Hacker News new | past | comments | ask | show | jobs | submit login
Microsoft Azure’s use of non-US IPv4 address space in US regions (azure.com)
35 points by computer on June 13, 2014 | hide | past | favorite | 28 comments

I would say that this is going to become a normal occurrence soon in many other IT companies running out of IPv4 space. An easy way currently to get more IPv4 space is for example to buy them from other regions like EUs RIPE.

RIPE for example actually sold IPv4 classes at some point so all those are actually owned by their respective owners and can be rented out or outright be sold. In order to be able to use any of these RIPE IP spaces all you will need is to have a valid PA account/membership with RIPE and you can use them anywhere and not only in EU.

This is not limited to the US, either. I have an Azure account hosted in the North Europe datacenter (in Dublin), and our IP addresses are associated with Brazil in the GeoIP databases.

Oh, this is why I can't download Youtube videos via Azure VMs.

How did the phrase "non-US IPv4 address space" even acquire meaning? The purpose on an IP address is to name a system on the internet such that you can send packets to it. WTF does that have to do with geography? (Apart from the fact that you might generally want to aggregate geographically close systems into contiguous address ranges in order to keep routing tables managable, but that obviously has exactly zero to do with borders of countries and stuff like that, and more with the physics of signal propagation ...)

So back in the day, IANA was the sole controlling body for IP address allocations. When the internet began to grow, they redelegated certain blocks (with the largest being /8 in CIDR notation) to organizations in geographical communities. This is called the RIR (Regional Internet Registry) system. In order to get IP addresses from a certain RIR, you have to be a business or customer within that region. The region of North America and some of Latin America is under the American Registry for Internet Numbers, also known as ARIN.

Please see this page for more information. https://en.wikipedia.org/wiki/Regional_Internet_registry

Which all has exactly zero to do with what is meant here by "non-US IPv4 address space", as it in no way implies that the systems that you assign those addresses to are themselves located in those geographic areas, let alone that their users speak a particular language and similar crap that people have overloaded the meaning of IP addresses with. It's a division for administrative purposes, nothing more, and as you might notice, it doesn't even have country granularity.

(Also, the question was rhetorical - I know how that idiocy happened, and I expect that most people here do.)

Asking arrogant rhetorical questions on HN that have literal answers, you should not be surprised when you get literal answers.

Would you mind explaining what was arrogant about my rhetorical question?

I think this has more to do with GeoIP databases than anything else and registry CIDRs allocations across the world.

Yeah - but what's the point of GeoIP databases? Most if not all of the use cases are idiotic. The browser tells me that the user understands English and French, but since the GeoIP database tells me the client's address is "brazilian", I'll deliver portuguese text! WTF? Similarly, routing requests to servers in the same country is kinda stupid - you want to achieve responsiveness, and responsiveness comes from shortest paths in the network graph, not from being inside the borders of the same country, or even from shortest geographic distance. In that case some suboptimal routing at least should be of little consequence, so it might be a usable approximation. Limiting access to content because you are in the wrong place is about as counter to the idea of the internet as you can get, so it's idiotic simply because of that. There simply is no sane reason to even have a concept of a "location of an IP address", other than its location in the network graph for packet routing purposes.

(edit: and the first one of those is causing lots of unnecessary pain, not only to travellers who suddenly have to deal with a "different internet" simply because they moved their body to a different place on the planet, but also for people in multi-lingual countries, who regularly have to deal with moronic websites forcing them into some particular language version that supposedly is the "language of their location", ignoring the fact that the user not only doesn't understand the language, but specifically tells the server via appropriate headers which languages the user understands.)

This is a pet hate of mine. Tech companies, especially US ones have a horrible habit of assuming language preference based on location. In Spain != Spanish. Or do say 14 million Catalan speakers anyway. Whenever I travel abroad I notice how sites ignore my Accept-Language HTTP header. It is just impolite.

Exactly. It's the fact that many sites rely on GeoIP databases to try to offer the best localized services to people coming from various regions. GeoIP databases can also be used by firewalls, of course, to block all connections coming from a certain region.

I read somewhere that MIT or Stanford have more IP addresses than China or Africa. Perhaps there is an option to buy those?

No, Stanford gave that block back in 2000. See: http://arstechnica.com/information-technology/2014/06/with-t...

Microsoft has been purchasing blocks of IPv4 space (they bought some off of Nortel a few years back). Obviously they don't have enough.

MIT has, but according to https://en.wikipedia.org/wiki/AfriNIC Africa has 4 /8s.

China is under an Asia-Pacific registry, https://en.wikipedia.org/wiki/Asia-Pacific_Network_Informati... and from a link off of that, https://www.apnic.net/publications/research-and-insights/ip-... they have 44 /8s plus a /12 from their initial allocation, plus some "ranges from the IANA recovered pool"; according to the Wikipedia article they were the first Regional Internet Registry to run out of /8s.

I understand that there are really no other options, but this is a pretty bad place to be in. It doesn't sound like Azure can make any hard guarantees that this issue will go away, only that it will be "alleviated." That wouldn't make me feel good as a customer.

Why can't they move to IPv6?

Because then services offered by their customers would not be reachable for over 97% of the internet.

I would assume that's bad for business.

Many cloud customers would be fine with IPv6-only VMs and one IPv4 adddress on the outside of their load balancer. Yet cloud providers are building the opposite architecture.

Most cloud customers are fine with RFC1918-IPv4-space VMs and one IPv4 address on the outside of their load balancer.

They will have to proxy stuff sure. But they need to start to roll out ipv6.

proxying requires a public IP though. So you can have as much IPv6 in your backend as you want, the moment you want one of these machines to serve content to the wider public, you will need a public v4 address.

You could use name based virtual hosting in case of plain HTTP (though there are still clients around that don't send correct host headers), but if your customers use HTTPS, you'll need one public V4 address per site because SNI still can't be used reliably.

non shared IPv4 proxying is going to start to get very expensive. It already is to some extent. But the number of backend machines is probably larger, so at least this saves some addresses.

The next round of cloud price cuts could well be for ipv6 customers only...

They need to start with a dual stack, that works for over 97% of the internet. Then v6 would be of actual use for customers and ISPs would have more reason to support v6.

This kinda leads me ask. Why don't we start allocating the E-Block? I know its a shitty solution and IPv6 would be better, but isn't that a short term bandage?

if you mean>end, it is actively in use for private purposes..

And a lot of IP stacks will treat any traffic from it as invalid. Even if the standards were revised to declare it as usable, it'd be impossible to use in practical terms.

So I guess the next step is to buy the remaining African address space?

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact