i'm also curious about what issues having fewer IPv4 addresses causes for organizations, like I'm looking at how (if there aren't other ASNs I'm missing)
University of Toronto has 300,000+ IPv4 addresses while VietNam National University has 4,096
https://ipinfo.io/AS45542 https://ipinfo.io/AS239

or the other way around, I know MIT used to have 18.0.0.0/8, what kind of benefits were there to having a /8 for people at MIT? (presumably they were mostly unused)

@b0rk You are totally hitting the ball out of the park today with "Excellent questions that will draw out uninformed opinions from people who wish they were experts in this area but can type like them". (I say this as someone whose response to questions about IP addresses is "ask my friends like @spamvictim, @andy, @nygren or anyone who has been in the RIPE community for >20 years.)

@paulehoffman @b0rk @spamvictim @nygren
I am not a network operator, but I did sleep at a Holiday Inn last night.

My best guess is that the biggest impact these days is on the flexibility for routing. I hope nobody is actually exposing user hosts directly to the net anymore. RIPEstat says VNU is advertising 14 v4 routes, compared to MIT's (AS3) 123. VNU has on 1 bgp neighbor whereas MIT has 14, so quite a difference in connection diversity. Of course, VNU could help themselves out by getting a v6 prefix. https://stat.ripe.net/resource/AS45542#tab=routing https://stat.ripe.net/resource/AS3#tab=overview

@paulehoffman @b0rk @spamvictim @andy

There are many angles here, so I'll provide one or two.

1) Having a large amount of IPv4 space made address planning and structured addresses easy. For example, MIT used to split up 18.0.0.0/8 in a structured manner -- for example buildings often got a /16. My undergrad dorm didn't *need* 64k IPv4 addresses, but being able to look at the second octet to know where it was turned out to be super convenient.

This is actually one of the huge benefits of IPv6, especially when people treat it as its own things rather than just as "bigger IPv4". If you get you address plan right then you can have structured addresses. As a large scale operator this turns out to be super convenient.

For example, if an organization has a /32 then they can slice this up in various ways. For example:
* Have a /48 per site, and then have common structure within each site.
* Have a /36 per function (prod servers, lab/QA, clients, etc) then have a /48 per site within that.
That sort of structure makes IPv6 addresses actually easier to work with than IPv4 -- it's not like anyone managing a network with hundreds of thousands of nodes is typing IP addresses by hand or memorizing them.

While structured addressing sometimes happens in RFC1918 space (eg, for K8s clusters in net-10), it is much easier to run out of space in IPv4 this way in ways that get you stuck, especially if you ever need to connect multiple environments together. While 16.7M+ addresses in 10.0.0.0/8 sounds like a lot, it turns out to be not big enough for structured addressing in large compute environments, or even for unstructured addressing for large ISPs with many tens of millions of subscribers.

#IPv4 #IPv6

@paulehoffman @b0rk @spamvictim @andy

2) Limited Public #IPv4 address space forces most organizations into CGNAT. This has lots of challenges (shared IP reputation, scaling/reliability/perf issues, etc). Those NATs can be fairly costly to operate as well. This also makes troubleshooting hard (eg, if a compromised or broken client is behind a NAT, it can be hard to chase the problem down and it can have impact to all of the other users behind that IP).

(Viet Nam has actually been making some great progress with their #Ipv6 transition and unlike some countries just talking about it, they seem to be following through so far: https://blog.apnic.net/2025/08/27/modernizing-viet-nams-internet-infrastructure-security-action/ )

@paulehoffman @b0rk @spamvictim @andy

3) Having limited #IPv4 address can be really painful in cases where you need structure. For example, firewall rules and route table entries often want to work with prefixes. Each entry consumes resources against a limit (max number of FW rules, FIB/RIB/TCAM space, etc). Limited address space means things end up fragmented even with planning. This means ACLs are often for individual IPv4 /32 addresses, or routes are for small /24 subnets (whose sizing is a trade-off between inefficient use of a valuable resource and having lots of fragmented tiny subnets). This also means that as things scale up and you hit a subnet or reserved-for-ACL prefix size, you need to add another one or get stuck. I spend a disproportionate amount of my time trying to navigate this hell in IPv4 land to balance resource usage and scale.

In #IPv6 many of these problems go away. You can just assign a large enough prefix to a site to have confidence that you won't need to add another for a few years if ever. And you can create prefixes for use in firewall rules and ACLs and then rarely-if-ever need to update them.

@b0rk The benefit is essentially the same as why you might want 64GB or RAM instead of 32GB. Throwing resources at a problem.

That wasn't the initial reason, that's just what they got for being one of the first. The edu I was at got a /16 even though enrollment was about 15,000. But space gets used inefficiently, it's hard to change, growth happens, NAT sucks :-), cheapest and easiest way out? Get more. And we did.

That seems to be what Amazon is still doing. In a rough measure I took recently, they've transferred in about 175 million IP4 addresses over the years. Thats where a lot of the big address movement action is these days.