- The document provides an overview of the IPv4 address market from the perspective of a broker, including a brief history, the broker's role and experience, ways to obtain IPv4 addresses, the standard deal process, special cases and issues that can arise, current pricing trends, predictions for the future of the market, and suggestions for policymakers.
- It discusses the development of the market since 2010, from early legacy transfers to the creation of a unified global market, and how brokers now facilitate over 350 transfers annually across regions.
- The broker cautions that hijackings may become more sophisticated, ownership disputes could arise, and policies aim to prevent the draining of remaining free address pools, while prices are expected to
2. Contents
´ First we will learn a bit about the history of the market
´ Then we’ll see what a broker does and establish my bona fides
´ We will go over the ways to get IPv4
´ Learn how a deal flows
´ Provide some information useful for participants
´ Offer some warnings, predictions, and suggestions
´ Time for questions
3. Brief history of a young market
´ Pre-2010 Legacy and spammers
´ 2010-2011 Nortel/Microsoft IPv4 deal – Price paid was public information
´ 2011-2012 APNIC exhaust, Large legacy transfers, some prices were public
´ Late 2012 Inter-regional transfers begin, RIPE exhaust
´ 2013 Market picks up steam, address flows ARIN -> APNIC, RIPE Intra only
´ 2014 RIPE discusses Inter-regional policy
´ 2015 ARIN hard exhaust, ARIN/RIPE/APNIC unified market created
´ 2016 LACNIC Intra-regional transfers begin
´ 2017 AFRINIC Intra-regional transfers begin
4. My brokerage experience
´ Prior to 2010 broker of legacy addresses
´ Brokered a losing bid in the Microsoft/Nortel deal which began the market
´ Brokered first inter-regional transfer in 2012
´ Brokered over 350 completed transfers to date
´ ARIN to APNIC, ARIN to RIPE, APNIC to ARIN, APNIC to RIPE, RIPE to ARIN,
RIPE to APNIC every combination of transfers
´ Clients in 54 countries, this is a global marketplace
´ ARIN and RIPE member and resource holder, legacy address holder
´ Policy Author at ARIN and LACNIC
´ Network operator
5. What the broker does
´ Interface between buyer, seller, escrow agent, and RIR(s)
´ Get a fair deal for the client
´ Keep private information private
´ Assist in RIR interactions like document and payment requests
´ Assist in pre-sales due diligence and delisting
´ Assist in document preparation
´ Assist in funds transfers and escrow release
´ Post-sale assistance with leftover route advertisements or rdns entries
´ Assistance in needs analysis and renumbering
´ Locating and matching buyers and sellers - advertising
6. Ways to get IPv4 Today
´ Policy-compliant transfers including intra- and inter-regional
´ Entity purchase/merger
´ Leases
´ Legacy sales
´ Options
´ Access New LIR-type pools
´ Out-of-region registration for free pool- or policy-shopping
7. Standard deal process
´ Mutual Non-disclosures signed
´ Due-diligence performed by buyer
´ Price negotiated
´ Agreement executed
´ Third-party escrow agent funded by buyer
´ Seller initiates transfer request
´ Buyer and Seller cooperate with RIR(s) during transfer
´ Transfer completes, Whois updated, escrowed funds released to seller
´ If Transfer fails, escrowed funds returned to buyer, address rights to seller
8. Leasing
´ Leasing can be invisible to Whois, but does not have to be
´ SWIPS or assignment records should be created for lessees
´ Lessees get Letter of Agency to give to their ISP
´ RIR policy regarding leasing is missing
´ Different lease terms for mailers due to blacklist risk
´ Spammers lurk, ready to take advantage of hapless Lessors
´ Lessors who end up blacklisted do not have many bites at the delisting
apple. Expect to get delisted once or twice only.
´ Lease rates currently around $.50 per month for non-mailers
9. Geolocation
´ Addresses which are transferred, especially inter-regional transfers, require
proper geolocation
´ Whois Geoloc attribute allows entry of latitude and longitude, but is little
used
´ Whois Country code and location are available
´ Contact Maxmind, Google, etc. to correct their databases
´ Geolocation is really not necessarily related to anything in Whois
´ Addresses are commonly used outside of the region of registration
´ Updates take some time to process and disseminate
´ The system works even for inter-regional transfers
10. Hijack Protection
´ Sellers with available blocks may want to advertise them even if unused
´ Other providers less likely to advertise already-advertised blocks, even with
a beautiful fake Letter of Agency
´ Sellers with long-dormant blocks could get blacklisted if they pop into the
table
´ Keep your registry records up to date
´ Protect your domain
11. Registry Hijacking
´ Like normal hijacking, except instead of using the hijacked blocks to spam,
the goal is to sell the hijacked block for money
´ Bad actors find old blocks and pretend to be the listed registrant
´ Old registrations were sometimes made to individuals, trade names,
company divisions
´ Dead companies spring to life like zombies
´ Sometimes this is done legitimately by paying old filing fees
´ RIR is the decision-maker, and can reverse its decision
´ Buyers beware and carefully investigate block provenance
12. RDNS, SWIPs, Stray routes
´ Sellers should remove these entries prior to sale, but some can’t
´ Leftover routes require contacting the AS advertising
´ Some sellers unaware of these things and during the sales process learn
they are still using the odd /24 for an old circuit somewhere
´ Can take some time to clean these up, as they sometimes require third-
party participation
´ Once the block has been transferred to the buyer, the buyer can make
these deletions themselves (ARIN)
´ RIPE checks for these during the transfer and notifies participants
13. Dirty Blocks
´ Blacklisted blocks are worth less than clean blocks
´ Sellers and brokers know this and try to get delisted before sale
´ No guarantees of post-sale delisting
´ If buyer is a large and respectable company, no problems
´ But sometimes a transfer is just to another spammer and Spamhaus is aware
of this ploy
´ No leverage against Spamhaus
´ There are cases where Spamhaus will not delist
´ Sellers should remove any PBL listing before sale (voluntary listing)
´ Some buyers don’t care and look for dirty blocks to save money
14. Prices
´ I bought a legacy /24 in 2010 for $750 or $3 per address
´ Microsoft payed $11.25 in Spring 2011 for 660,000 addresses
´ Borders payed $12 for a /16 in December 2011
´ Prices dropped from their initial highs, reaching as low as the high $4 range
for very large blocks
´ Prices remained mostly stable from 2013 to 3Q 2016
´ Demand increases, supply decreases starting late 2016
´ Prices rising currently in all block sizes
´ /24s $15, /20 $12 , /16 $10 currently, with /16s in high demand
´ High demand for small blocks incentivize breakdowns of larger blocks
15. Corner Cases
´ /16 owner wants to sell, but hold onto a /24. Does not want to be left with
/17,/18,/19,/20,/21,/22,/23, and /24 though!
´ Address buyer pays premium for lucky numbers
´ Address buyer pays premium for fewest numbers in addresses
´ User wants to purchase his ISP-allocated block from the ISP. ISP says okay,
just replace it with another block of the same size. But policy restrictions
designed to prevent flipping make it impossible
´ Buyer wants one /24 from each /8
´ Trade names and individuals as registrants
´ Early proto-RIRs, owners of undelegated blocks?
´ Trade sanctions on some countries
´ Buyer must pay by credit card
16. Carrier Grade NAT
´ The only economic substitute for IPv4 is CGN
´ CGN can be deployed with customer opt-outs
´ CGN easily provides 64:1 ratio
´ TCP and UDP ports statically mapped to customers reduces logging load
´ Smaller and residential ISPs are deploying
´ Imposing CGN on customers to sell newly available addresses?
´ CGN costs provide ceiling for IPv4 prices
´ Stable IPv4 prices + CGN could mean a longer lifetime for IPv4
´ Leading to a dual-stack IPv6/CGN architecture (flat/deep)
17. Cautions
´ Address hijackings will grow more sophisticated
´ Regional or national protective policy proliferation
´ Ownership disputes and failed transfers
´ Taxes and regulation
´ Potential for corruption related to address value
´ Inside the RIR
´ Subversion of Final /8 pools
´ Spamhaus, Barracuda, et al can change block value
´ Inside the corporation, dealing with the Owner or the tech manager?
´ Techniques designed to drain remaining free pools
18. Predictions
´ Prices rise for the foreseeable future
´ Inter-regional transfer policies continue to loosen
´ Global market within a few years
´ Regional protective policies will remain
´ Needs testing fades
´ Policies intended to recover abandoned space will proliferate
´ Niche markets materialize – geolocation, sub /24 leasing, vanity
´ No pure investment or speculation plays
´ Growing market for small blocks as buyers can’t get from their ISPs anymore
19. Suggestions for Policymakers
´ Reduce incentives for out-of-policy transfers like needs tests, holding
periods, and regional restrictions
´ Avoid erecting protective policies like one-way transfers and in-country
usage requirements
´ Maintain direct stakeholder control of the IPv4 transfer market by
demonstrating it to be functional, efficient, and non-corrupt
´ Create and maintain high standards for recognized brokers, and add that
broker recognition in LACNIC and AFRINIC
´ Accept the proliferation of multi-level NAT and consider registering contact
information by port range within a single address
´ Remove any threat of revocation by RIR for lack of utilization