We've been hearing for years that we're running out of IPv4 addresses. But we're not running out -- they're not all in use. It's just that some organizations have no more addresses to allocate to subordinate organizations. More significantly, I submit that this is an artificial shortage of addresses caused more by the mismanagement of their allocation than by scarcity.
There are 221 groups, each with about 16.7 million addresses available for assignment. There are certainly a lot of devices available via the Internet -- but are there more than 3.7 billion of them? I'm not talking about devices used to access the Internet. I'm specifically concerned only with those devices directly reachable via the Internet, such as servers (web, mail, FTP, DNS, reverse proxy), routers, and firewalls. As it happens, this is a difficult question to answer because everybody is busy counting devices with access, not devices that only provide services.
But let's set aside the raw numerical comparisons and get back to the real issue. The issue isn't that all the IP addresses are in use; it's that all of them have been allocated. Many of those allocations are grossly wasteful, and millions of addresses are unused. A less kind person might even say they're being hoarded.
[The Internet of Things will require a balance between disruptive and incremental change. See Is 1% Improvement Boring, Or A Breakthrough?]
Let's review how IP addresses get allocated. At the top, the Internet Assigned Numbers Authority (IANA) allocates blocks of addresses to the Regional Internet Registries (RIRs), of which there are five: ARIN (North America), LACNIC (Latin America), RIPE (Europe, Middle East, Central Asia), APNIC (Asia/Pacific), and AFRINIC (Africa). IANA has allocated all available blocks to those five RIRs, which then allocate smaller blocks of addresses to ISPs, government agencies, and organizations. Of particular note, APNIC allocated all of its addresses by April 2011. As many as 350 million addresses were allocated to China, ostensibly in use behind the national firewall that nobody can get in or out of. I'm not aware that any of the other four RIRs have reported allocation of all available addresses.
Let's focus on ARIN and North America, because that's where most of the waste originates. Most of the allocations in North America occurred prior to the introduction of Classless Interdomain Routing (CIDR) in 1993. Allocations made after the introduction of CIDR were done in much smaller blocks and thus typically more efficiently.
For the sake of this argument, I'll focus only on the pre-1993 "Class A" address pool, which was allocated in blocks of 16.7 million addresses at a time and is where reforms could yield the most immediate gains.
- Did you know, for example, that only five of the 16.7 million addresses allocated to the US Postal Service in 1992 appear to be visible publicly? Three DNS servers and two SMTP servers. The website is hosted elsewhere.
- Did you know that 11 Class A networks (as many as 183 million addresses) are allocated to the US Department of Defense Network Information Center? How many of its systems even have Internet access, much less provide Internet services?
- Did you know that more than a dozen US corporations have Class A network space allocated to them? That's more than 16 million addresses per corporation. Among them, according to Wikipedia, are Apple, DuPont, Eli Lilly, GE, Hewlett-Packard, IBM, Merck, and Xerox.
To their credit, some organizations have been voluntarily returning their over-allocated addresses to be reissued where needed. Kudos to Stanford University, for example, for releasing the 188.8.131.52/8 network (which was then given to APNIC and is now allocated to CHINANET).
What to do?
In that short analysis, I've identified about 400 million IP addresses just in the US that likely could be reclaimed in short order. And I suspect that most of the organizations with those 16.7 million addresses aren't using most of their addresses and could easily give them up.
So, yes, without any change it's quite likely that at some point ISPs will no longer have any of those 3.7 billion IPv4 addresses to provide to customers. Is it time to implement some changes from the top? Is your company using public IP addresses inside its networks where it could be using private IP addresses? Do you have the capability to properly assess and manage your IP address usage? Will handing IANA over to an international governing body have an impact? Please tell us what you think in the comments section below.
Apply now for the 2015 InformationWeek Elite 100, which recognizes the most innovative users of technology to advance a company's business goals. Winners will be recognized at the InformationWeek Conference, April 27-28, 2015, at the Mandalay Bay in Las Vegas. Application period ends Jan. 16, 2015.