https://governmenttechnology.blog.gov.uk/2015/02/19/freeing-up-unused-ip-addresses/

Freeing up unused IP addresses

This post by Hadley Beeman from the Office of the CTO is about looking for extra value in the resources we already have.

Brent Hensarling
Image courtesy of Brent Hensarling on a Creative Commons licence.

Our decisions on government technology are driven by user needs, first and foremost, but also by our push to focus resources where they’ll do the most good.  Making government cheaper, reducing the deficit and getting great technology for our users at a reasonable cost to the taxpayer - these things matter.

A while ago, I found myself in conversation with colleagues in DWP about their extraordinary number of public-facing IPv4 addresses.

These addresses are used to number computers, mobile phones, servers and other devices on the internet and as the Internet is growing quickly, there is a shortage of these addresses.  The next version of the Internet Protocol, IPv6, helps with a much larger supply of addresses, but many networks aren’t yet ready to move to IPv6.  So there is a demand for IPv4 addresses.

Together with DWP’s network teams, we started some discovery work.  Other approaches to setting up networks, like IPv6 and Network Address Translation (NAT), mean we may not need all the IPv4 addresses we hold. Might there be others who need them more?  Mindful that we have an obligation to maximise assets that have been funded by taxpayers, these addresses might do us — and the world — more good if we sell them.

We’ve brought in Ernst & Young to help us explore the possibilities. Reconfiguring our internal networks to free up addresses carries a cost, so we need to account for that, and we’re keen to keep our public services running without disruption if we do transfer them.  So there is much to consider.

This period of discovery is a useful one to see what value we have hidden in our existing technology.  We may be able to better use our network assets, like addresses, both by freeing them up for someone else to use, and by releasing some value from things we aren’t using to their fullest potential.

We will all be keen to see what comes of this and how we can better use our technology to our advantage.

Follow Hadley on Twitter and don’t forget to sign up to the Government Technology blog.

5 comments

  1. Gary

    Interesting to see the HMG/DWP is looking at something which many organisations would simply leave in the "too difficult box". IP's within technology can be looked upon a bit like bolts in say a car; you don't necessarily think about them in the overall product but you know things can go wrong if they are removed - some of course are more critical than others. So the challenge for the DWP will be to keep the "car" running while replacing these "bolts". This is going to take strong leadership and vision and upfront costs to realise the longer term benefits of releasing the value of the IP addresses when sizeable allocations can be returned.

    Ethically I don't know how I feel about the Class A range being returned potentially at significant profit just because the DWP and many other organisations applied for these during the dawn of the internet when they were a cheap resource, when entire continents are struggling with the paltry IPv4 allocations that are left with great difficulty, however there has to be some levers to encourage return of these wasted IP addresses given the not insignificant infrastructure work required to achieve this.

    Link to this comment
  2. Mike Scott

    What about the MoD's /8 block (25.0.0.0/8)? I doubt they're using all of it, either.

    Link to this comment
  3. Andrew Rowson

    While I fully support efforts to audit network address usage, I think it's worth pointing out that it's an error to suggest that unused addresses could be 'sold'. DWP doesn't own the IP addresses, they've been allocated by RIPE - they retain ultimate ownership (if such a concept is meaningful). Releasing them is simply a process of handing them back - they're not the DWP's to sell. There may be a financial benefit in reducing the RIPE membership fees if fewer resources are required, but that may not be significant.

    Further, while handing unused IP addresses back to RIPE will allow them to be re-allocated and potentially re-used by someone else, the IPv4 allocation rate means that it probably won't make a significant difference to the IPv4 exhaustion problem. Even if we managed to hand back a whole /8, that would probably be used up in less than a month.

    Auditing the network will be great for finding out what's where, and uncovering hidden services. However, we should be clear that handing back unused IP address space probably carries very little benefit at this point.

    Link to this comment
    • Phillip Baker

      Andrew, even if these blocks *were* all RIPE assigned (most of these assignments will be legacy assignments pre-dating RIPEs existence!) it is no longer the case that RIPE assignments can only be "returned" and not "sold". With the effective exhaustion of v4 addressing, one of the many policy changes now means that RIPE explicitly permits (and in fact operates a marketplace to facilitate) the direct transfer of IPv4 addressing between organisations in a commercial transaction (And let's be honest - this has always been broadly possible through acquisition anyway).

      Whether the government should actually be doing anything other than promoting the deployment IPv6 at this stage is an entirely different matter, not to mention that a good chunk of any money that could be raised from the onward sale of these blocks is being wasted through the needless appointment of E&Y to "investigate". But then, when it comes to selling off assets, successive British governments have never really been concerned with a big-picture view.

      Link to this comment
      • Chris Hills

        I have to agree that the involvement of E&Y is a waste of taxpayer money. There should be more than enough skill in-house to do such a survey.

        On another point releasing IPv4 space back into the pool will only prolong its swansong. Just get on with deploying IPv6.

        Link to this comment