Tell HN: Amazon now owns 3.0.0.0/8

Wow. This is a significant slice of the IPv4 address space, and one of the few remaining uninterrupted /8s owned by the private sector. This is a 10-year old visualization, but it's still a good one to visualize the scale of this purchase.

http://maps.measurement-factory.com/

It's a great purchase for them, and a shot at Azure and GCP - Amazon can now legitimately tell larger clients "we will have enough IPv4 space to be your partner for all your static-IP-dependent applications, no matter how much you need to scale."

degenerate · 7 years ago

Much larger and more readable version of this map:

https://www.caida.org/research/id-consumption/whois-map/imag...

Each pixel in the image is a /24 network.

jandrese · 7 years ago

It's really incredible how so many non-tech companies have /8s still. What is Prudential doing with all of that address space? Eli Lily?!? Who the hell is Cap Debis?

ericsoderstrom · 7 years ago

Would love to see a more up-to-date version of this. I know MIT sold [1] a bunch of its address space not too long ago.

[1]: https://www.internetsociety.org/blog/2017/05/mit-goes-on-ipv...

ancarda · 7 years ago

Is there an up to date version of this? I wouldn't mind getting a poster of this on my wall.

ponytech · 7 years ago

How come there are still unallocated spaces with the lack of free IPV4 addresses?

_lbaq · 7 years ago

" no matter how much you need to scale."

Sure its a big block, but its still "only" ~16 million addresses

ghaff · 7 years ago

They also previously bought half(?) of MIT's /8.

perfect_wave · 7 years ago

https://web.archive.org/web/20180427061808/http://maps.measu...

Hugged to death.

natestemen · 7 years ago

anyone have any good explanations of the image linked? like what are ARIN, RIPE, why is some unallocated, what is multicast?

that sort of thing would be cool to learn

tialaramex · 7 years ago

Unicast is sending messages to a single peer. Broadcast is sending messages to everybody. Multicast is in between, sending to some arbitrary set of recipients.

On a Local network, multicast is very easy to do. Unless it's very, very old your computer almost certainly uses multicast on local networks already, for a variety of purposes. A dumb old network just sent all packets to all computers on the local network, so both broadcast and multicast were equally easy to do, your network card has a filter built into it, that autonomously weeds out messages your computer cares about, and ignores the others - so the Operating system is like "Hey, network card, my unicast address is 10.20.30.40, and I am also listening to multicast address 224.0.0.251" and it will just throw away any packets that aren't for those addresses. A smart modern network (e.g. the mid-range gigabit switch serving your desk at work) keeps track of which addresses are where and sends copies of messages only to where they seem useful, leaving more network bandwidth for everybody else.

The Internet can in theory do Multicast too. I've used this to, for example, watch television with a dozen other people without any copy of the TV picture data being sent over the shared data link to us more than once. That's what those addresses are for, you "Join" one of the multicast addresses and begin receiving, say, the Olympics live.

However making all this work is hard, and in most places, most of the time, nobody puts in all that hard work, so probably you'll find that although local network multicast works for you (as I said it's used in modern systems) you cannot use the Internet's multicast features. Which is a shame, but we can't have nice things.

pacificmint · 7 years ago

ARIN and RIPE are two of the five regional internet registries:

AFRINIC: African Network Information Center ARIN: American Registry for Internet Numbers APNIC: Asia-Pacific Network Information Centre LACNIC: Latin America and Caribbean Network Information Centre RIPE: Réseaux IP Européens

minusf · 7 years ago

https://en.wikipedia.org/wiki/Regional_Internet_registry

merb · 7 years ago

multicast is like a broadcast except that it is authenticated, i.e each device that is authenticated against a certain multicast will get the content.

it's mostly used for internet television or other multimedia stuff.

(some stuff is/was unallocated, since some early users tought it's a good idea to actually use some unallocated stuff to do bgp..., testing or routing per se (especially cisco routers) or even login pages, exist nodes, i.e. 1.0.0.0 was a problematic ip, but since cloudflare grabbed the 1.1.1.1 I think people will stop doing stupid things)

richardwhiuk · 7 years ago

Similarly aged - https://xkcd.com/195/

alexnewman · 7 years ago

I thought google had 8/8

Coming soon: Amazon launches free DNS service on 3.3.3.3 and 3.4.3.4?

It's pretty crazy though that that huge range goes to Amazon in full. Wouldn't it have been better for the health of the internet as a whole to get them back to IANA for redistribution?

Symbiote · 7 years ago

Best for the internet is encouraging IPv6. There aren't extre fees for that, so people with less money are equal.

Meanwhile, if Amazon is going to use all these in the medium-term future, that seems OK to me.

(3.3.3.3 and 3.2.1.0 would be more memorable.)

Ocha · 7 years ago

While 3.2.1.0 is a valid IP address, some users might experience problems with IP address ending in 0. It would not be a good idea to use 3.2.1.0 if you want best compatibility with all available hardware/software on the market.

rustcharm · 7 years ago

I'd rather companies like Amazon or Microsoft has them, in a way that people can cheaply rent them along with compute power at competitive rates, than companies like "Prudential" or some giant bank sit on them.

rootbear · 7 years ago

I might be tempted to use 3.1.4.1, or 3.1.4.2, if you round. Or those could resolve to a Raspberry Pi AWS instance :)

Deleted Comment

WorldMaker · 7 years ago

It probably wouldn't be better for the health of the internet.

At this point it seems like a desperate play by a company with deeply entrenched IPv4-only infrastructure (hi EC2) to eke out more time without major upgrades. Meanwhile IPv4 addresses remain scarce for small ISPs, and the (healthy, natural) push to IPv6 infrastructure continues apace everywhere else.

athenot · 7 years ago

AWS is IPv4-only? Can you elaborate? It seems IPv6 is pretty well supported.

https://docs.aws.amazon.com/vpc/latest/userguide/get-started...

pacohope · 7 years ago

The people desperate to use IPv4 are not AWS themselves. AWS doesn't buy stuff just to have it. They buy it because customers are using it. AWS customers are moving stuff out of their data centres and don't know how to use serverless, load balancers, dynamic cloud capabilities (like spinning down instances when they aren't in use) and so on. Customers are doing lift-and-shift in vast volumes and they're doing it in the only way they know how.

ben509 · 7 years ago

AWS has heavy support for IPv4 because back-end stuff is all IPv4 and there isn't any push to change. IPv6 doesn't add any real value for servers that are all living in a private address space anyway, it adds an overhead to each packet, and learning off your addressing schemes is far easier with dotted quad.

ocdtrekkie · 7 years ago

Then what I need is a DNS client on my PC which can use all these major DNS services, but at random to provide incomplete DNS info to any given one, so it'll maybe query any random two, confirm they respond the same to verify nobody's playing unfair.

cosmie · 7 years ago

DNSCrypt-Proxy[1] already supports the randomized DNS resolver need[2]. It also supports DNS-over-HTTPS, providing assurance that even your ISP won't be able to snoop on all of your DNS queries.

While it doesn't support live comparison of DNS results, it can log out entries per DNS resolver and you can post-process those logs to validate their responses against each other, considering your queries will over time hit different resolvers. Not perfect since there are legitimate reasons to return different responses over time, but it's something.

[1] https://github.com/jedisct1/dnscrypt-proxy [2] https://github.com/jedisct1/dnscrypt-proxy/wiki/Load-Balanci...

ericpauley · 7 years ago

DNS servers often return different results to different clients for load balancing, so checking multiple resolvers would lead to many conflicts.

insomniacity · 7 years ago

On Linux (and OSX?) you could run a local resolver configured to do round-robin? Comparing answers would probably be new functionality though.

540297 · 7 years ago

> Then what I need is a DNS client on my PC which can use all these major DNS services, but at random to provide incomplete DNS info to any given one, so it'll maybe query any random two, confirm they respond the same to verify nobody's playing unfair.

What kind of tricks are you afraid of these DNS services could get up to?

Kalium · 7 years ago

> Coming soon: Amazon launches free DNS service on 3.3.3.3 and 3.4.3.4?

Do they then cover Seattle in stickers and chalking with 3.3.3.3?

senozhatsky · 7 years ago

Wish it was 3.14.15.92

-ss

maemilius · 7 years ago

Nah, they'll assign that one to something python related. (Get it? pi-thon. I'll see myself out...)

chaoticmass · 7 years ago

It would get used up quickly and we'd be right back where we are.

swarnie_ · 7 years ago

Amazon rank up there just behind Google and Facebook in the list of companies i don't want harvesting any more data from me.

caymanjim · 7 years ago

IP block allocation has nothing whatsoever to do with harvesting your data.

PC_LOAD_LETTER · 7 years ago

Amazon is on the extreme end of the customer-privacy side. Wtf are you talking about? If you're going to put them in a bucket, they belong with Apple.

gtdawg · 7 years ago

Why not 3.0.0.0 or 3.255.255.255 ?

hiimnate · 7 years ago

3.0.0.0 is the network address, and cannot be assigned to a host. 3.255.255.255 is the broadcast address, and cannot be assigned to a host.

Dead Comment

jhoechtl · 7 years ago

I think your statement answers pretty well an observation made earlier: Why is IPv6 adoption so bad? I see little incentive for anyone as long as IPv4 is such a profitable business with IP addresses being traded as an asset. IPv6 and equality to the masses? Would be nice but economy took adifferent turn

sarah180 · 7 years ago

I don't think this analysis is correct. Imagine Chrome started charging small amounts of bitcoin for each HTTP request but Firefox still allowed free access. I don't think you'd say "I'm now incentivized to use Chrome because I have to have an artificial scarce resource."

ISPs can basically get all the IPv6 resources they need, but IPv4 addresses are becoming scarce and costly. Amazon just spent a lot of money to get more IPv4 addresses: that's cost, not profit.

If Amazon owned all the addresses and they were making great profits as a monopoly seller, this would indeed be an incentive not to move to IPv6. Instead, it's really just driving up people's costs.

Adoption is slow because the extra costs of IPv4 addresses are still smaller than the costs of really getting every piece of infrastructure and software working correctly with IPv6. We're not that far away, but there's a bit of a chicken-and-egg problem until we're close enough that people can start to turn off IPv4 and effectively force stragglers to adopt.

dagenix · 7 years ago

That's fully backwards. The people with the incentive to delay moving to IPV6 are the ones selling IPs. Those buying - ISPs - are also the ones that have the incentive to move to IPV6 as in an IPV6 world, they wouldn't have the spend that money. And ISPs are the ones best positioned for further IPV6.

That IPV6 adoption is slow is precisy because buying ranges of IPV4 addresses is still cheap enough that people are doing it.

cm2187 · 7 years ago

ISP are really the bottleneck for IPv6 adoption. Pretty much all the infrastructures of the internet (network, datacentres, clouds) support it now.

dasil003 · 7 years ago

When an equivalent solution becomes cheaper that's a recipe for disruption, not the other way around.

btown · 7 years ago

Ambroos · 7 years ago

Amazon's documentation shows it is already in use on AWS.

They also have 18.128.0.0/9, bought from MIT.

https://docs.aws.amazon.com/general/latest/gr/aws-ip-ranges....

sah2ed · 7 years ago

And here's a JSON of their IP blocks:

https://ip-ranges.amazonaws.com/ip-ranges.json

akulbe · 7 years ago

I wonder what they got it for? if just for more IPs for AWS stuff, or if it's for something like IoT stuff?

bklyn11201 · 7 years ago

At $18 per IP: 2^24 * $18 = $302mm

At $14 per IP: 2^24 * $14 = $235mm

Price per IP estimated from:

  https://www.ipv4auctions.com/

In 2011, Microsoft paid $11.25 per IP to Nortel for 666k addresses

ttul · 7 years ago

I bought a /20 in 2015 for $6.00/address. I am feeling very lucky.

peeters · 7 years ago

I'm not sure IoT is the best use of a contiguous IPv4 range... you're talking about less than 17 million addresses.

Depending on how much it actually cost I feel like it could be a number of things from simple branding to nefarious traffic shaping. If you're an AWS shop maybe they want you to be able to set simple bypass/static route for 3.0.0.0/8.

bradgnar · 7 years ago

you could make 17 million networks with it, entry point into aws vpcs has to be somewhere

nothis · 7 years ago

What's up with IPv6, anyways?

AtlasBarfed · 7 years ago

Every time I deal with IPv6 it just strikes me how little the designers cared about migration from IPv4.

No clear prescriptions for legacy v4 <-> v6 translations, religious hate of NAT, unfortunate separator character (the colon) that is used for domain:port separation. Separate stack prescriptions.

I honestly think it would have been easier to do a rolling upgrade of the internet to support bigger numbers in the four coordinates of IP addresses and increase the number of ports.

I'm obviously not a deep networking expert, but as I've been exposed to IPv6 test conversions it's been painful.

OedipusRex · 7 years ago

Enough address space for every atom on the surface of the earth.

forgot-my-pw · 7 years ago

Adoption rate varies from country to country: https://www.google.com/intl/en/ipv6/statistics.html

zzzcpan · 7 years ago

IPv6 adoption is approaching a big wall. Maybe the industry will finally start reconsidering it and doing honest research into something that can actually get wide spread adoption.

sigi45 · 7 years ago

We needed a few static ipv4 addresses for interconnects.

Customer <> us Office <> us Us @aws <> us @azure

With having so many customers there are probably enough with use cases which requires that ipv4 and having them is probably a necessity.

tootie · 7 years ago

I haven't worked much in IoT but I kinda assumed devices get private IPs on whatever LAN and phone home to traverse NAT.

int_19h · 7 years ago

Given that IP is a scarce resource, why aren't we taxing those large IP blocks similar to property taxes on land? If holding an /8 came with a hefty tax bill attached, it would 1) encourage companies that got them for historical reasons and don't have much practical use for them to sell them to those who actually need a lot of IPs, and 2) encourage IPv6 MIGRATION.

nolok · 7 years ago

Who do you pay the tax to? Be warned that your answer will probably lead to a fragmented Internet, or encourage even less redistribution according to real needs

QML · 7 years ago

Isn’t there a misalignment between IPv6 adoption and scarcity of IP addresses? We rely on ISPs to adopt IPv6, but if they also own IP space, why would they lower the value of their holdings.

aanfhn · 7 years ago

Does anyone mind sharing how IP addresses are allocated and bought in the first place? Like who did GE buy it from if it wasn't another company?

xenadu02 · 7 years ago

In the very early days no one understood that over half of all humans would be on the internet. It was just this ARPANet thing for the military and universities, then a few big companies.

So you got a /8 by asking for one; they handed them out for free.

Same goes for DNS. You used to request the name and it was yours. No yearly fees.

The IP blocks were never reclaimed because it was pointless. Even now clawing back the big /8 assignments only kicks the can down the road for a year, maybe two.

parliament32 · 7 years ago

And oddly enough, this seems to be happening all over again with ipv6.

My company has a /32 ipv6 space. That's 79228162514264337593543950336 /128s. And we got it by... just asking for it.

I know everyone's shouting about "there are enough IPs for every atom on earth!" but just like "no one understood that over half of all humans would be on the internet", maybe we'll need more IPs in the future becuase of some unforeseen development... it seems silly to be handing out blocks like this just for giggles.

raldi · 7 years ago

There were always yearly fees; it's just that prior to 1995 they were paid for by the US taxpayers instead of the domain owners.

hlau · 7 years ago

The IANA was responsible for assigning IP addresses back then. It was basically one dude, Jon Postel( https://en.wikipedia.org/wiki/Jon_Postel ), until it was formalized as an organization in 1988.

koolba · 7 years ago

s/basically one/one amazing/

mchannon · 7 years ago

I researched it, and I don't have the specifics in front of me, but it looked like a massive corporate giveaway.

Perhaps it didn't feel like it as much at the time, since only huge corporations had the need for so many computers.

Companies like Merck and Ford, Universities like MIT, don't appear to have paid a dime for them.

Back then I don't think anyone ever considered we'd use up the IPv4 address space and/or assumed that the migration to IPv6 would happen more more quickly, rendering IPv4 obsolete. It looks like most of the big blocks were all assigned prior to widespread consumer internet adoption.

It's worth noting that at the time for the value of an IP address block was pretty much 0.

Jedd · 7 years ago

IBM owns 9/8 - it's used for their internal network (really). They're mid-way through a 2y project to move everything to IPv6

The recent purchase of OpenShift may be a good answer to 'I wonder what they are intending to do with a /8 in a year'.

lgregg · 7 years ago

Can someone give an ELI5 summary on why this is important and has 360+ upvotes? Why would GE have had this? Why did Amazon want it?

adamt · 7 years ago

3/8 or 3.0.0.0/8 means the IP address range from 3.0.0.0 to 3.255.255.255 - this is 2^24 or 16.7M IP addresses.

Why does Amazon want it? - Amazon has a lot of customers who want EC2/ELB instances with their own IP addresses. IPv4 addresses are a scarce resource.

Why did GE have it? When the IPv4 address space was formed, various big US companies managed to get the initial IP address allocations. You can see more on these allocations here: https://en.wikipedia.org/wiki/List_of_assigned_/8_IPv4_addre...

Why so many upvotes? It's relatively rare to see what is 1/255th of the IPv4 address space sold.

Does that mean Amazon has a lease from ARIN on those batches of IPv4 addresses for a period of time (in the same sense as a domain registry for x years) or actually own them?

Also, That Wikipedia article was particularly helpful. I knew the /32 was specific to my IP that I use but didn't realize the sheer scale of those blocks.

plandis · 7 years ago

Historically, 32-bit address space was large on the fledgling internet. It was relatively easy and cheap/free to get a /8.

Amazon probably wants it to sell to their customers who need ipv4 instead of v6

nil_pointer · 7 years ago

Amazon own the largest public cloud provider (AWS). Assuming they use it on this, it makes sense they'd want a bunch more IP addresses.