UK government is squatting on 1.67 million unused IPv4 addresses

The UK's Department for Work and Pensions is squatting on an unused block of super-scarce IPv4 addresses. Specifically, they're sitting on a /8 network with 1.67 million spare addresses. A petition asks the government to sell these off.

It has recently come to light that the Department for Work and Pensions has its own allocated block of 16,777,216 addresses (commonly referred to as a /8), covering 51.0.0.0 to 51.255.255.255. The estimated market value of this block of addresses is between $0.5 and $1.5 billion.
Analysis shows that the DWP is not using any of these addresses in public. If they are being used for internal, private networks then this is a phenomenal waste of public funds - the block 10.0.0.0/8 is specifically earmarked for use on internal private networks, and using the globally routed 51.0.0.0/8 internally is madness.
£1 billion of low-effort extra cash would be a very nice thing to throw at our deficit.

The DWP should sell its block of 16777216 IP addresses (via /.0

I write books. My latest is a YA science fiction novel called Homeland (it's the sequel to Little Brother). More books: Rapture of the Nerds (a novel, with Charlie Stross); With a Little Help (short stories); and The Great Big Beautiful Tomorrow (novella and nonfic). I speak all over the place and I tweet and tumble, too.

MORE: petition • uk • web theory

More at Boing Boing

Eurovision 2013: An American in London

The technology that links taxonomy and Star Trek

xzzy

Energy spent bitching at the government to give up addresses is probably better spent implementing ipv6 and putting the concept of limited address space to sleep forever.
- http://www.nathanhornby.com/ Nathan Hornby
  
  The problem isn’t the introduction of ipv6, it’s the fact that many devices don’t support it.
  - jandrese
    
    This really isn’t a problem anymore. Anything you’re buying off the shelf today supports IPv6, and has for a good long time. Even crappy home routers mostly support it.
    
    I’ve been running IPv6 at my house for a few years now (thanks to Hurricane Electric) and even my ancient 802.11b USB dongles are happy to pass IPv6 (mostly because they are layer 2 devices).
    
    I think the only holdout in my house is my original model iPhone, which is basically just a kids toy now.
    - http://www.nathanhornby.com/ Nathan Hornby
      
      This is just what I’ve heard. I’m pretty sure everything I have supports it, but there’s a hell of a lot of old tech in the world.
      - M. Ellis
        
        Most things support it but the auto-config stuff for Consumer Premesis Equipment (CPE) is still somewhat in flux.
        
        Tunneling through Hurricane Electric, you can do a manual setup, but most people don’t want to deal with manual setups. (The idea of helping my mother to do an IPv6 setup on her home nework… just no.)
        
        If it’s as simple as your ISP handing you a /64 and you run with that /64 at your house, it’s fairly easy, assuming your router/modem knows how to automatically get that info from the ISP. If it looks like most ISPs will actually hand a /48, /56 or /60, now your router needs to auto configure for multiple subnets (something I personally like).
        
        Add on a sensible default IP filter, because most people have got used to NAT in front of their home devices and don’t run a local firewall on their machines, or have sharing for a bunch of services turned on.
        
        So while my phone might do IPv6 just fine, there’s still a little ways to go for things integration between wireless APs, cable and DSL modems to make it braindead enough for joe average consumer. I need to be able to plug a Linksys or Airport Extreme into the modem, and have IPv6 seamlessly spread into my home with minimal configuration, perhaps choosing a ‘public’ and a ‘private’ local network, for example, so my friends can use the local WiFi while not being on my personal server network. I’d also be curious to see if, say, my TV or my Receiver have a functional IPv6 stack.
- ocker3
  
  1 Billion UK pounds wouldn’t help with that, or something else useful?
http://twitter.com/ductourer John G. Tesmer

Is IBM still using 9.0.0.0/8?
- sdmikev
  
  Yep, they own that.
  Not that uncommon for companies to be sitting on blocks like that. My company owns a /16 block that serves no purpose right now..
http://goodsharer.com/ Aloisius

It really doesn’t matter. An extra /8 would quickly be exhausted in a few months and the cost to renumber all the networks that used it previously would likely be extraordinarily high and time consuming.
- Mike Richards
  
  The biggest problem would be explaining to a government minister what exactly this internet thing actually is. It’d be something like explaining string theory to a field of sheep, and about as rewarding.
- BillStewart2012
  
  Any equipment that’s difficult to renumber is so obsolete that it ought to be replaced anyway – except for servers and routers, anything from this millennium pretty much uses DHCP and DNS*. Yes, it would only get the world a few extra months of address space – but RIPE just ran out of their stash, and are now measuring out their Last /8 with coffee spoons.
  
  *Yes, I know that there are VPN tunnel servers that are exceptions to that – it’s unlikely that the Department needs to keep more than a few hundred /24s for themselves to handle all of those. The more significant problem than cost is that it’d take months for the bureaucrats to argue about what to do, and a few more months to actually implement it, so we won’t be seeing much of this address space for another year or two.
dragonfrog

If they’re using 51.0.0.0/8 internally in any extensive way, completely re-addressing their internal network in order to free it up for sale is not likely to be ‘low-effort’ – it could easily swallow up most of the half billion the sale might realize.
- http://twitter.com/chriscoreline chris coreline
  
  government IT project: double all costs and triple delivery times.
  - Tore Sinding Bekkedal
    
    Good luck renumbering a /8 in any large company.
- http://mooseyard.com/Jens Jens Alfke
  
  That depends. If they have any sane network infrastructure they should just need to update some records in their DNS and DHCP servers.
  
  But I’ve read enough of Charles Stross’s “Laundry” novels to guess that sanity is not a strong suit of government ministries.
  - http://www.facebook.com/danhuby Dan Huby
    
    It’s pretty unlikely they are using DHCP for all IP allocation. There are probably thousands of routers, servers, printers and so on with static IPs. Moving it all would be a very large job.
  - http://goodsharer.com/ Aloisius
    
    Depends on how many routers there are. I doubt they’re using a /8 for a single office building. We could be talking about hundreds of routers connecting tens or even hundreds of thousands of networked devices. There are firewalls to update, machines that have probably been on static IPs for years, etc. For all we know, they have internal software with IPs hard coded into them.
    
    To migrate such an environment over to a new address space is not easy without downtime.
    
    Then again, it could just be a single office full of computers and take 3 days to update.
    - dragonfrog
      
      The department of Public Works is probably responsible for bridge and road maintenance – they probably have thousands of two-man offices all over the place, lorry weigh stations, field offices for brige inspectors in desolate corners of the country, etc. etc.
      
      Don’t forget you can’t just update your LAN equipment – all the changes have to be synchronized with WAN networking changes too. And no field office can be without access to corporate applications for more than half a day (or some such requirement), including the VT-120 emulator software that runs the mainframe applications that are running on a mainframe emulation environment in an outsourced data centre Spain.
      - bumblebeeeeeee
        
        department of what?
        
        The Department for Work and Pensions is responsible for welfare and pension policy and is a key player in tackling child poverty. It is the biggest public service delivery department in the UK and serves over 20 million customers. http://dwp.gov.uk/about-dwp/what-we-do/
      - dragonfrog
        
        Derp. Watch me fail at reading comprehension…
  - http://www.nathanhornby.com/ Nathan Hornby
    
    “If they have any sane network infrastructure ”
    
    … we’re talking about a government department here.
- Bink Binkerson
  
  They don’t have to renumber. It just means that slacking UK government workers would not be able to surf the porn sites on the new 51.x.x.x numbers.
  - http://www.fatjerry.com Dimmer
    
    If they are truly not using any of these publicly, it should be possible to use an address translation scheme to work around this: a kludge, but what part of IPv4 isn’t?
    - jandrese
      
      They could, but it would be probably be a fairly major effort to renumber the entire government to a 10 net. And for what? Most of the money you get from selling them would be spent doing the renumbering and the extra /8 would be used up in a couple of months anyway.
      
      If you’re going to go to the trouble to do a complete overhaul of your IP infrastructure, you might as well just transition to IPv6.
      - http://www.fatjerry.com Dimmer
        
        Indeed if they want to do anything major then moving to v6 would make sense. My suggested solution would just run a NAT service (or two) between them and the outside world: no need to change their internal assignments at all, and no blocking of the released IP space/new porn.
http://mooseyard.com/Jens Jens Alfke

That’s 16 million, not 1.6 million. It’s pretty huge — almost 4% (1/256) of the entire IPv4 address space. It’s as much as Apple has (17.0.0.0/8).
- http://twitter.com/funkyfresh funkyfresh
  
  Are you sure about that 4% ?
  - TheKaz1969
    
    I picture Vincent Gambini yelling, “Are you sure about 4%? ARE YOU SURE ABOUT THAT 4%?!?!”
    
    “I may have been mistaken”
- gandalf23
  
  I think you mean almost 0.4%
  - http://mooseyard.com/Jens Jens Alfke
    
    Oops, yeah — inevitably a nitpick about someone’s math will have its own math errors (just like any grammar flame contains grammar errors.)
jwgl23

I don’t know anything about how the address space was doled out. So, how is it that one department in one government has such as high percentage fo the total possible addresses? Why would any group outside of an ISP need a such a large quantity?
- http://kev.deadsquid.com/ deadsquid
  
  Legacy allocations from way back when. There are a few of them. http://www.iana.org/assignments/ipv4-address-space/ipv4-address-space.xml
http://obsidian.kokolis.net Chloramphenicol

Eh, the US DoD has at least 14 /8 allocations. XEROX has one, HP has one, and several other major players in the early age of the personal computer have /8s. Even if they all returned their unused allocations and switched to NAT, it’d only buy us a few months to years. The real problem is that no one is feeling enough pain to move to IPv6 yet.
- jandrese
  
  The problem is that recovering those addresses is a huge amount of effort and the price per address just isn’t high enough yet to make it tempting to your average IT department.
  
  Plus it is dumb to spend hundreds or thousands of hours today to transition from IPv4 addresses to a different set of IPv4 addresses. At the very least if you do that, go ahead and enable IPv6 across your enterprise at the same time and start the transition.
  
  My experience with IPv6 transitions is that the hardware is fine (unless IPv6 is some optional feature that the vendor charges extra for), it’s software that causes issues, and usually stupid ones. Some big backup server may be perfectly IPv6 capable, but the network license manager it uses is some piece of crap IPv4 only thing and the app of course won’t run if it can’t talk to the license server every 10 seconds.
extra88

Maybe it’s a strategic reserve, like Canada’s for maple syrup.
- http://kev.deadsquid.com/ deadsquid
  
  itym Quebec’s.
- Alex Peterson
  
  I thought their only strategic reserve was funny white people?
http://www.facebook.com/people/Mark-Duanburge/100000313244887 Mark Duanburge

@Cory, 16m or 1.67m ?
timquinn

Hold on, if they sell this off now where will be build the national parks of the internets. Think of the digital children!
http://avarana.blogspot.com MarlboroTestMonkey7

I’ll create a local network with those addresses, just to get that english vibe.
http://twitter.com/KristoferKeane Kristofer Keane

I don’t think the petition’s intention is primarily to free up addresses, but rather to suggest that the British Government could sell those off for revenue purposes.
TheKaz1969

Wait. Aren’t Europeans socialists? should they be giving these away to everyone?

Here in the US, we’d tell the national debt to get off its lazy behind and get a job and earn the money instead of taking handouts from the government…
- bumblebeeeeeee
  
  well, Europe invented the internet, so…
- BillStewart2012
  
  Europeans are socialists. Scotland is socialist. England’s current Tory government? Not a chance. (And no, the LibDems probably don’t count here…)
Marc45

Well they’ve got at least 16,777,216 IP surveillance cameras to implement. I don’t think this block will be large enough ;)
kraut

Some Europeans are mildly socialist. Social democrats would be a more accurate description.

The Torys are hardly more conservative than “New” Labour was.
Of course, by current US standards Margaret Thatcher was a communist, and Attila the Hun was a pinko-softie-hippy-liberal.
http://scavenger-ethic.blogspot.com/ scav

Also, they are harder than normal IP addresses, and there’s 3000 year’s supply of them.
bumblebeeeeeee

I’m really annoyed Cory posted this with a direct link to the e-petition. As it, come on this needs signing… I assumed had been done to verify the claims (not least by the person starting the petition)… so went straight though and signed it.

Turns out, 80% of the block is used, thought out UK gov, some FoI replies:
http://www.whatdotheyknow.com/request/internet_protocol_ipv4_address_a
http://www.whatdotheyknow.com/request/internet_protocol_ipv4_address_a_2

Things such as the GCSX and GSI exist there… every gov computer across the country. The cost would be lost changing everything (even if feasible) .

Also, not something that could be sold anyway. If it’s not used, must be returned to
RIPE. Cannot be sold.

Apart from the easily-kicked target of the british govt. there are loads of companies that are also sitting on /8′s. Ford Motors, Eli Lilly (who?), the long-defunct DEC (sold to HP so they have two lots of /8. Hell: even Apple have a slice of the pie.
And if you can tell me how I can force these companies to tell me what they are doing with these addresses I will do it.If isn’t just that the British govt is an easy target, it is because they have to respond.
- http://daruiburns.tumblr.com/ Dlo Burns
  
  Eli Lily the first company/person to produce penicillin! They probably have a bunch of IPs for internal research communication.
  
  Also I’m surprised Apple doesn’t have a double set like HP because they’ve been constantly experimenting/failing with internet services like that apple village thing.
  - bumblebeeeeeee
    
    exactly, if one company needs /8, then running every gov computer across a whole country in hospitals, schools etcetc is gonna need most of an /8
- Tore Sinding Bekkedal
  
  Except it’s a futile, short-term waste of money in either private or public sector.
  
  If you’re going to petition, then petition that they convert to IPv6.
Ito Kagehisa

We have five Class Cs, four of them in a contiguous CIDR block. We need them because we connect to a great many other organizations that are about as network-savvy as a french poodle, yet also obsessed with security (although it’s pure “security theater” since they don’t have the slightest clue what they are doing). These organizations all use conflicting RFC1918 addressing (some of them actually internally conflict, no lie, they can end up with NAT inside an office flat) and have nonsensical rules about what can and can’t be done when NATting to business partners & research organizations. The only way to cut through their Gordian knots of authoritarian cluelessness is to use true “portable” IANA addresses; this allows the sidestepping of policies which would otherwise require six months of form-filling and dozens of teleconferences with officious, technically ignorant bureaucrats.

Most of these addresses are not visible from the public Internet, and would appear untenanted to an average sturdy English yeoman. They are visible from dozens of Internet-connected private sites, though. If we gave up these addresses, the business would realize no profit, and incur significant loss.