The Internet is an essential part of most people’s daily life. Its popularity is largely driven by the diverse services it oﬀers. To interact with services, user devices needs to identify and reach the infrastructure they are hosted on. Hosting servers, and their associated interfaces, are identiﬁed using IP addresses. While the Domain Name System (DNS) resolves a service’s name—-more speciﬁcally, its Fully Qualiﬁed Domain Name (FQDN)—to a set of IP addresses, the Border Gateway Protocol (BGP) provides the routes needed to reach those IPs. Those mechanisms have not changed substantially throughout the last two decades, even though they still pose research questions.
The allocation of IP addresses to organizations is managed by the Regional Internet Registries (RIRs). Traditionally, networks received decently-sized sets of 32-bit long (IPv4) addresses from their respective RIR at negligible cost. With the deployment of new services and the growth in Internet organizations, the number of freely-available IPv4 addresses rapidly decreased. To cover the existing need, 128-bit long (IPv6) addresses were introduced. While most RIRs have little-to-none IPv4 addresses left for allocation, only around one-third of all users have yet adopted IPv6. Similarly, many services are only accessible via IPv4. To bridge the gap between availability and need, organizations recently increased their reliance on buying and leasing of IPv4 addresses. Similar to most open markets, brokers
facilitate the matching between selling and buying parties and carry out most of the paperwork in exchange for a certain commission.
When analyzing the (private) transaction data for four of the largest brokers, we found that prices for IPv4 addresses doubled since 2016 regardless of region or block-size; however, they are far lower than previous academic works suggested. Despite the persistent demand and continuously decreasing availability of IPv4 addresses, we ﬁnd that the market has entered a consolidation period in early 2019. During such a period, the market converges on a ﬁxed price and some brokers hold back assets because they expect “big players” to make a drastic move that dictates future price trends. When analyzing leasing agreements via the lenses of BGP, RPKI, and RDAP, we ﬁnd that individual data sources complement others with regards to their visible leasing agreements. Further, we showed that,
due to regional incompleteness, even combining all available data sets draws an incomplete picture which leaves room for future research. 
To allow others to reach newly acquired IPv4 addresses, networks—also called autonomous systems (ASes)—announce their set of IP addresses (also referred to as “preﬁxes”) using the BGP to other networks. Every AS that (re-)distributes a preﬁx adds itself to the AS PATH—the sequence of ASes that needs to be traversed in order to reach the IPs inside the preﬁx. When an AS receives multiple paths for the same preﬁx, it has to perform a best-path
selection process to determine its currently used path to addresses within the preﬁx. The AS PATH length is the ﬁrst tie-breaker in this process that does not depend on local preference. Manipulating the length of the AS PATH before announcing a preﬁx is commonly used to inﬂuence how traﬃc from remote ASes ingresses the own network—a process known as AS PATH Prepending (ASPP).
While prior works already analyzed ASPP, our work was the ﬁrst to characterize its usage policies in the wild. Out of the 35 % of ASes that use ASPP, only around 86 % use eﬀective policies on all of their preﬁxes. The remaining preﬁxes announce at least one preﬁx that uses the “uniform” prepending-policy, i.e., all paths for this preﬁx show the same artiﬁcially increased length which, as a consequence, does not favor any path during the best-path selection process of remote ASes. We further show that this condition is rarely transitional: More than half of all uniformly-prepended preﬁxes remained in this policy for more than two years. To put importance of this ﬁnding into perspective, our large-scale, real-world emulations suggest that even small prepending sizes can substantially amplify the impact of security threats such as BGP hijacks. 
 P. Marcos, L. Prehn, L. Leal, A. Dainotti, A. Feldmann, and M. Barcellos. AS-Path Prepending: There is no rose without a thorn. In IMC’20, 20th ACM Internet Measurement Conference, Virtual Event, USA, 2020, pp. 506–520. ACM.
 L. Prehn, F. Lichtblau, and A. Feldmann. When wells run dry: the 2020 IPv4 address market. In D. Han and A. Feldmann, eds., CoNEXT’20, 16th International Conference on Emerging Networking Experiments And Technologies, Barcelona, Spain (Virtual Event), 2020, pp. 46–54. ACM.
Investigators: Lars Prehn in cooperation with Shravan Swaminathan, Pascal Vermeulen (Saarland University), Marcel Flores (Edge.io), Emile Aben (RIPE NCC), Pavlos Sermpezis, Soﬁa Kostoglou, and Athena Vakali (Aristotle University of Thessaloniki)
Network operators and researchers frequently use Internet measurement platforms (IMPs), such as RIPE Atlas, RIPE RIS, or RouteViews for, e.g., monitoring network performance, detecting routing events, discovering the AS topology, or optimizing routes. To interpret the results of their measurements, users must understand a platform’s limitations and biases. In this project, we ﬁrst explored the noise within the data of RIPE RIS and Routeviews. We introduced an classiﬁcation for typical noise patterns and performed a deep-dive into the noise within the data availability. We found that the archives for publicly available route collector projects persistently suﬀer from unavailable ﬁles and dropped peering sessions. Hereby, we found that patterns occur at the peer, route collector, and region level. We further introduced a general framework to analyze the multi-dimensional (e.g., across location, topology, network types, etc.) biases of IMPs. Beyond new insights into currently existing IMP biases, our framework provides methods to sub-sample and extend the current set of IMP vantage points. When blind-testing with a common measurement task, we demonstrate that our framework reduces placement bias and that this reduction leads to a more accurate estimation of end-user performance for a large CDN. Lastly, we conceptualized a system, CorMoRanT, that simpliﬁes the analysis of BGP-based IMP data by generating thousands of pre-computed statistics and partial data views on a daily basis.
Investigators: Fariba Osali, Zubair Khwaja Sediqi, and Oliver Gasser
For several decades, IPv4 address has been used on the Internet to identify network device interfaces, eﬀectively allowing the mapping to individual hosts. With IPv4 address exhaustion in recent years, network operators have increasingly implemented IPv6 in their networks. While IPv4 remains the dominant IP version on the Internet, the adoption of IPv6 is increasing. Each IP address consists of a network portion and a host portion, and an IP preﬁx represents a range of IP addresses with a shared network portion. While many service providers are incorporating both IPv4 and IPv6 in their network, the relationship between IP preﬁxes of both versions in the wild is unknown.
In this work, we explore the potential relationship between IPv4 and IPv6 preﬁxes to identify IPv4 and IPv6 sibling preﬁxes for hosts and services. Both research communities and network operators can beneﬁt from the detection, identiﬁcation, and classiﬁcation of sibling preﬁxes. For example, if network operators want to ﬁlter all services on a speciﬁc IPv4 preﬁx, the corresponding IPv6 equivalent class is an excellent candidate.
To achieve this objective, we plan to conduct an investigation into the correlation between IPv4 and IPv6 preﬁxes in DNS datasets by looking at domains that have both A and AAAA records, as this will allow us to identify cases where the same domain name is associated with both an IPv4 and an IPv6 preﬁx. Then we plan a longitudinal study on IP preﬁx changes by tracking the dynamics of IP address and preﬁx allocation and usage over time.