Internet Protocol numbers (IP numbers) are unique numeric addresses that all devices connected to the Internet must have. Generally speaking, two devices connected to the Internet cannot have the same IP number.
The system for the distribution of IP numbers is hierarchically organised. At the top is IANA (the Internet Assigned Numbers Authority – whose functions are currently performed by the Public Technical Identifiers (PTI), an affiliate of the Internet Corporation for Assigned Names and Numbers – ICANN), which distributes blocks of IP numbers to the five regional Internet registries (RIRs): AFRINIC, for Africa; APNIC, for Asia-Pacific; ARIN, for North America; LACNIC, for Latin America and the Caribbean; and RIPE NCC, for Europe, Middle East and parts of Central Asia.
The five RIRs coordinate their activities within the Number Resource Organization (NRO), which, among others, contributes to the development of global IP number policies (especially within the ICANN, where it acts as the Address Supporting Organization (ASO), tasked with reviewing and developing recommendations on IP address policy, and advising the ICANN Board in this regard). RIRs distribute IP numbers to the local Internet registries (LIRs) and national Internet registries (RIRs),which in turn distribute IP numbers to smaller ISPs, companies, and individuals further down the ladder.
IP numbers and the transition to IPv6
The pool of IP numbers under IPv4, which was introduced in 1983, contains some four billion numbers, which were initially thought to be sufficient to satisfy the demand for addresses. However, in February 2011, IANA announced that it no longer had blocks of IPv4 available for allocation to RIRs. At regional level, four of the five RIRs have also exhausted their initial pools of IPv4 addresses: APNIC in 2011, RIPE NCC in 2012, LACNIC in 2014, and ARIN in 2015.
The depletion of IPv4 numbers has been accelerated, in recent years, through the introduction Internet-enabled devices (such as mobile phones, personal organisers, game consoles, and home appliances) and the rise of worldwide Internet connectivity. The developments in the area of the Internet of Things (IoT) also led to an increase in the demand for IP addresses. The concern that IP numbers might run out and eventually inhibit the further development of the Internet has led the technical community to take three major actions:
Rationalise the use of the existing pool of IP numbers through the introduction of Network Address Translation (NAT).
Address the wasteful address allocation algorithms used by the RIRs by introducing Classless Inter-Domain Routing (CIDR).
Introduce a new version of the TCP/IP protocol – IPv6 – which provides a much bigger pool of IP numbers (over 340,000,000,000,000,000,000).
While both NAT and CIDR provided a quick fix for the problem of shortage of IP numbers, a more proper long-term solution is the transition to IPv6.
Although IPv6 was introduced back in 1996, its deployment has been rather slow, mainly due to lack of awareness about the need for transition, as well as limited funds for investment in new equipment in developing countries. Extended measurements of the Internet, performed by groups such as APNIC Labs, revealed that the global average level of IPv6 deployment was at around 7% at the end of 2016. Statistics also show significant differences between the degree of IPv6 deployment at national level. For example, Akamai data for December 2016 reveal that, while some countries IPv6 deployment rates at over 25% (e.g. Belgium, Greece, Switzerland, and the USA), others have not yet started implementing IPv6.
There are concerns that the slow transition to IPv6 can lead to a technical fragmentation of the Internet, into two-parallel internets – one IPv4 enabled and one IPv6 enabled – which can hardly interact with one another. Concerned about such risks, the Internet Architecture Board (IAB) issued a statement in 2016 advising standards developing organisations to ensure that the networking standards they develop support IPv6 and are so written that they do not require IPv4.
While Internet technologies and standards allow some degree of coexistence between IPv4 and IPv6, mechanisms need to be implemented to ensure that IPv4 and IPv6 networks can properly communicate with each other, and they do not function as islands. The Internet Engineering Task Force has developed several specifications in this regard, outlining transition strategies, tools, and mechanisms.
Apart from the problem of transition, the policy framework for IPv6 distribution will require a proper distribution of IP numbers, demanding the introduction of open and competitive mechanisms to address the needs of end-users in the most optimal way. Even with the introduction of IPv6, an ‘artificial’ scarcity of IP numbers could still arise, if those responsible for allocating them at local level, such as ISPs, choose to abuse their power and link such allocation to, for example, the purchase of other services, thus affecting the availability and price of IP numbers.
The ongoing transition from IPv4 to IPv6 is a process that requires attention and involvement from a wide range of stakeholders. Technical organisations such as IANA, the RIRs, and the IETF need to ensure an efficient and effective administration of IPv6 resources, and to develop the necessary standards and specifications for the use of IPv6. ISPs have to both implement techniques that ensure communication between IPv4 and IPv6, and introduce IPv6 in their networks and services. Producers of equipments (operating systems, network equipment, etc) and applications (business software, smart cards, etc) need to ensure that their products and applications are compatible with IPv6. And providers of information society services have to implement IPv6 within their servers.
Changes in TCP/IP and cybersecurity
Security was not a major issue for the original developers of the Internet, as, at that time, the Internet consisted of a closed network of research institutions. With the expansion of the Internet to three billion users worldwide and its growing importance as a critical infrastructure, the question of security is high up on the list of Internet governance issues.
Unlike IPv4, IP security support (IPSec) is a required feature in IPv6, allowing authentication, encryption, and enhanced data integrity and confidentiality. However, despite these security enhancements, IPv6 raises new concerns, as poor implementation and misconfiguration can lead to security problems. In addition, there are concerns that IPv6 addresses could represent a risks for individual privacy, as every device connected to the Internet will have a unique identifier. One way to address such risks would be to have IP addresses assigned dynamically and changed occasionally.
Changes in TCP/IP and the problem of limited bandwidth
To facilitate the delivery of multimedia content (e.g. Internet telephony, or video on demand), it is necessary to provide a quality of service (QoS) capable of guaranteeing a minimum level of performance. QoS is particularly important in delay-sensitive applications, such as live event broadcasting, and is often difficult to achieve due to bandwidth constraints. The introduction of QoS may require changes in the IP, including a potential challenge for the principle of network neutrality.
Given the continuous evolution of network technologies, and the challenges underlined above, organisations in the technical community have started looking into the possibility of developing a next generation of Internet protocols, that would be better suited to the realities of the evolving technical landscape. As an example, in early 2016, the European Telecommunications Standard Institute (ETSI) established a working group tasked with ‘identifying the requirements for next generation protocols and network architectures’; the group is expected to analyse issues such as: addressing, security and authentication, requirements from the Internet of Things, requirements from video and content distribution, and requirements from e-commerce.