Hi,
Can anyone recommend transfer market brokers for ipv4 addresses? Need clean /24 asap. ARIN's waiting list is too long...
Thanks!
-Stan
I’ve bought through ipv4marketgroup in the past. Easy to work with, but
you’ll want to do your own scans of the address space to make sure it
hasn’t been burned yet.
Are you using it to help roll out IPv6? (i.e. dual stack is pretty much
mandatory) 4-10 space is "free", but I wouldn't test your luck by just
using the space like any regular allocation, plus it's just bad karma to
use that space outside of it's noble intention.
https://www.arin.net/knowledge/ip_blocks.html
If that's not your intent, you can pretty easily purchase a block for about
$5k US from Hilco Streambank, assuming you have pre-approval from ARIN for
a transfer.
-Matt
Unfortunately, for an eyeball network, you don't have a good way of knowing that ahead of time without actually using it.
Very true. We got lucky with our transfer block. A /21 from Dupont’s address space that was never even announced before. But as always, YMMV.
We've had good results working with Addrex.
I would still strongly recommend you do your due diligence for "cleanliness".
Hi Bryan and all,
Could you please recommend few places or vendors to check on cleanliness?
Thanks!
-Stan
646-827-4466
And Akaimai reports 80% of mobiles
https://blogs.akamai.com/2018/06/six-years-since-world-ipv6-launch-entering-the-majority-phases.html
And they both report ipv6 is faster / better.
https://www.talosintelligence.com/reputation_center
... is a good place to start.
Be sure to see who the previous owner was, and where, etc. ...
You can spot-check the various RBLs to see if any particular IPs are black-listed.
For an eyeball network, you cannot count on an IPv6 only network. Because
all of your "customers" will complain because they can't get to hulu, or
any other ipv4 only eyeball service. You still need the ipv4s to operate a
proper network, and good luck figuring out which services are blacklisting
your new /24 because the ipv4 space used to be a VPN provider, and the "in"
thing to do for these services is to block VPNs.
Of course, figuring out how to run dual-stack for those eyeballs is still a net
win - because every content that *does* do IPv6 is that many fewer packets
that you have to cram through that CGNAT. (My laptop currently has a global
IPv6 address and a CGNAT'ed IPv4 address. In the last 3 hours, I've moved
90G on IPv4, and 322G on IPv6.)
For an eyeball network, you cannot count on an IPv6 only network. Because
all of your "customers" will complain because they can't get to hulu, or
any other ipv4 only eyeball service. You still need the ipv4s to operate a
proper network, and good luck figuring out which services are blacklisting
your new /24 because the ipv4 space used to be a VPN provider, and the "in"
thing to do for these services is to block VPNs.
There are many IPv6-only eyeball networks. Definitely many examples in
wireless (T-Mobile, Sprint, BT ) and wireline (DT with DS-Lite in Germany,
Orange Poland ...) and even more where IPv4 NAT44 + IPv6 is used. Just
saying, having ipv6 hedges a lot of risk associate with blacklisting and
translation related overhead and potentially scale and cost of IPv4
addresses.
Never do i suggest to not have ipv6! Simply that no matter what, You still
have to traverse to ipv4 when you exit your ipv6 network onto ipv4 only
services. What IPv4 addresses are you going to use for the NAT64, or
464xlat, or even the business customers that require static IPv4 addresses?
Someone made a statement that getting more ipv6 would solve OP's problem of
finding more clean ipv4 space
*nods* Having v6 does solve a lot, but the ones that are difficult to work with in v4 are still using v4, so you still have problems.
I think those experiences are ones felt only by small to medium service providers. Large carriers, academia, hosting\datacenter, etc. don't really have those problems. They do have different problems, but they're fairly well known problems with processes laid out on how to deal with it.
See my thread from a few weeks ago calling on people doing IP reputation or any sort of geolocation, filtering, blocking, etc. being more transparent. There are ISPs that have tried everything short of driving to the content provider's location and demanding resolution.
Large providers still have to deal with geolocation, ip reputation etc.
We just have to deal with it on an exponentially larger scale.
Mack
True, but a call or e-mail from Charter (to Hulu or whomever is being obstinate this week) is more like to get treated expeditiously than Main Street ISP.
I should have restricted that to eyeballs. Big eyeballs are likely in yet another imaginary category.
Neither seem to work without disabling security first.
A couple of suggestions on "cleanliness" checking:
-Here's a link to a quick-n-dirty Python script I made to check against a bunch of DNS blacklists: https://bigleafnetworks.box.com/s/ru1lsad2y9yom6q57bok2e3vlyxux2g5
-We once got caught after buying a "clean" block that was (unknowingly to us) on an old un-maintained blocklist called iblocklist. You can search that list here: https://www.iblocklist.com/search.php. They didn't respond to any contact attempts, and yet a number of carriers and hosts out there use those blocklists. In the end we had to re-purpose that block for internal use only and re-number a few customers.
Joel Mulkey
Founder and CEO
Bigleaf Networks - Cloud-first SD-WAN
www.bigleaf.net<http://www.bigleaf.net>
Assuming IPv6+translation, yes, you need IPv4 addresses of Good Repute for the outside; that might requiring constant monitoring, and notifying various content that it's shared address space. It's the same operational problem as CGNAT44, but reduced because half (or more) of your traffic is using unshared IPv6. Among other things, that means you don't need as many IPv4 addresses.
"But wait!" you say, because you're clever, "The original poster only wanted a /24. Surely you're not saying you could put less than a /24 outside your CGN (44 or 64) and have it routed?"
Maybe the /28 is part of your larger aggregate. Or maybe it's a shared translator, handling, say, eight small companies who only need a /28 each. And yes, you want very careful reputation monitoring in that case, and maybe some effort to prevent things that get one placed on Lists of Addresses of Ill Repute.
Sales pitch available on demand.
Lee Howard
Retevia.net