|
With IPv4 addresses becoming scarcer, there has been talk that a trading market will develop. The idea is that those holding addresses they do not really need will sell them for a profit. More alarming is that there have been a few articles about how the Regional Internet Registries (RIR) are contemplating creating such a market so that they can regulate it, conceding that it will happen anyway and taking the “if you can’t be ‘em, join ‘em” attitude.
This is all a bit disturbing. Maybe I’m naïve, but it’s a little unclear to me how an unsanctioned trading market could really operate without the RIRs at least being aware if not being able to take steps to prevent it. After a decade of adhering to strict RIR polices, it would be infuriating to see the RIRs tolerate this abuse.
For those of you who haven’t gone through it, the address allocation process can be quite arduous as you are subjected to significant scrutiny from the RIRs. This is all for good reason of course, to conserve address space and to make sure addresses are distributed fairly and not to parties with ill intent.
Note: For those of you versed in the RIR address allocation processes, you can skip the admittedly wordy next section. But for those who are not familiar, it would be helpful to understand the structure that exists when thinking about the plausibility of a trading market.
Background on the IP Address Allocation Process
When you want to acquire addresses for the first time, you have to submit the requisite address request forms describing in detail the reason you need public addresses and why you can’t have your upstream ISP assign them to you. You have to provide a network addressing plan and, if you are a service provider, a plan for how you will assign addresses to your projected customer base. You also have to supply network diagrams and sometimes even copies of hardware invoices to prove that you are indeed undertaking the service build out and are not exaggerating its size or, worse yet, are not just an address squatter. You have to provide billing information and submit payment for the addresses, and you have to provide technical and administrative contact information.
It doesn’t stop there.
If you are running a service where you need to make address assignments to customers (who because of IPv4 address depletion cannot acquire their own public addresses), you are initially restricted to what is called the Assignment Window (AW). The AW is essentially how much address space an ISP, acting as a Local Internet Registry (LIR), can assign without RIR oversight. It is measure of the trust the RIR places in the LIR’s hands to proxy for the RIR and administer addresses in accordance with RIR policies. The AW usually starts at zero until you prove yourself. That means you have to fill out the address request form and submit it to the RIR every time you want to make an assignment to your customer, sometimes incurring delays in deploying your customer’s service (and collecting payment, another important matter.) After proving that you are doing a diligent job, you may get your AW increased to a /24. That means you can assign blocks in subnet increments up to a 256 addresses without RIR oversight. If the customer request exceeds 256 addresses (your AW), you must submit the form to the RIR and absorb the processing delay.
Furthermore, each time you make an assignment it must be “SWIP’d” (pronounced “swipped”). This means you must insert an INETNUM object or similar record into the RIR database to record the assignment. The record denotes to whom the assignment was made and provides contact information. Even if you change the contact information to that of your customer receiving the assignment, the parent allocation (the aggregate) still contains your contact information. Anyone who has had to answer angry calls from someone being spammed or attacked from address space that you assigned to a customer is painfully aware of this.
It still doesn’t stop there.
To acquire additional allocations, you have to prove you have used 80% of your existing space. The method that the RIRs use to measure your usage is usually a report run against their database to see if the total of all your INETNUM objects equals 80% or more of your allocation(s). They may also ask for additional paperwork or proof that you need more addresses.
The process I’ve described is largely that of RIPE and APNIC rather than ARIN, whose process is a bit different but no less thorough. (I haven’t worked directly with the relatively new AfriNIC and LACNIC to know their processes.) The RIRs do an excellent job overall, but the process can still be time consuming for what in the grand scheme of things should be a relatively trivial part of putting together a service offering. Again, it is for good reason.
What Happens in a Trading Market?
So, are we saying that if a trading market opens up, all of this is over? All of the policies and processes that we’ve lived by for more than a decade go out the window?
If a trading market starts, suddenly the only discretion governing who can receive an allocation is who is willing to bid the highest. There will be no scrutiny over the reasons why the buyer wants the addresses. No proof they are building a network or deploying a service or applying the addresses to their own corporate network. They may not even be in the IP business. They may just be speculators looking to acquire addresses, sit on them and then flip them for profit like a house. Worse yet, the addresses could be sold to someone who is going to use them fraudulently, perhaps a spammer that has been blacklisted but now has new addresses to work with.
Is there really nothing the RIRs can do about this? If a trading market can open up and addresses transferred between parties so easily, why were any of us so honest and diligent about following RIR policies all these years?
It is also unclear to me how the address transfer actually takes place without it being obvious to the RIRs. The address seller, who is presumably an ISP/LIR or at least some sort of corporate entity, has billing and contact information registered with the RIR. That would need to be changed to the new owner. Do the seller and buyer fake a merger / acquisition like when two ISPs merge, then transfer the addresses? Wouldn’t the RIRs realize this and be able to take action? Looking at the ARIN proposal, I think such a scheme would be difficult to pull off. Or does the seller continue to proxy for the buyer as the billing and technical contact to hide the transfer? That would be a strange thing for someone who is just interested in dumping the addresses and collecting the check.
Perhaps the talk of a trading market is just speculation by those that haven’t gone through the rigors of the address allocation and management process to see the impracticality of it. I’m sure there will be small pockets of trading, but can it be so widespread that you see IP address blocks listed on eBay and sold with no RIR oversight whatsoever?
Again, the RIRs have done a fantastic job over the years to keep things under control. I’d hate to see all that work and diligence undermined (especially when I spent so much time adhering to it.) I have always been under the impression that the RIRs have significant authority. I’d hate to find out that was all bark and no bite.
Can someone from an RIR please comment on these questions? It is not clear to me how the RIRs would not be able to crack down on a trading market by revoking the addresses or forcing the upstream ISP (by a similar address revocation threat) to filter the route advertisement. Please provide some insight into what the RIRs are thinking and how they intend to approach the situation if it occurs.
Sponsored byWhoisXML API
Sponsored byVerisign
Sponsored byCSC
Sponsored byRadix
Sponsored byIPv4.Global
Sponsored byVerisign
Sponsored byDNIB.com
It should be noted that there already is a trading market for IP addresses. Reviewing the history of 16.0.0.0/8 will make this evident. It works like this: IP addresses are typically allocated to entities called corporations. RIRs, LIRs, ISPs, and all the other players are all corporations. And corporations are legally-synthesized entities that, among other things, provide a kind of indirect method of owning things. (People who own shares in a corporation indirectly “own” the things that the corporation owns.) Corporations can be bought and sold, as well as merge, split, change address, change form, and many other things. In order to buy a block of IP addresses, all you have to do is buy a corporation to which a block of IP addresses has been allocated—especially an company that got its allocation before the present RIR/LIR system—and you thereby control the addresses that the company had been allocated (which is close enough to ownership for practical purposes). The corporation purchased need not change form in any way that would bother RIR/LIR policies. The only thing that keeps this market from being very active at present is the availability of not-yet-allocated space from RIRs/LIRs for less cost than hunting for corporations to buy out. Once the unallocated space is gone, the only question that remains is whether some kind of direct, controlled method of exchanging addresses will be available, or whether it will be necessary to buy and sell corporations to get at their IP addresses. Because buying and selling corporations tends to attract lawyers, regulators, courts, and diplomats like carrion attacts vultures and maggots, it is probable that the present RIR/LIR system would lose control of the address space altogether. In view of the fact that refusing to allow address trading would mean abdicating control of the address space once no unallocated space was available to hand out, the registries are doing the only sensible thing they can do, and that is to create some kind of trading infrastructure to allow IP addresses to change hands without having to buy and sell whole corporations (which would be messy and expensive).
Hello Dan!
ARIN is not proposing an IP address trading market. It is true that the member elected ARIN Advisory Council has put together a policy proposal for discussion which would allow transfers under limited circumstances, but that proposal cannot move forward until there is both ample online and face-to-face discussion of the various merits and risks associated with it, and then only if it found to be beneficial to the Internet community.
We simply do not know if the merits of such an approach are worthwhile yet, as there are many unanswered questions. It is true that such an approach might entice organizations to free up address space which is not heavily utilized, and yet it’s also true that there are some significant routing risks associated with any allocations which are not strictly hierarchical.
The discussion of the proposal is taking place on the ARIN public policy mailing list, which is open to everyone. Your questions would make for some thoughtful discussion, and I recommend you join the list and post them there when you have a chance.
/John
A few more things I forgot to mention. One, in the first allocation process you also have to show proof of being a legal entity, e.g., incorporated or something similar, in the RIR’s territory. You usually have to show an incorporation documentof some sort with a corporate seal from a country that is within the RIR region to which you are applying for addresses.
Second, technically the agreement you sign with the RIRs is a legally binding contract. Violating it could theoretically lead to a lawsuit. One ISP client I had whose lawyers loved to redline contracts actually wanted to re-negotiate the terms and conditions with RIPE! (I talked them out of it.) OK, so the RIRs are not in the litigation game and probably don’t have the monetary or human resources to chase around violators in “breach of contract”, but still. The point is, there is a quite a bit of structure to ignore if you are getting into black market IP address buying and selling. There really should be some teeth to all of this.
Regarding Jeff’s comments, if I read it right you are just saying that the address transfer occurs when two corporations legally merge. I have no issue with that. That’s legitimate, albeit odd that a business would acquire another simply because of IP address space it held. Talk about speculation. Frankly I think that would not happen often because of the things that go into a merger, and I would think those that do something like that are not very strong companies. (If you were a shareholder, what would you think?) If addresses were that valuable, people would be doing that now rather than building out services with private addresses and NAT, which many do now without too much reluctance. Nevertheless, if these kind of odd mergers occur, so be it. That is going buy the book. I just went through a legitimate merger to two large companies and we of course merged both the corporate and service provider IP address space that we held.
What concerns me is if one legal entity, be it a corporation, Government agency or ISP that holds public IP address space, sells it to another legal entity for a profit with no RIR oversight or no legal merger between the two companies. That is not going by the book, and it’s obviously against the RIR policies that say you can’t do that. If it is someone that has held an allocation since before the creation of the RIRs and was somehow grandfathered out of the RIR policies (is that how it works?), then shame on them, and I would think there still could be some ramifications.
Recognize that many responsible organizations that have been able to free up prior address allocations have done so and returned space to the RIR or the IANA. In fact, ICANN just announced the return of some additional allocations including several from the US Government. It’s likely that these were relatively straightforward to migrate usage off of, and hence their return under today’s policies.
The question is whether it’s appropriate to provide an incentive to free up otherwise poorly utilized address space in cases where it might be more challenging for the organization to free up, and what the the routing implications of such addresses being used since they will not necessarily fall along the hierarchical allocation plan that address blocks from the “free pool” presently follow.
/John
Renumbering is never fun and is always a hassle. For many organizations, I doubt the incentive would be enough to convince them to undergo the risk and effort. Once the addresses get threaded through servers, applications, network management systems, processes, documentation, etc., (not to mention the network itself), it’s hard to undo things. The cost to do it would likely exceed the incentive. Those that can do it must have been squatting on unused or barely used address space where as you say it was straighforward to migrate usage off of.
Regarding routing implications, I don’t know that it would matter too much. The battle for aggregration in the IPv4 world is over. Last I checked, the Internet routing table was up to about 250,000 routes. Most of them are /24s. I noticed starting around 2000 when the table was about 75,000 routes but mostly larger routes like /19s and /20s, that the growth since then is in smaller blocks, predominantly /24s. Lots of people multi-home now, not just ISPs but even corporations that multi-home and run BGP even if they are only advertising small blocks. Or even if you are an ISP with nice aggregates, you still have to honor your customer’s desire if they multi-home to you to have their small blocks up to /24 advertised upstream. It’s hard to say no. They have routing policies too and may want to use MED or local preference to influence traffic flow. Also, the dot com boom and bust saw lots of ISP mergers as well as break ups, which splintered address space further. What I’m saying is that the routing table is completely fragmented and there really is no regionalization any more, if there ever was.
So, yeah, you might have address space returned then re-allocated (sold?) to a party in a different RIR region, which screws up the hierarchy even further. But again, there have been so many ISP mergers, there are many ISP networks that are global and span RIR regions, or in the satellite world there are often customer access links that cross RIR regions. All of this causes the whole regional aggregation idea to break down (with the unfortunate serious side effects of routing table growth, router memory issues, routing protocol processing and traffic, etc.)
At present, ISPs receive address blocks from the RIR’s to meet 3 to 12 months of growth (depending on RIR and circumstances). Such blocks are announced to the global routing table as just a handful of additional routes, and then are sub-allocated to hundreds of customers over the following period.
If we establish circumstances where customers can obtain their own blocks due to a relaxed transfer policy then at the point in time when ISPs can’t obtain large blocks from the “free pool” (due to depletion), the result will be enormous pressure on the ISPs to accept and route customers who “bring their own address block”, since the alternative is sending the customer (and revenue) away.
While it may appear the routing table is already a lost cause, the reality is that we’re routing predominantly aggregated routes which serve hundreds of customers each. If we setup conditions such that most new customers will obtain their own address space independently, then the ISPs will have little choice but to route the blocks and we will be truly are entering uncharted territory for the global routing table.
/John
Hi Dan,
a few points on your general understanding of the RIR system (which is pretty good, but slightly flawed).
First, the idea that the RIRs themselves set policy on v4 exhaustion/trading is a misnomer. They certainly act in concert as the NRO. However the NRO would not act in a top-down way to set up a global market, it’s not in the nature of the beast. Each RIR community would set it’s own policies on this. If a global, cross RIR trading policy is possible, it’s likely it will come from individual RIR community (probably someone on the policy lists in multiple regions), not from NRO/RIR staff.
Second, the idea that their is regional aggregation in the v4 routing table doesn’t reflect the reality of the situation. So while a /8 IS allocated to an RIR (say RIPE NCC for example), it’s not an aggregate in the sense that it is routed by a single ASN. Regionalisation was done for the purpose of regional policy and regional community building, not for regional aggregation. So, if a block of IPs, allocated to an LIR by the RIPE NCC is announced in the USA or EU, it’s still one entry in the routing table, regardless of location of the announcement.
In addition, the AW policy in the RIPE community has now changed, so you get a /21 AW automagically after being an LIR for 6 months.
When Internet resources are hijacked, RIR staff take appropriate action. This is likely to continue as v4 exhaustion nears, especially in the absence of a global trading policy (which, at this point is not something we are likely to se any time soon).
McTim,
Good comments, thanks. It’s been a few years (actually probably more like 5) since I last turned over address / route management to an operations group, so I wasn’t up on the automatic /21 AW. That’s great news. We had been an LIR for about 2 years, had several allocations and had made many assignments but were still stuck on a /24, and it slowed us down. Sales people would scream and never understood the importance of the process.
Regarding regional route aggregation, I think we are saying the same thing. I was just making the point that worry about how a trading market might affect regional route aggregation is probably not worth it. The routing table is so splintered as it is, particularly via so many ISP mergers and ISPs with global backbones and of course multihoming, that there isn’t much regionalization any more. I spent a long time in the satellite service provider world where there really are no regional boundaries, certainly not any that you can create a consistent regional route aggregation policy around. We had customers in one RIR region landing in another RIR region or multiple RIR regions if they multihomed. And for some, if their assignment was greater than /24, they sometimes wanted to advertise specifics within their /xx differently in different regions. At the end of the day, the only region now is global (but maybe that’s a good thing?)
Dan -
The current routing table growth rate is predicated on ISPs receiving large blocks to meet their growth needs, announcing that block as 1 or 2 routes, and then serving hundreds of customers with predominantly no extra routes. Yes, it’s true that companies want their own prefixes routed, and there’s multihoming, etc, but such is the exception not the rule.
If it is possible for any organization to obtain IPv4 address space directly (via a revised transfer policy), and ISP’s cannot obtain the blocks they need to grow, then the exception of new customers = new routes will become dominant. That will result in a dramatic increase in the rate of new routes being added, and might exceed many ISP’s (and hardware manufacturers) ability to keep up.
Respectfully, we must at least consider the impact of any transfer policy on route aggregation, since the implications could be severe to the Internet.
/John
Understood. But I’m not sure where it stands now. I did a study round about 2002 when the table was like 125,000 routes and I found the bulk, something like 60 or 70%, were /24s. Those aren’t aggregates unfortunately, but rather specifics. Most ISPs even when getting started get at least a /20 or /19 aggregate if not larger.
I’m not sure how the table breaks down by prefix now.
(Geoff Huston - if you are out there, do you have a breakdown of the BGP table by prefix advertised? I checked Potaroo but couldn’t find it. I did find a stat that says you are seeing about 164K aggregates in 250K routes, so that is pretty good I guess but still could be better when you consider that the 85K disaggregrated routes are larger than what the table was in total in about 2000.
Or if anyone from an ISP is out there can do a quick REGEX or count on the routing table for /24s that would be great.)
Considering aggregation and routing table size is always critical. We always have to keep it in mind and create policies to facilitate it. Actually, I am worried at the moment and think there may be quite a few ISPs not watching closely enough to their routers which may only have 256MB (or less) of memory but carry full routing tables and may be dangerously close to having memory issues.
Dan Campbell said:
What you’re assuming is that the price of the “market price” of the IP addresses a corporation has is significantly less than the value of the corporation. Right now, this is undoubtedly true, so the whole thing sounds theoretical.
Once you get into a post-exhaustion world, things will be different. Because IPv6 is not backward compatible on the wire with IPv4 (i.e., an IPv6-only device cannot directly communicate with an IPv4 only device), we’re going to have to maintain some kind of toe-hold in the IPv4 world for things like DNS resolution, 6to4 routing, email routing, etc., regardless of how fast we do the IPv6 thing. In such a world, a single IPv4 address (/32) is going to become the golden ticket that lets an organization manage their own domain, email service, etc., without having to outsource it upstream. The small corporations and individuals will just outsource, of course, but bigger corporations will decide they simply must have an IPv4 address. In this context, the availability of an IPv4 address would be a prerequisite for any proposed Internet service to be tenable, and ISPs will place a high value ($10k-$100k+) on individual addresses, because they will allow new customers to be served that would otherwise go elsewhere.
Do the math. If an individual address becomes worth $10k, a corporation that has an old Class B block in their back pocket would be a $600 million item, regardless of their market capitalization. If the price goes to $100k, the Class B-holding corporation would justify a $6 billion acquisition. Never mind if the corporation is healthy or not or whether any part of the corporation could be subsequently unloaded to recoup costs or not.
Once we get to this point, current approaches to routing IPv4 are going to have to be replaced with some combination of lookup table FIBs, tunnelling IPv4 over IPv6, or maybe something totally new.
A few comments:
1) The reality is that individual addresses are only useful if they can be routed, and there is a finite amount of global routing table space at any given moment. A non-routed IPv4 address is not particularly valuable; it’s the ability for the Internet to reach it which makes it useful, and hence prevents the addresses themselves from having high intrinsic worth.
This means that large blocks are indeed coveted, but recognize that major ISPs are not going to be able to bet their entire business model on being able to find such blocks; they’re going to have to in parallel be encouraging customers to connect via IPv6 with dynamic, private IPv4 address mapping.
2) Post depletion, organizations that want to do it all themselves may want to seek out a single IPv4 address to be uniquely on the net, but they may not find an ISP willing to add the corresponding routes for a reasonable price. This uncertainty will reduce demand for individual IPv4 addresses, as will the risk that after obtaining such an address and routing for high fees, the usefulness will be for a relatively short period as most destinations at least IPv6 enable their mail & servers.
/John
I agree. It will be tough to create that much value for individual addresses because they will never be individually routable. And you can’t expect those that are willing to pay $10K or $100K for a single address to somehow end up under the same ISP aggregate. They will want to do whatever they want to with that large investment. I don’t see /32’s being routable anytime soon across the global Internet, not unless there’s some crazy breakthrough in routing technology or memory. The brakes have pretty much been put on at /24 except within an ISP itself. Some broadband ISPs charge a small fee, like $5 / month, for an extra public address. That is viable because it’s reasonable and they can still aggregate the addresses to a single or few routes. So as things get scarce they could get into the $10’s or $100’s for an address. ISPs may be able to charge $1000’s (one-time) for a routable block of decent size, at least a /24 or a bit larger, or they may be able to impose a significant monthly recurring charge that in time nets them $1000’s per block. That’s a viable model. But I don’t know about convincing investors that because you have a class B block you have 65K individual units that you can sell for individually $10K / $100K each, and that you really could actually sell them all. Plus, those large costs would have to be passed through to the consumer at some point else you don’t recoup your investment. Let’s not forget that at the end of the day there is only so much people are willing to pay for Internet access. (I actually know people that complain about their $40/month service…are they kidding?) So you do each a point when the models break down and people will just find their entertainment elsewhere or find some sort of workaround, something I think the music industry seems to still not understand, but that’s another conversation!
Dan,
First, the creation of an address trading market by one or more RIRs does not necessarily imply any of the following:
1. An abandonment of allocation/assignment policy
2. Massive de-aggregation
3. Inter-RIR transfers of addresses
As a matter of fact, the proposed transfer policy in the ARIN region does not include any of those 3 and has several provisions intended to prevent precisely those things.
I’m not sure whether a transfer market is a good thing for the internet or not, but, I do think it is only prudent to have the conversation in an open and public manner so that the community can come to consensus and so that if we do implement such a change, it is done in a manner that facilitates the greatest benefit to the
community at large.
The true control of address distribution relevance rests not in the hands of the RIRs, but, in the hands of those who run routers and decide which prefixes to accept from whom. For now, that group, by and large, chooses to accept the RIRs as an authoritative source of that information. Should the situation degrade to a point where they feel it is in their best interests to ignore the RIRs on that level, it could be very disruptive and there is not much the RIRs are likely to be able to do about it.
Owen DeLong
Speaking only for myself and not on behalf of the ARIN AC