Deploy360 13 June 2014

IPv4 Exhaustion Gets Real – Microsoft Runs Out Of U.S. Addresses For Azure Cloud – Time To Move To IPv6!

By Dan YorkSenior Advisor

us ipv4BOOM! IPv4 address exhaustion just hit home really hard for a good number of people.  They set up virtual machines (VMs) in a US region on Microsoft’s Azure Cloud and now suddenly find that when they use those VMs to access other websites they are treated as if they are from a country outside the US.  Why?

Because Microsoft RAN OUT OF IPv4 ADDRESSES from its “U.S.” blocks of IPv4 addresses!

As Microsoft notes in their blog post:

Some Azure customers may have noticed that for a VM deployed in a US region, when they launch a localized page on a web browser it may redirect them to an international site. 

Oops.

They go on to say precisely what we and many others have been warning about for some time:

IPv4 address space has been fully assigned in the United States, meaning there is no additional IPv4 address space available. This requires Microsoft to use the IPv4 address space available to us globally for the addressing of new services. The result is that we will have to use IPv4 address space assigned to a non-US region to address services which may be in a US region.  It is not possible to transfer registration because the IP space is allocated to the registration authorities by Internet Assigned Numbers Authority.

Keep in mind, too, that back in 2011 Microsoft bought 666,624 IPv4 addresses from Nortel for $7.5 million. So they have already been shopping for more IPv4 space in the North American region.

They’re out.  Done.  Finished.

And so all those people wanting to run VMs on Microsoft’s Azure Cloud are suddenly confronting the reality that if they wanted their server to appear as if it came from the US, they can’t!

Sure, their domain name can look like it is a regular address for a US company… but in the underlying IP addressing their server will appear to the rest of the Internet to be in Brazil or some other location based on some of the geographical IP databases.

UPDATE: It is apparently not just Azure Cloud accounts in the US.  Over on Hacker News a commenter indicated that an Azure account in the North Europe datacenter in Dublin, Ireland, is also getting an IP address from Brazil.  I would guess (but don’t know for a fact) that this means Microsoft may be out of European IP addresses, too.

The impact is that servers running in the Azure Cloud (on VMs) may be treated by applications and services running on other servers as if they are outside the U.S. and so they may be given different choices or options than would be given to US servers.  The example shown in Microsoft’s blog post is of a web browser running on a VM connecting to a site and being given a Portuguese web page because the web server thought the incoming connection was coming from Brazil.  Depending upon how strongly the web server being visited serves out pages based on geographic IP data there may or may not be an easy option to get to pages intended for visitors from the US – or it might at least require more steps.   On a more serious note, there may be some sites that might block traffic in their firewalls based on where IP addresses are thought to be coming from – and so while you thought your server was set up “in the U.S.” it could instead wind up on someone’s blocked list.

Somewhat ironically, we wrote just yesterday about the need for cloud providers to get with the IPv6 program – and today we have living proof of WHY cloud providers need to care.

And as we also noted earlier this week, Latin and South America are basically out of IPv4 addresses – so while Microsoft can use some Brazilian IPv4 addresses today, odds are pretty good they won’t be able to get any more!

Here are a couple of other posts about today’s news:

The cold hard reality is that we simply cannot continue to rely on the “experimental” version of the Internet that used IPv4 addresses.  We need to collectively take the leap to the production version of the Internet using IPv6.

There are BILLIONS of people still to come online on the Internet – and there are BILLIONS more devices that we want to put online as part of the “Internet of Things”.  IPv4 simply doesn’t have the necessary number of addresses!

To get started with IPv6, please visit our “Start Here” page to find resources that are focused for your type of organization. And if you don’t find what you need, please let us know!  We are here to help you make the transition!

As Microsoft so vividly showed us today, IPv4 exhaustion is going to increasingly make IT systems more complicated.  It’s time to make the move to IPv6 where we don’t have to worry about address exhaustion – or having to use IP addresses from a different part of the world.

The time for IPv6 is now!

Good discussions on this topic are happening at:

Disclaimer: Viewpoints expressed in this post are those of the author and may or may not reflect official Internet Society positions.

Related Posts

Improving Technical Security 15 March 2019

DNS Privacy Frequently Asked Questions (FAQ)

We previously posted about how the DNS does not inherently employ any mechanisms to provide confidentiality for DNS transactions,...

Improving Technical Security 14 March 2019

Introduction to DNS Privacy

Almost every time we use an Internet application, it starts with a DNS (Domain Name System) transaction to map...

Improving Technical Security 13 March 2019

IPv6 Security for IPv4 Engineers

It is often argued that IPv4 practices should be forgotten when deploying IPv6, as after all IPv6 is a...