10 years ago, consensus was reached on the legacy policy. In this article, we report on the current status of legacy address space administered by the RIPE NCC and a look at what's changed over the past decade.
The question we ask in this article is: what ground has been gained - in terms of bringing legacy address space under contract with the RIPE NCC and getting it covered by ROAs - after a decade of implementing the legacy policy? We plan to look more closely at questions about legacy address space not yet covered in a future article.
Legacy address space - which is what we call those IPv4 addresses that were handed out in the time before the founding of the Regional Internet Registry system - makes up approximately 36% of today’s IPv4 Internet. The RIPE NCC is responsible for close to 13% of that 36%, which amounts to around 12 /8 blocks (close to 200 million IPv4 addresses).
The goal of this article is to look at how the status of legacy address space administered by the RIPE NCC has changed since the RIPE Legacy Policy (ripe-639) reached consensus in 2014. The purpose of that policy was to provide legacy holders with a clearly defined set of options as to how they could keep their legacy resources registered in the RIPE Database. So, by putting together a detailed overview of how things have developed since we started its implementation, we hope to indicate how successful the policy has been, and where there is still work left to do.
[1] XKCD map of the Internet; [2] IANA IPv4 Address Space Registry
Legacy history
IPv4 addresses that have come to be designated as ‘legacy’ were originally handed out by InterNIC.
When the RIPE NCC was established in 1992, it took on responsibility for distributing Internet number resources to organisations in its service region - but records for the legacy addresses held by these organisations didn’t immediately get passed over to us at that time.
As a result, for a long time, we would often get requests from legacy holders who wanted to have their legacy resources registered in the RIPE Registry. Eventually, in the early 2000’s, the Early Registration Transfer (ERX) project was proposed by the community, the express purpose of which was to ensure the efficient transfer of ‘early registration resources’ (the term then used for legacy) from ARIN (who had inherited InterNIC Database records) over to the other RIRs. This project ran from around 2002 to 2007.
With the RIRs now looking after much of the legacy address space, the discussion turned to the question of how legacy holders could get access to the services their respective RIRs provided to make sure their resources were properly registered.
Legacy policy
In 2013, proposal 2012-07 “RIPE NCC Services to Legacy Internet Resource Holders” - which described a 'basis for rigorous maintenance of registration data and for delivery of registry services to legacy Internet resource holders in the RIPE NCC service region' - was making its way through the RIPE policy development process. Its aim, paraphrasing the initial proposal text, was to offer RIPE NCC services to legacy holders and improve the accuracy and trustworthiness of RIPE Registry data by giving legacy holders a clear set of options as to how they could enter into a closer relationship with the RIPE NCC.
The options on offer included:
- Extend the existing contract by registering their legacy Internet resources (if already a RIPE NCC member)
- Become a member of the RIPE NCC
- Engage via a sponsoring LIR
- Engage directly with the RIPE NCC
- No relationship
For each option, the policy laid out exactly what RIPE NCC services the legacy holder could expect to receive. Some gave legacy holders access to the LIR Portal, for example, making it much easier for them to update their contact details and so on. Others (all of the above) granted legacy holders access to RPKI, helping them to further protect their resources from hijacks and other bad behaviour (see the comprehensive list of services available to legacy holders).
Legacy holders who opted out of taking on any formal relationship with the RIPE NCC - also an option specified in the policy - would still have access to reverse delegation services for their resources, and we would continue to do our best to keep their information up to date, though other RIPE NCC services would not be provided. The hope was that many would be keen for us to help them make sure their registry data remained as up to date as possible.
Implementing the policy
The proposal was accepted and became RIPE policy (ripe-605, later updated to ripe-639) in February 2014, and shortly after, we shared our plans for its implementation. It was clear that, for the policy to have an impact, we would have to contact the 2,500 or so individuals or organisations marked as legacy holders in the RIPE NCC service region. Our aim in doing so wasn't to convince anyone that they had to enter into any kind of contract with the RIPE NCC, but rather to establish contact and make sure they had a clear understanding of the options available to them according to the policy.
Our registry services team set out to contact each legacy holder individually, making use of internal and external databases to track down contact details. It wasn’t always easy (or even possible in some cases) to establish contact with legacy holders, but we made considerable headway over the years.
When we began, around 4% of the legacy address space was covered by RIPE NCC terms and conditions. That figure has since risen to 71.6%.
As well as looking at how much legacy has been brought under contract, we’ve also been taking a closer look at how much of it is being announced in global routing, and how RPKI coverage for the relevant ranges has changed over time. The visualisation below provides a detailed breakdown for snapshots from 2015, 2019, and 2024.
A number of observations jump out at us based on the above:
- There’s been a big rise in contract coverage - but gains are flattening out
The big increase in the amount of legacy resources that holders have registered with us over the past ten years is a very positive outcome and a clear sign that the policy and the plans we followed for its implementation have been successful.
But it also has to be noted that after big gains early on, we’ve hit a plateau in more recent years: contract coverage was at 68% in January 2022; 70% in January 2023; 71.6% in January 2024. Almost ten years after we started reaching out to legacy holders, it's questionable at this point how much more ground we can expect to gain.
- RPKI coverage continues to show healthy growth in legacy
The amount of legacy space covered by ROAs doubled between 2019 and 2023. This is an excellent result both in terms of our efforts in reaching out to legacy holders and our broader commitment to helping raise awareness of the benefits of RPKI. We hope to see this trend continue in the coming years. - The amount of unannounced legacy is still high, contract or not
We still see quite a large quantity of legacy that is not currently in use on the Internet at all. There are a lot of perfectly legitimate use cases for why these addresses are not seen as routed externally. But one thing that is worth noting is the drop in announced legacy address space between 2019 and 2023. This appears to be at least partly due to announced legacy address space having been transferred out of the RIPE NCC service region in that period. - 9% of legacy address space remains unannounced and unregistered
The fact that there remains 9% of legacy address space that is neither announced in global routing nor under contract with the RIPE NCC raises questions about what to do with the relevant IP addresses. This region of the IPv4 Internet is effectively dormant, and it is a topic for future discussion and further analysis to decide whether it should stay that way or whether other measures need to be taken.
Conclusion
"In Q3 2014, we will start to contact legacy Internet resource holders in batches. It is difficult to give a precise timeframe for when this process will be completed, as it depends on the quantity of responses we receive and the response times of stakeholders.” -- from implementation plan, March 2014.
Looking at how this particular region of IPv4 has changed as we reach the ten year anniversary of the legacy policy, it’s safe to say things went to plan. The RIPE Registry is more accurate. Our records as to who holds which legacy resources are more reliable than ever. And this is all to the benefit of the legacy holders - the more clear we are on who has legitimate holdership, the more difficult it is for the relevant address ranges to be misused.
But the process isn’t yet complete. There’s still the last mile to go and our efforts at crossing it are seeing diminishing returns. That said, it’s worth bearing in mind that neither the RIPE NCC nor RIPE community policy has the last say when it comes to legacy. These resources belong to the individuals and organisations they were handed out to before we as an organisation existed. With this in mind, as we look at that last ‘dormant’ region of legacy IPv4, it’s hard to say how the next stage in the long conversation about legacy will unfold.
Comments 1
Carlos Miguel Friacas •
Great article Xavier! Thanks for this! It seems the effort started back in the summer of 2012 payed off :-) It wasn't an easy pdp process. 1 year and a half and 4 versions until the proposal was accepted. But i would make the same decision to participate in this effort again. If *today* someone thinks legacy services' rules need to be tweaked, then count me in to contribute again. :-) Cheers, Carlos