## Friday, September 14, 2012

### The UK has an entire IPv4 /8 that it isn't using (UPDATED)

If you take a look at the list of IPv4 allocated /8 blocks there's one interesting block in there:

51.0.0.0/8 UK Government Department for Work and Pensions 1994-08 whois.ripe.net LEGACY

That block of addresses, all 16.8 million of them, is completely unused. A check of the ASN database will show that there are no networks for that block of addresses. Right when IPv4 is running out there's a huge block sitting unused.

That's an extremely valuable asset. One recent article valued an entire /8 at between "$500 million to$1.5 billion".

So, Mr. Cameron, I'll accept a 10% finder's fee if you dispose of this asset :-)

PS A comment draws my attention to a Freedom of Information Act response from the Department for Work and Pensions concerning this block. The FOI response says that the block is used internally by the government and there are no plans to release it.

PPS This Cabinet Office document says that 51.0.0.0/8 is used internally by government and routing it onto the Internet is not desired.  So, doesn't look like this block is 'unused' just not used on the Internet.

PPPS Someone wrote and asked why I blogged this rather than investigating first. Actually, I did. I wrote to both my local MP and the Department for Work and Pensions in February and received no reply at all. I figured 6 months without a reply was long enough.

If you enjoyed this blog post, you might enjoy my travel book for people interested in science and technology: The Geek Atlas. Signed copies of The Geek Atlas are available.

Diazamet said...

Probably not the only one either.

3:39 PM
Lez said...

its official name is Area 51 :)

3:56 PM
Lez said...

This comment has been removed by the author.

3:56 PM
Max said...

The entire block is unemployed.

4:07 PM
grg350 said...

There are lots of organizations/institutions with /8. I am interested in if they are using them all?

7:14 PM
Unknown said...

It used to be used quite heavily, it was made to work beyond capacity (heavy NAT'ing).. Now it's been retired in favour of a younger model (IPv6). *groan*

7:27 PM
Unknown said...

The 51.* addresses are in fact heavily used by DWP, but only internally. The best bit is this: for security reasons, there is a policy that in any communication, the leading octet of all such IP addresses must be redacted. Not like it's a matter of public record or anything.

I did once toy with the idea of printing out the XKCD map of the IP4 address space, write "you are here" on it and pin it to the wall near DWP data networks teams, but I didn't think it would go down well.

8:59 PM
dimitrios mistriotis said...

Can we confirm that somehow? An avaaz.org petition could be initiated, in order to raise public awareness and push things. Many things can be done with 500M-1BN.

10:07 PM
anon said...

It doesn't matter, save your energy for converting to v6

There are few dregs like this around that though not visible on the internet are used - many large ISP have hijacked the unadvertised spaces for use behind their own NATs. You can't see them doing this but if you use the space on the internet you'll have problems with their customers.

If these spaces were recycled you'd spend many months trying to get them clean for use and then they'd be used up in a few weeks, we'd still be out of space and we'd have yet more to go back and convert to v6. People have been dragging their feet on v6 migration for eyars, they only have themselves to blame when they are stuck by v4 running out

tldr: It's allocated, it's not available, nothing to see here, move along.

4:53 PM
Unknown said...

Care about the issue? The direct.gov.uk petition is up. http://epetitions.direct.gov.uk/petitions/38744

10:32 AM
anon said...

Great, some cretin decided to petition

At government rates it'll cost 10B to get everything renumbered to free that space, which will make no difference at all to the internet running out.

4:10 PM
John Graham-Cumming said...

I don't think a petition is the right way to go. A simple letter to the relevant department, local MP or PM is the right approach.

4:17 PM
Unknown said...

7:20 PM
Phil Evans said...

Disagree - that the petition is 'errant'. It could and should be widened beyond the DWP of course to include other mis-use of masks like this, whether they are V4 or V6. Re-numbering is not a likely scenario if the addresses are not in use and super/subbing and NAT can take care of most internal networking requirements along with proxy/socks shinnanegans. In the real world, we've been working around this as a REAL issue for our networks for years - why should the government be any different?

8:05 AM
Peter Judge said...

I wrote up the petition story on TechWeekEurope,

You may be right that the petition is the wrong way to go.

I had a response from the DWP, and put it at the end of the story.

Basically, DWP says
- the addresses are all in use
- you can't sell public IP addresses on the open market

I think both of these things are not true. Am I right?

8:44 AM
Peter Judge said...

thanks - I see the update with the FOI request.

I still wonder, if these are on an internal net, and not visible to the public Internet, why use global IP addresses?

Was that a mistake, and something that is just too complex to change now?

Peter

11:56 AM
jelv said...

This comment has been removed by the author.

6:40 PM
jelv said...

So DWP are claiming they have 16,000,000 devices on their internal network? I think the phrase is "being economical with the truth"!

6:40 PM
James Crutchfield said...

There are a couple of problems with this:

1) Reclaiming an extra /8 won't solve the problem of IPv4 exhaustion. It will only stall it. At current rates, it will only add an extra year before we're out of addresses again. Its inevitable.

2) You cannot sell IPv4 addresses, they're a public resource. By all means, push for them to be released back to RIPE for re-allocation, but they aren't to be sold.

7:00 PM
Simon Zerafa said...

Hi,

The FOIA request information was interesting but missed an important question. why did they not use a 10.0.0.0/8 assigment given that

1. The network is not designed to be exposed or routed over the public Internet

2. The 10.0.0.0/8 block exists for that exact purpose.

What would be involved in re-tasking to use that block so the 51.0.0.0/8 block could be given back to RIPE or whomever assigned it with a payment back to the UK Government to cover costs and realise a modest profit?

Regards

Simon

1:07 PM
Mark Dowling said...

"You cannot sell IPv4 addresses, they're a public resource. By all means, push for them to be released back to RIPE for re-allocation, but they aren't to be sold."

Put a value on that "public resource" (I would call it more of an "accident of history") and who knows how many more /8s may come tumbling out. We have two internally routed class Cs we could get rid of in a short amount of time by switching machines over to some of our 192.168 networks but there's no imperative on us to do so.

Principles are great but human nature is human nature.

2:21 PM
Gareth Howell said...

I think this may all be my fault.

Back in 1988-91 I was a contractor at DSS in Lytham St Anne's. My main role was designing the communications infrastructure for the new Child Support Agency.

CSA was to be the first large scale deployment of TCP/IP in DSS and would need a lot of addresses.
This was before the advent of the private non-routable networks and before subnet routing or NAT, so we needed a large address space. Because we envisaged routing across the public network, we needed public addresses.
After a lot of negotiation with Jon Postel at NIC, I obtained a class A network for DSS. I don't recall the number but I guess it was 51/8.

Gareth Howell

9:23 AM
goaapartmentsrentals said...

You cannot sell IPv4 addresses, they're a public resource!!

8:19 AM
Peter said...

Out of interest, what do DWP pay for this range?

10:45 PM
Peter said...

Out of interest, what do DWP pay for these static addresses?

10:46 PM
Roger Carter said...

If one Agency has 16,000,000 IP Addresses, how many others are there, Surely the Registry Knows, or can examine its records, and find out

12:47 PM
John McLeod VII said...

Any /8 that is returned at the moment would vanish instantly into pent up demand. IANA (global), and APNIC (asia pacific) ran out of addresses two years ago. RIPE (europe) ran out 6 months ago. ARIN (north americ) and LACNIC (south america) run out in about a year. AFRINIC (africa) runs out in about 7 years due to an extraordinarily low rate of growth of the internet there.
At the time that APNIC ran out, they were using an aditional 15 or so /8s per year. Since it has been 2 years, they have a pent up demand of around 30 /8s. This is more address space than we are likely to get from recovery of legacy IPV4 address space, adress allocations prior to the implementation of CIDR.

5:00 PM
John McLeod VII said...

@Peter.

Legacy holders are, I believe, not required to pay anything for the addresses as their original contract did not specify that anything was owed.

3:37 AM