In any routing system, addresses must be unique. Special arrangements have been made for address space that need be unique only in an enterprise, as pre-viously discussed. Historically, IANA “owned” the public address space. As the Internet grew, it delegated detailed assignments to regional address registries (Table 5.2). When U.S. government funding of IANA ended, its function passed to the Internet Corporation for Assigned Names and Numbers (ICANN).
ICANN’s work in addressing has been much less controversial than its activities in the domain naming area. Registries are in the process of being opened for Latin America and Africa.
Routability
Just because you have been issued a globally unique address doesn’t mean that all IP service providers are obligated to route it. From the perspective of RFC 2050 and the registries, the first goal is to allocate addresses in hierarchical blocks, to encourage aggregation. It cannot be emphasized strongly enough that having an allocation does not mean it will be globally reachable!
There is constant conflict between the ideals of routing and the realities of commerce. A typical dialogue between two respected operational engineers began on August 28, 2001, when Randy Bush wrote to the NANOG list:
I agree that there is no “right” to have a route in someone else’s router. Different providers, different policies etc. etc. However, if I choose to filter on allocation boundaries but advertise prefixes to peers that I myself would filter based on my own policy is that considered hypocritical? Bad form? Acceptable?
A response came from Pete Kruckenberg on September 1:
Curious that this entire discussion is justified by delivering what your customers pay you for, when what is proposed couldn’t be further from that.
If this is about what customers pay for, then we would be discussing how to accommodate, and even encourage effective multi-homing at a more granular level. Customers pay for the network to work end-to-end. More choices mean
Administration, Addressing, and Naming 163
Table 5.2 Active Regional Address Registries REGION REGISTRY
North America American Registry for Internet Numbers (ARIN)
Europe Réseaux IP Européens Network Coordination Centre (RIPE-NCC) Pacific Rim Asia-Pacific Network Information Center (APNIC)
better performance, more reliability. The entire premise for this discussion goes directly against that.
Let me guess, this isfor the good of the users, because if we don’t do it the world will blow up with too many routes. Uh huh. And everyone is turning down customers who want to multi-home a /24.
I pay my network providers to reach all those multi-homed /24’s quickly and reli-ably. Filtering devalues your network, I buy from your non-filtering competitor instead. BTW, your sales people (if you are a major carrier) are salivating over my RFP. Your CEO sweats bullets over next quarter’s numbers. Filtering /24’s doesn’t seem important to them.
Where did the “you don’t pay me, so you can’t use my route table” argument come from? A multi-organizational, ubiquitous, globally-reachable, resilient network pre-164 Chapter 5
REGISTRIES AND OPERATIONAL FORUMS
It can be confusing to distinguish between the organizations that manage addresses and the operator forums where the use of addresses (among other topics) is discussed. This is especially confusing in the case of RIPE-NCC and RIPE.
Réseaux IP Européens is a nonmembership European operator forum. RIPE-NCC involves many of the same people, but is a separate membership
organization. In the Americas, ARIN is the address registry but the North American Network Operators Forum (NANOG) is the operational group.
Similarly, in the Asia-Pacific area, APNIC is the registry but the Asia-Pacific Regional Internet Conference on Operational Technologies (APRICOT) is the operational forum.
THE MICROALLOCATION ISSUE
While there are local differences, the minimum allocation of PI space is generally a /20. Special exceptions have always been made for the Internet infrastructure itself, such as address space for root servers and for exchange point fabrics. The problem arises for enterprise sites that actually only need a few addresses, because most of their network is behind address-translating firewalls and load distributors, but want PI space so they are not locked into one provider. At least in the IPv4 world, there is no fully satisfactory solution to this problem.
Microallocations for Internet infrastructure differ significantly from microallocations made for enterprise multihoming, because they are not intended to be generally advertised on the Internet. Access to them is either manually supplied to the participants or hard-coded into appropriate servers and files.
sumes that the majority of routes in my router arenotmy customers, andthat’swhy the network is valuable.
I’m not saying there isn’t a problem, or that we shouldn’t be doing anything about it. But it’s one thing to talk about the problem (technology needs to improve to allow individuals and small companies to have better reliability), and quite another for networks to be hypocritically preaching/enforcing the “pay or be fil-tered” principle while violating the principle themselves.
This goal is breaking down with increasing customer demand for ing and traffic engineering. As you will see in Chapter 9, to achieve multihom-ing to two providers, it may be necessary for the provider that assigned your space to advertise your more-specific block in addition to the larger aggregate in which it is contained.
Registration
Another goal of registry operations is establishing repositories of allocations and assignments. Such repositories, and the associated system of delegation from ICANN to regional registries to local registries or ISPs, prevent duplicate address assignment. Having accessible repositories also helps operational troubleshoot-ing, because they provide a means of identifying the source of packets causing a problem—and an administrative means to reach a person at that source.
Spammers and other network abusers have used unassigned blocks to send out malicious traffic, and knowing what has and has not been assigned can be a basis for filtering. The major problem here is that current routers are limited in the number of address filtering rules they can enforce. There’s also the minor matter of keeping those filters current as address allocations and assignments evolve.
Conservation
The first stated principle of registry allocation policy is conservation:“Fair dis-tribution of globally unique Internet address space according to the operational needs of the end-users and Internet Service Providers operating networks using this address space. Prevention of stockpiling in order to maximize the lifetime of the Internet address space.” [RFC 2050]
Administration, Addressing, and Naming 165
THE SCOPE OF ROUTABILITY
Even when current technologies require that you have multiple routes to achieve the desired fault tolerance and load distribution, it still does not mean these routes have to be present in every ISP router in the world.
One of the implications of the conservation policy is that very little, if any, consideration is given to the administrative convenience of the recipient of the addresses. Administrative convenience, with respect to addressing, can mean many things. It means that static addresses are not to be assigned to individual hosts that connect to the network via access servers capable of dynamic address assignment. That implies that it will be quite difficult to support servers that only have dial connectivity, although there are ways to accomplish this. It also means that network designs are expected to reflect that periodic renumbering is a reality, and they should be designed in a renumbering-friendly manner [Berkowitz 1998, RFC 2072]. Yes, this may make day-to-day operations more difficult unless prior planning is done to prevent poor perfor-mance. Essentially, the master registry policy document’s response to claims that something is administratively difficult is approximately, “Life is hard, then you die.”