Data Security, Multi-Cloud, Hybrid Cloud & IPv4

Reliable, Auditable Systems

Most organizations need their data architecture to be demonstrably reliable. In other words, it doesn’t just need to work, it needs to be auditable, e.g. SOC2, HIPAA, FedRAMP. That could be an internal audit or one conducted by a specialist IT audit firm. The important thing is that the organization understands what is working well and where improvements are needed.

But the growth of cloud systems means that organizations cannot see or touch the equipment providing all or some of their data services.

Cloud data architectures can be both reliable and auditable. And they offer features that meet the needs of very demanding organizations. Features like Bring Your Own IP Addresses, can help organizations achieve the reliability and auditability requirements.

Keep Control with a Hybrid or Multi-cloud Strategy

IDC has reported that between “50% and 70% of cloud buyers want the ability to control where their data resides and increasingly their digital infrastructure as well.”

Sometimes that means keeping the most important or confidential data on organization owned and managed hardware. In other cases, that means a multi-cloud strategy to control the physical location of particular kinds of data.

Data sovereignty is becoming increasingly important. Some organizations need to be able to demonstrate that the data they manage stays within the borders of the jurisdiction in which it was generated. Many countries have laws governing data generated or collected within their borders.

Compliance could be done by retaining some kinds of data private systems, instead of cloud. For instance, a system might choose to keep a data lake on premises and only push processed, summarized, anonymized data to data marts located in the cloud.

Or it could mean using different cloud providers in different regions.

Whichever strategy is right for an organization, the components of your system will be identified with DNS names and IP addresses. DNS names are the human-friendly identifiers for computers. They can point at one or more IP addresses. For instance, ipv4.global is the DNS name pointing at the IPv4 address 23.185.0.4.

A database cluster is likely to use lots of addresses. For instance, Oracle’s addressing plan template for running on AWS uses:

  • four IPv4 addresses for each virtual machine,
  • three IPv4 addresses for Single Client Access Names, and
  • six more addresses for networking.

Other databases, like Snowflake, MongoDB, and BigQuery, have similar IP addressing needs.

Not all of these addresses need to be globally unique to make the service work. But other approaches might require extra work to demonstrate that a configuration meets regulatory requirements when using private IPv4 addresses on a cloud network.

Managing RFC 1918 Addresses in Hybrid Deployments

IP address management systems (IPAMs) can manage cloud-deployed IP addresses as well as on premises deployments. But using an IPAM means having some control over your addresses. Dynamically assigned addresses can present a variety of challenges when using an IPAM.

An IPAM, like ReView, can be used to manage private IP addresses, like those defined in RFC 1918 and RFC 4193. But none can guarantee that different private IPv4 assignments will occur in each region or cloud. Using the same IP addresses in a private network on different cloud instances won’t break anything but it can complicate configuration management – especially firewall configuration – and so troubleshooting and audit.

Managing a configuration with duplicate private IPv4 address ranges, NAT, and ssh or VPN tunnels is complex. If the unique IPv4 addresses are dynamic, the tunnel endpoints can change.  And if you need to offer an API, even internally, a dynamic IPv4 address makes changing DNS names for the API important.

Monitoring, recording, and auditing dynamic IPv4 addresses requires additional systems and logs. A new IPv4 address with a poor reputation could result in access denials or client trust issues.

Owned addresses lower the risk of service interruptions and ensure a network can meet contractual SLAs with clients.

Contrasting Cloud versus Owned IPv4 Addresses

While any IP address can be configured on any machine, there is a difference between addresses offered by a cloud provider and addresses that are leased or owned by an organization using cloud services.

 Cloud providedLeased or owned
StabilityDynamic addresses are cheaper but static addresses, like Elastic IP, are expensive.You control stability.
ReputationYou can’t manage the reputation of cloud provided IP addresses.   Research shows that cloud IP address reputation can have sustained bad reputation for many days.You can check reputation before you buy and fix any problems that get you listed on reputation block lists.
PriceExpect to pay over $40 per year per address.Expect to pay slightly more than $30 per year per address, or lease from $0.25 per address per month per address.

Solve the Problem with Leased or Owned Addresses

Blanche Dubois might have “depended on the kindness of strangers” but it didn’t work out well for her. Taking control of addressing needs can improve outcomes for organizations buying cloud computing services, too.

Controlling addresses will let a network:

  • Get a lower per-IP address price than when getting addresses from a cloud provider.
  • Simplify configurations as tunnel endpoints and firewall rules don’t need to change as often.
  • Avoid reputation related outages for the network and its partners.

Without configuration and reputation related service incidents an administrator can reduce SLA issues and improve the experience for your customers and partners.

Real-World Scenario: Scaling a Data Lake Without IP Headaches

A data services provider managing large-scale data ingestion pipelines across Snowflake and on-prem clusters ran into repeated issues:

  • Latency spikes during nightly replication
  • IP blocks from client firewalls due to mismatched DNS and NAT rules
  • Inability to scale regionally due to cloud IP limits

Leasing IPv4 space from IPv4.Global allowed them to:

  • Assign dedicated IPs to all replication nodes
  • Establish VPN and firewall rules that didn’t break after every redeploy
  • Scale horizontally across multiple providers without reconfiguring every time

IPv4.Global: Supporting Modern Data-Driven Companies

We help cloud-first and hybrid infrastructure teams secure IPv4 space that works across:

We can secure blocks as small as 256 IPv4 addresses – a /24 – and as large as the market has to offer.

Let’s Solve the Infrastructure Bottleneck

The per-address charges levied by cloud providers will not be dropping. But the price of IPv4 addresses on the market has gone down in the last year. Now is the time to buy and transform a cost into an asset.

Contact our team. Our experts can guide you through the purchase or lease process, and using your new addresses on cloud platforms.

When we help you with your IPv4 address needs, we’re helping you achieve your business goals more easily.

Contact Us

Blog Directory

A listing of thoughts and reflections on the IPv4 industry and marketplace.

News & Insights

Reports, announcements and industry news.

Checklists

Buyer Checklist

A step-by-step guide to our marketplace and transferring addresses.

Seller Checklist

A straightforward guide to the procedure.