Home / Blogs

The ISP Industry: Concentrated or Diverse?

Protect your privacy:  Get NordVPN  [ Deal: 73% off 2-year plans + 3 extra months ]
10 facts about NordVPN that aren't commonly known
  • Meshnet Feature for Personal Encrypted Networks: NordVPN offers a unique feature called Meshnet, which allows users to connect their devices directly and securely over the internet. This means you can create your own private, encrypted network for activities like gaming, file sharing, or remote access to your home devices from anywhere in the world.
  • RAM-Only Servers for Enhanced Security: Unlike many VPN providers, NordVPN uses RAM-only (diskless) servers. Since these servers run entirely on volatile memory, all data is wiped with every reboot. This ensures that no user data is stored long-term, significantly reducing the risk of data breaches and enhancing overall security.
  • Servers in a Former Military Bunker: Some of NordVPN's servers are housed in a former military bunker located deep underground. This unique location provides an extra layer of physical security against natural disasters and unauthorized access, ensuring that the servers are protected in all circumstances.
  • NordLynx Protocol with Double NAT Technology: NordVPN developed its own VPN protocol called NordLynx, built around the ultra-fast WireGuard protocol. What sets NordLynx apart is its implementation of a double Network Address Translation (NAT) system, which enhances user privacy without sacrificing speed. This innovative approach solves the potential privacy issues inherent in the standard WireGuard protocol.
  • Dark Web Monitor Feature: NordVPN includes a feature known as Dark Web Monitor. This tool actively scans dark web sites and forums for credentials associated with your email address. If it detects that your information has been compromised or appears in any data breaches, it promptly alerts you so you can take necessary actions to protect your accounts.

In August 2010, we looked at the growth in RIPE NCC membership and concluded that the number of new RIPE NCC members is still growing at an amazing pace, even during the recent economic downturn (see ‘Internet Continues to Grow at Astonishing Pace’).

This time we are looking at the different sizes of RIPE NCC members over time. It is often claimed that there is massive consolidation happening in the ISP community, especially in times of economic difficulties like in the early 2000s and now. We were curious to find out if this is really the case.

In the graph below, you can see how many of the total numbers of RIPE NCC members have how much of the total amount of IPv4 address space allocated or assigned to them1. Each of the quintiles represents 20% of the IPv4 address space handed out by the RIPE NCC. The little boxes or stripes in each row represent the number of RIPE NCC members that share that particular one fifth slice of IPv4 address space. Today the RIPE NCC has handed out 30 /8s in total. That means, 20% of the IPv4 address space is currently 6 x /8.

We can see that, currently, seven organisations have 20% of the address space, 25 organisations have another 20% of the address space, and so forth. It is true that there is a relatively small number of organisations that hold the majority of address space. But there is also a huge number of small and medium-sized organisations (more than 6,000) that enter the system and have address space allocated or assigned to them2.

The different colours represent various time periods in which the LIRs have entered the system: the red stripes represent the oldest RIPE NCC members and the purple stripes the youngest: In Q1 and Q2 2010, there were already 402 organisations (marked purple) that received their initial allocation or assignment. If this trend continues, we will see the highest number of new entrants ever. That shows that there is no real barrier to new entrants.

In the small image on the left you can see the colours for different periods of time. In the bigger image you can see that organisations from various time periods move up in the system. That shows that organisations grow over time and accumulate more address space for their networks and customers. There are still a number of large organisations that received their addresses in the 1990s, but there are also some that started later and made their way up to the top quintile in the graph.

In every industry, some degree of concentration is happening over time. But if we compare the ISP industries to other types of industries, we can conclude that our industry is amazingly open and varied. In a future CircleID post we will present these industry comparisons.

We also looked at the developments over time: How many organisations were there in the 1990s and how was the address space distributed then? Has this distribution changed after the dotcom bubble burst in 2002? And how have things developed in recent years? All these questions are answered in the background article on RIPE Labs.

1 Strictly speaking, we were looking at the number of organisations that either received IPv4 allocations or IPv4 Provider Independent assignments. Not all of the PI assignment holders are members of the RIPE NCC. For the purpose of this article, we included those as well. They all have a contractual agreement with the RIPE NCC.

2 Note that the scale of the bottom quintile is different than the others, because otherwise the number of organisations in that section would not have fit on one page.

By Daniel Karrenberg, Chief Scientist at the RIPE NCC

Filed Under

Comments

Sure depends on how many of these are actually large ISPs .. Suresh Ramasubramanian  –  Nov 9, 2010 1:49 AM

And how many of them are sbl listed outfits (LIR, assigned PA or PI) with /15s of their own. 

http://www.spamhaus.org/Sbl/listings.lasso?isp=RIPE

/21s and /23s now - and a whole lot of /17s and even /15s in that list.  All assigned directly to various SBL listed organizations.

Of course the “we are not the internet police” does apply to some extent, and RIPE is policy driven, member driven. 

But as the custodians of a diminishing resource, the policy failure that leads to RIPE policies being grossly abused to fritter away /15s means that RIPE needs to be much more proactive than they currently are, both in tightening allocation policies and in possibly retrieving wrongly allocated blocks.

Internet Address Distribution is Needs Based Daniel Karrenberg  –  Nov 10, 2010 10:32 AM

Suresh, thank you for your comment. I understand and respect your intentions. But good intentions need to be seen in context of principles or they may very well not yield good results. Internet Address distribution is based on documented need and policies developed by the community. The current policies are here: http://www.ripe.net/ripe/docs/ripe-498.html I am sure that the "sbl listed outfits" justified their address space need according to these policies just like everyone else. Now imagine the justified public outcry if the RIPE NCC were to take unrelated criteria such as black lists into account! We have resisted other threats to community governance by standing up,for example, to the UK SOCA; see http://www.eweekeurope.co.uk/news/news-security/russian-police-and-internet-registry-accused-of-aiding-cybercrime-2164 and http://www.ripe.net/news/rbn.html So, as McTim notes, the way to realise your intentions is to rally support for policy changes. Note well that RIPE has an active anti-abuse working group that may very well be a sympathetic forum for this. Note also that the desires of the anti-abuse working group are often at odds with the interests of others in the RIPE community and compromises need to be found. Last but not least I suggest you have a look at https://labs.ripe.net/Members/jsq/economic-incentives-for-internet-security Daniel

I wish Andrew Auld had been a bit more diplomatic Suresh Ramasubramanian  –  Nov 10, 2010 12:58 PM

However, he had an extremely valid point, which was entirely lost in all the righteous indignation that his statement provoked. > ""If we were being harsh, we could say that Ripe has received criminal > funds and was involved in money-laundering offences. We are not treating > it that way, but you could see it like that." Correct in that the the front organization was the RBN, and that the funds were criminal. Also correct that RIPE did not know either of these facts and had clean hands. I still can't help wondering what effect believing a bit less in the "we are not the (routing|internet|whatever) police" mantra would have had on policy enforcement. ps: The justification paperwork for a /15 dedicated to sending bulk mail would be interesting, I dare say.

Sounds like you need to author a policy proposal! McTim  –  Nov 9, 2010 7:55 PM

The devil, of course, is in the details!

Of course. But the "... are not the [X] police" attitude tends to be problematic Suresh Ramasubramanian  –  Nov 10, 2010 12:51 PM

Policy proposals have been submitted, presentations have been made, etc etc. I do look forward to what Uwe Rasmussen submits to RIPE. But "is not the routing police" .. If a bank were to keep sanctioning loans on the basis of fake documentation (shell companies etc), and then say they arent the document police, that'd be interesting. http://www.ripe.net/ripe/wg/ncc-services/r59-minutes.html H. Recovering resources assigned to non-existing entities http://www.ripe.net/ripe/meetings/ripe-59/presentations/rasmussen-recovering-resources.pdf Uwe Manuel Rasmussen, Microsoft Ruediger pointed out the importance of distinguishing between actual criminal activity on the net and the ways to fight this from the administrative procedures. It is not related to the RIPE administration processes. Uwe agreed with this, but mentioned that this didn't lead to the entity with the real responsibility. Ruediger stated again that the registration is not the point, and that you must get to the "box" and that this may be a botnet. The administrative data in the RIPE Database is irrelevant to this. Uwe stated that there should be a check that organisations requesting resources actually exist before assigning to them. Nick Hilliard (INEX) pointed out that this check is already done by the RIPE NCC. However, there is little the RIPE NCC can do if documents are fake. The RIPE NCC is not the routing police. Uwe agreed but would still like a way to be able to challenge an assignment. Carsten Schiefner (DENIC) commented that there is a similarity with TLDs. There is still no solution to guarantee WHOIS accuracy. Uwe explained that he was not looking for WHOIS accuracy, but for a solution to remove the people that don't exist. John Curran (ARIN) explained how this is done in the ARIN region. He said that ARIN does verification, but when a fraud is uncovered, ARIN does act to revoke resources. This is not related directly to the criminal activities, but due to a violation of the policy. Uwe agreed that it is not the RIPE NCC's job to determine what is legal or not, but pointed out that allowing somebody that obtained resources to use these resources for illegal purposes leaves him outside the law. He said that he will present propositions to the mailing list to reformulate the text in RIPE Document ripe-452 to revoke resources if an organisation if found not to actually exist.

Way to go, RIPE. Way to go. Suresh Ramasubramanian  –  Jan 30, 2011 3:48 AM

Sequence of events - 1. Richard Cox posted an article on spamhaus.org critical of RIPE's effectiveness in terms of (not) preventing malicious entities from acquiring large chunks of IP space. http://www.spamhaus.org/news.lasso?article=663 2. Richard Cox is then removed from his role as co-chair of the RIPE anti abuse working group. http://ripe.net/ripe/maillists/archives/anti-abuse-wg/2010/msg00416.html Way to go. As Richard said in his article

RIPE (the Regional Internet Registry, or number-address co-ordinating body, for Europe and the Middle East) is one of the bodies shouting loudest for the principle that internet crime is not their concern. But the governance of RIPE appears to be under the control of less than 1000 self-appointing individuals who bear zero responsibility to anyone other than themselves for the impact of their actions. That was fine for as long as their actions only impacted on each other, but with recent developments in the forms of subterfuge employed by Trans-National Organised Criminals being specifically enabled by a weakness in RIPE's operating structure - a weakness specifically absent from the other four Regional Internet Registries - Spamhaus has to question whether RIPE's form of internet governance is anywhere near fit for purpose.
This might not change his opinion - but it is a baby step in the right direction. Hopefully. If it is enforced after some enforced non-chanting of the "we are not the internet police" trope. http://ripe61.ripe.net/presentations/281-Closure_of_LIRs_and_deregistration_of_resources_anti_abuse_aspects.pdf

Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

Related

Topics

DNS

Sponsored byDNIB.com

Threat Intelligence

Sponsored byWhoisXML API

Brand Protection

Sponsored byCSC

New TLDs

Sponsored byRadix

Domain Names

Sponsored byVerisign

Cybersecurity

Sponsored byVerisign

IPv4 Markets

Sponsored byIPv4.Global