Part Two: Address Space Trading and the Routing Table
by Niall Murphy, Google, and David Wilson, HEAnet
In our last article , we wrote about the onset of scarcity and the problems that are likely to ensue as a result. We characterized the problem we face as the gap, the length of time between the end of IPv4 plenty and the beginning of a universally reachable IPv6 Internet. Noting that any solution should either make the gap shorter, by bringing forward full IPv6 deployment, or make it less painful, by reducing the pressure of IPv4 scarcity, we propose that the fairest, most neutral way to encourage networks out of IPv4 while providing help for those who need it is to introduce a market-based IP address trading exchange. Let us explore now how such a system could work.
Possible Market Structures: Advantages and Drawbacks
An exchange could be set up and operated in many ways. Our preference, however, is for such a service to be run by the existing, trusted, and stable Regional Internet Registries (RIRs). Not only are they experienced in maintaining the values that the community as a whole wants to see maintained—fairness and neutrality, transparency, etc.—the RIRs are also in an excellent position to establish the quality of prefixes traded in an exchange, having excellent service contracts and history with members. Furthermore, the RIRs are unlikely to be made available for onward sale or transfer to other organizations with "different values," and would maintain their traditionally community-focused policy-making apparatus. They would also be in a position to act quickly to coordinate and assume responsibility if given sufficient authority by the membership.
It does not have to be an RIR, of course: we could set up another industry body, but it would take valuable time and require a new governance model. We could also outsource the whole thing to any professionally run auction-handling site, but for such a fundamental change in how we do things, it seems wise to keep it under direct control. Finally, the psychology of continuity is important; if organizations are used to dealing with the RIRs, it provides an important perception of stability to keep them as the interface to getting new addresses.
As with our previous article, we emphasize again that the RIRs have provided excellent service in focusing the consensus of the community in a form that can be passed back to governments and other stakeholders, both external and internal.
The shield provided by the RIRs, protecting the members from the outside and protecting the members from themselves, has worked well for three reasons:
- First, RIR consensus is widely seen to broadly reflect the wishes of their communities as a whole because of the extremely low barrier to representation—in essence anyone who cares can attempt to influence
policy, and no formal attempt is made to weigh one set of opinions over another. As a result, RIR policy is a lowest common denominator that is in general free from many of the more partisan stances usually found in the telecommunications arena, leading to greater credibility outside the RIR system, and greater credibility within, because the oppression of a minority by the majority within the context of policy formation is very difficult.
- Secondly, possessing that credibility has led to repeated success for the RIRs in the arena of disseminating and explaining policies outward, and they have therefore reinforced the confidence their members have in them.
- Finally, the RIRs are also comparatively financially easy to run; in the Réseaux IP Européens (RIPE) region, fees are by no means excessive given the ratio of customers to addresses; they are observed and validated by RIPE Network Coordination Centre (NCC) members, and any competing industry body would have to duplicate not only all the previously mentioned activities, but also the large working surplus that allows the RIRs to ensure stability through more turbulent times. Or to put it another way, "it's open, it works, and it's cheap." We would recommend that any significant extension to the RIR authority, such as running an exchange as proposed, should endeavour to preserve as many of these properties as possible.
So if RIRs are to be the point of contact and policy making, how might such an exchange operate? We have a few guidelines from a relatively new field of economics, called Market Design Theory , that might help to inform our choices. Firstly, we must have thickness: we must have enough traders (both buyers and sellers) entering the market, such that the populace at large can be assured that if they need to perform a transaction, the exchange is the place to do it, rather than private trades. (Private trades, although they enable liquidity, have the disadvantages that the WHOIS database is not maintained, that policy cannot be centralized, that prefix de-aggregation
can occur arbitrarily, and so on.) We should avoid congestion: so many participants that it becomes difficult to trade. Finally, we must have safety: the assurance that if a transaction is engaged in, it will complete, and buyers will receive what they want.
Although other properties exist, those are the main ones required for the exchange to operate successfully. On thickness, we think it is clear that attracting buyers in a time of scarcity will not be a problem. The problem will be attracting sellers from such constituencies as have them available (old Internet Assigned Numbers Authority [IANA]-allocation holders, dot-com failures, and so on). An open question is whether the exchange can do more to attract sellers than the monetary reward for selling would do on its own; more meaningful incentives for them are difficult to determine. Overall, congestion does not seem likely to be a concern, given that the RIR model most usefully supports only membership-based participation initially. (Furthermore, our guess is that the "product" will be quite homogenous, so performing trades will presumably be mostly a matter of determining price.)
Let us return to the question of prefix quality. The single most important measure of quality of a prefix, the attribute without which the prefix is useless, is uniqueness. One must be assured that the prefix one holds is acknowledged as being held by oneself, and that Internet Service Providers (ISPs) will accept its announcement from no other parties.
From a plentiful pool, where prefixes have no cost other than the service charge of the registry, ensuring uniqueness is perhaps not a simple task, but it is a relatively uncontroversial one. When scarce, prefixes become valuable and will be given a cash value, either officially or by other means. ISPs will then have a business reason to break with consensus on routing filters, as we discuss later in more detail; but regardless, prefixes allocated from the IANA free pool generally have an impeccable heritage and do not vary greatly in usability. There are, of course, the natural delays in having new /8s incorporated into routing filters across the world. Those delays do have real effects, but the recipient of these prefixes usually has good reason to believe that a) these problems will be corrected over time, and b) everyone else in the same /8 will have the same problem.
In the new paradigm, each prefix must be carefully examined by the recipient to test that it is uniquely held by the proffering organization, and the recipient will presumably have a further interest in its routability and membership in blacklists. The quality problem arises in both private and public trades; if the RIRs implemented a quality test, that would be yet another advantage of centralization to the benefit of everyone.
Closely associated with prefix quality is the question of safety. Again the RIRs are in an excellent position to provide the necessary support for good-faith transactions, certification of prefixes being the primary mechanism, although various other possibilities (such as membership controls) might also exist.
More pertinently, pricing of the goods traded in such an exchange is an important question. Various natural calculations might support the calculation of address costs, including but not limited to average revenue per address, operational costs averaged over all addresses held, and so on. Our primary contention here is that the RIRs should not engage in price setting directly. Doing so would at the very least invite regulation. There may be a case for placing caps on trades as an antispeculation measure, but that requires further analysis.
What exactly the "goods" are in this case also needs consideration. Our preference is that what is traded is the right to use a prefix, rather than a prefix itself. Quite apart from the inherent oddness in selling a 32-bit integer (with 5-bit netmask), we should avoid the land registry model, where all the previous history of a prefix must be checked before sale. We need the RIR to intermediate itself and provide quality evaluation services rather than leaving it up to the end buyer. We should also not be selling rights to use prefixes of fixed sizes. The exchange needs to offer a spread of lengths in order to meet the needs of all potential customers.
You Say You Want a Revolution
To be sure, a change in the perceptual or legal status of IP addresses is a revolution in how we do things. The ramifications of IP addresses becoming property, or even acquiring intermediate states with property-like title rights, are manifold and they involve sweeping changes. Suddenly things that had no value have a clear public worth. Will organizations then be compelled to list addresses on their books as an asset? Could they then be taxed on them? What would such a tax rate be? Could organizations not actually using the asset (say, the RIRs) avoid this charge? Would transfers entail a taxable operation? These questions are significant and difficult. The right thing for the community is almost undoubtedly that IP addresses do not become simple property, but rather have (at a minimum) transfer and sale rights associated with them. In this way we could enable liquidity without complications, and avoid introducing extra complications at a difficult time. But it is unclear whether regulatory authorities will see it this way without the correct guidance.
The change in legal status of IP addresses is not the only violent change that could be unleashed by exhaustion. Consider, for example, the potential for litigation led by both new entrants unable to acquire an allocation to fulfill their business plan and incumbents seeking to either cause confusion (as an anticompetitive measure against just about anyone) or to try to disrupt any fragile consensus about how the last allocations play out. Leaving aside the question of whether simple prudence would recommend or deprecate such a move, there is a very clear risk of attempted litigation affecting the outcome of the end game.
However, one of the major benefits of a market is that it allows the RIRs to maintain a hands-off approach while still making it at least theoretically possible for an organization to get an independent allocation. The community can be doing all that it realistically can to continue the flow of IPv4, in terms of creating conditions fostering its dissemination, while being seen to be doing such, rather than simply running out of ideas and giving up. It could, of course, be seen—not unfairly—that participating in the transition to a market mechanism might amount to the effective transference of title to those who happened to be in the room at the time of exhaustion, an effective "insider privatization."
Yet, if a market does not emerge, it is hard to see how any new entrants can have a business plan not directly dependent on incumbents. Although there are plenty of incumbents who would value having more address space to continue their business over the cash value of their addresses, so rendering entrance to the market impossible, there are plenty of other organizations that have only ever used a portion of their first allocation and would theoretically be well motivated to disburse these addresses accordingly.
To avoid exceptional attention from regulatory authorities, and to prevent the exchange from failing, we should design the exchange to deter in a systematic way the misbehavior of markets: speculation, hoarding, cartels, price fixing, and regional disadvantage should all be made as difficult as possible within the context of running a limited-membership market.
If we define speculation as short-term dealing with no expectation of use, we may be able to limit this kind of behavior naturally as a consequence of the membership-based participation inherent in the RIR model, and as a function of the periodic nature of routing filter generation. Increasing the price with short-term speculation disincentivizes the end purchaser with a use expectation from actually buying the prefix, because there will be a time delay before it can be used; therefore the purchaser with no use expectation will find it more difficult to find a buyer if the price rises to unreasonably high levels.
Hoarding, defined as long-term speculation with no use expectation, is bad for the exchange in that thickness is reduced, but also bad for the hoarder because the long-term value of the asset should decrease, in line with the increase in deployment of IPv6.
The formation of cartels would actually be quite a practical difficulty, especially under the closer attention likely to be paid to the exchange by competition authorities. Notwithstanding the coordination difficulties, we are inclined to say again that enough buyers should help to control this problem sufficiently to make the exchange work.
Regional disadvantage is, however we look at this situation, a problem. If scarcity is likely to lead to some monetary value being placed on address space, we face a vista where regional disadvantage can only be reduced, not eliminated. The inequality is, ultimately, one of the most compelling reasons to minimize the length of the transition period, and it would benefit us all to do so. Some measures go part way toward alleviating the problem. For instance, regional cooperation can help—in a market, if buyers cooperate and bulk buy, the threshold for organizations that would otherwise be facing a prohibitive barrier to entry would be reduced.
If we do not have a globally accessible exchange, it does not necessarily mean that the organizations will simply fail, entrenching the regional inequality, but they may respond by trying to fulfill their customer requirements by means of private, uncoordinated trading, with all the problems that entails.
We note that it is probably best to structure the actual trades as auctions, rather than facilitated marketplace transactions. When quality is asserted, one prefix is much like another—at least compared to prefixes of a similar size—and treating them as a commodity in this way facilitates the enforcement of policies on a centralized basis.
Drawbacks of a Market
Many cautionary tales about the operation of markets exist. Irrational exuberance, long-lasting depressions, fraudulent or exploitative behavior of all kinds—all of these effects, either enabled or supported by market mechanisms, are well known. Do we have any reason to believe either that these consequences will be not serious in our particular domain or that we have any new way of preventing them from happening?
In truth, we have no particular reason to believe that they won't happen, but there is a structural reason to believe that they might not matter to the exclusion of all else: the worse the situation becomes in the IPv4 marketplace, the more incentive there is to move to IPv6. To that extent, the market might be considered as providing a somewhat self-regulating reason for transition. Of course, we can put various mechanisms in place to help mitigate unstable behavior, as we suggested previously, but ultimately this is a fundamentally new way of doing things that we are ill equipped to understand the full consequences of.
Perhaps the largest drawback, outside of the practical difficulties in getting IPv4 addresses to organizations, is the philosophical impediments that come inherent with switching to a market-based model for allocation. Although a market cannot be said to rule out the consensus model that has turned out well for the Internet community, it also cannot be said to fully support it. This change may be a cultural one we find difficult to reverse, and it might undermine any future attempt by the community to try to differentiate itself on governance model.
Even though we have proposed the market model in good faith, as an attempt to meet the needs of new entrants and existing organizations—and as a boost to the faster deployment of IPv6—if it proves to be a failure in meeting those needs, there may be no more credible strategies left if governments insist on action. That in itself might represent even larger, more unpredictable change for the industry.
Effects on the Routing Table
Another inescapably important question is what will happen to the Default Free Zone (DFZ) routing table. A world in which address blocks transfer without the aggregating procedures of the RIRs is naturally a cause for concern, and when needs-based allocation comes to an end, a change in the rate of growth does seem inevitable. We can, however, make some observations that might reassure us, to some extent, that the rate of growth will not be calamitous.
First, as we go from a time of address plenty to address scarcity, one can assume that the ongoing fulfilled demand for address space will be no greater than it is now. Hence, the future growth in the number of prefixes in the routing table—regardless of prefix length—would seem to have an upper limit consistent with the number of allocations by RIRs to Local Internet Registries (LIRs) at the moment. This limit is still a multiple of the current curve, because we lose the benefit of the aggregation function performed by LIRs, but it suggests that we will at least not face an order-of-magnitude step change as a result of a disorderly competition.
Then there is the question of the routability of smaller prefixes. There is, at the moment, a de facto longest prefix size of around /24 that has close to universal reachability on the general Internet. One might assume that this prefix size will grow inexorably during and after exhaustion, as existing space is broken up into smaller and smaller blocks. Implicit in that assumption is the notion that such block sizes will be adequate for users and worthwhile for ISPs to route; we should probably not rely on networks "making do" with smaller and smaller chunks of address space.
Simultaneously, inexorably growing prefix lengths in the DFZ can only come about because of operator action. In particular, although there is a rough consensus in DFZ operators at the moment that /24 is routable and /25 is not, this policy is not a consensus-approved policy of the RIRs or the IETF. Each operator makes its own decision, based on its own customer needs, its own network, and the expectation of routability with other networks.
Reachability, therefore, depends on ISPs cooperating, and universal reachability depends on ISPs cooperating universally. An ISP may well choose to carry smaller prefixes on behalf of its customers, but unless this practice becomes widespread, no expectation can be made of universal reachability, and the practice will remain a minority one conducted by cooperating ISPs, as occasionally happens from time to time today, and this situation will little affect the size of the routing table for those involved.
Is there a competitive advantage to the largest of the ISPs in investing in very large routers that can carry many millions of prefixes, more than the smaller ISPs can support? If there were, it could perhaps lead to a concentration of power in the tier-one providers (who, as inevitable parts of any lengthy path across the Internet, have the greatest influence on the de facto longest routable prefix.) This situation could perhaps be true if routers are price-limited by the supportable number of prefixes, but this characteristic is typically a secondary one at worst. Routers are grouped by the bandwidth they can support, and priced accordingly; a 100-Mbps router that can support a million prefixes will certainly be more expensive than a 100-Mbps router that can support only ten thousand, but there is an order of magnitude step from either router to a router that can support 10 Gbps.
Inaction Leads to Harm
In fact the argument that the effect on the routing table will be unsustainable is opposed to the argument that there may not be adequate liquidity to sustain the market. It is true that we could find ourselves in the latter position, and so the effect of this system on reducing the problem (characterized as "the gap") will be smaller than we might like—but, as a best-effort scenario, not negligible, particularly in regard to showing good stewardship of the resource to potential outside influence. Compared to any other proposal, and particularly compared to voluntary release or a locking down of the address space, we think that this way is the best way to assure that we make available what liquidity there is.
It is difficult to see any model—even an idealized one—that could possibly service the run rate while maintaining aggregatability. The sparse allocation model used by the RIRs is dependent upon the continued availability of large, clean blocks of space, that is, /8s from IANA. With this address plenty comes freedom in our choice of policies, and with that freedom comes relatively quick consensus.
Post-exhaustion, the space will not be plentiful, and regardless of whether a monetary cost is attached, it will no longer be free. At this point, the legitimacy of the consensus of the RIR fora becomes critical. It is a fiercely defended bottom-up process. As the legitimacy of policies in the Domain Name System (DNS) world comes from consensus to abide by a single root.cache, so the legitimacy of policies in routing comes from general agreement on route filters and the authenticity of data in the RIR WHOIS databases.
We have also learned from the DNS world what happens to opera-tional consensus when the resource becomes in some way valuable. Although the current RIR meetings are able to come to decisions that roughly reflect the consensus of the operational Internet, the necessarily tougher decisions forced upon us will challenge those who participate directly in policy making to reach conclusions that will satisfy operators who are not present. In principle it should not be necessary to account for those who do not represent themselves, but when the legitimacy of our policies is derived from their operational choices, the burden rests on us to ensure that our processes are truly representative.
If we are unsuccessful in doing so, or indeed if we choose to maintain the status quo, we cannot assume that the policies implemented on the operational Internet will themselves remain static. It is already the case that ISPs will work together, as is their entitlement, to agree to route prefixes for the benefit of their mutual customers. It is not unusual for one ISP to accept the announcement from a customer of a subnet of another ISP's address space. This decision is one for those ISPs to make about their own operational environments.
If we choose not to endorse a particular short-term solution to depletion, it falls upon ISPs themselves to find a way to continue their business operations, and resolve their customers' problems. If they cannot get address space from themselves, it will be their duty to their customers to get routable address space from somewhere—by negotiating, if necessary, with their peers and upstream providers to change the definition of "routable address space." Ultimately we may assume that if we do not provide a solution to the industry, the industry will invent one—or several competing ones.
Because we assert that the solution that best solves this problem is an address space trading exchange, we may well end up getting one—but one (or more) that is private, and out of sight of our existing policy-making structure. Worse still, competing exchanges would not have access to the RIRs data, and so would not be in a position to assure the quality of a prefix—a situation that could threaten all transactions.
Without exaggerating, it is likely that what we do in response to this crisis will determine the architecture of the Internet for a long while to come. Although we are reminded of Woody Allen's quote wherein he "... hope[s] mankind has the wisdom to choose correctly... between utter hopelessness and total extinction [14, 15]," there are, as we have outlined, measures we can take to survive the coming storm. They are not beautiful solutions. They are not how we have traditionally done things, or even how we would like to do things. Adopting them will almost certainly result in someone being worse off than if we had simply done nothing. But they represent, to our minds, the best, most realistic chance to avoid widespread difficulties and the loss of many of the principles we in the networking community hold dear, to ourselves and in our institutions. Let us begin this process now.
The authors would like to gratefully acknowledge help and support from Léan Ní Chuilleanáíin, Emma Apted, and David Malone for diligent editing.