UK government is squatting on 1.67 million unused IPv4 addresses

The UK's Department for Work and Pensions is squatting on an unused block of super-scarce IPv4 addresses. Specifically, they're sitting on a /8 network with 1.67 million spare addresses. A petition asks the government to sell these off.

It has recently come to light that the Department for Work and Pensions has its own allocated block of 16,777,216 addresses (commonly referred to as a /8), covering to The estimated market value of this block of addresses is between $0.5 and $1.5 billion.

Analysis shows that the DWP is not using any of these addresses in public. If they are being used for internal, private networks then this is a phenomenal waste of public funds - the block is specifically earmarked for use on internal private networks, and using the globally routed internally is madness.

£1 billion of low-effort extra cash would be a very nice thing to throw at our deficit.

The DWP should sell its block of 16777216 IP addresses (via /.0


  1. Energy spent bitching at the government to give up addresses is probably better spent implementing ipv6 and putting the concept of limited address space to sleep forever.

      1. This really isn’t a problem anymore.  Anything you’re buying off the shelf today supports IPv6, and has for a good long time.  Even crappy home routers mostly support it. 

        I’ve been running IPv6 at my house for a few years now (thanks to Hurricane Electric) and even my ancient 802.11b USB dongles are happy to pass IPv6 (mostly because they are layer 2 devices). 

        I think the only holdout in my house is my original model iPhone, which is basically just a kids toy now. 

          1. Most things support it but the auto-config stuff for Consumer Premesis Equipment (CPE) is still somewhat in flux.

            Tunneling through Hurricane Electric, you can do a manual setup, but most people don’t want to deal with manual setups. (The idea of helping my mother to do an IPv6 setup on her home nework… just no.)

            If it’s as simple as your ISP handing you a /64 and you run with that /64 at your house, it’s fairly easy, assuming your router/modem knows how to automatically get that info from the ISP. If it looks like most ISPs will actually hand a /48, /56 or /60, now your router needs to auto configure for multiple subnets (something I personally like).

            Add on a sensible default IP filter, because most people have got used to NAT in front of their home devices and don’t run a local firewall on their machines, or have sharing for a bunch of services turned on.

            So while my phone might do IPv6 just fine, there’s still a little ways to go for things integration between wireless APs, cable and DSL modems to make it braindead enough for joe average consumer. I need to be able to plug a Linksys or Airport Extreme into the modem, and have IPv6 seamlessly spread into my home with minimal configuration, perhaps choosing a ‘public’ and a ‘private’ local network, for example, so my friends can use the local WiFi while not being on my personal server network. I’d also be curious to see if, say, my TV or my Receiver have a functional IPv6 stack.

    1. Yep, they own that.
      Not that uncommon for companies to be sitting on blocks like that.  My company owns a /16 block that serves no purpose right now..

  2. It really doesn’t matter. An extra /8 would quickly be exhausted in a few months and the cost to renumber all the networks that used it previously would likely be extraordinarily high and time consuming.

    1. The biggest problem would be explaining to a government minister what exactly this internet thing actually is. It’d be something like explaining string theory to a field of sheep, and about as rewarding.

    2. Any equipment that’s difficult to renumber is so obsolete that it ought to be replaced anyway – except for servers and routers, anything from this millennium pretty much uses DHCP and DNS*.  Yes, it would only get the world a few extra months of address space – but RIPE just ran out of their stash, and are now measuring out their Last /8 with coffee spoons.

      *Yes, I know that there are VPN tunnel servers that are exceptions to that – it’s unlikely that the Department needs to keep more than a few hundred /24s for themselves to handle all of those. The more significant problem than cost is that it’d take months for the bureaucrats to argue about what to do, and a few more months to actually implement it, so we won’t be seeing much of this address space for another year or two.

  3. If they’re using internally in any extensive way, completely re-addressing their internal network in order to free it up for sale is not likely to be ‘low-effort’ – it could easily swallow up most of the half billion the sale might realize.

    1. That depends. If they have any sane network infrastructure they should just need to update some records in their DNS and DHCP servers. 

      But I’ve read enough of Charles Stross’s “Laundry” novels to guess that sanity is not a strong suit of government ministries.

      1. It’s pretty unlikely they are using DHCP for all IP allocation. There are probably thousands of routers, servers, printers and so on with static IPs. Moving it all would be  a very large job.

      2. Depends on how many routers there are. I doubt they’re using a /8 for a single office building. We could be talking about hundreds of routers connecting tens or even hundreds of thousands of networked devices. There are firewalls to update, machines that have probably been on static IPs for years, etc. For all we know, they have internal software with IPs hard coded into them.

        To migrate such an environment over to a new address space is not easy without downtime.

        Then again, it could just be a single office full of computers and take 3 days to update.

        1. The department of Public Works is probably responsible for bridge and road maintenance – they probably have thousands of two-man offices all over the place, lorry weigh stations, field offices for brige inspectors in desolate corners of the country, etc. etc.

          Don’t forget you can’t just update your LAN equipment – all the changes have to be synchronized with WAN networking changes too.  And no field office can be without access to corporate applications for more than half a day (or some such requirement), including the VT-120 emulator software that runs the mainframe applications that are running on a mainframe emulation environment in an outsourced data centre Spain.

    2. They don’t have to renumber.   It just means that slacking UK government workers would not be able to surf the porn sites on the new 51.x.x.x numbers.

      1. If they are truly not using any of these publicly, it should be possible to use an address translation scheme to work around this: a kludge, but what part of IPv4 isn’t?

        1. They could, but it would be probably be a fairly major effort to renumber the entire government to a 10 net.  And for what?  Most of the money you get from selling them would be spent doing the renumbering and the extra /8 would be used up in a couple of months anyway. 

          If you’re going to go to the trouble to do a complete overhaul of your IP infrastructure, you might as well just transition to IPv6.

          1. Indeed if they want to do anything major then moving to v6 would make sense. My suggested solution would just run a NAT service (or two) between them and the outside world: no need to change their internal assignments at all, and no blocking of the released IP space/new porn.

      1. I picture Vincent Gambini yelling, “Are you sure about 4%? ARE YOU SURE ABOUT THAT 4%?!?!”

        “I may have been mistaken”

  4. I don’t know anything about how the address space was doled out. So, how is it that one department in one government has such as high percentage fo the total possible addresses? Why would any group outside of an ISP need a such a large quantity?

  5. Eh, the US DoD has at least 14 /8 allocations.  XEROX has one, HP has one, and several other major players in the early age of the personal computer have /8s.  Even if they all returned their unused allocations and switched to NAT, it’d only buy us a few months to years.  The real problem is that no one is feeling enough pain to move to IPv6 yet.

    1. The problem is that recovering those addresses is a huge amount of effort and the price per address just isn’t high enough yet to make it tempting to your average IT department. 

      Plus it is dumb to spend hundreds or thousands of hours today to transition from IPv4 addresses to a different set of IPv4 addresses.  At the very least if you do that, go ahead and enable IPv6 across your enterprise at the same time and start the transition. 

      My experience with IPv6 transitions is that the hardware is fine (unless IPv6 is some optional feature that the vendor charges extra for), it’s software that causes issues, and usually stupid ones.  Some big backup server may be perfectly IPv6 capable, but the network license manager it uses is some piece of crap IPv4 only thing and the app of course won’t run if it can’t talk to the license server every 10 seconds.

  6. Hold on, if they sell this off now where will be build the national parks of the internets. Think of the digital children!

  7. Wait. Aren’t Europeans socialists? should they be giving these away to everyone?

    Here in the US, we’d tell the national debt to get off its lazy behind and get a job and earn the money instead of taking handouts from the government…

    1. Europeans are socialists.  Scotland is socialist.  England’s current Tory government?  Not a chance.  (And no, the LibDems probably don’t count here…)

  8. Well they’ve got at least 16,777,216 IP surveillance cameras to implement.  I don’t think this block will be large enough ;)

  9. Some Europeans are mildly socialist. Social democrats would be a more accurate description.

    The Torys are hardly more conservative than “New” Labour was.
    Of course, by current US standards Margaret Thatcher was a communist, and Attila the Hun was a pinko-softie-hippy-liberal.

  10. I’m really annoyed Cory posted this with a direct link to the e-petition. As it, come on this needs signing… I assumed had been done to verify the claims (not least by the person starting the petition)… so went straight though and signed it. 

    Turns out, 80% of the block is used, thought out UK gov, some FoI replies:

    Things such as the GCSX and GSI exist there… every gov computer across the country. The cost would be lost changing everything (even if feasible) .

    Also, not something that could be sold anyway. If it’s not used, must be returned to 
    RIPE. Cannot be sold. 

    Apart from the easily-kicked target of the british govt. there are loads of companies that are also sitting on /8’s. Ford Motors, Eli Lilly (who?), the long-defunct DEC (sold to HP so they have two lots of /8. Hell: even Apple have a slice of the pie.
    And if you can tell me how I can force these companies to tell me what they are doing with these addresses I will do it.If isn’t just that the British govt is an easy target, it is because they have to respond.

    1. Eli Lily the first company/person to produce penicillin! They probably have a bunch of IPs for internal research communication. 

      Also I’m surprised Apple doesn’t have a double set like HP because they’ve been constantly experimenting/failing with internet services like that apple village thing.

      1. exactly, if one company needs /8, then running every gov computer across a whole country in hospitals, schools etcetc is gonna need most of an /8

    2. Except it’s a futile, short-term waste of money in either private or public sector. 

      If you’re going to petition, then petition that they convert to IPv6.

  11. We have five Class Cs, four of them in a contiguous CIDR block.  We need them because we connect to a great many other organizations that are about as network-savvy as a french poodle, yet also obsessed with security (although it’s pure “security theater” since they don’t have the slightest clue what they are doing).  These organizations all use conflicting RFC1918 addressing (some of them actually internally conflict, no lie, they can end up with NAT inside an office flat) and have nonsensical rules about what can and can’t be done when NATting to business partners & research organizations.  The only way to cut through their Gordian knots of authoritarian cluelessness is to use true “portable” IANA addresses; this allows the sidestepping of policies which would otherwise require six months of form-filling and dozens of teleconferences with officious, technically ignorant bureaucrats.

    Most of these addresses are not visible from the public Internet, and would appear untenanted to an average sturdy English yeoman.  They are visible from dozens of Internet-connected private sites, though.  If we gave up these addresses, the business would realize no profit, and incur significant loss.

Comments are closed.