Post-Merger
IPv4 Challenges and Solutions

by IPv4.Global Staff

Organizations are not static.

It is common for universities and commercial organizations to merge with others or buy and sell divisions. They adapt their shape to meet the needs and opportunities of the time. When changes of these kinds occur, the IP addresses organizations use need to be transferred to the new legal entity, whatever shape it may take.

Companies have always been engaged in M&A activity. But IPv4 addresses have only been treated as an asset in the last 20 years. So, older sale and merger agreements often did not specifically mention IP addresses. In some cases, this can lead to surprises. Chief among them is the realization that long-ignored (if partially deployed and used) assets are owned but not registered as such. They keep on working, officially registered to a company that has long ago disappeared. One such tangled tale of a lost chain of title saga is that of Synoptek. But there are many, many such situations.

In order for company management to address the complex issues surrounding IPv4 address assets before, during, and after M&A, it’s a good idea to have an overview of the technology.

Internet Protocol Basics

Devices of any kind that communicate on the internet must have a unique identifier so that data can come to and go from it. Unlike a radio or TV, communications are specific to and from a particular device. Computers and phones have these identifiers. So do the computers that host websites.

Websites like this one are generally known by their domain name. (IPv4.Global) But they can also be thought of as being at a unique address, the internet protocol number identifying the computer on which they operate. Our website is https://ipv4.global. But to access the site, that domain name is converted to a series of numbers. Those numbers, Internet Protocol identifiers, direct traffic to and from sources and destinations of data on the internet. 23.185.0.4, the address for ipv4.global, is an IPv4 address. IPv4 is the first version of the Internet Protocol to be deployed in production. It is still the version that is most widely used today.

There are 4.3 billion IPv4 addresses in total. Just 3.7 billion are available for ordinary internet use. The others are reserved for special protocols and use of private networks.

The internet and IPv4 were both developed when computers were expensive. Because they were expensive and new, there weren’t many of them and so the nearly four billion addresses in the IPv4 protocol seemed like more than enough. Ever. In fact, there was a surplus. This meant IPv4 addresses didn’t have any monetary value as there was no shortage. The important thing was that they were unique. If two different organizations were using the same addresses, traffic would go to the wrong places. This could lead to confusion and security problems.

Today, IPv4 addresses are scarce and computing is cheap. There are more than twice as many people as IPv4 addresses. And every smartphone and server uses IP addresses. As do many doorbells and refrigerators!

The engineers that developed the protocols for connecting networks used a computing shortcut to make routing decisions easier and cheaper. It would be easier if all the address blocks of the same size came from the same part of the address space.

So, they cut up the addresses into three classes:

  • Class A was for large blocks of 16 million addresses. They all come from the first half of the address space.
  • Class B was for medium sized blocks of 65,536 addresses. They all come from the middle of the address space.
  • Class C was for small blocks of 256 addresses. They come from the last part of the ordinary use addresses.
  • Classes D and E are not available for ordinary use.

IPv4’s Historic Classful Structure, now superseded with CIDR. Class D and E were reserved for multicast and Future Use.

The outcome was that universities and companies with a few thousand networked computers were assigned Class Bs without charge. Years later many have not used all the addresses they were assigned. Meanwhile, those addresses are now worth between $30 and $50 each.

A whole Class B, now known as a /16, can sell for over $3 million on the transfer market. Whether you sell unused addresses or not, they need to be properly managed because they are valuable assets.

What are the Regional Internet Registries?

In the very early days of the internet, all the names and numbers were assigned by one person: Jon Postel. He wrote them down in a paper notebook. He was later joined by Joyce Reynolds and they started publishing regular lists of what had been assigned.

As the internet grew, some of the routine work was contracted away. But by the end of the 1990s, the internet was a global phenomenon and the people running networks in Europe, Latin America, the Asia Pacific, and Africa wanted registries nearer to them.

One reason was the cost of international data traffic. There were still relatively few trans-oceanic cables and they were expensive to use. Another was customer service. It’s nice to be able to speak on the phone with someone in your own time zone. And each region has different issues to manage. Each region could have slightly different policies, accommodating regional needs.

There are five Regional Internet Registries (RIRs). They each have a roughly continental region and are not-for-profit membership organizations. They act as neutral stewards of a common resource. The policies they implement are developed by volunteer communities.

  • AFRINIC is based in Mauritius and serves Africa
  • APNIC is based in Australia and serves the Asia Pacific
  • ARIN is based in the US and serves US, Canada, many Caribbean and North Atlantic islands
  • LACNIC is based in Uruguay and serves Latin America and the Caribbean
  • RIPE NCC is based in the Netherlands and serves Europe, the Middle East, and parts of Central Asia

The Five Regional Internet Registries, map published by the NRO under a CC-BY-SA license

Mergers, Acquisitions, and Due Diligence

A part of the work of officially transferring addresses is letting the Regional Internet Registry know about the organizational change. Each RIR has its own policy and process for managing these business procedures. These policies reflect the needs of the legal system used in each region. They can also vary based on other considerations of the community in that part of the world.

There are several countries in the APNIC and LACNIC regions with National Internet Registries (NIR). An NIR is an organization under the umbrella of a regional Internet registry (RIR). with These provide the same services as an RIR but are confined to a single nation. Users in an NIR have the added convenience of using the same legal system, currency, and (usually) language.

All the RIRs and NIRs perform due diligence evaluations of the documents describing the M&A. They want to make sure that the documents are genuine. When they are presented with fraudulent documents they make police reports.

One example of this is the United States’ prosecution of Amir Golestan. ARIN worked with the prosecutors and gave evidence at the trial. In 2023, Golestan was jailed for five years.

Reorganization Complete, Now What?

An IP Address Manager (IPAM) is a tool that specializes in managing IP addresses. It is common for smaller organizations to rely on an Excel spreadsheet or text file to manage IP addresses. It’s a false economy for larger organizations.

They key advantages of an IPAM over a spreadsheet are:

  • IPAMs understand IP addresses and subnets
  • IPAMs either include or can integrate with network scanners, DNS, and DHCP tools
  • IPAMs can generate reports and alerts to support your IT controls

Most organizations will have some unique IPv4 addresses and use private addresses internally. It is important to make sure that unique addresses you use are properly registered to your organization. Even when IP addresses are used internally, they can be disclosed in some packet headers, DNS entries, or routing leaks.

With an accurate view of the addresses deployed on the merged networks, management can make informed decisions about what to change.

Approaching IPv6 Mostly

IPv4 is still the most widely deployed version of the Internet Protocol, despite being specified in 1981. The Internet Society’s Pulse technology deployment index puts its deployment status at 38 percent in mid-2024.

It is being deployed more widely and is the future.

Engineers thought IPv6 would become the dominant version of the Internet Protocol much more quickly. There are engineering advantages to IPv6 but IPv4 works and spending money on deploying it before it is required is often seen as wasteful.

The largest networks have all deployed IPv6. Meta, Apple, Google, Microsoft, Amazon, Cloudflare, Akamai – they have all done IPv6 for years. They deployed it because they or their customers ran out of IPv4. The same is true for the very large cell phone networks.

Deploying IPv6 alongside IPv4 on smaller networks is practical and cost effective.

One example is the temporary networks used for technical conferences. The RIPE NCC uses an “IPv6 Mostly” network for its RIPE meetings. IPv4 addresses are only assigned as required and only 16 percent of connected devices needed an IPv4 address. When addresses cost between $30 and $50 each, that’s a significant saving.

Ongoing Vigilance

When Jon Postel published the IPv4 specification in 1981 it was what Douglas Adams would call “exciting and revolutionary.” But the revolutionaries won and each part of the internet must now be managed, or risk being attacked or stolen.

It’s important to keep track of IP addresses in an IPAM. Regular network scans should be used to identify rogue devices and undocumented or unapproved changes.

All unique addresses should be properly registered in your RIR’s database. This means:

  • The correct name of the legal entity, including legal form
  • The correct address and phone number
  • A working email address at the correct domain name

You should also make sure your access to the RIR’s customer portal is properly protected.

  • At least two staff should have accounts
  • Ensure they are protected with strong password and MFA
  • Have notifications of changes sent to a ticketing system, so changes are noticed and checked as part of your change management process

You should make sure your unique addresses are properly registered in the Internet Routing Registry (IRR). Use the RIR’s IRR database. It doesn’t cost anything extra and is the preferred IRR choice when you have access.

You can also choose to apply a digital certificate to your addresses. RPKI lets networks use standard cryptographic signatures to confirm the link between your addresses and the network routing them on the internet.

You can manage all of this from the RIR’s customer portal. But it’s reassuring to have experts confirm that you’ve done it right. The NLNOG IRR Explorer will show you whether there are any inconsistencies in your registrations.

NLNOG IRR Explorer shows that the RIPE NCC has properly configured its routing policy and RPKI

Contact Us

Blog Directory

A listing of thoughts and reflections on the IPv4 industry and marketplace.

News & Insights

Reports, announcements and industry news.

Checklists

Buyer Checklist

A step-by-step guide to our marketplace and transferring addresses.

Seller Checklist

A straightforward guide to the procedure.

Next Post →