|
The prospect of exhaustion of the IPv4 address space is not a surprise. We’ve been anticipating this situation since at least 1990. But it’s a “lumpy” form of exhaustion. It’s not the case that the scarcity pressures for IP addresses are evidently to the same level in every part of the Internet. It’s not the case that every single address is being used by an active device. A couple of decades ago we thought that an address utilisation ratio of 10% (where, for example, a block of 256 addresses would be used in a network with some 25 addressed devices) was a great achievement. More recently in our address allocation policies we tried to up the bar and set a target utilisation ratio of 80% as a condition of further address allocation. As we approach exhaustion of the Regional Internet Registries’ pools of available address space, the 4 billion IP addresses that have been distributed for use the network span a very rough estimate of some 2 to 3 billion connected devices, representing an average address utilization ratio of 50% to 75%.
The reason why this number is so uncertain is that its challenging to conduct a census of Internet-connected devices when there is widespread use of network address translators (NATs). With the use of NATs its also the case that not every connected device needs its own unique IP address.
While we are exhausting our supplies of “fresh” IP addresses for the Internet, this does not mean that every single IPv4 address is committed, nor does it imply that every IPv4 address is optimally and efficiently used. While there is still a continuing demand for IPv4 addresses, then once the supply of addresses from the Regional Internet Registries comes to its inevitable hiatus, the emergence in an “after market” in IPv4 addresses is, from some perspectives, an inevitable development.
The continuing need for the redeployment of IP addresses following exhaustion of the current supply channels will be expressed as a willingness to purchase addresses. If the bidder’s valuation of their need, expressed as a bidding price for IPv4 addresses, exceeds a current address holder’s perception of the continuing value in holding addresses, then we’ve probably managed to meet the basic criteria to set up a simple trade of addresses for money. This appears to be a relatively conventional condition that would motivate the formation of a market.
However, this thought experiment relating to the emergence of markets in IP addresses has not been universally accepted. The observation about the inevitability of such markets has often provoked a response that I could paraphrase as: “IP addresses are not property, and they have no intrinsic value. How can a rational market exist for a good that cannot be owned and has no intrinsic value?” After all, addresses are just simple integer values placed in packet headers. How can these integers be “owned” and how can a value be placed on such claims of possession of these integers? There is also the fear that a market in addresses would cause a distortion in the address distribution outcome, where rather than a model of addresses being available to those who are active participants in the activities of the Internet, addresses would themselves be the object market speculation. There is the prospect of actors deliberately acquiring addresses and then withholding them from use in order to drive up the market price, which is a very distant place from the original model of addresses being merely a means of facilitating access to the Internet.
This debate about markets and addresses has been going on for many years, and in reviewing some of the older material I wrote many years ago on address markets I came across this article from January 1997 in talking about the value of an address:
“The major point highlighted here is that each party’s estimation of the economic value will vary depending on their ultimate requirement for the address space, given that address space is not an end in itself, but a means to exploit the associated internet technology and Internet connectivity environment, and the estimated value of that activity relates to the estimation of economic value of the address space itself for that party.”
(Do IP Addresses Have a Value, January 1997)
Indisputably, the Internet itself has a value. With an estimated 2.3 billion users in late 2013, the Internet evidently accounts for some 4% of the World’s GDP. This estimate of its value is perhaps more a testament to the potency of the combination of broadly deployed coherent computing and communications capabilities that the Internet represents, more than the attributes of the Internet Protocol Suite as a particular technology artefact in and of itself. However, whether one argues that this particular IP technology framework was an intrinsic part of the Internet’s undeniable success in generating value or not, or whether other protocol suites could have fulfilled a similar role, that’s perhaps a matter of historical debate. The outcome of the past two decades of the Internet’s evolution is that IP technology is intrinsically bound into the fabric of the Internet, and the entire Internet is inextricably based on the IP protocol suite. This implies that one of the critical prerequisites to participate in this online economy is the ability to send and receive IP packets, and critical to that function is access to a unique IP address.
If participation in the Internet has a monetary value, then access to IP addresses also has a monetary value. Irrespective of the issue of property and ownership, the proposition that access to a uniquely held useable IP address is in and of itself an access that has some form of monetary value is a proposition that I find compelling.
However, it appears that the level of value, monetary or otherwise, that individuals are willing to ascribe to an IP address varies according to roles and objectives of the potential address user.
Much of this valuation depends on whether the address in question is intended for a context where the address is dedicated to a particular service or function or whether the address can be shared by multiple users. Another way of looking at this is with the question: Does every connected device need its own unique IP address? The longstanding use of Network Address Translators at the edge of the Internet suggests otherwise. For many clients, the use of Internet services is evidently not hindered to any great extent by the use of a shared address, and these days any Internet application of service that requires a client device to have exclusive use of an IP address is not a viable general use application. With the use of NATs inside the service providers’ networks in the form of Carrier Grade NATs of various forms, this form of address sharing has intensified. As we explore various forms of NAT binding models it is possible to share a single IP address across hundreds, or even thousands, of devices. The implication of the use of such devices is that each individual client device does not necessarily place a high intrinsic value on the exclusive use of an IP addresses, as compared to the shared use of a common IP address.
Does this also hold for content servers? Given the predominance of the web as the universal service platform in today’s Internet, and the use of name-based server virtualisation in the underlying HTTP protocols, then it is quite possible for individual content servers to coexist on a single service platform, with a single IP address, and have this scale up to quite high levels. The implication of such forms of server sharing implies that each individual content server does not necessarily need to place a high intrinsic value on exclusive use of an IP address.
But this is not necessarily always the case for all content servers. It may be that one of your fellow tenants in your shared server infrastructure is the target of a DDOS attack, or has managed to get the common IP address listed on an anti-spam blacklist. Or it may be as simple as wanting to set up a server that supports transport level security, and you are understandably nervous about using a shared security solution where you have no direct control of the key information that is the essential part of the security structure.
That last one is a tough issue. Yes, there is a Name-based extension for secure services (SNI), that would allow for individual security credentials to be used in the context of a shared IP address, but the problem here is that older platforms do not recognise this security extension, and among those is Windows XP, which still accounts for around one third of the user population. If you want to set up a service that uses a protected secure channel, then the conservative advice is that you need your own IP address, and in this case the value you may place on access to this address is commensurate with the value of the content you wish to serve via this secured access service. Which may be low, or may well be extremely high.
Evidently not everyone has the same estimate of the value of an IP address, and this value will vary based upon the intended role and objective of the user or users of this address.
Given this variation in demand and value of an IP address, what can we learn from the experience so far from the market place of IP address transfers in pricing IP addresses?
These days we commonly hear that the “market value” for an IP address is around $10 per individual address. It’s challenging to place this reported figure into its proper context, because most of the information relating to address transfers is confidential to the parties involved in each individual transfer. To date, the address market has not operated in the manner of, say, a share trading market, where the price of each successful transaction, and the bidders’ and sellers’ offers are continuously publicly disclosed. Instead, we have had to use the small scraps of public information that leak out from a predominately private set of transactions. Where did this $10 valuation originate? It seems that one of the most widely cited address transactions was that of a US bankruptcy proceedings in 2011, where Microsoft successfully tendered $7.5M to purchase a block of 666,624 addresses from the liquidators of Nortel, which is equivalent to a price of $11.25 per address.
Was that a “fair” price for IP addresses then, and is it a “fair” price now?
Those are hard questions. There are many factors that go into such a judgement about pricing a good, including the scarcity (or abundance) of the goods relative to demand, the substitutability cost, the marginal cost of production, the reputation of the seller, the urgency of the buyer, the perceptions of the exploitative value of the good, expectations of future value, local regulatory considerations, and so on. One of the major factors in pricing for many goods is the concept of a “market price” where the unit price of the next transaction is heavily influenced by the price obtained in the previous transactions. In the absence of a reliable flow of information relating to this “market price”, the concept of what may be considered a “fair” price is difficult to define.
But is it important to define such a concept of a “fair” price for IP addresses?
In other domains the argument has been made that, above all else, the market price of a good is a signal of the mediation of supply and demand. If a good remains in demand, yet its supply is failing to match demand, then the good should rise in price. This so-called “scarcity premium” can be interpreted as a signal that the good is in short supply, and it should act as an incentive for suppliers to produce greater quantities of the good. In addition, the higher the scarcity premium the greater the incentive for market actors to seek alternative goods that are in some fashion substitutable for the good in question. Similarly, an abundant good whose supply exceeds demand will experience a fall in price. This fall in price should both stimulate demand and also act as a disincentive for providers to produce greater quantities of the good.
In the case of the market for IPv4 addresses we could suppose that the current state of exhaustion in the supply of IPv4 addresses through the Regional Internet Registry (RIR) allocation channels would lead to a condition of scarcity, which would cause a rise in the market price of IPv4 addresses. This would act as an incentive for potential buyers to explore alternative mechanisms, including the use of various forms of address sharing, and also provide an incentive for Internet actors to commence investment in a longer term substitution solution, namely IPv6. The longer this transition process takes, the greater the scarcity, which in turn leads to greater price pressure, which in turn increases the incentives to invest in alternative measures.
That’s the theory, in any case.
In practice, it does not appear to have happened in this manner.
If one can believe the various rumours and third-hand stories, the address deals that are taking place still price addresses at around $10 per address. That’s much the same price as was demonstrated in the bankruptcy proceedings in 2011. But, since the start of 2011 the Internet has grown by at least some 700 million new connected devices, while the supply of addition addresses in the same period to service this device growth has only been of the order of 300 million addresses. More recent data provides an even more graphic picture of the level of scarcity pressure being placed on addresses. In the first 9 months of 2013 the address supply has provided some 42 million addresses to the Internet, yet we see industry estimates of at least 300 million devices being connected. So if a market price is a signal of the mediation of demand and supply we would’ve expected the price of IPv4 addresses to have risen as dramatically, in line with an escalating supply shortfall. But, going by the reports of IPv4 address pricing in recent transactions staying consistently at around $10 to $11 per address, this has not happened.
That leads the supposition that perhaps the leaked pricing information is not an accurate picture of the actual price used in the transactions that are occurring, or perhaps this IPv4 address market is not operating all that effectively. The occlusion of reliable public pricing information from address sale transactions leads to a suspicion that the market is not operating as effectively as it could. The inability of both buyers and sellers to be reliably informed of the outcomes of previous transactions, and to be adequately informed of the existence of other buyers and sellers and their respective offers and demands, could lead to a view that this address market that is operating somewhat erratically, where price is unable to act as an effective mediator of demand and supply, and price information is not being clearly signalled.
However, perhaps these concerns about the efficiency of the operation of the IPv4 address after market are short term concerns. The larger picture is that these measures relating to address sharing are simply stopgap measures, used for as long as the transition to IPv6 is underway. The theory says that at some point in the future, possibly sooner rather than later, enough of the Internet will support operation in both IPv4 and IPv6 such that some parties will no longer feel the need to support continued use of IPv4. At this point we would expect to see a dramatic change in the demand and supply schedules for IPv4 addresses, and as more parties turn off their IPv4 support we would anticipate a massive oversupply of IPv4 addresses, and the market price for these addresses would collapse completely. Perhaps this prospect of the ultimate collapse in the value of IPv4 addresses acts as a counterbalance to the increasing scarcity pressures that would otherwise drive the price up. Or perhaps we are all somewhat confused and uncertain, and current the pricing level has been relatively stable simply because the status quo is easy to maintain when there is no clear reason why prices should rise or fall.
So the theory of pricing and markets is not providing clear assistance here, and perhaps the best way you can determine the value of an address is to test the market for yourself, and be a buyer or a seller!
Sponsored byWhoisXML API
Sponsored byIPv4.Global
Sponsored byVerisign
Sponsored byRadix
Sponsored byCSC
Sponsored byVerisign
Sponsored byDNIB.com
Good article, Geoff. As usual with your writing, you’ve managed to summarize the issues very well. However, one possibility that you didn’t explore is whether scarcity really exists in IPv4 addressing. If we postulate a universe in which a large percentage of IPv4 addresses were “secretly” available (i.e. counter to what the RIR pools seem to express) then wouldn’t we see non-increasing prices? In that case, we might imagine $10 as some kind of pricing floor based on transaction costs, opportunity loss, or whatever factors one might consider. Thoughts on this?
The fundamental basis for the article above is a lack of transparency within IP address markets. This is something that Bill Lehr, Tom Vest, and I worried about in our contribution to TPRC in 2008.
Amongst other things, transparency or its lack has the following effects:
The funny aspect of all of this is that governments may already be able to track some pricing information retrospectively through, of all things, compulsory capital asset sale reports, such as the U.S. Form 1040 Schedule D. However, in general this information is confidential and not very fresh, and hence not sufficient to advance policy discussions.
There should not be any market at all for IP addresses, and it’s disturbing that this has happened (despite the predictions for years that it would). We spent years building Internet services that were often tempered by a lack of IP addresses and the strict control placed upon their dispersal by the Regional Internet Registries. We were given the impression that, despite the (nominal) annual fees to the RIRs, IP addresses were never “owned” by the organization they were allocated/assigned to, they were more kind of “leased” if that term applies and ultimatley still under the authority of the RIRs. They could not be sold or transferred (other than through a legal merger). Originally, in the early (and pre-CIDR) days, addresses were doled out somewhat liberally (some would say recklessly) to organizations such as US Government agencies and other entities involved early on in the Internet, many of which have long since adopted private addresses and NAT for their own enterprises while their orginal (sometimes multiple) /8 or /16 allocations collect dust save for maybe a DMZ or a few NAT addresses at the Internet boundary. Because of the fear of address depletion, suddenly it went from this to an incredibly strict rationing, particularly in the case of new entrants to Internet services where you were given maybe a /20 or /19 to get started and then only after alot of paperwork, proof you were actually doing something, including showing legal residence of said entity in the RIR region, showing invoices that you were indeed buying network hardware and building such services rather than IP address squatting, and a significant amount of waiting to actually receive an allocation. To get additional space, you usually had to somehow prove you were using 80% of your already-allocated addresses, with seemingly little understanding of the effects of subnetting on address space “usage” or the need to properly plan for network expansion, regional aggregation within your routing infrastructure, separation between infrastructure and customer addresses, and other factors. Often, you had to compromise your own services and the timeframe to deploy them. I remember many times having to explain this, quite painfully and under the gun, to the business and product development folks who were baffled that a simple little number to identify a computer was holding up a multi-million dollar service deployment. They’d already spent millions on hardware, telecom services and labor, and had targeted service commissioning dates (sometimes with press releases to the public and shareholders) yet were slave to a commodity that, if you think about it, should be one of the least significant items in an infrastructure deployment when compared to the other challenges. Worse yet, they couldn’t simply just pay money to expedite the process and get what address space they needed. During the Internet boom, there was tons of cash to do just that when it came to multi-million dollar hardware and labor. I also remember having to build services in a compromised manner using NAT which later proved to cause service degradation and sometimes all out failure when individual end users got a virus or bot on their computer that generated thousands and thousands of conections, overrunning the router’s NAT/PAT processing capabilities. It caused customer dissatisfaction and attrition and, in that specific example, ultimately we reprovisioned the service using public addresses (once we could finally get enough of them). It’s disturbing that all this transpired. Those of us who at the time adhered to those rules out of respect for the whole RIR process and an understanding of the address depletion issue, all while taking heat from the business folks, now see it as sort of thrown away once addresses really did deplete. There seems to be little effort to stop it nor any repurcussions. Suddenly it just seems OK that entities are trading, selling or buying address, including Microsoft, and the RIRs could do nothing about it. Some better controls should have been put in place. The RIRs had over a decade to figure that out. All that talk back in the day was just that, all bark and no bite.