources. The process is very simple at most RIRs, and once you’ve done the first one it should only take a few seconds per prefix.
Visit the below site for information on how to sign your prefixes per RIR:
Signing your resources means creating a ROA (Route Origin Authorization), which authorizes an ASN to originate a route announcement. Once you sign your IP resources, everyone that is doing RPKI validation can tell if your IP prefix was announced from right AS number and if the prefix size matches the size, specified in the ROA.
The second part of RPKI is validation. Earlier, we made sure that the rest of the world can validate your announcements and distinguish your announcement from attackers. With validating the incoming prefixes we make sure that we can also distinguish other networks’ announcements from attackers. What you need for RPKI validation is a (virtual) server to run a validator and a BGP router that has RPKI functionality implemented.
You can choose between several RPKI validator implementations; this RIPE Labs article describes how to install some of the more popular ones.
Once you have a validator in place, it’s time to configure your BGP router to create a RPKI-to-Router (RTR) session to validator and start validating. Here is a list of routers that support RPKI.
Once you have validation set up, you can decide how exactly to implement the route validation. An RPKI check will either tell you that the route is valid (has a signed ROA that checks out), invalid (there’s a ROA, but this route announcement doesn’t match), or unknown (ROA not found). Generally, if you receive three route announcements, you would prefer one that is signed over one that is unsigned, but either is better than a route that is invalid.
One option is to install prefixes with different local preferences, for instance valid = 110, not_found = 100, invalid = 90. In this case, a valid announcement will always take precedence over the attacker, who also announces prefix, but a false announcement will be installed with lower local preference and will never be used if there is a route with higher local preference. Unfortunately, this option will not protect you if an attacker starts announcing smaller prefixes than yours: a /24 route is more specific, and therefore always preferred, over a /8. An increasing number of operators finds this consistently less useful as it’s not a real protection.
An alternative that is getting more vocal support by major operators is not installing invalid prefixes at all (rather than assigning them a lower local_pref). This variant is the safest because invalid route announcements have nothing to do in the routing table. But you have to trust the RIR. Let’s say the federal police come to an RIR and require that it replace Company_X’s ROA with a different one (pointing to their network, so they can intercept all the traffic). Company_X is off the Internet—to the rest of the world, their signed route announcements are invalid.
There are pros and cons to both options. Typically, operators start with the first option (invalid = lower local_pref) and watch their log files. When they are confident that dropping invalids would not break their connectivity (or some local laws or legal agreements in some cases), then they can reconfigure the system to start dropping invalids. In case the central RPKI database gets fiddled with, they can always reconfigure the RPKI policy back to whatever suits them in that moment.
Consider another failure case, that actually happened at the RIPE NCC. All ROA records disappeared for a couple of hours. Anyone checking ROAs would get a “not_found” error (“unknown”) and set local_pref to that level. No routes would be dropped (including malicious ones that should be).
Recently, CloudFlare published an RPKI testing tool that everyone can use.
Test your network to see if it’s properly implementing RPKI.
The test tries to get a web page from two different web servers, one from a prefix with a valid ROA, and one with an invalid ROA. If both work, your network (or your ISP) is accepting and using an invalid prefix announcement.
RPKI is rapidly becoming an essential part in MANRS, the Mutually Agreed Norms for Routing Security and while you are looking into RPKI – have a look also in MANRS and join the increasing pool of operators that takes the routing hygiene and security seriously.If both work, your network (or your ISP) is accepting and using an invalid prefix announcement.
Your IP addresses are a valuable resource: you should protect them!
In March we saw slightly lower prices but significantly higher volume. Midrange blocks are about $20, with smaller blocks often reaching $21 or more.
By now, many people have seen the U.S. Office of Management and Budget (OMB) request for comments to a memo outlining stages to move to IPv6-only. The memo includes some migration milestones:
It would also require agencies to identify systems that can’t use IPv6 and provide a schedule for replacing or retiring these systems. There’s been some talk in social media about this, but not much conversation about how it might affect the IPv4 address market. First, “IPv6-only” isn’t absolute; the memo says “for public Internet services, maintaining viable IPv4 interfaces and transition mechanisms at the edge of service infrastructure may be necessary for additional time.” So it’s clear that IPv4 will be around for a while. It would be nice to see the IPv4 address space appear on the market, as was suggested in a failed DoD funding bill. If agencies could keep the money from the sale of IPV4 blocks, it might help motivate agency CIOs to accelerate the government IPv6 transition. However, the rules for government agencies making money are famously complex, and not especially likely. Unlike the DoD, civilian agencies other than the independent Postal Service (USPS) don’t have so much address space that the market would be significantly affected. What it may do is further reduce obstacles businesses still see in deploying IPv6. By having dozens of organizations all working toward the same deadline, vendors will have to improve interfaces, fix bugs, and add features, in order to continue making sales. That’s good for the Internet, as it gets everyone moving toward using a single protocol. Even if the government achieves its goals, businesses will still be at least a few years behind. IPv4 will continue to be needed for at least a few more years after the last 2025 deadline. The market, therefore, should continue to be strong.
January saw very strong volume, with mixed changes in pricing.
After a year of flat or softening prices, December ended strong, with a slight uptick in prices and a significant rise in volume.
Startling news a couple of weeks ago as everyone learned that the bill in the House of Representatives to fund the Department of Defense contained the following provisions:
The measure did not exist in the Senate version, and the conference committee withdrew it, so the final version does not include the measure.
Disposal of IPv4 addresses
The House amendment contained a provision (sec. 1088) that would require the Department of Defense to sell several blocks of internet protocol version 4 addresses over a period of ten years. The Senate bill contained no similar provision. The House recedes.
It’s an interesting point to consider, though. What would happen if the US DoD divested of all of its IPv4 addresses?
Seemingly, the addition of multiple /8 blocks would increase available supply and thus lower prices. In 2019, some 37 million IPv4 addresses were transferred, excluding those noted as merger and acquisition. Another 16 -32 million in supply (up to 2 /8s) would be expected to bring prices down.
Large blocks and small blocks trade at similar prices, but there isn’t a perfect correlation. Ever since the launch of the IPv4 online marketplace in 2014, Hilco has published prices for blocks transferred there. This has affected all portions of the market, as IPv4 buyers and sellers can see recent prices for IPv4 address blocks. However, blocks of /16 and larger have not been traded on the platform, but by private transactions.
Large buyers in particular prefer large aggregate blocks, rather than many medium-sized blocks. Where once there was a discount for large aggregate blocks (/9 – /14, roughly) now they trade at a premium, because it’s easier for a large address holder to manage. If one or two of the largest buyers were to buy all of one DoD /8, it would probably mean that they were satisfied for a year or so, and there would be less competition for blocks large than /14. The demand for /16s and below, however, is more widely distributed, and might well remain unaffected.
A sudden supply of thirteen /8s, however, would be six years’ worth of supply all at once. There is unlikely to be enough demand to support that much space in very large aggregates, so in order to meet the deadlines, it might have to be further divided in /16s and probably smaller blocks.
One more interesting aspect of the bill was the requirement for the Secretary of Defense to report to Congress within 180 days “(D) The plan of the Secretary to transition all Department addresses to IPv6.” In order to make all of the /8s available, the DoD would have to migrate completely to IPv6. That would create huge demand for IPv6 transition to be complete within ten years. It’s a large enough move that it might provide a de facto transition date. Organizations buying IPv4 addresses to meet long term needs might reduce their buying horizon proportionately; that is, they might buy less.
Since the measure did not survive conference, we won’t know in 2020. It could reappear in next year’s bill. How should IPv4 sellers interpret this? Organizations waiting to time the top of the market may find that the time has come. IPv4 buyers making large, long-term buys may want to make shorter term purchases and defer the rest for a year to see if prices come down. We will continue reporting pricing trends in our blog and listing pricing for all transactions made through our online IP market place. Predicting the future is a dangerous business, and trying to time the market is usually considered a fool’s strategy.
May 2019 Average Price/IP (USD) – By Block Size
May 2019 Number of Transactions by Block Size
2019 Number of Transactions/Month
April 2019 Average Price/IP (USD) – By Block Size
April 2019 Number of Transactions by Block Size
2019 Number of Transactions/Month
March 2019 Average Price/IP (USD) – By Block Size
March 2019 Number of Transactions by Block Size
2019 Number of Transactions/Month
By Gabe Fried
March 25, 2019
As previously discussed in part one of this series, IPv6 hasn’t quite made the giant splash throughout the enterprise landscape that many expected. Now, don’t get me wrong, IPv6 still plays a major role in the IT space. In the world of telecommunications, IPv6 is a key enabler of next-generation technologies and communication strategies, as carrier networks, ISPs, and mobile networks roll out the new protocol across their networks. That said, enterprises, both global and domestic, haven’t been so quick to adopt this burgeoning technology; but that doesn’t mean things aren’t changing.
Having been in this industry for many years, at IPv4.Global, we have identified three distinct stages of supply within the IPv4 procurement space. Like mining, the first phase was easily accessible from the surface. Large blocks of allocated IPs which, in many cases, had never been used, were easy for firms to sell as they had no other use-value.
The second phase, which defines the current market, involves more effort on the part of the seller to re-number and re-architect their networks to free up space. In this instance, the return is often worth the investment. In the third phase, we’ll see companies being acquired for their IPv4 assets. Some small ISP and hosting companies will find themselves in this position at some point above current prices.
This third phase occurs when sellers begin shutting off IPv4 completely, as opposed to learning how to use it more efficiently. We don’t believe we are there yet in a meaningful way, and given the long-term investment focus of our buyers, we believe phase three is many years away.
As we continue to move toward eventual ubiquitous IPv6 adoption, it’s looking like we’re going to have to get used to what is known as a “dual protocol” or “dual-stack” world for a while. The two different IP address formats are incompatible, and total conversion to IPv6 isn’t going to be in the cards for quite some time. Until we enter that entirely IPv6-run world, ISPs still need to provide customers with internet connectivity, and enterprises still need to ensure their applications continue to run smoothly. Enter the dual-stack solution.
Dual stack is an IP address transition method in which every networking device, server, switch, router, and firewall within a given network will be configured with both IPv4 and IPv6 connectivity capabilities, allowing for the simultaneous processing of data across both protocols. This will prove to be a key strategy for global organizations, as the range of IPv6 adoption varies widely across the world.
For now, in order to maintain a consistent flow of data and internet traffic, IPv4 address availability is critical, and companies are recognizing that buying may be better than leasing. A 10-year time horizon for amortization and customers paying $1/month with a 10% cost of capital would put address prices at $70, roughly three times today’s prices. Stated differently, purchasing addresses today at $70 that can be leased to customers for $1/month would generate an 11% return annually for 10 years, after which the owner would still own the addresses. In just under 6 years you would have earned back your original investment, and it’s likely that in 6 years, regardless of the market price for IPv4, the address protocol will still be in use.
Most companies are bundling these addresses with other services that have healthy margins. Fortunately for those in the market today, sellers are mostly non-speculative. When the addresses are free of use and they have no cost basis, or if the extraction costs are low enough, they’ll sell. The challenge is that supply is dwindling, so sellers are mining deeper and deeper to incur greater expense which is only worth the effort if the price of the extracted resource climbs.
Global demand for IPv4 addresses remains strong. Even though RIR allocations of IPv4 space has diminished as their stockpiles became depleted, the market has picked up the slack and is steadily reallocating addresses to organizations for whom they remain a critical resource. The “disruptive” trends of cloud computing, the nearly ubiquitous ecosystem of mobile devices, and the growing deployment of IoT are making the Internet ecosystem both bigger and more valuable, and resources are not being diverted to decommissioning IPv4 en masse. As the number of devices continues to climb and the number of available IP addresses continues to dwindle, consumers can rightfully expect prices to increase at a steady rate.
Looking further into the future, we also know that the customers investing the most in IPv4 address procurement are well-resourced, making a slow yet steady movement toward IPv6 adoption. As a result, there will be a tipping point when they begin to shut off IPv4 access for customers or switch over to a new model of sales that separates IPv4 provision. At that point it’s possible that market prices will taper off and even fall, but it’s not clear that the largest of the address holders have enough inventory to satisfy global market demand even at current prices. Additionally, the relatively resource-deprived regions (Latin America and Africa) are making progress toward enabling inbound transfers of resources to their network operators. This will contribute to the demand for resources currently held in the other regions of the world.
While the future promises a major market shift, we don’t believe it is going to begin in the next few years and will likely be gradual and not sudden. For now, IPv4.Global is dedicated to serving the immediate needs of enterprises as the most trusted and knowledgeable IPv4 address broker in the market. To learn more about IPv4.Global and how we are transforming the IPv4 buyer and seller marketplace, visit www.IPv4.global or click here to send us a message.
About the author, Gabe Fried began liquidating intangibles in 2000 when he was retained to dispose of his former employer’s digital and trademark assets. Gabe pioneered the distressed brokerage of intangibles during his roles as liquidator, auctioneer, investor, buyer’s agent, expert witness, and appraiser. Read Part I
By Gabe Fried
March 7, 2019
As we progress further into the digital age, new technologies are the driving forces behind IoT, Big Data, and enterprise cloud computing. The growth in these areas comes principally from massive economies of scale in storage, bandwidth, chipset manufacturing and other inputs. Each of these new technologies relies on internet connectivity, and until IPv6 adoption takes over as the dominant protocol, demand for IPv4 addresses will continue to grow. Connecting the remaining 1+ billion people on earth plus the myriad new devices trying to connect with older devices will require a dual-stack existence for many more years. The balance of the 4.3 billion IPv4 addresses that remain unused is shrinking, and enterprises around the world are scrambling to ensure they have enough to meet their growth plans.
For the past seven years, IPv4.Global has worked with more than one thousand IPv4 buyers who have purchased address ranges as small as a /24 block, containing 254 usable addresses, and those who have purchased an /8 block or more, containing more than 16.7 million usable addresses. The prices of IP addresses have also drastically increased, and larger block sizes which traded for $5/IP in 2012 are now (2018) selling for $20/IP or more.
Understanding the components of demand will provide some insight into the market’s transformation over the last 7 years, since Microsoft acquired 10 Class B ranges from Nortel during Nortel’s bankruptcy (the first pure IP sale where price information was made public). Demand is often influenced by (i) expectation of future price changes, (ii) price and availability of substitutes, (iii) and growth of market to be served. For IPv4, it’s easy to see how each of these components will influence the market going forward. In this series, we will explore the complex world of IPv4 procurement, including the past, present, and future state of our industry and the role of IPv4.Global.
On April 15, 2011, the Asia-Pacific registry (APNIC) was the first regional internet registry to run out of freely allocated IPv4 addresses. This was soon followed by the Europe, Middle East and Central Asia registry (RIPE NCC) in 2012, the Latin America and Caribbean registry (LACNIC) in 2014, and the North America registry (ARIN) in 2015. In APNIC and RIPE the communities held back “austerity pools” of remaining IP space to be allocated on a one-time basis to community members in ranges no larger than a /22. ARIN completely depleted it’s pool other than a small remaining block reserved for critical infrastructure and IPv6 transition. AFRINIC reached it’s “last /8” rules in 2017.
At the start of IPv4 exhaustion in the early 2010s, buyers began to purchase additional IP addresses to support their future growth using a “buy-now transfer-later” agreement, or a simple option agreement for which the buyer paid a premium at closing and the seller was obligated to sell to the buyer on demand for a pre-determined price prior to the expiration date. This was considered belt-and-suspenders insurance against a slow roll-out of the upcoming IPv6 protocol that promised more than 340 undecillion IP addresses (that’s 36 0s for those of us who haven’t learned to count past the trillions). If worldwide IPv6-adoption proved to be slower than originally forecasted (spoiler alert: it did) and the enterprise’s network was growing, having extra IPv4 available ahead of time made a lot of sense. Paying $5, $6, or $7 per address through 2014 seemed like cheap insurance – and it was. In these early transactions, motivation was principally the avoidance of paying much higher prices later, or ensuring availability at a lower cost when the resources were finally needed. Some of these transactions dating back to 2012 remain unrecorded at the RIR level, as the sellers are still the rightful registrants of the addresses. In this way, market transfer statistics from the RIRs underreport the volume of activity in the market.
Once ARIN’s free pool was exhausted on September 24, 2015, awareness of the shortage became more acute and any organization with unmet need for IPv4 resources was forced to participate in the market. The capital expense of the addresses gave bundled providers, principally hosting, storage and ISPs, license to charge their customers for IPs that maybe have been previously included for free as part of a bundle of services. As an alternative to renting IPs from their service providers, bring-your-own-IP started to become a sound investment for enterprise end users, resulting in a growing demand for smaller blocks. As pricing for IPs climbed from $7 to $12 or more, buyer justification was principally based on a relatively rapid return on investment. If an end user was being charged $1/month for an address, a $12 purchase price yielded a one-year payback. Even at lower monthly rates, three and four-year ROIs remained a sound investment as IPv6 adoption still seemed far away.
IPv6 has been in the works since 1998 as experts attempted to address the impending exhaustion of IPv4 addresses, however, despite its clear advantages when it comes to efficiency and security, adoption has been incredibly slow. It’s now the beginning of 2019 and we’re still not seeing widespread enterprise adoption of IPv6 protocol. So, what happened?
The fact of the matter is, it’s hasn’t necessarily been all that slow, it just hasn’t yet made its way into the mainstream enterprise space. Some carrier networks, ISPs and mobile networks have been successfully deploying this technology across their networks, some citing that more than 90 percent of their traffic uses IPv6. Many more have been working behind the scenes on IPv6 deployment plans and will roll them out and stop provisioning IPv4 to new customers in the coming years. These changes take significant time. Enterprises, by comparison, aren’t adapting as quickly, because the business case isn’t as compelling. IT departments are often considered cost centers in large enterprises, and it is sometimes difficult to convey the benefit of moving to IPv6, even if it means selling the surplus IPv4 for $18/IP or more. As prices increase the case becomes more compelling, and slowly but surely, we will continue to inch away from IPv4 toward IPv6.
In part two of this series, we will explore predictions for the future of the IP address industry. Click below to read Part II of the series.
About the author, Gabe Fried began liquidating intangibles in 2000 when he was retained to dispose of his former employer’s digital and trademark assets. Gabe pioneered the distressed brokerage of intangibles during his roles as liquidator, auctioneer, investor, buyer’s agent, expert witness, and appraiser. Read Part II
February 2019 Average Price/IP (USD) – By Block Size
February Number of Transactions by Block Size
2019 Number of Transactions/Month
January 2019 Average Price/IP (USD) – By Block Size
January 2019 Number of Transactions by Block Size
32 Total Transactions in January 2019
December 2018 Average Price/IP (USD) – By Block Size
December 2018 Number of Transactions by Block Size
2018 Number of Transactions/Month
November 2018 Average Price/IP (USD) – By Block Size
November 2018 Number of Transactions by Block Size
2018 Number of Transactions/Month
