The Futility of IPv4 Address Recycling

The powers that be for IP address allocation are gathering old space that was wastefully allocated long ago, but it won't make much difference.

Some time ago I wrote somewhere about Geoff Huston and his projections for the depletion of what remains in the IPv4 address pool. I was intrigued by his work and suggested to him that there were a lot of wasteful class A addresses out there, and perhaps they could be reallocated to better purpose.

A class A address, aka /8 in TCP/IP jargon, holds 16,777,216 addresses. It's an entire block with the same first value in the address. Surf here to see where the various /8 addresses have been allocated. Huge blocks of them go to ARIN, RIPE, APNIC and other regional Internet registries, which dole them out to lesser bodies such as ISPs and governments.

Many of these /8 addresses are assigned to great universities, U.S. governmental entities and major corporations. For instance, 012/8 belongs to Bell Labs (now part of Alcatel-Lucent). GE, Xerox, Hewlett-Packard, DEC, Apple, Halliburton (yes, Halliburton) and Merck all have them. Even the Interop Show Network, formerly part of the same family as this publication, has its own /8 address.

Do these entities really need such expansive address space? The answer is clearly no, but now what can be done? Huston replied to me that my suggestion was an impractical one. First, for example, why would Apple cede its giant address space without compensation, and who would pay? (These companies paid essentially nothing for these addresses back in the '80s and early '90s when they got them.) Second, the renumbering of addresses involved in such an operation would be quite complicated and expensive.

Should IP address be considered private data and protected? Click here to read more.

It's not really the technical problems that bother Huston; it's the economic and social factors. Who would get the addresses? If it's decided in a market, what would be the terms of the sale? Would the usual regional parceling of addresses be done, or should (for example, again) Merck's addresses stay in the United States because they're here already?

Now, according to the ICANN blog, we may have the chance to see how it will all play out. ICANN reports that, indeed, much /8 address space has been recovered. Some addresses, it seems, were essentially unallocated. Some were recovered from other owners:

  • 014 - Public Data Net
  • 046 - BBN
  • 049 - US DoD
  • 050 - US DoD

(Darn nice of BBN, the people who bootstrapped the original proto-Internet. Why did they give this away? I contacted them to ask and wouldn't you know it, they denied that the address space was theirs. They had no explanation, but it sounds like they basically forgot about the address space and eventually decided just to give it up. But I digress...)

A recent announcement from ICANN celebrated the recovery of just one of these, the 014/8 subnet, but the story is both bigger and smaller than that.

With still more it had reserved, ICANN says it has 43 unallocated /8s. That might seem like a lot, being almost 17 percent (43/256) of the total address space, but ICANN also said it "...allocated more than one /8 per month in 2007," so it won't last long.

The final days of the IPv4 land rush could be ugly ones. There will likely be a "run on the bank" for the final blocks of addresses. Aftermarkets for network blocks could develop, and they could be expensive. In a comment to the blog entry, the ICANN rep noted that ICANN has already noticed use of what is officially unallocated space; in other words, there are squatters out in the remaining undeveloped neighborhoods of IPv4Land. One day the sheriff will come along and evict them when the rightful owners put their money down.

ICANN's major conclusion from these developments is a reasonable one: New, large deployments of network space really have to be planned to use IPv6. Not a pleasant thought, but not the end of the world. It's going to happen some day.

Security CenterEditor Larry Seltzer has worked in and written about the computer industry since 1983.

For insights on security coverage around the Web, take a look at Security Center Editor Larry Seltzer's blog Cheap Hack.