Skip to main content

The UK has an entire IPv4 /8 that it isn't using (UPDATED)

IMPORTANT UPDATES BELOW

If you take a look at the list of IPv4 allocated /8 blocks there's one interesting block in there:

51.0.0.0/8 UK Government Department for Work and Pensions 1994-08 whois.ripe.net LEGACY

That block of addresses, all 16.8 million of them, is completely unused. A check of the ASN database will show that there are no networks for that block of addresses. Right when IPv4 is running out there's a huge block sitting unused.

That's an extremely valuable asset. One recent article valued an entire /8 at between "$500 million to $1.5 billion".

So, Mr. Cameron, I'll accept a 10% finder's fee if you dispose of this asset :-)

PS A comment draws my attention to a Freedom of Information Act response from the Department for Work and Pensions concerning this block. The FOI response says that the block is used internally by the government and there are no plans to release it.

PPS This Cabinet Office document says that 51.0.0.0/8 is used internally by government and routing it onto the Internet is not desired.  So, doesn't look like this block is 'unused' just not used on the Internet.

PPPS Someone wrote and asked why I blogged this rather than investigating first. Actually, I did. I wrote to both my local MP and the Department for Work and Pensions in February and received no reply at all. I figured 6 months without a reply was long enough.

Comments

Anonymous said…
Probably not the only one either.
Lez said…
its official name is Area 51 :)
Lez said…
This comment has been removed by the author.
Anonymous said…
The entire block is unemployed.
grg350 said…
There are lots of organizations/institutions with /8. I am interested in if they are using them all?
Unknown said…
It used to be used quite heavily, it was made to work beyond capacity (heavy NAT'ing).. Now it's been retired in favour of a younger model (IPv6). *groan*
Unknown said…
The 51.* addresses are in fact heavily used by DWP, but only internally. The best bit is this: for security reasons, there is a policy that in any communication, the leading octet of all such IP addresses must be redacted. Not like it's a matter of public record or anything.

I did once toy with the idea of printing out the XKCD map of the IP4 address space, write "you are here" on it and pin it to the wall near DWP data networks teams, but I didn't think it would go down well.
Can we confirm that somehow? An avaaz.org petition could be initiated, in order to raise public awareness and push things. Many things can be done with 500M-1BN.
anonzz said…
It doesn't matter, save your energy for converting to v6

There are few dregs like this around that though not visible on the internet are used - many large ISP have hijacked the unadvertised spaces for use behind their own NATs. You can't see them doing this but if you use the space on the internet you'll have problems with their customers.

If these spaces were recycled you'd spend many months trying to get them clean for use and then they'd be used up in a few weeks, we'd still be out of space and we'd have yet more to go back and convert to v6. People have been dragging their feet on v6 migration for eyars, they only have themselves to blame when they are stuck by v4 running out

tldr: It's allocated, it's not available, nothing to see here, move along.
Unknown said…
Care about the issue? The direct.gov.uk petition is up. http://epetitions.direct.gov.uk/petitions/38744
anonzz said…
Great, some cretin decided to petition

At government rates it'll cost 10B to get everything renumbered to free that space, which will make no difference at all to the internet running out.
I don't think a petition is the right way to go. A simple letter to the relevant department, local MP or PM is the right approach.
Alex said…
I'm afraid this has already been dealt with. See http://www.whatdotheyknow.com/request/internet_protocol_ipv4_address_a and http://www.whatdotheyknow.com/request/internet_protocol_ipv4_address_a_2
Unknown said…
Disagree - that the petition is 'errant'. It could and should be widened beyond the DWP of course to include other mis-use of masks like this, whether they are V4 or V6. Re-numbering is not a likely scenario if the addresses are not in use and super/subbing and NAT can take care of most internal networking requirements along with proxy/socks shinnanegans. In the real world, we've been working around this as a REAL issue for our networks for years - why should the government be any different?
Peter Judge said…
I wrote up the petition story on TechWeekEurope,
http://www.techweekeurope.co.uk/news/ip-addresses-uk-government-dwp-petition-93069

You may be right that the petition is the wrong way to go.

I had a response from the DWP, and put it at the end of the story.

Basically, DWP says
- the addresses are all in use
- you can't sell public IP addresses on the open market

I think both of these things are not true. Am I right?
Peter Judge said…
thanks - I see the update with the FOI request.

I still wonder, if these are on an internal net, and not visible to the public Internet, why use global IP addresses?

Was that a mistake, and something that is just too complex to change now?

Peter
jelv said…
This comment has been removed by the author.
jelv said…
So DWP are claiming they have 16,000,000 devices on their internal network? I think the phrase is "being economical with the truth"!
There are a couple of problems with this:

1) Reclaiming an extra /8 won't solve the problem of IPv4 exhaustion. It will only stall it. At current rates, it will only add an extra year before we're out of addresses again. Its inevitable.

2) You cannot sell IPv4 addresses, they're a public resource. By all means, push for them to be released back to RIPE for re-allocation, but they aren't to be sold.
Simon Zerafa said…
Hi,

The FOIA request information was interesting but missed an important question. why did they not use a 10.0.0.0/8 assigment given that

1. The network is not designed to be exposed or routed over the public Internet

2. The 10.0.0.0/8 block exists for that exact purpose.

What would be involved in re-tasking to use that block so the 51.0.0.0/8 block could be given back to RIPE or whomever assigned it with a payment back to the UK Government to cover costs and realise a modest profit?

Regards

Simon
Mark Dowling said…
"You cannot sell IPv4 addresses, they're a public resource. By all means, push for them to be released back to RIPE for re-allocation, but they aren't to be sold."

Put a value on that "public resource" (I would call it more of an "accident of history") and who knows how many more /8s may come tumbling out. We have two internally routed class Cs we could get rid of in a short amount of time by switching machines over to some of our 192.168 networks but there's no imperative on us to do so.

Principles are great but human nature is human nature.
Anonymous said…
I think this may all be my fault.

Back in 1988-91 I was a contractor at DSS in Lytham St Anne's. My main role was designing the communications infrastructure for the new Child Support Agency.

CSA was to be the first large scale deployment of TCP/IP in DSS and would need a lot of addresses.
This was before the advent of the private non-routable networks and before subnet routing or NAT, so we needed a large address space. Because we envisaged routing across the public network, we needed public addresses.
After a lot of negotiation with Jon Postel at NIC, I obtained a class A network for DSS. I don't recall the number but I guess it was 51/8.

Gareth Howell
Unknown said…
You cannot sell IPv4 addresses, they're a public resource!!
Peter said…
Out of interest, what do DWP pay for this range?
Peter said…
Out of interest, what do DWP pay for these static addresses?
Unknown said…
If one Agency has 16,000,000 IP Addresses, how many others are there, Surely the Registry Knows, or can examine its records, and find out
Unknown said…
Any /8 that is returned at the moment would vanish instantly into pent up demand. IANA (global), and APNIC (asia pacific) ran out of addresses two years ago. RIPE (europe) ran out 6 months ago. ARIN (north americ) and LACNIC (south america) run out in about a year. AFRINIC (africa) runs out in about 7 years due to an extraordinarily low rate of growth of the internet there.
At the time that APNIC ran out, they were using an aditional 15 or so /8s per year. Since it has been 2 years, they have a pent up demand of around 30 /8s. This is more address space than we are likely to get from recovery of legacy IPV4 address space, adress allocations prior to the implementation of CIDR.
Unknown said…
@Peter.

Legacy holders are, I believe, not required to pay anything for the addresses as their original contract did not specify that anything was owed.

Popular posts from this blog

Your last name contains invalid characters

My last name is "Graham-Cumming". But here's a typical form response when I enter it: Does the web site have any idea how rude it is to claim that my last name contains invalid characters? Clearly not. What they actually meant is: our web site will not accept that hyphen in your last name. But do they say that? No, of course not. They decide to shove in my face the claim that there's something wrong with my name. There's nothing wrong with my name, just as there's nothing wrong with someone whose first name is Jean-Marie, or someone whose last name is O'Reilly. What is wrong is that way this is being handled. If the system can't cope with non-letters and spaces it needs to say that. How about the following error message: Our system is unable to process last names that contain non-letters, please replace them with spaces. Don't blame me for having a last name that your system doesn't like, whose fault is that? Saying "Your

All the symmetrical watch faces (and code to generate them)

If you ever look at pictures of clocks and watches in advertising they are set to roughly 10:10 which is meant to be the most attractive (smiling!) position for the hands . They are actually set to 10:09.14 if the hands are truly symmetrical. CC BY 2.0 image by Shinji I wanted to know what all the possible symmetrical watch faces are and so I wrote some code using Processing. Here's the output (there's one watch face missing, 00:00 or 12:00, because it's very boring): The key to writing this is to figure out the relationship between the hour and minute hands when the watch face is symmetrical. In an hour the minute hand moves through 360° and the hour hand moves through 30° (12 hours are shown on the watch face and 360/12 = 30). The core loop inside the program is this:   for (int h = 0; h <= 12; h++) {     float m = (360-30*float(h))*2/13;     int s = round(60*(m-floor(m)));     int col = h%6;     int row = floor(h/6);     draw_clock((r+f)*(2*col+1), (r+f)*(row*2+1),

The Elevator Button Problem

User interface design is hard. It's hard because people perceive apparently simple things very differently. For example, take a look at this interface to an elevator: From flickr Now imagine the following situation. You are on the third floor of this building and you wish to go to the tenth. The elevator is on the fifth floor and there's an indicator that tells you where it is. Which button do you press? Most people probably say: "press up" since they want to go up. Not long ago I watched someone do the opposite and questioned them about their behavior. They said: "well the elevator is on the fifth floor and I am on the third, so I want it to come down to me". Much can be learnt about the design of user interfaces by considering this, apparently, simple interface. If you think about the elevator button problem you'll find that something so simple has hidden depths. How do people learn about elevator calling? What's the right amount of