By Geoff Huston
Time for another annual roundup from the world of IP addresses. Let’s see what has changed in the past 12 months in addressing the Internet and look at how IP address allocation information can inform us of the changing nature of the network itself.
Back in around 1992 the IETF gazed into the crystal ball and tried to understand how the internet was going to evolve and what demands that would place on the addressing system as part of the “IP Next Generation” study. The staggeringly large numbers of connected devices that we see today were certainly within the range predicted by that exercise. Looking further out, it is doubtless that these numbers will continue to grow. We continue to increase silicon production volumes and at the same time continue to refine the production process to decrease the unit costs of these chips. But, at that time, we also predicted that the only way we could make the Internet work across such a massive pool of connected devices was to deploy a new IP protocol that came with a massively larger address space. It was from that reasoning that IPv6 was designed. This world of abundant silicon was the issue that IPv6 was primarily intended to solve. The copious volumes of address space were intended to allow us to uniquely assign a public IPv6 address to every such device, no matter how small, or in what volume they might be deployed.
But while the Internet has grown at such amazing rates, the deployment of IPv6 continues at a more measured pace. There is no common sense of urgency about the deployment of this protocol, and still, there is no hard evidence that the continued reliance on IPv4 is failing us at this moment. Much of the reason for this apparent contradiction between the designed- size of the IPv4 network and the actual size, which is, of course, many times larger, is that the Internet is now a client/server network. Clients can initiate network transactions with servers but are incapable of initiating transactions with other clients. Network Address Translators (NATs) are a natural fit to this client/server model, where pools of clients share a smaller pool of public addresses, and only required the use of an address while they have an active session with a remote server. NATs are the reason why in excess of 20 billion connected devices can be squeezed into some 2 billion active IPv4 addresses. Applications that cannot work behind NATs are no longer useful and no longer used.
However, the pressures of this inexorable growth in the number of deployed devices on the Internet means that the even NATs cannot withstand these growth pressures forever. Inevitably, either we will see the fragmenting of the IPv4 Internet into a number of disconnected parts, so that the entire concept of a globally unique and coherent address pool will be foregone, or we will see these growth pressures motivate the further deployment of IPv6, and the emergence of IPv6-only elements of the Internet as it tries to maintain a cohesive and connected whole. There are commercial pressures pulling the network in both of these directions, so it’s entirely unclear what path the Internet will follow in the coming years.
Can address allocation data help us to shed some light on what is happening in the larger Internet? Let’s look at what happened in 2018.
IPv4 in 2018
It appears that the process of exhausting the remaining pools of unallocated IPv4 addresses is proving to be as protracted as the process of the transition to IPv6.
The allocation of 14.5 million addresses in 2018 on top of a base of 3.65 billion addresses that are already allocated at the start of the year represents a growth rate of 0.5% for the year for the total allocated IPv4 public address pool. This is less than one-tenth of the growth rate in 2010 (the last full year before the onset of IPv4 address exhaustion).
Table 1 – IPv4 Allocated addresses by year
The record of address allocations per RIR over the past ten years is shown in Table 2.
In terms of the IPv4 Internet, there is considerable diversity in the situation in each region. As of the end of 2018, AFRINIC was the last remaining Regional Internet Registry (RIR) with remaining IPv4 addresses available for general allocation, with some 6.7 million addresses left in its available address pool. APNIC and the RIPE NCC have both adopted “Last /8” policies, where each applicant can receive just a single allocation of up to 1,024 addresses from their respective last /8 address pools. APNIC has 3.9 million addresses left in this pool, and the RIPE NCC has some 6.0 million addresses. LACNIC has a pool of 1.5 million available addresses, while ARIN has none at all.
We can use the address allocation data from 2018 and perform a forward extrapolation on this to predict when the available address pools of each RIR will be exhausted. This linear projection model is shown in Figure 1.
The address consumption rate for APNIC has been relatively steady in 2017 and 2018, and at this stage, the pool will last for a further 30 months at this allocation rate (July 2021). The RIPE NCC uses a similar address management policy for its remaining pool of addresses, but the consumption rate is slightly higher than that of APNIC, and it increased in 2018 as compared to previous years, so this pool will last for a further 18 months at its current rate of consumption (July 2020). LACNIC’s remaining address pool will last for a further 12 months, which is similar to the situation in AFRINIC (according to this projection both RIRs will running out of addresses at the end of 2019). ARIN has completely exhausted its available pool.
The forecast of likely exhaustion dates for each RIR is shown in Table 3.
This analysis of the remaining address pools is not quite the complete picture, as each of the RIRs also have reserved some addresses, in accordance with their local policies. There are a variety of reasons for this reservation, including non-contactability of the original address holder, or addresses undergoing a period of ‘quarantine’ following a forced recovery, or a reservation as prescribed by a local policy. As of the start of 2019, ARIN has 5.9 million reserved IPv4 addresses, APNIC has 4.4 million, AFRINIC 2.0 million, the RIPE NCC has 780 thousand, and LACNIC 1.2 million. The total pool of reserved IPv4 addresses is some 14.2 million addresses in size, or the equivalent of slightly less than one /8 address block Finally, the IANA is holding 3,3288 addresses in its recovered address pool in 13 discrete /24 address blocks.
The RIR IPv4 address allocation volumes by year are shown in Figure 2.
IPv4 Address Transfers
In recent years the RIRs have included the registration of IPv4 transfers between address holders, as a means of allowing secondary re-distribution of addresses as an alternative to returning unused addresses to the registry. This has been in response to the issues raised by IPv4 address exhaustion, where the underlying motivation as to encourage the reuse of otherwise idle or inefficiently used address blocks through the incentives provided by a market for addresses, and to ensure that such address movement is publically recorded in the registry system.
The numbers of registered transfers in the past six years is shown in Table 4.
A slightly different view is that of the volume of addresses transferred per year (Table 5).
A plot of these numbers is shown in Figures 3 and 4.
The total volume of addresses transferred in this way is twenty times the volume of allocated addresses across 2018. The aggregate total of addresses in the transfer logs since 2012 is some 675 million addresses, or the equivalent of 40 /8s, which is some 18% of the total delegated IPv4 address space.
This data raises some questions about the nature of transfers.
The first question is whether address transfers have managed to be effective in dredging the pool of allocated but unadvertised public IPv4 addresses.
It was thought that by being able to monetize these addresses, holders of such addresses may have been motivated to convert their networks to use private addresses and resell their holding of public addresses. In other words, the opening of a market in addresses would provide an incentive for otherwise unproductive address assets to be placed on the market. Providers who had a need for addresses would compete with other providers who had a similar need in bidding to purchase these addresses. In conventional market theory, the most efficient user of addresses (here “most efficient” is based on the ability to use addresses to generate the greatest revenue) would be able to set the market price. Otherwise unused addresses would be put to productive use, and as long as demand outstrips supply the most efficient use of addresses is promoted by the actions of the market. In theory.
However, the practical experience is not so clear. The data relating to address re-use is inconclusive, in that between 2011 and late 2017 the pool of unadvertised addresses sat between some 43 and 44 /8s. This pool of addresses rose in 2018 and by the end of 2018 was sitting at some 49 /8s. Rather than reducing the pool of unused (unadvertised) addresses, this pool appears to be expanding in size over 2018.
In relative terms, expressed as a proportion of the total pool of allocated IP addresses, the unadvertised address pool dropped from 23% of the total allocated address pool in 2011 to a low of some 21% at the start of 2016 and subsequently risen to 22% by the end of 2018. The address transfer activity has not made a substantial change in the overall picture of address utilization efficiency in the past 12 months.
There is a slightly different aspect to this question, concerning whether the transferred addresses are predominately recently allocated addresses, or longer held address addresses where the holder is wanting to realize otherwise unused assets. The basic question concerns the “age” distribution of transferred addresses where the “age” of an address reflects the period since it was first allocated or assigned by the RIR system.
The cumulative age distribution of transferred addresses is shown on a year-by-year basis in Figure 7. In 2012 some 20% of the transferred address blocks were originally assigned or allocated by an RIR within the previous five years. In 2018 the trend had reversed, and some 95% of all transferred addresses were less than ten years old, and 25% of the transferred addresses were more than 25 years old.
The high volumes of transfer activity associated with legacy addresses have been higher in 2018 than in all previous years.
If we look at transfer transactions irrespective of the size of each transfer, we get a slightly different picture (Figure 8). In 2018 it appeared that transfer transactions are uniformly distributed according to the age of the addresses. Previous years have seen a high volume of transactions in recently allocated addresses, but this trading of recently allocated addresses has tapered off in 2017 and 2018. The comparison of Figures 7 and 8 also leads to the observation that the transfers of older address blocks have far larger address spans, which corresponds to the very early IPv4 address allocations of /8 and /16 prefixes.
The second question is whether the transfer process is further fragmenting the address space by splitting up larger address blocks into successively smaller address blocks. There are 27,426 transactions described in the RIRs’ transfer registries up to the end of 2018, and of these 9,809 entries list transferred address blocks that are the same size as the original allocated block. The remaining 17,607 entries are fragments of the originally allocated address blocks.
These 17,607 transfer entries that have fragmented the original allocation are drawn from 2,247 such original allocations. On average the original allocation is split into eight smaller address blocks. This data implies that the answer to the second question is that address blocks are being fragmented as a result of address transfers, but in absolute terms, this is not a major issue. There are some 193,946 distinct address allocations from the RIRs to end entities as of the end of 2018, and the fragmentation reflected in 17,607 of these address blocks is around 9% of the total pool of allocated address prefixes.
The third question concerns the inter-country flow of transferred addresses. Let’s look at the ten countries that sourced the greatest volume of transferred addresses, irrespective of their destination (i.e. including ‘domestic’ transfers within the same country) (Table 6), and the ten largest recipients of transfers (Table 7), and the ten largest country-to-country address transfers (Table 8). We will use the RIR-published transfer data for 2018.
The 2018 transfer logs contain 4,961 domestic address transfers, with a total of 269,090,560 addresses (of which 4,322 are US domestic transfers that encompass 262,610,688 addresses and just 639 are domestic transfers in other countries) while 254 transfers appear to result in a movement of addresses between countries, involving a total of 2,158,336 addresses. It appears that the bulk of the US domestic activity relates to corporate mergers and acquisitions in access networks, although there seem to be a small number of large address blocks that are moving to virtual hosting provider infrastructure.
The total volume of transactions that are recorded in the RIRs’ transfer logs has 13,707 transactions over the 8-year period from the start of 2011, with 576 million IPv4 addresses changing hands in this manner. This eight-year total represents far less activity than the underlying pre-exhaustion address demand levels that allocated some 600 million addresses in the three years leading to the 2011 IPv4 exhaustion point.
It appears that the IPv4 address supply hiatus has motivated most Internet service providers to use address sharing technologies, and, in particular, Carrier Grade NAT (CGN), on the access side and name-based server pooling on the content side as a means of increasing the level of sharing of addresses. This has been accompanied by a universal shift of the architecture of the Internet to a client/server model. The result is that the pressure of the IPv4 address space has been relieved to a considerable extent, and the sense of urgency to migrate to an all-IPv6 network has been largely, but not completely, mitigated over this period.
The outstanding question about this transfer data is whether all address transfers that have occurred have been duly recorded in the registry system. This question is raised because registered transfers require conformance to various registry policies, and it may be the case that only a subset of transfers are being recorded in the registry as a result. This can be somewhat challenging to detect, particularly if such a transfer is expressed as a lease or other form of temporary arrangement, and if the parties agree to keep the details of the transfer confidential.
It might be possible to place an upper bound on the volume of address movements that have occurred in any period is to look at the Internet’s routing system. One way to shed some further light on what this upper bound on transfers might be is through a simple examination of the routing system, looking at addresses that were announced in 2018 by comparing the routing stable state at the start of the year with the table state at the end of the year (Table 9).
While the routing table grew by 61,055 entries over the year, the nature of the change is slightly more involved. Some 72,373 prefixes that were announced at the start of the year were removed from the routing system through the year, and 133,629 prefixes were announced by the end of the year that were not announced at the start of the year. (Within the scope of this study I have not tracked the progress of announcements through the year, and it is likely that many more prefixes were announced and removed on a transient basis through the course of the year.) A further 19,866 prefixes had changed their originating Autonomous System number, indicating some form of change in the prefix’s network location in some manner (Table 9).
We can compare these changed prefixes against the transfer logs for the two-year period 2017 and 2018. Table 10 shows the comparison of these routing numbers against the set of transfers that were logged in these two years.
These figures show that some 13-27% of changes in advertised addresses are reflected as changes as recorded in the RIRs’ transfer logs. This should not imply that the remaining changes in advertised prefixes reflect unrecorded address transfers. There are many reasons for changes in the advertisement of an address prefix and a change in the administrative controller of the address is only one potential cause. However, it does establish some notional upper ceiling on the number of movements of addresses in 2017, some of which relate to transfer of operational control of an address block, that has not been captured in the transfer logs.
Finally, we can perform an age profile of the addresses that were added, removed and re-homed during 2018, and compare it to the overall age profile of IPv4 addresses in the routing table. This is shown in Figure 9. In terms of addresses that were added in 2017, they differ from the average profile due to a skew in favor of “recent” addresses, and 20% of all announced addresses were allocated or assigned in the past 18 months. In terms of addresses that were removed from the routing system, there is a disproportionate volume of removed addresses that are between 2 and 10 years old. 20% of removed addresses are more than 20 years old, where almost 70% of all advertised addresses are more than 20 years old. Addresses that re-home appear to be disproportionally represented in the age bracket of between 7 to 15 years old.
However, as IPv4 moves into its final stages we are perhaps now in a position to take stock of the overall distribution of IPv4 addresses and look at where the addresses landed up. Table 11 shows the ten countries that have the largest pools of allocated IPv4 addresses.
If we divide this address pool by the current population of each national entity, then we can derive an address per capita index. For the curious, the value of just under 5 addresses per capita for the United States is not quite the highest value, as the numbers for the Seychelles and the Holy See are far higher! But they are high by virtue of their relatively small population rather than vast address holdings. The global total of 3.67 billion allocated addresses with an estimated global population of 7.7 billion people gives an overall value of 0.47 IPv4 addresses per capita. It appears that early adopter communities tend to have high than average per capita values, while later adopters tend to fall below the global average. The full table of IPv4 allocations per national economy can be found here.
IPv6 in 2018
Obviously, the story of IPv4 address allocations is only half of the story, and to complete the picture it’s necessary to look at how IPv6 has fared over 2018.
IPv6 uses a somewhat different address allocation methodology than IPv4, and it is a matter of choice for a service provider as to how large an IPv6 address prefix is assigned to each customer. The original recommendations published by the IAB and IESG in 2001, documented in RFC3177, envisaged the general use of a /48 as an end site prefix. Subsequent consideration of long term address conservation saw a more flexible approach being taken with the choice of the end site prefix size being left to the service provider. Today’s IPv6 environment has some providers using a /60 end site allocation unit, many use a /56, and other providers use a /48. This variation makes a comparison of the count of allocated IPv6 addresses somewhat misleading, as an ISP using /48’s for end sites will require 256 times more address space to accommodate a similarly sized same customer base as a provider who uses a /56 end site prefix, and 4,096 times more address space than an ISP using a /60 end site allocation!
For IPv6 let’s use both the number of discrete IPv6 allocations and the total amount of space that was allocated to see how IPv6 fared in 2017.
Comparing 2017 to 2018 the number of individual allocations of IPv6 address space has risen, as has IPv4 activity (Table 12).
The amount of IPv6 address space distributed in 2018 is double that of 2017 and is the highest seen so far (Table 13).
Regionally, each of the RIRs saw IPv6 allocation activity in 2018 that was on a par with those seen in the previous year, with the exception of the RIPE NCC, which saw a 30% increase in allocations (Table 14).
The address assignment data tells a slightly different story. Table 15 shows the number of allocated IPv6 /32’s per year. APNIC allocated a larger total in 2018, as a consequence of four large allocations: a /19, 2 /20’s and a /22 into China, and a /22 into Singapore.
Dividing addresses by allocations gives the average IPv6 allocation size in each region (Table 16). APNIC average allocations increase in size due to the large allocations already noted. Overall, the average IPv6 allocation size remains around a /30.
The number and volume of IPv6 allocations per RIR per year is shown in Figures 10 and 11.
Table 17 shows the countries who received the largest number of IPv6 allocations, while Table 18 shows the amount of IPv6 address space assigned on a per economy basis for the past 5 years (using units of /32s).
Two of the countries in Table 18 listed as having received the highest volumes of allocated addresses in 2018, namely Russia and Spain, have IPv6 deployments that are under 5% of their total user population. To what extent are allocated IPv6 addresses visible as advertised prefixes in the Internet’s routing table?
Figure 12 shows the overall counts of advertised, unadvertised and total allocated address volume for IPv6 since 2010, while Figure 13 shows the advertised address span as a percentage of the total span of allocated and assigned IPv6 addresses.
The drop in the allocated address span in 2013 is the result of a change in LACNIC where a single large allocation into Brazil was replaced by the recording of direct allocation and assignments to ISPs and similar end entities.
From a history of careful conservation of IPv4 addresses, where some 77% of allocated or assigned IPv4 addresses are advertised in the BGP routing table, a comparable figure of 50% does not look all that impressive. But that’s not the point. We chose the 128-bit address size in IPv6 to allow addresses to be used without overriding concerns about conservation. We are allowed to be inefficient in address utilization. Today we have advertised an IPv6 address span which is the equivalent of some 125,000 /32s, or some 8 billion end-site /48 prefixes. That is just 0.003% of the total number of /48 prefixes in IPv6.
We can also look at the allocated address pools for the top twenty national economies in IPv6, and the current picture is shown in Table 19.
While the United States also tops this list in terms of the total pool of allocated IPv6 addresses, the per capita number is lower than many others in this list. Sweden has a surprisingly high number yet estimates of the population of IPv6-capable users in that country point to a deployment rate of just 7%, considerably lower than many other countries listed here. But for IPv6 its still relatively early days and no doubt the picture will change as the deployment of IPv6 matures.
The Outlook for the Internet
Once more the set of uncertainties that surround the immediate future of the Internet are considerably greater than the set of predictions that we can be reasonably certain about.
Compared to previous years there has not been as much in the way of progress in the transition to IPv6 in 2018 (Figure 14). 2017 saw a sharp rise in IPv6 deployment, influenced to a major extent by the deployment of IPv6 services in India, notably by the Jio service. 2018 has been a quieter year, although the rise in the second half of the year is due to the initial stirrings of mass scale IPv6 deployment in the major Chinese service providers.
While a number of service operators have reached the decision point that the anticipated future costs of NAT deployment are unsustainable for their service platform, there remains a considerable school of thought that says that NATs will cost-effectively absorb some further years of Internet device population growth. At least that’s the only rationale I can ascribe to a very large number of service providers who are making no visible moves to push out Dual-Stack services at this point in time. Given that the ultimate objective of this transition is not to turn on Dual-Stack everywhere, but to turn off IPv4, there is still some time to go, and the uncertainty lies in trying to quantify what that time might be.
The period of the past few years has been dominated by the mass marketing of mobile internet services, and the growth rates for 2014 through to 2016 perhaps might have been the highest so far recorded were it not for the exhaustion of the IPv4 address pool. In address terms, this growth in the IPv4 Internet is being almost completely masked by the use of Carrier Grade NATs in the mobile service provider environment, so that the resultant demands for public addresses in IPv4 are quite low and the real underlying growth rates in the network are occluded by these NATs.
In theory, there is no strict requirement for IPv6 to use NATs, and if the mobile world were deploying dual-stack ubiquitously, then this would be evident in the IPv6 address allocation data. And we see this in India, where the rollout of the Jio mobile service through 2016 and into 2017 has now encompassed some 90% of their considerable user population. The deployment in India has been accompanied by a conservative use of IPv6 addresses. The 107 million/48s allocated to date to India equates to 0.1 /48’s per capita, a number far lower than any other economy with significant IPv6 deployment.
On the other hand, the other massive user population, that of China, has only stirred with a visible deployment of IPv6 in the latter part of 2018.
It has also been assumed that we should see IPv6 address demands for deployments of large-scale sensor networks and other forms of deployments that are encompassed under the broad umbrella of the Internet of Things. This does not necessarily imply that the deployment is merely a product of an over-hyped industry, although that is always a possibility. It is more likely to assume that so far such deployments are taking place using private IPv4 addresses, and they rely on NATs and application level gateways to interface to the public network. Time and time again we are lectured that NATs are not a good security device, but in practice, NATs offer a reasonable front-line defense against network scanning malware, so there may be a larger story behind the use of NATs and device-based networks than just a simple conservative preference to continue to use an IPv4 protocol stack.
We are witnessing an industry that is no longer using technical innovation, openness and diversification as its primary means of propulsion. The widespread use of NATs in IPv4 limit the technical substrate of the Internet to a very restricted model of simple client/server interactions using TCP and UDP. The use of NATs force the interactions into client-initiated transactions, and the model of an open network with considerable flexibility in the way in which communications take place is no longer being sustained in today’s network. Incumbents are entrenching their position and innovation and entrepreneurialism are taking a back seat while we sit out this protracted IPv4/IPv6 transition.
What is happening is that today’s internet carriage service is provided by a smaller number of very large players, each of whom appear to be assuming a very strong position within their respective markets. The drivers for such larger players tend towards risk aversion, conservatism and increased levels of control across their scope of operation. The same trends of market aggregation are now appearing in content provision, where a small number of content providers are exerting a completely dominant position across the entire Internet.
The evolving makeup of the Internet industry has quite profound implications in terms of network neutrality, the separation of functions of carriage and service provision, investment profiles and expectations of risk and returns on infrastructure investments, and on the openness of the Internet itself. Given the economies of volume in this industry, it was always going to be challenging to sustain an efficient, fully open and competitive industry, but the degree of challenge in this agenda is multiplied many-fold when the underlying platform has run out of the basic currency of IP addresses. The pressures on the larger players within these markets to leverage their incumbency into overarching control gains traction when the stream of new entrants with competitive offerings dries up. The solutions in such scenarios typically involve some form of public sector intervention directed to restore effective competition and revive the impetus for more efficient and effective offerings in the market.
As the Internet continues to evolve, it is no longer the technically innovative challenger pitted against venerable incumbents in the forms of the traditional industries of telephony, print newspapers, television entertainment, and social interaction. The Internet is now the established norm. The days when the Internet was touted as a poster child of disruption in a deregulated space are long since over, and these days we appear to be increasingly looking further afield for a regulatory and governance framework that can challenge the increasing complacency of the newly-established incumbents.
It is unclear how successful we will be in this search. We can but wait and see.
Written by Geoff Huston, Author & Chief Scientist at APNIC
Follow CircleID on Twitter
Read more here:: feeds.circleid.com/cid_sections/blogs?format=xmlPosted on: January 30, 2019