address
Click on the red underlined text to get to the source
...
IP unicast address allocation and management are essential
operational functions for the Public Internet ...
... Public Internet. The exact policies for
IP unicast address allocation and management continue to be the
subject ...
... discussions cannot be pursued in a
vacuum - the participants must understand the technical issues and
implications associated with various address allocation and
management policies.
...
... The purpose of this document is to articulate certain relevant
fundamental technical issues that must be considered in formulating
unicast address allocation and management policies for the Public
Internet, and to provide recommendations with respect to these
...
...
The major focus of this document is on two possible policies,
"address ownership" and "address lending," and the technical
implications of these policies for the Public Internet ...
... The major focus of this document is on two possible policies,
"address ownership" and "address lending," and the technical
implications of these policies for the Public Internet. For the
...
... Internet, and could express
such reachability through a single IP address prefix the document
suggests to use the "address ownership" policy. However, applying the
...
... reachability through a single IP address prefix the document
suggests to use the "address ownership" policy. However, applying the
"address ownership" policy to every individual site or organization
...
... suggests to use the "address ownership" policy. However, applying the
"address ownership" policy to every individual site or organization
that connects to the Internet results in a non-scalable routing ...
...
Consequently, this document also recomments that the "address
lending" policy should be formally added to the set of address
...
... Consequently, this document also recomments that the "address
lending" policy should be formally added to the set of address
allocation policies in the Public Internet. The document also
...
... On the intrinsic value of IP addresses ...
...
Syntactically, the set of IPv4 unicast addresses is the (finite) set
of integers in the range 0x00000000 - 0xDFFFFFFF. IP addresses ...
... unicast addresses is the (finite) set
of integers in the range 0x00000000 - 0xDFFFFFFF. IP addresses are
used for Network Layer ...
... Layer (IP) routing. An IP address is the sole piece
of information about the node injected into the routing system ...
... The notable semantics of an IP unicast address is its ability to
interact with the Public Internet routing ...
... the Public Internet, it is the reachability of an IP address that
gives it an intrinsic value. Observe, however, that IP addresses are
...
... reachability of an IP address that
gives it an intrinsic value. Observe, however, that IP addresses are
used outside of the Public Internet. This document does not cover the
...
... used outside of the Public Internet. This document does not cover the
value of addresses in other than the Public Internet context.
...
... Internet) and its continued operation, including its
routing system, which gives an IP address its intrinsic value, rather
than the inverse. Consequently, if the Public Internet routing system ...
... routing system
ceases to be operational, the service disappears, and the addresses
cease to have any functional value in the Internet. At this point,
...
... Internet. At this point,
for the Public Internet, all address allocation and management
policies, including existing policies, are rendered meaningless.
...
... Hierarchical routing and its implication on address allocation ...
...
Hierarchical routing requires that addresses be assigned to reflect
the actual network topology. Hierarchical routing ...
... network topology. Hierarchical routing works by taking the
set of addresses covered by a portion of the topology, and generating
a single routing advertisement ...
... Since the information that the routing system really needs is the
location of the address within the topology, for hierarchical
routing, the useful abstraction must capture ...
... hierarchical
routing, the useful abstraction must capture the topological location
of an address within the network. In principle this could be
accomplished in one of two ways. Either (a) constrain the topology ...
... topology
(and allowed topology changes) to match address assignment. Or, (b)
avoid constraints on the topology ...
... that as the topology changes, an entity's address change as well. The
process of changing an entity's address ...
... address change as well. The
process of changing an entity's address is known as "renumbering."
...
...
Because of pre-CIDR address allocation, many routes in the Internet
are not suitable for hierarchical aggregation ...
... aggregation. Moreover, unconnected
sites with pre-CIDR address allocations exist. If these sites connect
to the Internet at some point in the future, the routes to these
...
... sites are unlikely to be suitable for hierarchical aggregation. Also,
when a site uses addresses obtain from its provider, but then later
switches ...
... switches to a different provider (while continuing to use the same
addresses), the route to the site may no longer be suitable for
hierarchical aggregation ...
... Address allocation and management policies ...
...
IP address allocation and management policy is a complex,
multifaceted issue. It covers a broad range ...
... IESG, IETF, IEPG, various government bodies, etc.),
the participation of end users in requesting addresses, and so on.
Address allocation and management ...
... the participation of end users in requesting addresses, and so on.
Address allocation and management and the scalability of the routing
system ...
... management and the scalability of the routing
system are interrelated - only certain address allocation and
management policies yield scalable routing ...
... constraints.
These constraints restrict the choices of address allocation policies
that are practical.
...
... The "address ownership" allocation policy and its implications on
the Public Internet ...
... address allocation and management
policy. The "address ownership" policy means that part of the address
space, once allocated to an organization, remains allocated to the
organization as long as that organization wants it. Further, that
...
... management
policy. The "address ownership" policy means that part of the address
space, once allocated to an organization, remains allocated to the
organization as long as that organization wants it. Further, that
portion of the address space ...
... address
space, once allocated to an organization, remains allocated to the
organization as long as that organization wants it. Further, that
portion of the address space would not be allocated to any other
organization. Often, such addresses are called "portable." It was
...
... portion of the address space would not be allocated to any other
organization. Often, such addresses are called "portable." It was
assumed that if an organization acquires its addresses via the
...
... organization. Often, such addresses are called "portable." It was
assumed that if an organization acquires its addresses via the
"address ownership" policy, the organization would be able to use
...
... assumed that if an organization acquires its addresses via the
"address ownership" policy, the organization would be able to use
these addresses to gain access to the Internet ...
... "address ownership" policy, the organization would be able to use
these addresses to gain access to the Internet routing services ...
...
While it has never been explicitly stated that various Internet
Registries use the "address ownership" allocation policy, it has
always been assumed (and practiced).
...
...
To understand the implications of the "address ownership" policy
("portable" addresses) on the scalability ...
... To understand the implications of the "address ownership" policy
("portable" addresses) on the scalability of the Internet routing
system ...
...
(a) By definition, address ownership assumes that addresses, once
assigned, fall under the control of the assignee. It is the
...
...
(a) By definition, address ownership assumes that addresses, once
assigned, fall under the control of the assignee. It is the
assignee that decides when to relinquish the ownership (although
...
...
(b) By definition, hierarchical routing assumes that addresses
reflect the network topology as much as possible.
...
... Therefore, the only presently known practical way to satisfy both
scalable hierarchical routing and address ownership for everyone is
to assume that the topology (or at least certain pieces of it) will
...
... topology (or allowed
topology changes), we can either have address ownership for everyone
or a routable Internet, but not both, or we need to develop and
...
... or a routable Internet, but not both, or we need to develop and
deploy new mechanisms (e.g., by decoupling the address owned by the
end users from those used by the Internet routing ...
... routing, and provide
mechanisms to translate between the two). In the absence of new
mechanisms, if we have address ownership ("portable" addresses) for
everyone, then the routing ...
... mechanisms to translate between the two). In the absence of new
mechanisms, if we have address ownership ("portable" addresses) for
everyone, then the routing overhead ...
... Internet.
Alternately, we can have a routable Internet, but without address
ownership ("portable" addresses) for everyone.
...
... The "address lending" allocation policy and its implications for the
Public Internet ...
... CIDR, some subscribers and
providers have followed a model in which address space is not owned
(not portable), but is bound to the topology. This model suggests an
...
... (not portable), but is bound to the topology. This model suggests an
address allocation and management policy that differs from the
"address ...
... address allocation and management policy that differs from the
"address ownership" policy. The following describes a policy, called
"address lending," that provides a better match (as compared to the
...
... "address ownership" policy. The following describes a policy, called
"address lending," that provides a better match (as compared to the
"address ownership" policy) to the model.
...
... "address lending," that provides a better match (as compared to the
"address ownership" policy) to the model.
...
...
An "address lending" policy means that an organization gets its
addresses on a "loan" basis. For the length of the loan, the lender
...
... An "address lending" policy means that an organization gets its
addresses on a "loan" basis. For the length of the loan, the lender
cannot lend the addresses to any other borrower. Assignments and
...
... addresses on a "loan" basis. For the length of the loan, the lender
cannot lend the addresses to any other borrower. Assignments and
allocations based on the "address lending" policy should explicitly
...
... cannot lend the addresses to any other borrower. Assignments and
allocations based on the "address lending" policy should explicitly
include the conditions of the loan. Such conditions must specify that
allocations are returned if the borrower is no longer contractually
...
... aggregation
for the allocation. If a loan ends, the organization can no longer
use the borrowed addresses, and therefore must get new addresses and
renumber to use them. The "address ...
... for the allocation. If a loan ends, the organization can no longer
use the borrowed addresses, and therefore must get new addresses and
renumber to use them. The "address lending" policy does not constrain
...
... addresses, and therefore must get new addresses and
renumber to use them. The "address lending" policy does not constrain
how the new addresses could be acquired.
...
... renumber to use them. The "address lending" policy does not constrain
how the new addresses could be acquired.
...
...
This document expects that the "address lending" policy would be used
primarily by Internet Registries associated with providers; however,
...
... primarily by Internet Registries associated with providers; however,
this document does not preclude the use of the "address lending"
policy by an Internet Registry that is not associated with a
...
...
This document expects that when the "address lending" policy is used
by an Internet Registry associated with a provider ...
... provider is
responsible for arranging aggregation of these addresses to a degree
that is sufficient to achieve Internet-wide IP ...
...
This document expects that when the "address lending" policy is used
by an Internet Registry associated with a provider ...
... grace period, the
borrower (the subscriber) may continue to use the addresses obtained
under the loan. This document recommends a grace period of at least
...
...
To understand the scalability implications of the "address lending"
policy, observe that if a subscriber borrows its addresses ...
... address lending"
policy, observe that if a subscriber borrows its addresses from its
provider's block, then the provider ...
... provider's block, then the provider can advertise a single address
prefix. This reduces the routing information that needs to be carried
by the Internet ...
... provider would be established. As a result, the subscriber would
renumber to the new addresses. Once the subscriber renumbers into the
new provider ...
...
Therefore, the "address lending" policy, if applied appropriately, is
consistent with the constraints on address ...
... address lending" policy, if applied appropriately, is
consistent with the constraints on address allocation policies
imposed by hierarchical routing, and thus promotes a scalable routing
system ...
... imposed by hierarchical routing, and thus promotes a scalable routing
system. Thus, the "address lending" policy, if applied
appropriately, could play an important role in enabling the
...
... routing in other parts of the hierarchy, the
"lending" policy may also be applied hierarchically, so that
addresses may in turn be lent to other organizations. The implication
here is that the end of a single loan may have effects on
organizations that have recursively borrowed parts of the address
space ...
... addresses may in turn be lent to other organizations. The implication
here is that the end of a single loan may have effects on
organizations that have recursively borrowed parts of the address
space from the main allocation. In this case, the exact effects are
difficult to determine a priori.
...
... In the absence of an explicit "address lending" policy ...
... Internet service from some provider and allocate its
addresses out of the CIDR block associated with the provider. Later
...
...
The above shows that the absence of an explicit "address lending"
policy from a current provider in no way ensures that renumbering
...
... Internet and could express such
reachability through a single IP address prefix could expect that a
route with this prefix ...
... routing system, regardless of where they connect
to the Internet. Therefore, using the "address ownership" policy
when allocating addresses to such organizations is a reasonable
...
... Internet. Therefore, using the "address ownership" policy
when allocating addresses to such organizations is a reasonable
choice. Within such organizations this document suggests the use of
the "address ...
... addresses to such organizations is a reasonable
choice. Within such organizations this document suggests the use of
the "address lending" policy.
...
... subject to hierarchical
aggregation. For such organizations, allocating addresses based on
the "address ownership" policy makes hierarchical aggregation ...
... aggregation. For such organizations, allocating addresses based on
the "address ownership" policy makes hierarchical aggregation
difficult, if not impossible. This, in turn, has a very detrimental
...
... Internet routing system, for such organizations, this document
recommends using the "address lending" policy. Consequently, when
such an organization first connects to the Public Internet or changes
...
... Internet routing system. This applies to
the case where the organization takes its addresses out of its direct
provider's block and the organization changes its direct provider ...
... provider.
This may also apply to the case where the organization takes its
addresses out of its indirect provider's block, and the organization
changes its indirect provider ...
... destinations covered by a single route.
Organizations whose addresses are allocated based on the "address
ownership" policy (and thus may not be suitable for aggregation ...
... route.
Organizations whose addresses are allocated based on the "address
ownership" policy (and thus may not be suitable for aggregation)
...
...
Observe that neither the "address ownership," nor the "address
lending" policy, by itself, is sufficient to guarantee Internet-wide ...
...
Observe that neither the "address ownership," nor the "address
lending" policy, by itself, is sufficient to guarantee Internet-wide
...
... Internet-wide
IP connectivity. Therefore, we recommend that sites with addresses
allocated based on either policy should consult their providers about
the reachability ...
... allocated based on either policy should consult their providers about
the reachability scope that could be achieved with these addresses,
and associated costs that result from using these addresses.
...
... reachability scope that could be achieved with these addresses,
and associated costs that result from using these addresses.
...
... Internet-wide IP connectivity,
then address allocation for the organization could be done based on
the "address ownership" policy. Here, the organization may still
...
... then address allocation for the organization could be done based on
the "address ownership" policy. Here, the organization may still
maintain limited IP connectivity (e.g., with all the subscribers ...
... application layer gateways, Network Address Translators (NATs)). Note
that use of mediating gateways ...
...
Both renumbering (due to the "address lending" policy), and non-
aggregated routing information (due to the "address ...
... address lending" policy), and non-
aggregated routing information (due to the "address ownership"
policy), and the use of mediating gateways result in some costs.
...
... requirements carefully and compare the tradeoffs associated with
addresses acquired via either policy vs. having connectivity via
mediating gateways (possibly augmented by limited IP ...
... gateways (possibly augmented by limited IP connectivity)
using addresses acquired via "address ownership." To reduce the cost
of renumbering, organizations should be strongly encouraged to deploy
...
... IP connectivity)
using addresses acquired via "address ownership." To reduce the cost
of renumbering, organizations should be strongly encouraged to deploy
tools ...
... Any address allocation and management policy for IP addresses used
for Internet connectivity must take into account its impact on the
...
... Public Internet routing system. Among all of the
possible address allocation and management policies only the ones
that yield a scalable routing system ...
... Within the context of the current Public Internet, address allocation
and management policies that assume unrestricted address ...
... address allocation
and management policies that assume unrestricted address ownership
have an extremely negative impact on the scalability of the Internet ...
... Internet routing system well before we approach
the exhaustion of the IPv4 address space and before we can make
effective use of the IPv6 address space. Given the Internet ...
... the exhaustion of the IPv4 address space and before we can make
effective use of the IPv6 address space. Given the Internet's growth
rate and current technology, the notion that everyone can own address
space ...
... IPv6 address space. Given the Internet's growth
rate and current technology, the notion that everyone can own address
space and receive Internet-wide routing services ...
... Internet, is currently technically infeasible.
Therefore, this document makes two recommendations. First, the
"address lending" policy should be formally added to the set of
address allocation policies in the Public Internet ...
... "address lending" policy should be formally added to the set of
address allocation policies in the Public Internet. Second,
organizations that do not provide a sufficient degree of routing
information ...
... architecture is based on
CIDR, recommendations presented in this document apply to IPv6
address allocation and management policies as well.
...
... firewalls might include access control
decisions based on the claimed source address of packets arriving at
such firewall systems. When the firewall ...
...
It is highly inadvisable to rely upon unauthenticated source or
destination IP addresses for security policy decisions. [Bellovin89]
...
... security policy decisions. [Bellovin89]
IP address spoofing is not difficult with widely available systems,
such as personal computers. A better approach would probably involve
...
... Fuller, V., Li, T., Yu, J., and K. Varadhan, "Classless Inter-Domain Routing (CIDR): an Address Assignment and Aggregation Strategy", RFC 1519(-> 4632), September 1993. ...
... Rekhter, Y., and T. Li, "An Architecture for IP Address Allocation with CIDR", RFC 1518hist, September 1993. ...
... Authors' Addresses ...