With the first quarter of 2021 closing recently, we wanted to share some interesting insights garnered from our IPv4 marketplace data. Our marketplace tracks and publishes all IPv4 address sales since 2014. You can check out our public data here, and keep reading for our analysis of 2021 Q1’s IPv4 results.

Q1 2021 Key Findings

It’s been an interesting year for most industries because of the COVID19 pandemic. COVID didn’t appreciably affect sales. However, volume gradually rose over the course of the year, and prices have definitely accelerated in 2021. It might be that some work was put off during the pandemic, but there’s no way to be sure.

Variability is the name of the game leaving 2020 and coming into 2021. We suspect that economic instability played into sales of IPv4. Prices saw a $13 spread from the end of 2020 into 2021, with a low at $19.60 in December, which rose to just over $32 by mid February.

Our data shows that prices jumped up quite substantially from 2020 into 2021. Back in 2020, prices peaked in the summer at around $23–24. But in the first quarter of 2021, prices reached $32 in February — which is nearly 30% higher than 2020’s peak. In fact, this year’s floor prices are about the same as last year’s peaks at $23–26.

With the pandemic and all its variability, there’s uncertainty on whether or not February’s $32 high was a true peak. We’ll have to watch the market and see what plays out with economic recovery. Either way, now is a great time to list your IPs for sale with us as prices seem to be increasing.

Private Auction Analysis

We also reviewed private auctions data from our invitation-only online marketplace. This platform analyzes private transactions for larger IP blocks, up to /9.

This chart has a much sharper curve than the public marketplace chart, with prices steadily increasing from 2017 into 2020. At first glance, it may seem that prices peaked in 2020 — or, that they may even be on a downtick into 2021. A few things could cause this:

• Private sales haven’t increased in price as much as online sales.
• There’s been a scarcity of blocks between /21 — /18, so buyers needing that size have been paying more than /16 buyers.
• Because of the scarcity for /21 — /18 blocks, /16 sellers break up their blocks, netting more.

All of the above considered, IPv4 sellers waiting for peak prices should consider selling their IP addresses with us soon.

This year is certainly off to an interesting start and there’s no doubt that it’s a great time to buy and sell IPv4 addresses. And at IPv4.Global, we make that easy for you. We’ve begun some partnerships with other IPv4 brokers to use our site, which is good for buyers, sellers, and brokers. We will soon add the ability to buy and sell ASNs to our IP market online. We have other plans in the works which we’ll unveil throughout the year as they are ready.

By: Jack Hazan, EVP IPv4.Global

In a publication released on October 2, 2020, RIPE NCC reported its first seizure of IPv4 registration rights pursuant to a Dutch court order. Pursuant to the order, RIPE NCC effectuated a transfer of the IP Addresses from the liquidating debtor to its creditor. Although these IP Addresses could not be owned — they were apparently not legacy, and thus conferred no “property rights” — the registration rights were deemed an enforceable right that has value, and were to be utilized towards satisfaction of a judgment.

RIPE NCC provided specific guidance for future cases:

In summary, the RIPE NCC will only comply with court orders for the seizure of the right to registration of IP addresses for the recovery of money that:

1. Has entered into force and is recognised by the Dutch courts.
2. Be served by a bailiff in advance on the RIPE NCC in the form of an authentic enforceable document (e.g. a court order).
3. Specifically mention the RIPE NCC and create an obligation for the RIPE NCC to perform the transfer. (i.e. the enforceable title must apply specifically to the RIPE NCC). This does not mean the RIPE NCC needs to be named as a defendant.
4. State the specific resources at issue.

Finally, it’s worth noting that each order will be reviewed on a case by case basis. If we believe that an order or the third party seeking to enforce the order does not comply with RIPE policies or RIPE NCC procedures, we reserve the right to dispute any transfer.

In any event, this development certainly raises many questions:

1. Will other Regional Internet Registries follow the same protocol?
2. Once “registration rights” can be seized to satisfy a judgment, will lenders be comfortable taking those rights as collateral? Will there be direct lending for purchase of IPv4 addresses, thereby providing more liquidity in the IPv4 market?
3. What can a lender do to protect against the borrower transferring the IPv4 addresses before the loan is repaid?

It would seem that, subject to a lender getting comfortable with terms and procedure, that this should open the door to more direct lending with IP addresses as collateral.

IPv4.Global by Hilco Streambank is the market leader in IP address transfers, and this is only the beginning of a conversation. No one has more experience in the valuation of intellectual property assets (the other IP) than Hilco Streambank, and we already have a partnership with WRG Finance to provide loans for the purchase of IP addresses. Contact us at IPv4.Global or Hilco Streambank to continue the conversation!

Do you have thoughts?

The “IP” in IPv4 and IPv6 stands for Internet Protocol, which is a set of rules that determine how devices transmit data packets across the Internet. Internet Protocol also assigns a unique address to each device on the web. These addresses ensure data packets are routed to the correct device.

What is IPv4?

IPv4 or Internet Protocol Version 4 is the most common protocol for transmitting data packets on the web. IPv4 provides both the identification (IP addresses) for each device on the Internet and the rules that govern how data packets are transmitted between those devices.

With IPv4, a typical IP address has 32 bits and is in dotted-decimal form, like this:

192.0.2.235

Because there are only 232 unique hosts in this decimal format, there are only about 4.3 billion IPv4 addresses.

What is IPv6?

There’s been a massive increase in devices connected to the Internet in the last decade — with a rise from 5 Internet devices per household to 50 Internet devices per household from 2015 to 2020. This prompted the Internet Engineering Tracking Taskforce (IETF) to create a new Internet protocol, IPv6. It was released in December 1998.

IPv6 addresses are written in hexadecimal format, like this:

2001:0db8:85a3:0000:0000:8a2e:0370:7334

The Pros of IPv4 vs. IPv6

Despite IPv6 being the newer, updated IP, there are still many advantages of IPv4.

1. Existing infrastructure — Most websites use IPv4, even those that also support IPv6. This makes version four a more seamless experience. That is, until most of the Internet switches to version six.
2. Simplicity — IPv4’s 32-bit dotted decimal is much smaller and simpler than IPv6’s hexadecimal numbers. This simplicity is easier for humans to read.
3. Support — Because most traffic is still using IPv4, Network operators find IPv4 familiar. They may wait until more traffic is IPv6 before they make any decisions about their own infrastructure — especially if they have enough IPv4 addresses for the near future.

The Cons of IPv4 vs. IPv6

Running short on IPv4 addresses isn’t the only con of version four.

1. Exhaustion of IPv4 — As we’ve covered, the world is short on IPv4 addresses. This means there’s a cost to buy IPv4 addresses, where IPv6 addresses can be had (in unimaginable quantities) for the cost of registration with a regional registry (RIR). You also pay registry costs with IPv4.
2. IPv6 Speed — Web and cloud services provider, Akamai, measured the speed of IPv6 vs. IPv4. They found, “Sites load 5% faster in median and 15% faster for the 95% percentile on IPv6 compared to IPv4.”
3. Network Address Translation (NAT) for IPv4 — NAT allows a group of devices (usually 10–20) that share a single public IP with IPv4. This requires complex configurations like forwarding and firewall alterations. Because IPv6 has so many addresses, IPv6 devices don’t require additional configuration.

Understanding the IPv4 market

The pros of IPv4, combined with the lack of addresses, created a new market. Today, companies that need IPv4 addresses can buy them, or a company looking to move to IPv6 can sell IPv4 addresses.

When a company needs more IP addresses, they have three options:

1. Buy IPv4 addresses — That’s what IPv4.Global is here for. Companies can also sell their IPv4 addresses if they’re beginning to deploy IPv6.
2. Use NAT — As mentioned above, NAT allows one address to be shared among many devices. However, NAT still requires one IPv4 address (usually one per 10–20 people). This has some drawbacks, namely speed issues as packets have to transition paths.
3. Deploy IPv6 — A business can deploy IPv6, but this may be of limited usefulness until most traffic is also on IPv6. So, even if a business deploys IPv6, it still needs more IPv4 addresses or NAT.

In Conclusion

There’s much debate around which is better — IPv4 or IPv6. But really, it’s about your specific needs. If you’d like more information on the differences between IPv4 vs. IPv6, or if you’re looking for help with either, please reach out to us today.

Everyone hates spam. Even worse is malware — something that infects your computer and sends spam out to you and others or tries to hack into systems. In response to these problems, many people began to maintain lists recording who generates spam and malware. An “IP blacklist” is used by most mail servers and some firewalls as a step in deciding whether to accept emails, mark as “Junk,” or just drop traffic altogether.

IP Blacklist Listings

Different blacklists have different ways of collecting addresses. Some mail servers collect data from users clicking “This is spam” and report this to blacklist maintainers, while other blacklist operators have “honeypots.” Honeypots are systems designed to attract spam, so they can blacklist any IP address from which they receive spam.

A significant amount of spam comes from home computers and other devices that have been infected with malware, making them part of a “botnet.” Some operators even actively scan the Internet, looking for devices with certain vulnerabilities that they know have been exploited by botnets. Residential users and cell phones generally don’t run mail servers, so any indication that an IP address is part of a pool used for those may put an address range on a blacklist.

Problems with Blacklists

The main problem with blacklists is collateral damage — traffic blocked that shouldn’t be. A few blacklists intentionally do this, to force large IPv4 block holders to take action in preventing spam from reaching their customers. In some cases, a device got blacklisted for spam, but was later patched and the spam stopped. Many blacklists have an “aging” policy, where if no further problems are seen or reported over a period of time, an IP address will be removed from the list. If it’s reported again, it may take longer to age out next time.

Often, IPv4 addresses for sale will include some that have been blacklisted. Companies looking to buy, should always conduct some diligence. But it is important to remember that IP addresses can be listed (or de-listed) at any time, so a blacklist check two weeks ago may have no correlation with one today.

Checking Blacklists

Most blacklists offer a web page where you can check whether an IP address has been listed. That’s not going to work if you want to check 65,536 IPv4 addresses. A few blacklists allow you to download their list to search locally (or sync with github). For two major operators, SORBS and Spamhaus, you’ll need to script a test.

Both SORBS and Spamhaus operate DNSBLs, for Domain Name Service Black-Lists. They allow queries over DNS and return a code that tells you which list an address is on.

For instance, if I want to find out about 192.0.2.43, I can run the Unix command:

$ dig 43.2.0.192.in-addr.arpa @dnsbl.sorbs.net +short

I may get a response like “127.0.0.6,” which SORBS tells me means it’s on their spam list. The equivalent command in Windows command line console is:

> nslookup -server=@dnsbl.sorbs.net 43.2.0.192.in-addr.arpa

To query an entire block, you’ll need a script that queries every address in that block. IPv4.Global is able and happy to run such a check for our customers.

IP Blacklist Removal

Every blacklist maintainer has their own mechanism for getting addresses removed that often requires some demonstration that the original cause of the listing has been removed. For several SORBS lists, you have to request a retest:

1. Log into a machine using the blacklisted IP address, browse to their support page, and click “Request Key.”
2. You then email the key to SORBS and they retest;

If the test passes, SORBS will flag the address to be removed. If you don’t have access to that machine, or it doesn’t have a browser, you can try to open a support ticket.

Spamhaus similarly provides a web interface, which tells you which list you’re on with links to clean up.

Fortunately, most blacklist operators recognize that spam doesn’t come from unrouted IP addresses, so simply taking the network offline, as you would in preparation to sell, provides a good reason why you can’t retest and why they should reconsider. Similarly, showing the record of when an IPv4 address block was transferred is often acceptable documentation: the old management may have been lacs, but you, the IP address buyer, are not responsible for their actions.

As with so many parts of buying and selling IP addresses, you can do it yourself, but the help of an experienced broker like IPv4.Global can make your life a whole lot easier. Reach out to us today for all of your IPv4 needs.

By Jan Zorz | May 14, 2020

Resource Public Key Infrastructure (RPKI) is a mouthful. Essentially, RPKI ensures that the network saying, “We are the place to send traffic for network A.B.C.D” really is the right place. It is a way of improving the security of the Border Gateway Protocol (BGP), which uses the Autonomous System Number (ASN) to identify a network, which is a block of IP addresses. It doesn’t matter whether they are IPv6 or IPv4 addresses.

RPKI will validate the origin of the IP prefix (the IP address block in CIDR notation) (“Send traffic for A.B.C.D to ASN 55555”) but can’t do path validation (“The way to get to ASN 55555 is through ASN 55556”). The RIPE.net website defines RPKI as “prov[ing] the association between specific IP address blocks or ASNs and the holders of those Internet number resources. The certificates are proof of the resource holder’s right to use their resources and can be validated cryptographically. RPKI is based on an X.509 certificate profile defined in RFC3779.”

If you’ve ever gone to a website and gotten an error saying that the browser can’t confirm that the website is real, and looked for more information to find that it had an invalid or expired certificate, this is exactly the same thing.The certificate is a document with a cryptographic key in it, and your browser (or RPKI validator) can ask the Certificate Authority (CA) “Is this the right key for what I’m looking at?” The actual cryptography is more complex but isn’t necessary to use the tools.

Why bother with RPKI? Without it, anyone anywhere in the world can just start using your IP addresses. Best current practice is for Internet Service Providers (ISPs) only to accept route announcements that they have checked are correct, but not everyone does that. It’s a bad day when your addresses get hijacked. You’re at least partly off the Internet, and the hijacker is probably spamming the world, so even when they stop, mail servers and firewalls may reject your traffic as having a bad reputation.

How to use RPKI

Using RPKI is very simple in concept and consists of two parts. You will need:

• Access to your account at one of the Regional Internet Registries (RIRs) (ARIN Online, myAPNIC, RIPE NCC Access, miLACNIC, AFRINIC login). You will need to be the authoritative contact for some IP addresses and you’ll need to know the originating ASN.
• A server running validator software. A virtual server is fine.
• A router speaking BGP with RPKI functionality implemented.

Signing Your IP Resources

First you need to sign your IP resources. Login to your RIR LIR portal and find instructions on how to sign your resources. The process is very simple at most RIRs, and once you’ve done the first one it should only take a few seconds per prefix.

Visit the below site for information on how to sign your prefixes per RIR:

• RIPE — https://www.ripe.net/manage-ips-and-asns/resource-management/certification
• LACNIC — https://www.lacnic.net/1151/2/lacnic/rpki-faq
• ARIN — https://www.arin.net/resources/manage/rpki/
• APNIC — https://www.apnic.net/community/security/resource-certification/
• AfriNIC — https://afrinic.net/resource-certification

Signing your resources means creating a ROA (Route Origin Authorization), which authorizes an ASN to originate a route announcement.

Once you sign your IP resources, everyone that is doing RPKI validation can tell if your IP prefix was announced from right AS number and if the prefix size matches the size, specified in the ROA.

Validating Your Prefixes

The second part of RPKI is validation. Earlier, we made sure that the rest of the world can validate your announcements and distinguish your announcement from attackers. With validating the incoming prefixes we make sure that we can also distinguish other networks’ announcements from attackers. What you need for RPKI validation is a (virtual) server to run a validator and a BGP router that has RPKI functionality implemented.

You can choose between several RPKI validator implementations; this RIPE Labs article describes how to install some of the more popular ones.

Once you have a validator in place, it’s time to configure your BGP router to create a RPKI-to-Router (RTR) session to validator and start validating. Here is a list of routers that support RPKI, and here are some configuration examples provided by RIPE NCC.

Once you have validation set up, you can decide how exactly to implement the route validation. An RPKI check will either tell you that the route is valid (has a signed ROA that checks out), invalid (there’s a ROA, but this route announcement doesn’t match), or unknown (ROA not found). Generally, if you receive three route announcements, you would prefer one that is signed over one that is unsigned, but either is better than a route that is invalid.

One option is to install prefixes with different local preferences, for instance valid = 110, not_found = 100, invalid = 90. In this case, a valid announcement will always take precedence over the attacker, who also announces prefix, but a false announcement will be installed with lower local preference and will never be used if there is a route with higher local preference. Unfortunately, this option will not protect you if an attacker starts announcing smaller prefixes than yours: a /24 route is more specific, and therefore always preferred, over a /8. An increasing number of operators finds this consistently less useful as it’s not a real protection.

An alternative that is getting more vocal support by major operators is not installing invalid prefixes at all (rather than assigning them a lower local_pref). This variant is the safest because invalid route announcements have nothing to do in the routing table. But you have to trust the RIR. Let’s say the federal police come to an RIR and require that it replace Company_X’s ROA with a different one (pointing to their network, so they can intercept all the traffic). Company_X is off the Internet — to the rest of the world, their signed route announcements are invalid.

There are pros and cons to both options. Typically, operators start with the first option (invalid = lower local_pref) and watch their log files. When they are confident that dropping invalids would not break their connectivity (or some local laws or legal agreements in some cases), then they can reconfigure the system to start dropping invalids. In case the central RPKI database gets fiddled with, they can always reconfigure the RPKI policy back to whatever suits them in that moment.

Consider another failure case, that actually happened at the RIPE NCC. All ROA records disappeared for a couple of hours. Anyone checking ROAs would get a “not_found” error (“unknown”) and set local_pref to that level. No routes would be dropped (including malicious ones that should be).

Am I Protected by RPKI?

Recently, CloudFlare published an RPKI testing tool that everyone can use.

Test your network to see if it’s properly implementing RPKI.

The test tries to get a web page from two different web servers, one from a prefix with a valid ROA, and one with an invalid ROA. If both work, your network (or your ISP) is accepting and using an invalid prefix announcement.

RPKI is rapidly becoming an essential part in MANRS, the Mutually Agreed Norms for Routing Security and while you are looking into RPKI — have a look also in MANRS and join the increasing pool of operators that takes the routing hygiene and security seriously. Every network is run independently and each network operator makes its own decisions.

Your IP addresses are a valuable resource: you should protect them!

With address prices rising, the reasons you may want to become a lessor are clear: extended predictable revenue. Leasing creates an opportunity to monetize IP addresses and sell an IP block for a higher price in the future versus in the current market — it allows the lessor to keep the IPv4 block in case of future need.

But what are the benefits to the lessee (the one receiving the IP address block)? Not as obvious, but still substantial for many businesses, there are a number of advantages, including:

1. It is sometimes preferable to use OpEx instead of CapEx.

2. Leasing allows a company to use their capital for other urgent investments, which offsets the cost of the lease as they see their return on that capital.

3. It allows a company to align its expenses more closely to its revenues.

4. While in process of renumbering, it’s sometimes helpful to have an unused block to renumber into. This way old space can be reclaimed and reorganized before being reused.

5. While in process of migrating to IPv6, leasing is the perfect solution to acquiring temporary IP addresses, rather than spending extra capital, simply to gain unneeded IPv4 addresses.

As with any sort of leasing agreement, it’s important to note that while a great option, leasing still has risks. These risks can range from minor timing issues to malicious lessee intent, but are things all parties involved should consider. Potential risks may include:

1. The lessor needing the addresses before the end of the term

2. The lessee needing the addresses longer than the term

3. A malicious or inattentive lessee allowing the addresses to be used for spam or malicious behavior. This would result in sites blacklisting traffic from those addresses, making them unusable at the end of the lease until the listings have been cleaned up.

Generally, the cost of leasing can also be higher than buying addresses long-term. The actual break-even point depends on the terms of the lease and is something to be considered while making the decision.

We, IPv4.Global, hope this article was informative and helpful as you buy, sell, and lease IPv4, and would love to provide you with the space you need. Our team has plans in place to mitigate all possible risks, to ensure clients are happy with their agreement and terms. When leasing address space, every offer must include a monthly price per address and a term length, so the lessor can evaluate offers comparably.

About IPv4.Global:

As marketplace leaders, IPv4.Global, a division of Hilco Streambank, is dedicated to reliable, transparent service. Operating within the global community since 2000, we work with you to buy, sell, and lease IP blocks, regardless of the size.

IPv4.Global, is beginning to lease IPv4 addresses, starting with a /16 registered in ARIN available for a long-term lease.