Summary
- Global BGP visibility is not a complete measure of IPv4 use. Route collectors record announcements received from their peers; they do not reveal every internal assignment, staged cloud deployment, contractual dependency, migration plan or emergency routing option.
- An idle prefix can carry genuine option value when it gives an operator a feasible right, but not an obligation, to activate capacity after a disruption, during customer growth or while moving between networks. The value comes from avoided delay, renumbering and service loss, not from scarcity alone.
- The same language can conceal warehousing. A reserve is credible only when the holder can identify the triggering event, required block size, technical preparation, responsible owner, review date, alternative capacity and an exit rule if the need expires.
- Current policy materials do not support a universal rule that every unrouted block is reclaimable. ARIN's current Registration Services Agreement expressly says ARIN has no right under that agreement to revoke included resources for lack of utilisation, while request and transfer policies in several regions still examine demonstrated or planned need in defined circumstances.
- Public cloud and security documentation proves that provisioned prefixes can be intentionally unannounced between uses. AWS supports provisioning before advertisement, Google Cloud lets customers decide when some BYOIP prefixes are announced or withdrawn, and Cloudflare describes on-demand announcement during an attack. Those examples establish operational possibility, not the prevalence of justified reserves.
- A sound utilisation review separates observation from judgment. It combines registry records, BGP history, address-management evidence, routing and RPKI readiness, contracts, migration milestones and business-continuity tests, while protecting sensitive architecture.
- Number Resource Society can make this distinction more legible by promoting a portable evidence profile for operational reserves and by defending procedural review. Its own claims remain first-party advocacy; it should not certify necessity, set market prices or replace an RIR, auditor or court.
The route collector sees a shadow, not the whole asset
The easiest IPv4 statistic to produce is also one of the easiest to overinterpret. Take a registry allocation, search a routing table for a covering announcement, and call whatever is absent "unused." The method is attractive because it is repeatable and public. It can identify large questions quickly. It cannot, by itself, answer whether an operator has a defensible purpose for the space.
The RIPE Routing Information Service explains its own boundary plainly: route collectors ingest BGP data through peering sessions. Most collectors receive routes from peers at the exchange points where they are attached, while multi-hop collectors widen the set of perspectives. The resulting data are invaluable for studying the routing system. They remain observations from participating peers, not a universal sensor inside every network.
That distinction has two consequences. First, absence from one collector is weaker evidence than absence across a diverse set of collectors over time. A route may be filtered, visible only to selected peers, represented by a covering aggregate, or announced briefly during an event. Second, even complete absence from the public default-free zone would establish only that the prefix was not globally announced during the observation window.
It would not establish that no addresses were configured, no customer migration depended on them, no private interconnection used them, no cloud onboarding had begun, or no tested emergency plan reserved them.
CAIDA's work on inferring IPv4 utilisation reached a similar methodological conclusion from a different direction. Its researchers combined heterogeneous active and passive datasets because no single measurement source exposed all address activity. That study improved inference; it did not turn inference into title adjudication. Measurement can narrow uncertainty. It does not remove the need to ask what legal and operational state is being measured.
The vocabulary therefore matters. "Unannounced" should mean that selected BGP observations did not contain a route. "Unresponsive" should mean that selected probes did not elicit a response. "Unassigned" should describe an address-management fact established from appropriate records. "Unneeded" is a judgment about future requirements and alternatives. "Abandoned" is a claim about intention or conduct. "Recoverable" is a conclusion under a governing policy, contract or law. Moving from the first term to the last without additional evidence is not conservation. It is a category error.
Scarcity changed the price of waiting
The period beginning in 2010 is important because the cost of replacing an IPv4 block changed sharply around it. The Number Resource Organization records that IANA's central free pool was depleted on 3 February 2011, when the final five /8 blocks were allocated to the five RIRs. Regional exhaustion followed on different schedules. ARIN says its free pool depleted on 24 September 2015 and now directs most ordinary demand toward transfers, a waiting list, narrow reserved pools or IPv6.
Before scarcity, an operator deciding whether to release excess space could reasonably expect to request more later under then-current policy if growth returned. After scarcity, reacquisition can require a negotiated transfer, brokerage, legal diligence, registry approval, renumbering, reputation checks and uncertain timing. The holder has not merely given up addresses. It has given up a future choice that may be expensive to recreate.
That is the source of option value. A real option is useful when the future is uncertain, the decision can be delayed and the cost of reversing a release is meaningful. An operator holding a clean prefix can choose later to announce it, divide it, deploy it in a new region, move customers into it, use it during mitigation, lease it within applicable rules, or transfer it. Releasing the block extinguishes some or all of those choices.
Scarcity alone does not make every choice valuable. A /12 with no plausible operating purpose is not justified because addresses are expensive. An option with no feasible exercise path, no owner, no trigger and no review date may be a story told after the fact. The analysis must connect a particular block to a particular uncertainty and a credible action.
The correct economic question is not, "Could this prefix be sold?" Almost any transferable scarcity asset may have a price. It is, "What service loss, migration cost or foregone expansion would the operator face if it released the prefix now and later encountered the stated need?" The answer can be large, small or zero. It depends on the operator's architecture and the substitutability of the block.
No public source supplies a global denominator for justified idle reserves. BGP datasets count observed routes, not board-approved contingency plans. RIR transfer lists record approved changes, not every decision to keep a block. Operators rarely publish complete IP address management systems, disaster-recovery tests or future customer forecasts. Cloud providers describe supported features, not customer reserve inventories. Claims that a stated percentage of unrouted space is waste, insurance or speculation therefore require a definition and evidence that the public record does not presently provide.
Four states that look identical from outside
Imagine four /20 prefixes, none visible in the public routing table on a Tuesday afternoon.
The first belongs to a provider that has completed onboarding with a mitigation network. Route authorisation, letters of authority, tunnels and runbooks are in place. During a volumetric attack, the provider can withdraw its ordinary route and instruct the mitigation network to announce the prefix. The block is quiet at that provider's edge because its value lies in a tested response path.
The second is assigned to a new regional deployment. Hardware is ordered, two customer contracts are signed, subnet plans are approved and a cloud provider is completing validation. The announced service date is three months away. The prefix is not producing traffic yet, but releasing it would derail a committed build.
The third is part of a renumbering programme. Old and new addresses must coexist while DNS time-to-live values fall, access lists change, partners allow new endpoints, certificates and licences are updated, and customer devices are replaced. The block may remain largely quiet before cutover or after traffic drains, even though it is essential to rollback.
The fourth was allocated years ago. The holder cannot identify a current assignment, approved project, customer dependency, test, budget, route plan or decision date. Executives know only that the addresses might be useful one day and have become valuable. That is the strongest candidate for release, lease or transfer.
A snapshot labels all four idle. An audit should label them differently: contingency reserve, committed growth, migration overlap and unsupported inventory. The distinction does not require the registry to run the networks. It requires the holder to produce evidence proportionate to the claim.
This is also why a binary utilisation percentage can mislead. If the first provider reserves one aggregatable /20 because the emergency service accepts only that routing unit, counting configured interfaces may show near-zero use. Fragmenting the block across ordinary customers could increase a nominal ratio while destroying the contingency design. Conversely, an operator can inflate assignment records without creating meaningful demand. Efficient stewardship follows the service function and the smallest workable unit, not cosmetic occupancy.
Disaster recovery is a right to switch paths
Operational resilience often depends on resources that are deliberately inactive during normal conditions. A spare generator is not wasted because it produces no electricity on an ordinary day. A second data centre is not valueless because traffic normally prefers the first. The relevant tests are readiness, necessity and proportionality.
IPv4 reserves can play the same role. An operator may need a stable block that can move to a mitigation provider, alternate carrier, recovery region or replacement platform without changing the customer-facing addresses. The prefix preserves identity while the route changes. That can avoid emergency DNS changes, stale resolver caches, partner allow-list failures and certificate or application dependencies tied to addresses.
Cloudflare's Magic Transit on-demand documentation supplies a concrete mechanism. It describes enabling prefix advertisement during an attack and disabling it after the incident. Its dynamic-advertisement documentation separately explains that customers can advertise or withdraw prefixes through an API or dashboard. A withdrawn prefix is not evidence that the customer forgot it; within this service design, withdrawal can be the intended normal state.
AWS documents a related migration capability for Bring Your Own IP. An operator can configure AWS resources to use addresses before the range is advertised, then stop advertising from the existing location and begin advertising through AWS. Google Cloud's recommended regional BYOIP mode likewise separates provisioning from announcement and says the customer decides when to announce or withdraw. These are first-party service descriptions. They prove that major platforms deliberately model a provisioned-but-unannounced state.
They do not prove that every absent route belongs to such a design. They do not disclose how many customers use the feature, how often failover succeeds, how much space remains reserved, or whether a specific holder completed testing. A holder invoking disaster recovery should therefore show more than a link to a product page.
A defensible evidence pack would identify the protected service, prefix, primary and alternate origins, letters of authority, RPKI plan, tunnel or interconnect state, activation authority, expected propagation time, last test and rollback method. It would state whether the prefix is withdrawn everywhere or announced from a primary site in normal operation. It would record dependencies that prevent use of a smaller block.
The plan also needs a failure model. If route propagation can take minutes and the service objective requires seconds, the prefix may not deliver the claimed protection. If an RPKI route origin authorisation covers only the normal ASN, emergency advertisement may be invalid. If the mitigation provider accepts only /24 or shorter IPv4 routes, a reserve composed of longer fragments may not be globally usable. Option value is measured after these constraints, not before them.
Growth reserve buys time, but forecasts expire
Growth produces a different option. A network adding subscribers, regions, services or acquisition targets may need contiguous address space before every endpoint exists. Capacity planning necessarily precedes demand. If policy recognised only addresses active today, operators could never build ahead of tomorrow's customers.
RIR rules have historically acknowledged planned use. ARIN's current NRPM includes circumstances in which organisations demonstrate immediate and projected requirements, and it uses utilisation of existing holdings as a criterion for some additional requests. APNIC's resource policy says requests must be supported by estimates based on immediate and projected future need, while its public eligibility guidance asks an initial IPv4 applicant to show a detailed plan to use the requested block within a year.
RIPE transfer policy also preserves a forward-looking test for transfers arriving from regions that require needs-based policy: the recipient supplies a plan for use of at least half within five years.
These rules differ in scope and should not be merged into one global threshold. An initial request from a free or reserved pool is not the same as a transfer of an existing holding. A historical resource can have different contractual treatment from a recent allocation. A rule used to determine eligibility for additional space does not automatically become a continuing power to confiscate everything below the threshold.
The shared logic is narrower: future demand can be legitimate when it is detailed enough to test. A growth reserve should be tied to a service forecast, customer commitments, site schedule, acquisition plan or transition architecture. The holder should explain why existing free capacity, IPv6, carrier-grade NAT, leasing or a later transfer would not meet the same need at reasonable risk.
Forecasts decay. A plan approved in 2022 for a launch in 2023 cannot remain sufficient evidence in 2026 if the launch never occurred. The operator should update the probability, expected date and block size. If the project is cancelled, the reserve returns to the portfolio decision queue. If demand arrives more slowly, part of the block may be releasable without sacrificing aggregation.
This is where option language can discipline rather than excuse holding. Financial options expire or lose value as assumptions change. An operational reserve should also have review points and abandonment triggers. The option is valuable because management can choose; responsible management must actually revisit the choice.
Migration requires overlap, not instant purity
Renumbering is often discussed as if it were a database edit. In a live network it is a sequence of dependencies. Servers need new interfaces. Firewalls and access-control lists need both old and new values. Partners may have manual allow lists. DNS records must change and caches must age. Monitoring, geolocation, abuse contacts, reverse DNS, RPKI objects and route filters may need updates. Customer equipment may be outside the operator's immediate control.
During that interval, apparently idle space can sit on either side of the cutover. The destination prefix may be configured in staging, authorised in RPKI and accepted by upstreams before traffic moves. The source prefix may remain announced or ready for rollback after the main flow leaves. Neither state is permanent productive occupancy. Both can reduce migration risk.
AWS's BYOIP guidance makes the sequencing concrete: configure resources before advertisement, then coordinate withdrawal from one place and advertisement from another to minimise downtime. The instruction is not a general law of migration, but it exposes the flaw in point-in-time utilisation. Preparation has value before traffic appears.
RFC 1918 provides a deeper historical reminder. It recommended private address space partly to conserve globally unique space, but it also warned that changing between private and public arrangements can impose costly renumbering. Private addressing is therefore an alternative with trade-offs, not proof that every enterprise can surrender public space without consequence.
A migration reserve should be bounded by milestones: design complete, destination validated, dual-running started, customer cutover percentage, rollback window, old route withdrawal and final disposition. Delays should carry reasons. The audit should ask whether overlap remains necessary and whether the entire prefix, rather than a smaller portion, is required.
Permanent "migration" is not a defensible category. If the same project appears year after year without engineering work, budget or dependency reduction, its option value should be discounted toward zero. The holder can still choose to retain the asset for investment reasons where contracts and policy allow, but it should not misdescribe that choice as imminent operational use.
The block is not perfectly divisible
An audit that counts addresses individually can recommend a technically destructive optimisation. Routing, filtering and registry practice work with prefixes. The smallest globally portable unit may be much larger than one address, and policies or counterparties may impose minimum transfer or announcement sizes. Reputation and aggregation also attach to blocks, not only to isolated endpoints.
Suppose an operator needs 128 addresses for a recovery service. Arithmetic suggests half a /24. Global routing practice may make a /25 unreliable because many networks filter routes longer than /24. The operator may need the whole /24 to preserve a credible failover path. The unused half is not automatically waste; it may be the indivisible cost of obtaining the usable half.
The same effect appears in growth. A /20 can be divided into /24s, but selling alternating fragments can leave a portfolio that is harder to aggregate, manage or transfer. Customer geolocation and reputation histories can differ across fragments. RPKI and route objects must follow. A utilisation review should test reasonable subdivision, but it should include transaction and operating costs.
This does not justify retaining any arbitrarily large covering block. If a /16 reserve exists to support one /24 service and the rest can be separated cleanly, the burden shifts to the holder. The right unit is the smallest prefix set that preserves the documented function with acceptable risk.
Option value can therefore be lumpy. One additional address may require keeping a whole routing unit. A clean audit records that indivisibility explicitly instead of hiding it inside a percentage.
Registry policy answers different questions at different times
Debate becomes confused when three moments are treated as one: receiving addresses, requesting more addresses and retaining addresses already registered.
At receipt, an RIR may ask whether the applicant meets current policy. APNIC's transfer conditions require recipients of unused or excess IPv4 space to provide a detailed use plan. ARIN evaluates specified-recipient transfers under its NRPM. Those are entry conditions.
When requesting more, an operator may need to demonstrate use of prior holdings. ARIN's NRPM states in relevant cases that organisations can qualify for additional IPv4 blocks by demonstrating 80 percent utilisation of current allocated space. APNIC says utilisation of historical IPv4 space is considered when a holder requests more. These rules prevent an applicant from ignoring available inventory while seeking scarce additions.
Retention is separate. ARIN's Registration Services Agreement version 14.0 states that ARIN has no right under that agreement to revoke included number resources due to lack of utilisation by the holder. That clause does not immunise fraud, non-payment, unlawful conduct or every resource outside the agreement. It does demonstrate why one cannot transform an allocation threshold into a universal continuing forfeiture rule.
RIPE's transfer policy presents another model. It allows a legitimate holder to transfer complete or partial blocks, imposes specific restrictions, requires the transfer to be reflected in the database and publishes approved transfer information. The policy does not purport to infer waste from BGP silence.
These examples support a rule of institutional interpretation: identify the exact policy, agreement, resource status, transaction and date before making a retention claim. "The RIRs require utilisation" is too broad. One region's new-request test is not another region's revocation power. A historical block without a current contract is not necessarily governed like a recent waiting-list allocation.
Conservation remains legitimate. Registry records must be accurate, applicants should not obtain scarce new space through false projections, and policy-defined return conditions should be honoured. But conservation is strongest when it is attached to clear ex ante rules and reviewable facts, not when a routing snapshot becomes an unwritten power.
A serious utilisation review has seven layers
The first layer is identity. Confirm the exact prefix, registered holder, resource status, governing agreement, transfer history and related organisations. Resolve whether the entity operating the block is the holder, an affiliate, customer, lessee or service provider. An apparent idle asset may be supporting another entity under a legitimate arrangement; it may also be sitting in a dissolved company with stale records.
The second is routing. Examine multiple BGP collectors over a defined period, not one current table. Record covering and more-specific announcements, origin ASNs, withdrawals, route leaks and visibility differences. State the collectors and dates. BGP evidence should be reproducible and described as observation.
The third is address management. Review IPAM assignments, DHCP or subscriber pools, NAT gateways, virtual services, reverse DNS, internal routes and customer records as applicable. Sensitive details can be aggregated or inspected under confidentiality. The aim is to distinguish no public route from no technical use.
The fourth is purpose. Classify each reserved segment as disaster recovery, committed growth, migration, contractual obligation, technical quarantine, sale inventory or unsupported holding. The category should not be selected by the auditor alone. The holder supplies a claim and evidence; the reviewer tests it.
The fifth is readiness. For a contingency block, test whether routes, ROAs, letters of authority, tunnels and runbooks work. For growth, inspect milestones, budgets and dependencies. For migration, verify dual-running and cutover tasks. A theoretically valuable option that cannot be exercised is not operational protection.
The sixth is proportionality. Compare the reserved size with the minimum workable routing and service unit. Examine alternative space, IPv6, translation, leasing and later acquisition, but include switching delay, fragmentation, reputation and renumbering costs. The audit should not assume that the cheapest visible substitute is operationally equivalent.
The seventh is disposition. Every reserve receives a next review date and an outcome rule: retain, reduce, activate, lease, transfer, return where applicable, or investigate. A review without a decision path becomes documentation theatre.
This structure allows a reviewer to be demanding without pretending to operate the network. It also creates consistency. Two holders making the same disaster-recovery claim should be asked for comparable evidence, even if their architecture differs.
Evidence should be strong without exposing the network
Operators reasonably resist publishing detailed disaster-recovery architecture. Prefixes, failover providers, activation contacts, tunnel endpoints and customer schedules can be security-sensitive. A good audit does not force every supporting fact into public WHOIS or a transfer list.
The evidence model can separate a public conclusion from protected substantiation. A public record might say that a specified prefix is retained as a time-bounded contingency reserve, was reviewed on a stated date and has a future review date. A confidential annex can contain diagrams, tests, contracts and contact information. An independent reviewer can attest that the evidence met a published standard without exposing it.
Cryptographic hashes can preserve the integrity of dated documents, but a hash does not prove the truth of the document. RPKI can show that a holder authorised an origin, but a ROA does not show a customer forecast or a board decision. Registry records can show the recognised holder, but they do not reveal every lease or internal assignment. Each evidence type answers a limited question.
The holder should also have a right to correct error. BGP measurements can miss routes. Corporate records can lag a merger. A reviewer can misunderstand a private deployment. Before an adverse decision, the operator should receive the observed facts, the rule being applied and a reasonable opportunity to respond. If a consequential decision remains, there should be an independent appeal or other review path.
Procedural protection is not an excuse for delay without end. Timelines can be fixed. Evidence requests can be standardised. Emergency measures can address fraud or a live security problem. The important point is that scarcity does not eliminate the difference between inquiry and conclusion.
RPKI reveals preparation, not consumption
RPKI is relevant because an idle prefix may need to become routable quickly. A route origin authorisation can permit an ASN to originate a specified prefix length. An operator that claims emergency readiness but has no workable authorisation path may have overstated the value of its reserve.
Yet ROA status is not utilisation. A valid ROA can exist for a prefix that is not announced. A prefix can be announced without a ROA and appear NotFound rather than Invalid. A broad ROA can authorise more specifics that never appear. Revoking a ROA can be prudent after a route is withdrawn, but a future plan may require a new one.
The audit should therefore ask whether the RPKI configuration matches the claimed option. For normal active-active service, authorised origins should reflect intended routes. For on-demand mitigation, the normal and emergency origin plan should avoid accidental invalids. For migration, overlapping authorisations may be necessary temporarily and should be removed after cutover.
Cloud and mitigation providers often require registry validation, ROAs or letters of authority during onboarding. Completion of those steps is evidence that activation is feasible. It remains provider evidence, not proof that the whole block size is necessary or that the plan was tested.
RPKI also imposes an exit obligation. When a prefix is transferred, old authorisations and route objects should not survive indefinitely. A holder retaining idle space should maintain its security state rather than treating inactivity as freedom from hygiene. Option value depends on a clean ability to exercise; stale authorisations reduce that value and can create risk for others.
The option can be valued without inventing a market rate
No single formula will produce a defensible dollar value for every reserve. The inputs are private and uncertain. A practical decision can still be structured.
Start with exercise scenarios. Estimate the probability range of an attack, regional launch, acquisition or forced migration over the review horizon. Do not disguise speculation as a precise percentage. A low, base and high scenario can be more honest than one decimal point.
Then estimate the consequence if the operator lacks the block: service downtime, emergency transfer delay, customer churn, renumbering labour, new hardware, contract penalties and lost expansion. Separate costs the prefix actually avoids from general incident costs it cannot change.
Next estimate carrying cost: registry fees, internal controls, security maintenance, foregone sale proceeds, financing cost and the risk of market decline. Include the opportunity to lease or transfer only where it is realistically available under policy and contract.
Finally test substitutes. Could IPv6 remove the need? Could an on-demand lease supply equivalent clean space quickly? Could a smaller prefix work? Could DNS-based failover replace address portability? Could the provider reserve capacity contractually without holding the addresses? Each substitute changes the option's incremental value.
The result is a decision range, not a universal benchmark. A regulated payment network with hard-coded partner allow lists may rationally retain more continuity capacity than a short-lived web campaign behind a managed CDN. The comparison should be among the holder's feasible alternatives, not among unrelated businesses.
Public transfer prices can inform opportunity cost, but they are incomplete. Broker quotations may reflect asking rather than executed prices. Registry logs do not disclose full consideration, leasebacks, reputation discounts or transaction expenses. No global rate of return for an idle operational reserve is available. A review that applies one invented per-address yield to every block would create false precision.
Three worked decisions
Consider a regional ISP with a /18. It announces a /19 for current subscribers and holds the other /19 for a second market. The growth plan has licences, fibre contracts and an equipment budget, but launch has slipped twice. The audit should not call the reserve waste immediately. It should compare the new launch date, committed spend, subscriber forecast and minimum routing unit. If the plan remains funded and near-term, retention may be proportionate. If the market entry has been abandoned, a /19-sized option with no trigger should move toward transfer, lease or a smaller reserve.
Consider a cloud operator with a /24 onboarded to an on-demand DDoS provider. The prefix is normally announced from the operator, not absent globally, but the mitigation provider's route is withdrawn. A collector that sees the operator's route would call the space active; a collector focused on the mitigation network might call that path idle. The audit should evaluate the alternate announcement, ROA and test history, not count the same addresses twice.
Now consider an enterprise that holds a legacy /16 and says it is reserved for acquisitions. It has completed no acquisition in ten years, cannot name a target class, uses RFC 1918 internally and has no integration template requiring public addresses. The option is broad but weak. Scarcity and hypothetical M&A do not establish operational necessity for 65,536 addresses. The enterprise may have contractual freedom to keep the block, but an honest utilisation report should classify most of it as unsupported strategic inventory rather than disaster recovery.
These cases show why the outcome need not be confiscation. The audit can improve decisions even where no authority can compel release. Boards, lenders, members and prospective buyers benefit from knowing whether value is operational, speculative or mixed. Transparent classification can lead to voluntary transfers without turning an auditor into a sovereign.
Guardrails against warehousing
The case for option value will fail if every holder can invoke an untestable future. Five guardrails keep the concept bounded.
First, specificity. The holder identifies the block, purpose, trigger and responsible decision-maker. "Future need" alone is limited public evidence.
Second, feasibility. The technical, contractual and security steps needed for exercise are known and substantially prepared. A plan that requires an impossible route or an unavailable service has no present operational value.
Third, proportionality. The reserve size reflects the smallest workable unit plus a justified margin. Aggregation is relevant but not absolute.
Fourth, time. Every claim has milestones and review dates. Delay changes the evidence burden.
Fifth, alternatives. The holder explains why transfer-on-demand, leasing, IPv6, NAT, a provider pool or a smaller block would expose it to unacceptable risk. The explanation can be qualitative where prices or probabilities are unavailable, but it must be concrete.
These guardrails also protect legitimate holders. If the standard is published, an operator can know in advance what evidence will be persuasive. It need not guess whether a staff member considers contingency capacity morally acceptable. Thin, objective review is better than both no scrutiny and boundless discretion.
What Number Resource Society can add
Number Resource Society publicly presents itself as a membership organisation focused on holder rights, business protection and participation in Internet number policy. Its more recent business-continuity material argues that stable number-resource recognition matters to customers and revenue. That emphasis is useful here: an IPv4 reserve should be evaluated as part of an operating system, not as a dead database row.
NRS could make the contribution practical by publishing an optional operational-reserve profile. The profile could contain the prefix range, reserve class, evidence date, next review, minimum workable unit, RPKI readiness, confidential-evidence custodian and disposition trigger. It could define terms so that "unannounced" never silently becomes "abandoned."
It could also publish anonymised case patterns: tested attack mitigation, delayed regional build, completed renumbering, unsupported indefinite hold. Such examples would help operators and registries compare reasoning without disclosing networks or claiming a prevalence rate.
The boundary is essential. NRS's FAQ, charter and website are first-party advocacy. They do not establish independent neutrality, statutory authority, an audited reserve population or a deployed certification regime. NRS should not declare a prefix legally owned, compel an RIR update, approve a transfer, value an asset or certify that a disaster plan will work. Its strongest role is to improve evidence, vocabulary and procedural expectations.
A positive NRS agenda would therefore pair rights with maintenance. Holders seeking durable recognition should keep contact data current, secure RPKI and registry access, document authority, review reserves and release claims that have expired. Holder protection is more credible when it includes stewardship duties that can be observed.
A better policy question
The argument over idle IPv4 often starts with the wrong question: "Why should anyone be allowed to keep unused addresses?" That wording assumes the decisive fact.
A better sequence is: What was observed? What type of use or reserve is claimed? What rule governs this holder and block? What evidence supports the claim? Is the block size proportionate? When will the claim be reviewed? What remedy follows if the evidence fails?
This sequence accommodates both scarcity and continuity. It rejects a permanent entitlement to new scarce space based on vague forecasts. It also rejects automatic forfeiture based on one public routing snapshot. It can support voluntary market release, stronger request review and accurate registration without asking an RIR to judge every business strategy.
The policy design should keep entry, expansion and retention distinct. New allocations and needs-based transfers can require a use plan. Requests for more space can examine prior inventory. Existing holdings can be governed by their actual contracts and defined revocation grounds. A voluntary audit can classify unsupported holdings even where compulsory recovery is unavailable.
Most importantly, the design should reward truth. If an operator can admit that a block is strategic inventory rather than pretend it carries live traffic, the record becomes more useful. If a legitimate migration can be documented without fear that temporary silence proves abandonment, engineering becomes safer. Governance improves when categories match reality.
Watch the exercise, not only the waiting
Over the next several years, the most useful evidence will come from outcomes. Did on-demand prefixes activate when attacks occurred? Did planned regions launch? Did migrations retire old blocks on schedule? Were reduced reserves sufficient? Did voluntarily released space reach new operators? Did registry records and RPKI objects update cleanly after transfer?
Those questions can produce a denominator over time, but only if the categories are recorded consistently. Today the public data do not reveal how many unrouted prefixes are backed by tested plans, how many plans expire, or how many blocks return to use. No rate should be invented to fill that gap.
An idle prefix is therefore neither innocent nor guilty. It is an unresolved state. Sometimes it is an expensive spare key that preserves a business through failure. Sometimes it is capacity moving toward customers. Sometimes it is a bridge between old and new networks. Sometimes it is simply an asset whose holder prefers not to sell.
The task of a utilisation review is not to collapse those choices into one moral label. It is to identify which claim is supported, which option remains exercisable and which story has outlived its evidence. That is a stricter standard than BGP silence, and a fairer one.
Sources
- RFC 7020: The Internet Numbers Registry System - authoritative description of the registry hierarchy, uniqueness and registration goals; it does not define every holder's operational utilisation or private legal rights.
- NRO: Free Pool of IPv4 Address Space Depleted - primary institutional record of the 3 February 2011 IANA free-pool event; it does not measure later holder use.
- ARIN IPv4 Addressing Options and ARIN Number Resource Policy Manual - current regional rules and options; ARIN policy is not a global rule for other RIR regions.
- ARIN Registration Services Agreement, version 14.0 - contractual evidence that ARIN lacks a right under that agreement to revoke included resources for lack of utilisation; the clause does not cover every resource status or every other ground for action.
- APNIC Internet Number Resource Policies, APNIC eligibility guidance and APNIC transfer conditions - regional evidence on projected need, prior holdings and recipient plans; the documents do not create a universal post-allocation recovery rule.
- RIPE Resource Transfer Policies, RIPE-807 - current transfer and registration-update rules, including a bounded use-plan condition for certain incoming inter-RIR transfers; it does not treat all BGP-invisible space as unused.
- RIPE RIS route collector documentation and MRT data documentation - explain how BGP observations are collected from peers; collector data cannot expose every private, internal or future use.
- CAIDA: Lost in Space - original research showing the value of heterogeneous active and passive measurements for utilisation inference; inference remains sensitive to datasets and definitions.
- AWS BYOIP onboarding and AWS BYOIP overview - first-party product evidence for provisioning, advertisement and withdrawal states; no customer count or success rate is disclosed.
- Google Cloud BYOIP documentation - first-party evidence that some provisioned prefixes are announced or withdrawn at customer choice; feature documentation is not a census of idle reserves.
- Cloudflare Magic Transit on-demand and dynamic advertisement - first-party evidence for attack-triggered and API-controlled advertisement; availability, contract scope and propagation limits vary.
- RFC 1918: Address Allocation for Private Internets - establishes private-space alternatives and recognises renumbering cost; it does not show that a particular holder needs public space internally.
- NRS FAQ, NRS Charter and NRS business-continuity material - first-party statements of holder-rights and continuity advocacy; they are not independent proof of ownership law, neutral adjudication or measured reserve performance.

