Blog: Beyond Counting:
New Perspectives on the Active IPv4 Address Space

2017-03-16 - 8 minutes read

The Internet faces a fundamental resource scarcity issue: the Internet Assigned Numbers Authority (IANA) exhausted its pool of available IPv4 addresses in 2011. As of 2017, also four out of five (APNIC, RIPE, LACNIC, ARIN) of the Regional Internet Registries (RIRs) have run out of freely available IPv4 address space. The exhaustion of readily available IPv4 address space puts increased pressure on both ISPs and policy makers around the world. ISPs need to find open-ended ways to accommodate the needs for IPv4 connectivity of their customers. Policy makers need to establish regulatory guidelines for the emerging marketplace for IPv4 address space.

As the Internet continues to expand, effective governance and administration of the  IPv4 address space is critical to supporting and maintaining infrastructure and services, and to ensure further sustainable growth of the Internet, while managing the simultaneous, increased adoption of IPv6. Philipp Richter (TU Berlin and Akamai), Georgios Smaragdakis (MIT), David Plonka (Akamai), and Arthur Berger (Akamai/MIT) evaluate Internet-wide IPv4 activity at the individual IP address-level through examining the server logs of a large commercial Content Delivery Network (CDN) that serves close to 3 trillion HTTP requests per day. In 2015, these logs recorded client activity involving 1.2 billion unique IPv4 addresses. Monthly client IPv4 address counts had shown constant growth up to 2014, but since then, the IPv4 count has stagnated while IPv6 counts have increased.

Figure 1:  Unique active IPv4 addresses observed monthly by a large CDN

Since 2014, the CDN observes a relatively constant number of active IPv4 addresses. However, the analysis shows significant churn and volatility in active IPv4 addresses: the set of active IPv4 addresses can vary by up to 25% during a year. By looking across the active addresses in a prefix, it is possible to identify and attribute activity patterns to network restructurings, user behaviors, and address assignment practices. Finally, by combining spatio-temporal measures of address activity with measures of traffic volume and sampling-based estimates of relative host counts, the study yields detailed insights on worldwide IPv4 address utilization, including empirical observations of under-utilization in some areas and complete utilization, even exhaustion, in others. The degree of utilization is correlated with the addressing mechanisms that network operators use (e.g., static addressing, dynamic addressing, address sharing) and varies substantially across geographic regions, administered by the five Regional Internet Registries.

Figure 2: IPv4 Address Activity: Breakdown per Regional Internet Registry

The team’s findings have a number of significant implications, from measurement practice, to Internet Governance, network management, network security, and content delivery. Key points in the paper are as follows:

Implications to Measurement Practice: At the time of the research, activity from 1.2 billion globally-unique IPv4 addresses was measured, which is the highest number ever reported based on measurements. The address count analysis suggests  that remote active measurements (e.g., actively probing IP addresses using ICMP) are insufficient for census or complete survey of the Internet, particularly at IP address-level granularity. The passive measurements show extensive churn in IPv4 addresses across all timescales, which implies that any census needs to be qualified by the observation frequency and period.

Implications to Internet Governance: The 1.2 billion active addresses represent 42.8% of the possible unicast addresses that are advertised in the global routing table. If the range is restricted to the 6.5 million /24  address blocks in which active WWW clients’ addresses are observed (with blocks that may be dedicated to network infrastructure and services being excluded), it is evident that roughly 450 million addresses may have been unused. If a large subset of addresses were available, they could be reallocated for IPv6 transition mechanisms that will require IPv4 addresses, or they could be offered as a commodity whose supply might last years in an IPv4 marketplace, based on past rates of growth in IPv4 address use.

IPv4 address markets are an operational reality, governed by the respective RIR policies. The metrics introduced in the study offer detailed insights on the spatio-temporal utilization of network blocks, potentially helping Regional Internet Registries (RIRs) to determine the current state of address utilization in their respective regions. This could also help RIRs to see if a transfer conforms with their stated policy and to identify likely candidate buyers and sellers of addresses.

Implications to Network Management: Measuring spatio-temporal utilization could enable an operator to manage the IPv4 addresses that they assign more efficiently. Further, networks that discover underutilized address blocks may choose to become sellers in the IPv4 transfer marketplace. The measurements also serve as a basis for discussions and best practices on address assignment and their eventual effect on address space utilization.

Implications to Network Security: The existence of disparate rates of change in the assignment of IP addresses to users has consequences for maintaining host-based access controls and host reputations. Unfortunately, addresses and network blocks become encumbered by their prior uses and the behavior of users within them. However, the work shown here can inform such issues. Further, the change detection method could be used to trigger the expiration of host reputation, avoiding security vulnerabilities when networks are renumbered or repurposed.

Implications to content delivery: A key responsibility of CDNs is to map users to the appropriate server(s) based on criteria including performance and cost. Details about active IP addresses and network blocks are increasingly important when a CDN uses end-user mapping, where client addresses are mapped to the appropriate server. Again, the metrics and methods shown in the paper can help.

The Internet community is in the midst of a complex and costly resource-limited predicament, one that was foreseen but unavoidable. Operators continue to struggle with the question of whether and when to implement incremental changes to IPv4, to adopt IPv6, or to follow both paths. This study sheds light on the current state of the IPv4 address space to foster discussions and inform decisions on how to efficiently administer, manage, and govern the Internet address space.