Hacker News new | past | comments | ask | show | jobs | submit login
ARIN allocated free IPv4 addresses almost exhausted (si6networks.com)
56 points by brohee on Dec 30, 2013 | hide | past | favorite | 65 comments

RIPE is pretty much out now, they only allocate a single /22 to new registrants, or a /24 to existing members, and that is it.

Working at a new startup ISP, and sort of seeing this from the inside, I think the whole process is a complete joke.

ANYONE who wants IPs can easily get them, average cost is about £10-£20 each, and a whole ip broker industry seems to have popped up over the last few years... Just google "Buy IP address", "IP Broker" or similar.

The guidelines state that when you are not using an IP, you simply hand it back - but - I don't think ANYONE does this, and why would they as they are both free, there is no verification/auditing, and they are now like gold dust.

Auditing is basically just a list of IPs and saying what you are using them for.

Companies approach all the time saying that they have xx IPs for sale, and the official line when you ask "why are they available" is usually, "we can reorganise our network so we no longer require them"... In reality, I am sure they apply entire ranges to bogus interfaces just to make them look in use.

It really annoys me that this side of the industry doesn't get more exposure!

I share your pain, bro :)

Although, two corrections:

1) prices are, in my experience, lower than what you quoted: around 10-12 $/IP, depending on the subnet size.

2) RIPE is indeed encouraging the marketplace model: it is seen as a mechanism to move resources to LIRs that need them the most, with the side effect of increasing IP efficiency.

Also, to note:

4) Since some time, there is a policy proposal [1] to allow intra-RIR transfers to/from RIPE. I'm not aware on whether there is such a proposal within ARIN, which currently allows only transfers to/from APNIC (not very useful if you're american... addresses in APNIC ended a long time ago!).

5) RIPE currently operates in a "emergency policy" that allows a /22 to new registrants and a /24 to new members. ARIN will follows the same policy as soon as they remain with a single /8 left (probably around May-June 2014).

6) I always like to give a link to the very informative exhaustion graph of Geoff Huston [3] :)

[1] http://www.ripe.net/ripe/policies/proposals/2012-03

[2] https://www.arin.net/resources/request/transfers_8_4.html

[3] http://www.potaroo.net/tools/ipv4/index.html

Sorry, meant $ instead of £... I have seen a few prices much much higher from some smaller places (one Eastern European ISP trying to sell a /24 for $40 each), I guess trying to make a quick bit of cash.... but I think $10-$12 as you said is more usual for larger purchases.

"It really annoys me that this side of the industry doesn't get more exposure!"

If only more self-proclaimed "geeks" who purport to care about the future of the internet understood the value of a publicly reachable IP address.

If more folks besides the big players had these, then the potential for reaching a holy grail of "decentralization" and "end-to-end", and all the wonderful things that would make possible, would be much greater.

Instead, these "geeks" are led to believe that hyped workarounds like "the cloud", "webRTC", "IPv6", etc. will save the day.

None of these workarounds should be necessary if you "own" a small block of public IP addresses.

How does the price of these "IPs for sale" compare with what you pay AWS for an IP address you do not use?

Wouldn’t it be better if IANA or the regional Internet registries directly rented out the IP addresses to the ISP:s/companies who need them? Why let a middle-man collect the profits?

Yes. Best would be a formula that increased the per ip cost the more ips you had. That would have at least two advantages: first it would pressure the legacy class A holders who are collectively sitting on 100M+ not publicly used addresses; second it would make it unprofitable to hoard and resell.

The current method resembles water law in the US western states, which is just about the worst possible way to allocate access to a limited resource.

Awkward to say... These companies (at least RIPE) are non profit making - you join for a fixed fee and then you get as many IPs as you need.

It would be a good idea on one hand and a pain on the other...

I am trying to think of a counter to it in my head, but, I can't really... a small fee is easily absorbed in per user costs and so many companies use public ips for internal routing when a private ip would do a good job...

Then again, you could get big companies asking to rent out more than they need and refusing to hand back...

Even if there was fool proof way of provisioning and managing, I personally think it is far too late to do it :(

Bit to late for that, and the people that already got the IP addresses are unlikely to give them back. The internet is basically the sum of all the BGP routes sitting around on routers, it's unlikely any single organization could have much success trying to reclaim and redistribute those addresses.

Well if it wasn't for all the heel-dragging with IPv6, this wouldn't be a problem.

IPv6 just won't happen fully any time soon... People are just kidding themselves.

Too many "big" networks have admins who don't update their knowledge and are clueless about IPv6 - At some events where I see network admins, you can ask simple questions and judging by their body language, you know they are guessing/are clueless about IPv6.

On top of this, some really high end network equipment that is still available now from some (high end) vendors is not 100% IPv6 compliant or has weird bugs, and, if network admins have recommended this equipment, they feel uncomfortable telling people it isn't up to scratch after their companies have invested significant money... so... this just makes the whole process stall. (Personal experience, not from the current job!)

IPv6 is the future, but, being realistic, I don't see it happening any time soon.

Except it's happening right now. Google's chart of percentage of requests coming over IPv6 shows that usage rate is accelerating: http://www.google.com/ipv6/statistics.html

And my personal experience is the opposite - most 'big' networks are fully IPv6 capable (both in terms of equipment and staff), there's just no business case to enable it for many of them because of the lack of capability on home (consumer-grade) equipment.

There are some reasons why IPv6 will take until 2015 until we start to see substantial adoption, but technician knowledge isn't one of them.

Any competent IPv4 network engineer can come up to speed on IPv6 in a single one-week class.

The major reason why we aren't seeing adoption is that there is no commercial need - that's the real driver.

> The major reason why we aren't seeing adoption is that > there is no commercial need - that's the real driver.

Not entirely true. All big networks using private IP addresses and NAT (recent ISPs, and most cellular networks for example) have to implement carrier grade NAT (CGN), and it's getting painful and costly.

Also, a lot of web applications require low latency. The way to do this is often to create a lot of parallel connections to fetch content. For example, a google map can easily span 40+ TCP connection to fetch all the tiles making the MAP. During peak time this can put a very high load on CGN gateways. And when they overload, some sessions lags or time out (missing or delayed tiles => bad user experience).

This is why all big players on the web now support IPv6 and use it when possible. IPv6 avoid CGN and does not have such issues. Even if that still makes a small percentage of all traffic, it's steadily rising now. IPv6 is finally happening, because the alternative (CGN) is too painful to scale.

Now old large ISP with little growth don't care: they have plenty of public IPv4 addresses, with enough in stock to absorb their limited growth for a while. So they don't need CGN and don't care about IPv6. I don't expect this to change. But with mobile and cellular getting a bigger and bigger share and mostly on NAT with IPv4 there is enough of a pressure to move to IPv6 to make sure it'll be mainstream by the end of the decade.

Speaking of latency: one of the big IPv6 news for me in 2013 is that now, on average, IPv6 when it works gives better latency than IPv4:


anecdotal but in a presentation given by the head network architect at a large (ex national) uk communication provider - training engineers is the main reason ipv6 has not been rolled out.

It's a pretty good excuse. But not a good reason anymore.

One reason I haven't learned anything about IPv6 is because of how ugly the new format is. It's 128 bits divided into "48 bits for routing prefix, 16 bits for subnet id, and 64 bits for interface number." But the preferred encoding for such a thing is hex, meaning it winds up looking like 2001:0DB8:AC10:FE01:: (the interface number is omitted here, as is allowed by the protocol.) Compare that to an IPv4 address like "" from the standpoint of visual appeal...

I don't have a point. Visual appeal isn't really a valid reason to dislike a design. Neither v6 nor v4 are "easy for humans." I'm pretty sure my illogical prejudice might be due to me growing up with IPv4 and never knowing anything else. Also IPv4 superficially resembles a phone number, which are quite comfortable for humans. So the fact that an IPv6 address contains so many more symbols than an IPv4 address is ... a little jarring. I know for a fact that I can instantly discern between IPv4 addresses (e.g. in log files or any other list) and tend to notice ones I've seen before based on their "shape" (like "" has a totally different shape from "") but IPv6 addresses are all visually uniform so it's much harder to recognize addresses you've seen before. This, again, doesn't really matter very much... What are the chances I'm going to be visually noticing oddities in lists of IP addresses? ... but it was kind of a nice feature.

Couldn't the first 64 bits of IPv6 addresses be encoded with a-z and 0-9, like domain names? Having a-z and 0-9 means there are 37 possibilities, and log(37^13)/log(2) is 68, meaning 13 a-z0-9 characters are sufficient to encode any 64-bit number. That way, IPv6 addresses would look like "d1mfx888qgnf3" or "fxyotvii435fb". That seems way less jarring of a transition than "2001:0DB8:AC10:FE01::" and it seems easier for people to remember 13 random [a-z0-9] chars than 16 random [A-F0-9] chars.

I mean, obviously this is all moot; the protocols probably won't ever change. I just wish some extra thought had been put into making IPv6 pleasant. I've only ever heard people complain about IPv6... no one seems to love it, which is generally a bad sign in a new design. On the other hand, the world will probably need IPv6 pretty soon, so maybe it doesn't matter whether it's pleasing. It would've helped its adoption rate, though.

Of course, the most obvious reason I've learned nothing about IPv6 is because IPv4 still works, and I have more important things to learn. Whenever IPv4 stops working, everyone will be forced to learn IPv6 regardless of how painful it is. I wonder when that will be?

I came up with a "why ipv6" question yesterday(?) when someone eagerly awaited ipv6 to solve all peer to peer issues in the alternatives to Skype debate.

I'm forced to take up ipv6 due to my ISP's policy (dual stack lite) and so far that caused mostly trouble - hardware problems, software incompatibility and a lot of 'new things' for no gain at all. I understand that my frustration is largely caused by the implementation of ipv6 here, not by the protocul suite. I would love to have a stable ipv6 connection, with a permanent prefix (permanent for the duration of the contract with the ISP, bonus points for the ability to keep my prefix between different providers). I would gladly play with the ipv6 world while ipv4 still works decently (dual stack, sans lite). Accessing ipv6 services from most networks is crap, especially so from mobile devices. Random trivia: The Android emulator doesn't support ipv6...

The way I see (and experience) it, ipv6 is a pita right now and with introductions like the one I see here personal resistance will go up, not down. I contemplate to change the ISP solely to leave ipv6 behind - and I WANT to like it, dabbled with ipv6 tunnels in the past and like to tinker with networks.

"no gain at all"

Not true, you're getting to use IP addresses. Well, ipv6. But since we're outta ipv4, talking about them anymore is a waste of time.

"I would love to have a stable ipv6 connection, with a permanent prefix"

Welcome to tunnelbroker.net, a free service of a very cool service provider, who has been providing static tunnels and space for, oh, it must be over a decade now.

"ipv6 is a pita right now"

Look on the bright side, way over a decade ago when I and other pioneers were starting to use it, it was somewhat worse.

You probably need to visit


and complete the certification. I did that many years ago back when it was new. Not just to collect paper, but in order to complete the cert you pretty much have to get everything working, so you'll be doing it all anyway, and its a well trodden and debugged path.

Please don't take this personal. You seem to be defending something you like. Note that I don't want to sling mud on ipv6 proponents (well, I would love to hear the brains behind DS lite explain a thing or two..).

No gain at all vs. ipv4 (with all its warts, forced disconnects, dynamic IPs) at home. You seem to say "but at least you DO get any address". But that's missing the point for the perspective here: German dude, online for just roughly 17-18 years. That worked. I doubt that German ISPs run out of (dynamic) addresses. On a global scale? Fair enough. So dual stack would be nice/a decent way forward. But claiming "at least you get .. something" is not quite the marketing slogan..

tunnelbroker: I will investigate that, thanks. But.. probably it's not going to help me a lot. I cannot change most configuration settings in that mandatory/ISP provided router. The one approach that might work is putting another router behind that thing, maybe.

I'm happy to read that the experience improved in the last decade. Please take a moment and consider this thread the point of view of someone that was forced to jump the gap - and found issues. I guess it is all quite easy and so much better from your point of view. But - which of us describes the majority/the demographic that need convincing?

Again, thanks for the links. It is totally unclear to me how I'll be able to use a tunnel with my native ipv6 connection (and.. why), but I'm certainly interested to learn. Just not.. while I would rather just use a working internet connection. Currently my single line to the net feels like a giant experiment or hoax at times.

Transition tech should still provide decent IPv4. Would love to hear more details and see if there is something that has to be fixed. Sent you an email.

That way, IPv6 addresses would look like "d1mfx888qgnf3" or "fxyotvii435fb"

Or like "killamericans", "imamassrapist", "shootmeplease", etc.

"it seems easier for people to remember 13 random [a-z0-9] chars than 16 random [A-F0-9] chars."

Why would they have to remember an IP address? Do you know yours?

We are at luck, though. The EU is moving to bank account numbers that can be up to 34 alphanumeric characters (http://en.wikipedia.org/wiki/International_Bank_Account_Numb...). That should get people used to long (almost) meaningless sequences of characters. Also, Microsoft, with its product keys, has been doing a fine job getting people used to the idea for decades.

(And, by the way, in English a-z0-9 is 36 characters)

(And, by the way, in English a-z0-9 is 36 characters)

Hahaha, whoops. Thanks for catching that. log(36^13)/log(2) is 68, so the idea was correct, but I should've caught the typo.

There should be a rule where if you say you don't have a point you shouldn't leave a comment. You honestly think fxyotvii435fb is easier to look at than the ipv6 number? Regardless, there will be no spec change and visual ugliness is not even close to the reason for the sluggish ipv6 adoption.

I think there's some value in people expressing their visceral reaction to new ideas. If you read it as me trying to convince people IPv6 is bad, then maybe I wasn't careful with my wording. It was an introspective comment designed for me to try to pick apart why I haven't spent any time learning IPv6 even though it seems to be important, like eating broccoli.

And it's often the case that a lot of people are all thinking the same thing but everybody's too afraid to say it out of fear of someone ripping them apart, as you've done, or out of fear of sounding silly in public. Luckily my name is literally silly. (Humor is still allowed on HN, right?) So I just thought I'd post it incase it matched up with anyone else's first impressions of IPv6.

I'd also disagree that "appeal doesn't matter." Appeal is certainly beside the point for a protocol spec, but one of the reasons Bitcoin became so popular so quickly is because of the hundred subtle ways the protocol is a pleasure to use (as is the implementation). Twitter is appealing because of its brevity, not merely because it lets people send messages without specifying a recipient. Email is appealing because humans can read the addresses, and because it has a "subject" line for humans to read. Etc. Yet in the case of IPv6, it's as if no thought whatsoever was put into making it appealing, which seemed odd.

You're right in that everyone should feel free to express themselves here and I apologize for how I came off. It is the commentator's duty, though, to consider that people are reading these comments and it's kind of a disservice to say "I don't have a point" in the middle of a very large comment.

You mention email, Twitter, and bitcoin but we're talking about a network naming protocol that only machines use. People don't send raw SMTP messages to each other, it's just the underlying protocol. DNS is used to make addressing easier for people and a lot of time went into the ipv6 spec. Is it harder for people to interpret? Yea definitely. But aside from copying and pasting these hex numbers into config files I really don't see how people will even interact with them. The hosts file is your friend :)

If you memorize IPv6 addresses, you are doing it wrong. Everything is made to make automatic allocation easy...

> meaning 13 a-z0-9 characters are sufficient to encode any 64-bit number.

Heh, you really should think about this for a minute... as eight hexadecimal (0-9a-f) characters are sufficient to encode any 64-bit number.

  >>> hex(random.randint(0, 2**32))
  >>> hex(random.randint(0, 2**64))
A 64-bit number is going to look like edcadadd7a7a8cdf, which has 16 characters for humans to read, not 8.

IIRC, IPv6 addresses were 128-bit numbers?

> The guidelines state that when you are not using an IP, you simply hand it back

Maybe that's why ISPs hand out public IP addresses like nothing?

Remember the World IPv6 day ? In 2014 a few of us (about a hundred of folks around the world at the moment) are going to do a "World IPv6 only day" (turn off IPv4) on the 06/06/2014, for ourselves. If we can't work successfully during this day using IPv6 only - then we'll take a day off (Conveniently, it's Friday).

If you are someone doing computer networking professionally - why not join us ?

We're tracking the count of those who will turn the legacy IP off for a day via an Avaaz "petition to all the computer professionals".


But we won't be able to browse Hacker News! (Even though they use Cloudflare now and could just turn on the AAAA records).

Yeah maybe if we all ask pg nicely, he will do it ? :)

As a backup plan - cloud-based NAT64 is a fair game for the day, search "go6 nat64".

I never tried nat64. If github got their shit together and installed ipv6 I would be very happy...

In github case since it's server side only and FOSS, they could probably go even further and go v6only and do stateless translation for ipv4 clients.

But that's a bit too hardcore :-)

I don;t mind so long as I can stop running NAT so my test VMs can pull from github when everything else they do runs over v6... (actually buildbot doesn't work over v6 only either).

So in other words productivity might skyrocket for the participants.

See also RFC6586: "Experiences from an IPv6-Only Network"


We moved our whole headquarter on dual stack a while ago, and periodically I'm turning off IPv4 on my laptop to check what the "user experience" would be with IPv6-only...

...well, 9 URLs out of 10 are unreachable. It would be impossible to use for any user.

Try with nat64. Not entirely clean experiment, I know (IPv4 upstream of translator). But the result is quite usable.

Ping me via mail if I can help with the setup, we did this setup several times with reasonable success.

Thanks, but that's exactly what I wanted to avoid. With my little unscientific "experiment" I wanted to get a practical taste of how big the IPv6 Internet is right now... "really small" would be the answer :)

Depends on what you do. YouTube should work fine, netflix does as well. That more than 50% of traffic for some.

The long tail is indeed long :-)

There with no transition tech you get about 4.8% [1]

I think there are two strategies:

1) keep your network as dualstack until the above %% is sufficiently big (how big ?) and then just turn off ipv4 and if something is not available, "too bad".

2) add the band-aid to go ipv6->ipv4 (nat64) and turn ipv4 off in the network as soon as the above %% is sufficiently big (how big?)

The additional factors are presence of NAT44, OS mix, network management, etc...

Too early for both now, but I am betting (2) will happen earlier. What do you think ?

[1] http://www.employees.org/~dwing/aaaa-stats/

Netflix kind of works, but the geolocation is borked, so I had to turn it off (it thought I was in US and then denied access).

I worked at Xerox for 8 years as a Solution Architect and it annoyed me so damn much that they are sitting on 13.* yet hardly using it and I can't imagine that has changed in the few years since I left. From what I can remember they were using less than 20% of the address space they have.

Then again running out of v4 addresses is the best thing to happen really. Still it annoys me a big company can sit on so many addresses for no reason.

Economics being the study of scarce resources, this is basically something that should be viewed through that lens. As the good becomes more scarce, it stands to reason that the price will go up and 1) encourage people to use them more efficiently, and 2) encourage people to look at alternatives like ipv6. It's probably a bit more complex in some ways, but I think the basic logic makes sense.

And ISPs in the US will do what ISPs did elsewhere; point to their IPv6 trial as "evidence" of their IPv6 rollout and continue to consume IPv4 address space until the disaster hits. Also more and more ISPs will prefer to roll out Carrier Grade NAT (CGNAT) than bother to update the firmware and configuration of their routers and more importantly due to substandard consumer home routers and other CPE; expect your games and P2P based software that doesn't support UPnP port forwarding to choke.

>Carrier Grade NAT

>that doesn't support UPnP port forwarding

Wait, there are Carrier Grade NATs with UPnP support?

Most don't you are right, but some are toying with the idea of proxying UPnP requests to "NAT Centres" on the carriers backbone; there are a significant percentage of users who will refuse to put down their controllers and will walk to another provider.

The other way this may be solved is to form a technology solution with the console makers to have a drop in solution at the API level; obviously this will disadvantage smaller developers who can't pay to play (not that this will bother the carriers overly).

I suspect most likely in the US there will be a nuisance fee add on to your internet connection in order to play "P2P" games (x.ref current Net Nutrality battles in the courts)

Most games don't support v6 anyway, so it's not like that would help.

Not a big fan of ipv6... It did nothing to solve the global routing table size problem (in fact it made the problem much much worse). As a small network administrator, it adds nothing but headaches and will not increase the profitability of the company in any way.

The only incentive right now is doomsday predictions and honestly there are better things to worry about. I'm hoping ipv6 gets an update and they design a more realistically usable protocol that offers advantages to the little guys.

> It did nothing to solve the global routing table size problem

Well, at the time it was designed there was no "global routing table size problem".

Good point actually...

The problem is the "Global Routing table size problem" is a problem we actually have _right meow_, whereas the impending omg-out-of-ipv4-address problems is one that will stretch on for another 40+ years.

If IPv6 actually solved the problem we have right now, people would adopt it. But IPv6 solves no current problems, it only creates new current problems.

Anyway, I know IETF pisses vinegar all over NAT, but I'm hoping a grassroots effort pops up to solve the problem IPv6 should have actually solved.

All we really need is forward-compatible extension to IPv4 that allows for easier incoming NAT traversal. A working solution would allow border routers to identify traffic belonging to an individual host on their network (in the private address space), while the client remains blissfully happy on traditional IPv4.

The goal would be, merely update your border router to speak this extension to IPv4... rather than every device on your network and oh by the way, rewrite half the software you have that parses ipv4 addresses.

Currently I have to jump hoops through some bullcrap NAT maze of a public Internet to interact with anyone else.

Properly distributed ipv6 addresses would fix that.

So it does solve a problem I have now, in that I'd rather just tell people to click the accept connection button when I generate inbound traffic on their ipv6 address than to get them to figure out how to port forward off a router they have never touched the interface of before.

IMHO, nothing is going to happen upon IPv4 exhaustion. IPv4 will become a luxury good whose price will rise quickly.

Which leads me to wonder if the Internet at large isn't at a crossroad. Either IPv6 and Net Neutrality are adopted or a market (and a black market ?) is created for IPv4. Add to that the end of net neutrality and we'll enjoy the return of Compuserve/AOL and the demise of small independent entrepreneurship on the internet because of the higher cost of entry.

Granted, it's worst case scenario, yet not impossible.

We have been brokering IPv4 addresses for many years, we brokered half the bids for the watershed sale of 660,000 addresses from Nortel to Microsoft in 2011. Because of the inter-regional transfers allowed between ARIN and APNIC, we consider that a single market. ARIN/APNIC prices are right around $8US per address. RIPE has no inter-regional transfer policy, and prices in RIPE are around $10US per address. Leasing of space is also available.

Edit: I was wrong, most of the addresses on that page have been allocated.

This is a bit disingenuous btw, they are down to 1.5 /8 in the class A space, but have quit a few more /8 in class b and class C space.

See https://www.arin.net/knowledge/ip_blocks.html

Still, people not having a plan should really hurry...

/8 is CIDR notation, CIDR standing for ClassLESS Inter-Domain Routing.

Classful network architecture died a couple of decades ago, I'm not sure the term still persists with people erroneously substituting class A/B/C to describe any of /24, /16, /12 or /8 IPv4 networks, sometimes as part of an RFC 1918 network, sometimes not..

No, there are only the equivalent of 1.5 /8s altogether.

Yup, some ARIN pages are a bit unclear about what is spent and what is not, I got a bit confused by it...

Guys let's not vote down people who contribute to the discussion even if they're wrong. Voting a comment down should be reserved for trolls or people who just derail threads.

It has happaned earlier for other regions (RIPE & APNIC) and nobody really cared about it.


What about adopting a subscription model? Let's say $10/IP/year. We are already doing this for an effectively infinite name space (domain names). The very limited IPv4 name space should be more expensive, right?

There actually is one, although it's a bit cheaper than that:

See, e.g., https://www.arin.net/fees/fee_schedule.html

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact