IPv4 addresses have run out! It would have been fashionable to make this claim in 2011 when the last of the IPv4 addresses in the ‘free pool’ were allocated. It took several years, but today most of those remaining addresses are accounted for. How has the distribution and use of these last addresses been made in comparison to what was once commonly referred to as the IPv4 address swamp? Has IPv4 allocation and assignment changed for the better in the 21st century? Or are the prefixes getting smaller and even more diverse? What implications might this have on Internet security?
Outside of its historical context, we rarely refer to swamp space any longer. Why is this? Perhaps it is because the majority of the IPv4 address space now closely resembles what was once an outlier in address management, organization, and structure? Perhaps there is a new swamp, just like the old swamp.
Key findings The legacy address ‘swamp’ is what a lot of the address space now resembles.
Address registrations and routes are growing in number, while prefix sizes are getting smaller.
Address volatility greatly affects the performance of threat mitigation.
Background
In the 1990s and well into the 21st century, network operators often referred to a portion of the IPv4 address space as ‘The Swamp’. As far as we know, the phrase was never formally defined, but it was commonly used to refer to a subset of allocations in the original classful C address hierarchy. In practice, small /24 assignments first came out of 192/8, the start of the class C block. The negative connotation implied by the word ‘swamp’ suggests dirty, dishevelled, and inefficient. In terms of IP address management and routing, these attributes often fit. Network operators worried that if trends continued, the size of routing tables would quickly overwhelm router capacity. By the early 21st century, approximately 80% of the 192/8 address space was already assigned, and much of it was seen in the Internet routing tables as many disaggregated /24 routes.
The sheer number and diverse assignments of these /24 prefixes effectively prohibited address aggregation. Over time, the routing system evolved to handle an ever-increasing number of prefixes, but few, if any, routers from the early days would be able to load and compute the routing tables that exist today. Small prefixes and the routing table entries continue to grow. As of this writing, a full IPv4 routing table is approximately 1 million entries. Two decades prior, there were only 150,000 routes. When people suggest the Internet is a collection of loosely cooperating Autonomous Systems, the swamp might have been considered ‘exhibit A’, foreshadowing the new normal of IPv4 addressing disorganization.
The last of the /8 IPv4 address allocations from the Internet Assigned Numbers Authority (IANA) to Regional Internet Registries (RIRs) were made in 2011. Obtaining previously unassigned IPv4 addresses is now becoming a thing of the past. IPv4 address scarcity has led to a variety of reactions from users and the market. Large blocks of assigned IPv4 addresses (/16 or larger) are routinely transferred from one holder to another for hundreds of thousands of dollars. Waiting lists and address-leasing companies are now part of the IPv4 address assignment landscape. Many organizations with lots of addresses in the legacy Class A or B networks have split them up or transferred them to the highest bidder.
It is well known that the big cloud providers, such as Amazon and Microsoft, have gobbled up many IPv4 address blocks on the market, divvying them up across their global data centre infrastructure. Network Address Translators (NATs) continue to be widely used and relied upon. Interest in and deployment growth of IPv6 addressing continues to grow every year. We began to wonder about all these changes, especially considering how the IPv4 address space structure and organization have changed. The implications the new normal has on routing are obvious, but less well understood is what effect these changes have had on address and network reputation.
... continue reading