In November 2019, my colleagues at the RIPE NCC announced that we had exhausted our remaining pool of IPv4 addresses. While our announcement attracted a lot of attention, in truth these 32-bit network identifiers have been in short supply for almost a decade now. Today, IPv4 exhaustion is putting pressure on ISPs and other companies that don’t have enough addresses to properly grow their networks.
It has long been understood that we would eventually reach this point. That’s why, in 1998, the Internet Engineering Task Force (IETF) completed work on a replacement version 6 of the Internet Protocol (IPv6). Intended to future-proof the Internet, IPv6 has 340 trillion, trillion, trillion addresses – which makes the 4.2 billion addresses in IPv4 seem rather paltry in comparison. However, even 20 years later we are still some distance from IPv6 being the dominant protocol on the Internet. And if organisations stick with IPv4 over the long term, the cost of this collective decision is likely to have a big impact on individual networks and the Internet as a global system.
The trouble with trading
For many ISPs facing an IPv4 shortage, the first response is often to look for “used” addresses to buy from another network. Since around 2012, an IPv4 trading market has facilitated the transfer of many millions of unused addresses to networks who need them. But this is a short-term solution at best. There are only so many addresses out there, and much of the readily-available supply appears to have been traded in the earlier phases of the market. The result is that prices are rising steadily – with various reports indicating that IPv4 goes for somewhere in the realm of $20 USD per address today. Just how high prices can go is anyone’s guess, but many networks are already unable to afford to buy addresses, especially smaller start-ups or those in less-developed economies.
As IPv4 became a valuable commodity, this caught the attention of fraudsters who were quick to spot a new way to make money. It was in 2014 that the RIPE NCC first discovered an illicit hijack of a network’s IPv4 resources, and in 2018 and 2019 we conducted a record number of investigations into fraudulent activity. In most cases, a network buying stolen IPv4 addresses will be doing so unknowingly and can expect to lose access to any newly purchased addresses when the fraud is discovered. This highlights the importance of knowing who you are doing business with when venturing into this relatively new marketplace.
It is also important to understand that in most cases, IPv4 addresses being sold will have been used on the Internet in the past – which means they will have a history. If that history involved spam or other forms of network abuse, the addresses will probably feature on a blacklist somewhere, which makes it unlikely that other networks will route them (which might be why they were sold in the first place). Geolocation issues are also common with recently transferred addresses, especially when the buyer is in a different country. This means that an ISP’s customers can find themselves defaulting to websites or services that cater to different regions and languages when connecting via newly acquired IPv4 addresses.
Workarounds aren’t working
While some ISPs search for additional IPv4 addresses, others are looking to do more with the addresses they already have. For the most part, this is achieved through the use of technical workarounds, the principal one being Carrier Grade Network Address Translation (CGNAT). This essentially involves a single public IPv4 address being shared between a number of different users on a network – in some cases thousands of customers can share the same address.
CGNAT might be a logical response to the pressures associated with IPv4 shortages, but it brings its own complications. Aside from higher running costs and increasing the complexity of a network (something that should be avoided wherever possible), it can also stop some services from working. This is largely due to the fact that it doesn’t allow direct “end-to-end” communication between the customer and the device they are exchanging packets with, which is one of the Internet’s fundamental principles. Gaming is one area that is particularly affected here. Aside from connection and interoperability issues resulting from different CGNATs on different networks, if a user sharing an IP address with you is banned from your favourite gaming network – so are you. A speaker from Microsoft’s Xbox Services at the Internet Governance Forum in 2018 said that they planned to start notifying gamers when CGNAT incompatibility was the cause of their problems.
And in competitive gaming, where added milliseconds can be a deciding factor, the added step of packets having to be redirected via the CGNAT infrastructure on their way to the user adds latency. This is why IPv6 is sometimes reported as being faster than IPv4 – not due to the differences between the two protocols – but because IPv6 traffic doesn’t have to make this detour through CGNAT.
The promise of IPv6
In the years since IPv6 was first launched, those of us who are active in technical communities like RIPE and the IETF have invested a lot of time into discussing and debating IPv6 issues – often in search of the airtight rationale or “killer app” that will finally convince the world at large to properly invest in deploying the updated protocol. But while IPv6 does contain some added improvements since IPv4, the key point is really that it just works. It does what the Internet Protocol is supposed to do – which is to enable devices to connect to a global network of other devices, each with ready access unique network identifiers. In this sense, the killer app of IPv6 is that it avoids all of the problems that come from an Internet that has all but exhausted the supply of IPv4 addresses.
Internet companies have been trying to connect nearly seven billion users and several billion more devices using only 4.2 billion IPv4 addresses. In stark contrast, IPv6 boasts trillions of trillions of trillions of available addresses. This unlocks a host of new possibilities for meeting demand, cost efficiency, network configurations and technological innovation. Not to mention eliminating our reliance on IPv4.
So why have ISPs been slow to invest in IPv6? For the most part, this was because there was little advantage in being first – it made more sense to wait for a network effect to emerge. This is because networks will have to continue supporting IPv4 for some time, even after most have moved to IPv6. However, dual-stack and translation technologies such as NAT64 and 464XLAT have made this possible for some time now – and recent greenfield IPv6 deployments (such as T-Mobile USA and Reliance Jio) have showed that this is a viable approach. Furthermore, because most of the large content providers like Netflix, Google and Facebook have embraced IPv6, an ISP that enables it today will find that a significant portion of its total traffic immediately travels across an IPv6 path. This takes the load off CGNAT infrastructure and has a small but positive effect on latency.
While there is still some way to go, it’s a lot easier to be positive about IPv6 today than it was even five years ago – IPv6 deployment rates are continuing to climb. Germany is now almost 50 per cent capable , while France records 43.7 per cent IPv6 capability and the UK 35.34 per cent . This might be coming just in time, as it’s predicted that there will be 41.6 billion connected IoT devices by 2025 . With more and more devices being connected to the Internet than ever before, demands are huge, and these further highlight the case for IPv6 adoption.
I think most of us who work in this industry are generally suspicious of anyone who claims to know where this thing is headed. But it does seem that if IPv4 remains the dominant protocol over the longer term, the Internet is going to become a bit more expensive, a bit more complex, less stable, and more restricted in terms of the directions it can grow. Thankfully, it does seem that there is now very real progress being made.
Marco Hogewoning, acting Manager Public Policy and Internet Governance, RIPE NCC