To the credit of the RIRs and their associated communities, the problem of IPv4 address depletion has led to some innovative policy proposals. Each of the three largest RIRs is considering proposals to permit market-based address transfers. In the temporal order of their introduction, they are:
• Asia-Pacific region: prop-050-v002: IPv4 address transfers (Huston)
• European region: RIPE 2007-08, “Enabling Methods for Reallocation of IPv4 Resources.” (Titley and van Mook)
• North America region: ARIN: Policy Proposal 2008-2 IPv4 Transfer Policy Proposal
The transfer proposals would allow organizations willing to release address resources to benefit monetarily by selling them to another organization who wants them, subject to the record keeping requirements and contractual regulations of the RIRs. The premise of this policy is that once all the free IPv4 address blocks have been distributed, the only way to get more of them is to shift addresses away from users who no longer need or want them to users who do need them. By allowing the recipients of address blocks to pay the existing holders to give them up, market transfers will create an incentive to release unused IPv4 resources. The emergent price system will also clarify the economic tradeoffs associated with the use of IP addresses.
The market transfer policy has another, equally powerful motivation. As noted before, addresses are already being transferred privately or even hijacked and used without authorization. There is a fear that once scarcity increases, a black market will evolve and the RIR’s registries will no longer accurately reflect which organization holds which address blocks. A breakdown in the accuracy and universality of the RIRs’ databases would have severe consequences for the security and orderly management of the Internet’s technical infrastructure.
The proposals vary significantly. In general, the RIPE proposal is the simplest and most liberal, but also the most narrow in scope. The APNIC proposal is similar to the RIPE proposal but attaches a few more restrictions and costs onto the transacting parties, and has some structural flaws. The ARIN proposal, on the other hand, is the most restrictive and complicated policy. As the most regulatory of the three, the ARIN proposal nominally legalizes transfers but does so in a way that might discourage most from ever taking place.
The next section conducts a systematic analysis of the proposals according to five key dimensions: 1) Trigger Date; 2) Territorial restrictions; 3) Eligibility restrictions/speculation controls; 4) Fees; and 5) Route Aggregation. The similarities and differences among the proposals are summarized in Table 1.
The ARIN proposal says that the transfers it authorizes only start “when IANA allocates its last unallocated unicast IPv4 address block.” The RIPE and APNIC proposals have no trigger date. The economic rationale for a tying the beginning of a transfer policy to the depletion of the IANA free pool is weak. If a party is willing to part with address space now and someone else wants it, there is no social benefit to be gained from requiring that person to wait for IANA's last unallocated address block to be dropped, and no harm by allowing them to sell it earlier. Indeed, the person buying the address block is leaving free space available for others to take, which seems desirable.
One might see a trigger as necessary to prevent people who received “needs-based” allocations for free from turning around and reselling them. But if RIRs can really determine whether organizations “need” IP addresses as they claim to be able to do, a trigger time should be unnecessary. An organization that really needs the address blocks they have been assigned will not sell them. Another rationale that has been advanced for the ARIN trigger date is that if addresses are still available “for free” from ARIN, then organizations that don't qualify for space under current policy would be able to get addresses. But this argument reveals a fundamental confusion. It is an attempt to preserve the effects of pre-scarcity policies under the new conditions of IPv4 scarcity. As noted before, engineering-based “needs assessments” make no sense once the free pool is depleted. A transfer market allows the transacting parties to determine which party has the greater need. The potential to eliminate burdensome and expensive needs assessments is one of its primary virtues.
This is one of the most interesting and difficult problems associated with address transfers. In principle, an address transfer market should be global (subject to the need to maintain route aggregation) and allow resources not used in one region to be transferred to another region where it is needed more. This aspect is most relevant to developing countries, which may need to “import” IPv4 addresses from regions such as North America which are rich in unused legacy IPv4 addresses.
RIPE and APNIC would allow organizations in different geographic regions to transfer addresses between them, as long as they are both members of the same RIR. The RIPE and APNIC policies would thus permit inter-regional transfers, with some suggesting that the RIRs would become “competing title agencies.” The ARIN policy on the other hand is designed to prohibit interregional transfers. The ARIN policy requires both that the transferring parties be members of ARIN and that the addresses transferred would be used within the ARIN region exclusively. The purpose of this restriction is to retain the regional exclusivity of the RIR and avoid competition with other registries.
Eligibility Restrictions/Speculation control
None of the RIRs are eager to encourage speculative accumulation and rapid resale of address resources. The policy goal is to encourage one time transfers of allocations and assignments from organizations that do not need them to organizations that do need them. If organizations stockpile address resources purely for their resale value it could make the IPv4 supply situation less stable and predictable given the operational need for IPv4 addresses and the tight supply. Thus the structuring of transfers to discourage speculation makes sense. The three proposals vary significantly, however, in how they handle this.
1. RIPE’s policy is applicable only to Internet service providers (more precisely, “LIRs,” or Local Internet Registries, not end users. This makes it the most limited in scope. Aside from that limitation, it provides for the most sensible restriction on speculation. It posits that buyers of transferred addresses cannot transfer complete or partial blocks of the same address space for 24 months. This simple and direct limitation eliminates the possibility of acquiring addresses in order to quickly “flip” them in a secondary market. The RIPE policy recognizes that there is no need to regulate the selling party to achieve this goal. The RIPE policy also does not prevent the recipient from engaging in reasonable and graduated stockpiling of addresses that they might need over time in order to accommodate risk and uncertainty. Nor does it impinge on what these entities do with other address resources not involved in the transfer.
2. APNIC allows any organization that has been assigned addresses to transfer them. With regard to speculation, the APNIC policy imposes a blanket restriction on the selling party, who cannot receive any IPv4 address allocations or assignments from APNIC for a period of 24 months. This regulation is not as well designed as the RIPE provision. The restriction on future requests might make potential sellers think twice about whether they should give up their current address holdings, regardless of whether they have any intention of being involved in speculation. Also, this aspect of the policy still does not prevent the buying party from quickly reselling its newly received address resources the first time it receives some through the new transfer process. True, the restriction on receiving more resources from APNIC would catch speculators after they sell the resources, but limiting their ability to request additional resources from APNIC would miss the target. True address speculators would be more likely to get new addresses from the secondary market, not from APNIC.
3. The ARIN proposal, like the APNIC proposal, allows both end user organizations and ISPs to transfer addresses. But it imposes severe restrictions on both the selling party and the buying party. It requires purchasers of address resources to “pre-qualify” for addresses by subjecting themselves to a traditional ARIN “needs assessment” process. Any prospective buyer who does this will discover that ARIN will assess not only their request for a transfer, but all of their existing allocations. This could deter many potential buyers from applying for fear that ARIN might take away addresses rather than authorizing them to get more. The releasing party cannot have received any IPv4 addresses, either from ARIN or from transfers, in the past 24 months, and cannot request any for the next 24 months. So anyone who sells resources must remove themselves from the ARIN allocation/assignment process for a total of four years. This restriction ignores the need to encourage legacy address holders to release resources they could learn to do without. The restrictions seem to be motivated more by an ideological desire to reassert its legacy principle of needs-based address allocation, than by an attempt to encourage efficiency-enhancing reclamation. In the new environment of address scarcity and relative need, ARIN should not care whether an organization that wants to release addresses acquired them from ARIN two years ago, one year ago, or 20 years ago. The point is that they have too many addresses and want to sell them, and that someone else needs them and wants to buy them. ARIN policy should concentrate more on making sure that releasers of address resources are the legitimate and valid holders of the resources, and not attempt to punish them for participating in the market. To discourage gaming and speculation, after an organization sells addresses into the market, it should of course not be able to go immediately to an RIR and ask for free assignments. A one year “time out” after a release/sale is a reasonable requirement. But as time passes it is unlikely that there will be any free IPv4 address blocks for ARIN to distribute, anyway.
If address blocks released into the transfer market are subdivided into many parts, address transfers could lead to more de-aggregation of routes. All three of the transfer policies attempt to limit the impact of transfers on route aggregation, although in different ways
1. RIPE and APNIC propose simple rules that set a minimum size of the blocks to be transferred. For RIPE, a /21 (a little more than 1,000 contiguous addresses) is the minimum size address block. For APNIC, a /24 (a little more than 250 contiguous addresses) is the minimum size.
2. ARIN adopts the most detailed and prescriptive policy. It also considers a /24 the minimum size, but imposes on releasing parties detailed regulation of the way in which larger address blocks can be cut up into smaller ones. Without a much longer and more detailed study it is difficult to assess the economic and technical impact of ARIN’s attempts to control the impact of transfers on route aggregation. Strictly speaking, ISPs are not obligated to route addresses simply because RIRs have allocated them. Smaller address blocks that enter into the transfer process might not be routed if ISPs reach the limit of what their routers can bear. Thus, in a true transfer market, one would expect the price of addresses to reflect their quality, with routability being a critical aspect of quality. Smaller blocks with a low probability of being routed should be devalued relative to larger ones. Deaggregation could cause an increase in the costs of ISPs; but at the same time, some ISPs might willingly bear those costs if it meant additional customers. It is not clear whether ARIN’s detailed prescriptions are needed. The assembly of contiguous blocks by aggregators of address resources for leasing by third parties could also overcome this problem.
In the ARIN and APNIC proposals, the buyer pays a “transfer fee” in addition to the normal fees associated with holding and servicing address resources. In the RIPE proposal, no transfer fee is mentioned; re-allocated blocks are considered to be no different from the allocations made directly by the RIPE NCC. If the purpose of the policy is to encourage efficient transfers, then the transfer process should not create costs that normal address holdings don’t incur, which the RIPE policy does. Although address transfers do create costs for the RIRs to update their registrations and records, the same costs are incurred when any other changes take place in RIR’s records. This may or may not be a significant problem, depending on the size of the fees and the costs associated with updating records and verifying the authenticity of the parties involved in the transfer. A small, one-time transfer fee probably would not create a strong disincentive to engage in transfers.
There are important variations in the address transfer market policies of RIPE, APNIC and ARIN. The most important differences pertain to eligibility and the approach to regulating speculation. For reasons that are not clear, RIPE’s policy does not permit end user organizations to transfer addresses, while the other ones do. RIPE would regulate resale by a buyer (which we believe is the correct approach). APNIC’s policy regulates the post-transfer address requests of the seller of addresses, and does not regulate the buyer at all (a mistake). ARIN over-regulates both sides of the transaction.
It would help avoid confusion and loopholes if a common structural approach was adopted by all three RIRs. We suggest that both end user organizations and ISPs be eligible for transfers. We suggest that buyers of address resources not be allowed to resell them for two years, and that sellers not be allowed to request IPv4 address resources from an RIR for one year after the sale. These restrictions should be globally applicable. We suggest that ARIN dispense with the pre-qualification of buyers and concentrate on identifying and verifying the authenticity of sellers. On the issue of route aggregation, transfer policies should retain a common minimum size. They should also make it explicit that an RIR’s role in recording and facilitating address transfers carries no guarantee of routability. The price of the address blocks should reflect the risks associated with attempting to use them, and the ISPs themselves should decide how many additional route announcements they can carry.
In the short term, it is wise to keep the transfer markets regionally segregated in order to reduce the complexity of policy implementation and to limit the scope of any mistakes or problems that are discovered. But in the longer term policies should explore modifications that would allow inter-regional transfers. Because of the concentration of IPv4 resources in North America and the faster growth rates of developing countries, there are likely to be a major need for moving resources globally. ARIN in particular might want to find a way to authorize the one-way export of address resources from its region to poorer countries.