Hacker News new | comments | show | ask | jobs | submit login
IPv4 Address Market Takes Off (dyn.com)
72 points by oxplot 721 days ago | hide | past | web | 60 comments | favorite

So in what way exactly does the Internet as a whole benefit from allowing IPv4 addresses to be traded in a free market?

This is a honest question. I would like to know how we avoid ending up in a world where a few large companies control all the available IPv4 addresses (which they don't really need) so they can rent them to the rest of us at exhorbitant prices.

IPv6 won't render the problem moot - it's likely that IPv4 addresses will remain a necessity for globally reachable services for years to come, regardless of IPv6 adoption.

I always viewed the cause for slow IPv6 adoption as a lack of incentive - while IPv4 addresses are effectively free then where is the ROI in building an IPv6 infrastructure?

I guess that when IPv4 addresses are traded in a free market it is easier to realise the cost of not adopting IPv6, eventually leading to a faster adoption (which is a good thing for everyone, NAT is essentially making the internet a lot less cooler place than it could be).

Also, what would the alternative be? Just not handing out IPv4 blocks to new players and telling them "tough luck"? Or a lottery? I really don't know a better alternative to a free market.

Totally agree with you in that IPv6 and the end of NATs are great for the Internet.

My honest (though possibly unpopular) opinion is that the incentive should have been given years ago through government intervention, by legally compelling ISPs to provide IPv6 connectivity to their customers. If most of the Internet had been switched to IPv6 by now, no bidding war over IPv4 addresses would need to take place.

Naturally, it's moot to point out what could have been done and wasn't. But I think this illustrates a limitation of market-based incentives: they seem to work well on the short term, but have a tendency to fail on the long one. Slow IPv6 adoption is, in my view, a market failure that should have been corrected through government intervention.

I have IPv6 through my ISP, Comcast. It's completely broken and unusable due to a bug in the router they upgraded me to last year and force me to use because I have a business account. It took me half a day to figure out the cause of the problem. I'll probably wait another six months to look at it again. This is just one of many sad details plaguing the rollout of IPv6. Maybe the solution will come by skipping it entirely and using something backwards-compatible with IPv4, only with a larger address space (baby steps).

That's strange. My buddy across the street also has a Comcast Business account. While he does have to use a particular modem, it's handing out a DHCP lease to his personal Airport Extreme. He also has fully functioning IPv6 service.

Do you like, have several IPv4 addresses assigned to you or something?

We’re probably worse off if we let governments choose the technology winners. That could impose even higher costs than what we face today.

> Totally agree with you in that IPv6 and the end of NATs are great for the Internet.

I can see the advantages, but do I want my devices to have publicly routable addresses? I prefer that the public Internet doesn't know the exist and can't easily contact them without receiving a recent outbound connection. (Perhaps I missing an obvious solution here?)

What you want is called a firewall.

There seems to be this common misconception that a firewall and a NAT box are the same thing, but they're not. It just happens that most NAT implementations also work as firewalls (though not the other way round).

Even if you don't have a firewall, the odds of someone discovering your IPv6 address by chance (i.e. without you communicating with them first) are incredibly low. Common IPv6 deployment practice is to delegate at least a /56 prefix to each end user, so your device gets an address chosen at random from 2^72 possibilities. You can even hop into a different address every few minutes for added security (some IPv6 stacks do this).

So please don't spread the misconception that IPv6 is somehow less secure than IPv4! :)

This is a bit condescending and an overreaction. I know well what firewalls and NAT are, and I asked a question, I didn't assert any misconception.

I'll address the technical issues in my response to the other commenters response.

I certainly did not mean to be condescending. I offer my apologies if my post came across as so.


If your firewall (which you'll still need) is configured correctly, then the wider internet either won't know an address isn't routable, or won't be able to do anything even if it is (there are various schools of thought on blocking ICMP messages from the internet, which range from "you break the internet if you block ICMP" to "I'll blackhole ICMP so nobody knows my devices exist")

> the wider internet either won't know ...

Once a private device communicates with a public Internet server, won't that server and every network between it and the private device (my ISP, etc.) know a publicly routable IP address on my private network? I know a firewall could still help protect it (simple SPI, for example) but having a publicly routable IP would seem to simplify the attacker's job, and possibly reveal information about specific devices and users (i.e., track who is doing what).

Also, I assume my firewall's public IP must be on the same public subnet as my internal devices. It doesn't seem like it would be hard to guess the addresses of devices on the private side.

I haven't looked at IPv6 much, so again I suspect I'm overlooking something basic.

> If your firewall (which you'll still need) is configured correctly

In my experience, this situation isn't common -- especially among end users but even among professionals.

In the absence of a firewall, you are correct that any node that gets hold of the publicly routable address assigned to one of your devices will be able to communicate with it from the outside. This is indeed a problem for most users, who won't know or bother to configure one; ISPs should do it for them on the CPE.

Regarding the tracking of specific users: RFC 3041 stateless autoconfiguration (which is deployed at least on Linux and OSX - not sure about Windows) allows a device to switch to a new random IPv6 address within its assigned prefix every few minutes. This mitigates, though it does not eliminate, an attacker's ability to correlate connections originating from the same device over a period of time.

Naturally, all of those addresses will share a common IPv6 prefix. But that is no different from most residential NATs, where all connections are observed from the outside to originate from the same IPv4 address.

Also due to stateless autoconfiguration, guessing the address of a device from the outside is equivalent to finding a needle in a 2^64-straw haystack. It's not impossible, but it takes time and a lot of traffic to do so.

Thank you!

One alternative would be seizing unused addresses (as they are supposed to be) and auctioning them off. Repeating every so often if they're still unused.

This would raise prices (in the event that is really desired) while avoiding squatting and rent seeking.

Unused addresses often aren't. You might not be able to connect to them, but that doesn't mean disuse. There are various networks around whose operators want them to have unique addresses but not be connected to the global internet.

For example a power company I know about. The operators there decided to use public addresses for the power control/monitoring network instead of 10/8 to be sure of having unique addresses, even in case of a merger or cooperation with another power generator.

So this is cap-and-trade for IPv4?

I wrote a blog entry about some of these issues. http://ethanheilman.tumblr.com/post/104839763080/are-ip-addr...

IANA specifically states that a free-market of IP addresses would be harmful, instead they argue that IP allocation should be based on need and not treated as property.

>ISPs are required to utilize address space in an efficient manner. To this end, ISPs should have documented justification available for each assignment. The regional registry may, at any time, ask for this information. If the information is not available, future allocations may be impacted. In extreme cases, existing loans may be impacted. RFC 2050

Big companies have fought them on this and won.

>The court held that Nortel had an exclusive right to use the legacy numbers. The court also explicitly sanctioned Nortel’s exclusive right to transfer its exclusive right to use the numbers. In recognizing Nortel’s exclusive right to use legacy IPv4 numbers, the court implicitly found that Nortel had the exclusive right to possess the numbers themselves. Consequently, Nortel could exclude others from possession and use of the same legacy IPv4 numbers. In other words, the court found Nortel possessed the customary “bundle of rights” commonly associated with the ownership of tangible or intangible property. - Property Rights in IPv4 Numbers: Recognizing a New Form of Intellectual Property

The Coase theorem basically says that you can have any initial allocation of resources and so long as they are tradable, transaction costs are low, and a few other conditions are met, you will end up with an economically efficient outcome (i.e. those who will put the resources to the most remunerative use will end up with them).

Which isn't to say that any initial allocation will satisfy us as fair or that the outcome will satisfy us as fair, but a top down system may well end up being neither fair nor efficient.

How do we know the Coase theorem applies in this case?

It basically never applies; transaction costs are always sky-high. But it can still function as a sort of guide to thought, like Raymond Chen's "what if two programs had that feature". It's more useful if you think of it as saying "reality can't diverge from this goal state by more that a function of the local transaction costs, legal system, etc".

The internet as a whole doesn't need to benefit; the buyer and seller do. The internet as a whole benefits from the liberty that lets us act without permission from central authorities.

Also, we're currently in a world where no large company owns even 1% of the addresses, and heading towards one where IPv6 is the majority of traffic. Have a look at http://www.google.com/intl/en/ipv6/statistics.html and pretend to be an IPv4 address investor. The year-end figures are about 0.4, 1.0, 2.5 and 5.7%, so a little over 100% yearly growth for each of the past three years. If that goes on, we'll pass 50% IPv6 in 2017, and if that happens I rather doubt that IPv4 addresses will be worth much.

Of course that projection doesn't have to be right. Perhaps IPv6 growth slows down. But if you were an investor, would you invest heavily in v4 addresses on the assumption that IPv6 growth slows down? If so, why do you assume it'll slow down?

Oh, and I do think IPv6 will render IPv4 moot. Assuming that trading goes on, IPv4 will increasingly use tunnels and long-prefix routes, and then it'll have the kind of reliability problems v6 had around 2005.

So in what way exactly does the Internet as a whole benefit from allowing IPv4 addresses to be traded in a free market?

Compared to a world where you can't get IPs at any price? Seems pretty obvious: you can get IPs.

I would like to know how we avoid ending up in a world where a few large companies control all the available IPv4 addresses (which they don't really need) so they can rent them to the rest of us at exorbitant prices.

It seems like the cloud is already going there with only a few large providers. All I can suggest is to buy your IPs now before Amazon does.

> Compared to a world where you can't get IPs at any price? Seems pretty obvious: you can get IPs.

You seem to be presenting a false dichotomy; there are plenty of intermediate solutions between the current state of affairs and a laissez-faire market. At the very least, if we're going to set a price on IPv4 addresses, I think it should be set by the RIRs - not by the companies to whom they were allocated. (Remember that RIRs have the right to reclaim addresses that are not being used.)

In other words: my concern is not that IPv4 addresses end up having a price tag on them; that seems inevitable at this point. My concern is that big players might be able to dictate the prices and effectively buy the small ones out of the Internet.

This is actually the opposite of what I'm seeing in the American IPv4 market. I run a broker company (ipv4hub.com) with access to millions of IP addresses and can't sell any large blocks at all (large block being a /18 which is about 16,000 addresses).

EDIT: Fixed the number of addresses in a /18

We just bought a /16. Shouldn't be any issues selling your /18. Perhaps a marketing or pricing issue?

Interesting. Of course, the US, as the inventor, has quite a lot of IP space; perhaps it's just that?

Why would they be limited to selling within the US?

You mean a /14 - you went two bits in the wrong direction.

No, a /14 is 2^18 = 262144 addresses.

The problem is that they designed IPv6 not to be backwards compatible with IPv4 in any meaningful way. Unless you forbid IPv4 traffic on the internet everyone is going to have to build all software for both for the foreseeable future. If everything works with both, why should you build against the new spec at all?

Given that worldwide Internet adoption is still growing strong, it is conceivable that sooner or later a significant number of endpoints will only have IPv6 connectivity, or that their IPv4 connectivity will be limited to a private address behind a carrier-grade NAT.

Another point to consider is that there are things you can do with IPv6 connectivity that are very difficult/costly, or outright impossible, in NATted IPv4 land.

Personally, I'm waiting for the next generation of peer-to-peer protocols that make use of end-to-end IPv6 connectivity instead of hole-punching and proxying through third-parties. (Case study: ever thought how ridiculous it is that in 2015 it's still non-trivial to send a large file to someone over the Internet without using some sort of storage service?)

It's plausible that one of those new applications could end up being the "killer app" for IPv6.

It is backwards-compatible with IPv4. You can route IPv4 over IPv6, and tunnel IPv6 over IPv4.

The problem is that IPv4 is not forwards-compatible.

The list of /8 block owners makes interesting reading: https://en.wikipedia.org/wiki/List_of_assigned_/8_IPv4_addre...

The US Army in various guises controls vast swathes of address space, but there are also lots of corporations with a 256th of IPv4 all to themselves: Halliburton, GE, Prudential, Ford, etc. MIT also appears to be the last university still hanging onto their own block.

I have a specific IP address I want to purchase. Is this possible?

Use `whois` to see who controls the IP address and then contact them. As others have noted, you won't be able to route a single address differently, so your best bet would be to host with the controlling entity.

For example, lets say you wanted That's controlled by hostwinds.com, which offers VPS hosting. There doesn't seem to be anyone on that IP address. The reverse DNS lookup makes it appear that it's in their normal client space. A phone call to the right person there might get you what you want.

You couldn't just get a single IP address, you'd have to buy a routable block that contains that IP address, which while I believe technically is a /28, in practice is a /24 (256 addresses)

Can you generally advertise a /24 now? I thought the filters were rougher than that.

/24's are generally considered globally routable these days, and have been for quite some time. I suppose there are still some providers out there who filter them, but we'd both be showing our age if we speculated on those names :)

In general, /24's have been routable since the 80's.

There have been periods of time where various providers had filters (in certain ranges) to prevent routing table bloat.

And how much is a /24 then? $10 * 256 ?

I'd consider that pretty damn cheap if you consider that and IP address as a form of Intellectual Property.

Look at this list of /8 blocks: https://en.wikipedia.org/wiki/List_of_assigned_/8_IPv4_addre...

If the first octet of the IP address that you want is in that list, it's probably owned by someone who isn't selling.

Many of these should be reclaimed by IANA. Why do L3, ATT and HP need two /8s. Why does DOD need ten /8s? Why do CSC, Halliburton, PSINet, eli lilly, prudential, Bell-Northern Research and dupont, Daimler, Apple, GE, MIT, Ford, Xerox, IBM, Merck and the USPO need /8s.

At apple, routable addresses are handed over to macs used by people. They use private IPs just for production infrastructure.

The argument against reclaiming is that is serves little point at this stage in the game. It really buys you no significant time, and really we should be doing all we can to move everyone over to IPv6.

It could buy a couple decades.

The estimate I saw was that each /8 reclaimed would buy one month. There were only 128 class As total and many of them are really in use (and of course the military will never give anything up).

Nobody wants to buy a couple decades of carrier-grade NAT, and the addresses that could be reclaimed won't buy any significant time of anything more open than that.

> Why does DOD need ten /8s?

Of that list, I can actually see the DoD needing 240M IP addresses.

Why does DOD need any publicly rout-able IP address space, other than to run a handful of brochure sites, which could easily be outsourced.

Likely not. If addresses are $10 each and you want one, why would they spend the time and expense to transfer just one?

Not to mention that it would be impossible to route it. (last I checked—years ago—the smallest advertisement anyone would accept was a /24, and even that seemed iffy)

Just curious, how many ip addresses does Amazon have for their cloud services? What would happen if they ran out and were unable to obtain more in a timely manner?

Back in November 2014, there were at least 10,130,200 IP addresses in the EC2 range. So there are potentially way more than that today due to growth of EC2 and IP addresses required for other AWS services.

Source: http://aws.amazon.com/blogs/aws/aws-ip-ranges-json/

Why would one want IPv4 address space so badly?

Is it so you can communicate with servers or clients that don't facilitate any form of IPv6?

Yes, with "servers or clients that don't facilitate any form of IPv6" being a pretty good description of "the internet at large".

For someone providing content (websites, applications, internet-based software, etc) there is a need to support both IPv4 and IPv6 clients for a while.

For most consumers IPv6 will already work on many sites, and I expect that to increase considerably over the next 1-2 years.

If you want to query some services (such as Google Search or Google Maps API), you may encounter throttling issues.

Having multiple IPv4 addresses helps to alleviate that problem.

IPv4 address also has reputation attached to it. That reputation is much move valuable that reputation on IPv6 address, because cost of IPv6 is pretty much zero, but IPv4 costs $10+ per address.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact