Securing Public IPv4 Space in 2026: A Practical Guide for Growing Businesses

Last quarter, our team tried to launch a new cluster of customer-facing services. We had the servers, software, and staff. We did not have enough public IPv4 addresses to put everything online.

If you run infrastructure for a growing business, this problem is familiar. ARIN, the American Registry for Internet Numbers, exhausted its free pool for North America on September 24, 2015. IANA, the Internet Assigned Numbers Authority, ran out even earlier, in February 2011.

Today, every new address comes from the secondary market. For U.S. teams, a clean block can support public apps, dedicated email reputation, and bring-your-own-IP options in major clouds.

 

Key Points Before You Commit

Treat IPv4 space as a long-term capacity decision, not a quick line item.

• Buying ties up capital. Compare it with leasing, carrier-grade NAT, and faster IPv6 rollout before you commit.

• A /24 is the practical minimum. That is 256 addresses, and it is the smallest block widely routed on the public internet.

• 2026 pricing sits near $25 per IP. A /24 usually costs about $6,400 to $9,000 before fees.

• Routing security matters on day one. Create Route Origin Authorizations when you activate the block to lower hijack risk.

 

What a Purchase Really Means

A purchase gives you registration rights and control, not absolute ownership.

You are buying the right to use and register an IPv4 prefix through ARIN. That gives your organization stable control over the block and the ability to route it with your providers.

Price depends on block size, region, and abuse history. A clean block with no spam or blocklist baggage is worth more because it is faster to activate.

 

When Ownership Beats the Alternatives

Ownership makes sense when your need is steady and control matters. Buy when you need a dedicated sender reputation, stable partner allowlists, or portable addresses across providers.

• Lease first if demand is temporary or budgets are tight.

• Push dual-stack if your services can run IPv4 and IPv6 together. Google reported that global IPv6 usage briefly hit 50% in March 2026.

• Use carrier-grade network address translation, or CGNAT, carefully. It can stretch internal space, but it does not replace unique public IPs.

Payment gateways, single sign-on allowlists, and public mail systems usually work better with a dedicated public space.

 

Plan Size and Budget

Size for the next 12 to 24 months, then budget for both purchase and upkeep.

 

Block Size

Map current use and add headroom for launches, failover, and growth. A /24 is the practical floor. Two /24s, or a /23, fit most small and midsize rollouts.

 

Upfront Cost

At about $25 per IP in 2026, a /24 costs roughly $6,400 to $9,000. Add about $500 to $1,500 for escrow and transfer fees.

 

Ongoing Cost

Leave room for ARIN maintenance, abuse handling, routing security, and any cloud bring-your-own-IP charges. These costs are easy to overlook.

 

Check the Block Before You Pay

A cheap block can get expensive fast if its history is dirty.

 

Reputation Checks

Run the range through Spamhaus and Cisco Talos. Ask the seller for past abuse tickets and proof that any issues were fixed.

 

Ownership Checks

Confirm the seller in the ARIN records. Look for stale WHOIS data, old hijack reports, or conflicting Internet Routing Registry (or IRR) entries.

 

Location Checks

Geolocation databases lag after a transfer. MaxMind updates some GeoIP2 databases twice a week, so prepare a geofeed and submit corrections as soon as the block goes live.

 

Handle the Transfer Cleanly

The smoothest deals are the ones prepared before money moves.

 

Get Pre-Approved

Create or confirm your ARIN Org ID, sign the required agreements, and collect documents that show your need for the space.

 

Use Escrow and a Runbook

Work with a broker or marketplace if needed, but release funds only after ARIN approves the transfer and reputation checks still look clean. Keep one shared checklist for the seller, escrow agent, and network team.

 

Finish Registry Records

Use ARIN's 8.3 specified recipient process. After approval, update WHOIS, remove stale IRR data, create new route objects, and build Route Origin Authorizations, or ROAs, for the prefixes you will announce.

If you need help with ARIN paperwork, blacklist reviews, seller checks, escrow coordination, and a transfer-ready block, outside guidance can reduce surprises after approval, keep records aligned, and make the handoff to your network team easier when a launch leaves little room for mistakes. When you are fully ready to buy IP addresses, Brander Group can support the process.

 

Activate the Space Without Downtime

A careful rollout protects reachability, reputation, and rollback options.

 

Announce Carefully

Work with your transit ISP or data center on a Letter of Authorization, or LOA, and the correct origin autonomous system, or AS. Start Border Gateway Protocol, or BGP, announcements at low preference, confirm propagation, then move to production.

 

Support Cloud Use

For cloud bring-your-own-IP, create ROAs that authorize the provider ASNs before import. AWS, for example, needs ROAs for ASNs 16509 and 14618. Tools like Manage Engine OpManager can help you watch new ranges across on-prem and cloud networks.

 

Warm Up Reputation

Increase outbound email slowly. Publish reverse DNS, SPF, and DMARC for sending ranges, and watch blocklists every day for the first two weeks.

 

Secure the New Space

Basic routing security should go live with the first announcement.

Resource Public Key Infrastructure, or RPKI, lets networks verify who may originate a route. Create an ROA for each prefix with the right maxLength and origin AS, and ask upstreams to enable route origin validation.

Watch for leaks or invalid announcements with services such as Cloudflare Radar, RIPE RIS, or RouteViews. Set alerts so your team sees trouble before customers do.

 

Common Mistakes to Avoid

Most problems start with rushed checks or skipped cleanup.

• Buying a block with unresolved spam history.

• Skipping ROAs and relying only on LOAs.

• Breaking space into prefixes longer than /24 and expecting global reach.

• Forgetting post-transfer cleanup, such as IRR updates and geolocation fixes.

 

 

Conclusion

Good planning matters more than speed.

Start with a demand forecast, then decide whether ownership, leasing, or faster IPv6 adoption fits your growth plan. Next, verify block history, involve ARIN early, and prepare your routing security before you announce anything.

Three smart first steps are simple: audit current address use, estimate the next 12 to 24 months of need, and test a sample block through Spamhaus and Cisco Talos.

 

FAQs

A few practical details can save time and rework later.

 

Q.1: Can I Announce a /25 on the Public Internet?

Answer: Usually no. Prefixes longer than /24 are commonly filtered, so /24 is the practical floor for global reachability.

 

Q.2: Do I Need an ARIN Membership to Receive a Transfer?

Answer: No. You need a valid Org ID and a signed registration agreement. ARIN staff can guide the setup.

 

Q.3: How Fast Does Geolocation Change After a Transfer?

Answer: It depends on the database. MaxMind may reflect corrections within days, while others can take weeks. A geofeed helps speed the change.

 

Q.4: Should I Buy Space If I Plan to Move to the Cloud?

Answer: It can make sense if you want portable space across AWS, Azure, or Google Cloud. That flexibility helps in hybrid and multi-cloud setups.