rfc1174.txt

RFC 的详细文档！

   network to which the number was assigned had the sanction of a U.S.
   Government sponsoring organization to link to the Internet.

   The present day Internet encompasses networks that serve as
   intermediaries to access the federally-sponsored backbones.  Many of
   these intermediate networks were initiated under the sponsorship of
   the National Science Foundation.  Some have been founded without
   federal assistance as consortia of using organizations.  The
   Government has expressed a desire that all such networks be self-
   supporting, without the need for federal subsidy.  To achieve this
   goal, it has been essential for the intermediate networks to support
   an increasingly varied range of users.  A great many industrial
   participants can be found on the intermediate level networks.  Their
   use of the federally-sponsored backbones is premised on the basis
   that the traffic is in support of academic, scholarly or other
   research work.  The criteria for use of the intermediate level
   networks alone is sometimes more relaxed and, in the cases of the
   newly-formed commercial networks, there are no restrictions at all.

   In essence, each network needs to be able to determine, on the basis
   of its own criteria, with which networks it will interconnect and for
   which networks it will support transit service.  There is no longer a
   simple binary correlation between "connected" status and acceptable
   use policy.  The matter becomes even more complex as we contemplate



Cerf                                                            [Page 5]

RFC 1174       Identifier Assignment and Connected Status    August 1990


   the large and growing number of non-U.S. networks joining the global
   Internet.  It is inappropriate to require that all of these networks
   adhere to U.S. access and use criteria; rather, it can only be
   required that the traffic they send through the federally-sponsored
   networks be consistent with the federal criteria.

2.a.1.3.  Recommendation

   Since the concept of a single, global "connected" status is no longer
   meaningful, it is recommended that it be retired and to define new
   characteristics that could be used by networks within the Internet to
   determine a specific network's eligibility to communicate with other
   networks.

   Some attributes which might be useful to track and could be used as
   criteria to determine the acceptability of Internet traffic for
   routing purposes include:

       1) Country codes

       2) Conformance to acceptable use policy for:
             NSFNET, MILNET, NSI, ESnet, NORDUnet, ...

   To implement this idea, the IR would update the current Internet-
   Number-Template to query applicants for the necessary information.
   This information would then be collected in a database containing,
   for instance, a matrix of network numbers over policies.  Note that
   the policies might be presented in narrative form.  In addition, the
   usage policies of the various networks must be publicly available so
   that applicants and other interested parties can be advised of policy
   issues as they relate to various networks.

   Under this proposal, the IR would be charged with the registration
   and administration of the Internet number space but not with the
   enforcement of policy.  The IR should collect enough information to
   permit network administrators to make intelligent decisions as to the
   acceptability of traffic destined to or from each and every
   legitimate Internet number.  Enforcement of policies is discussed
   below.

   At a later step, we anticipate that it will be desirable to
   distribute the IR function among multiple centers, e.g., with centers
   on different continents.  This should be straight-forward once the IR
   function is divorced from policy enforcement.







Cerf                                                            [Page 6]

RFC 1174       Identifier Assignment and Connected Status    August 1990


2.a.1.4.  Discussion

   It is already true in the current Internet that there are
   restrictions on certain traffic on particular networks.  For example,
   two intermediate level networks that are willing to carry arbitrary
   traffic can link with each other but are barred from passing
   commercial traffic or any other traffic that is not for academic or
   scholarly purposes across the federally-sponsored backbones.

   Routing of traffic based upon acceptable-use policies requires a
   technical ability known as "policy-based routing" (PBR).  At the
   present time, the PBR mechanism available in the Internet operates as
   the level of an entire network; all users and hosts on a network are
   subject to the same routes for a given destination.  Using this PBR
   mechanism, a network maintains routes (and provides transit services)
   only for networks with compatible use policies.  For an intermediate
   level network, for example, the routing decisions must be made on the
   basis of the network numbers assigned to the organizations; some
   might be considered to have traffic conformant with federal use
   policies and some might not.

   Although it is much more fine-grained than the current "on or off"
   rule of connected status, the use of PBR based on networks is still a
   very coarse measure of control.  Since the decision on acceptability
   is made at the network level, one has to assign a set of
   characteristics to all traffic emanating from or entering into a
   given network to make this access control strategy work.  Strict
   application of such controls could prevent a commercial organization
   from legitimately sending research or scholarly data across the
   federal backbone (e.g., IBM needs to communicate with MCI and MERIT
   about NSFNET, but other parts of IBM may need to communicate on
   commercial matters). Organizations with a variety of uses might have
   to artificially define several networks with which to associate
   different use policies.

   The practical result is that in order to support desirable usage
   patterns, government-sponsored networks will sometimes have to depend
   upon self-policing by traffic sources, rather than upon strict
   mechanical enforcement of acceptable use policies.  Higher certainty
   on usage will have a cost in terms of limiting desirable access.

   An important project now underway in the Internet Engineering Task
   Force (IETF) is developing a more general mechanism for PBR that will
   allow control at the level of individual hosts and possibly even
   user.  It will give an end host or user the ability to select routes,
   taking into consideration issues such as cost, performance and
   reliability of the transit networks.




Cerf                                                            [Page 7]

RFC 1174       Identifier Assignment and Connected Status    August 1990


2.a.2.  Attachment 2

IAB Policy Recommendation on DNS and Connectivity

   The Internet Domain Name system (DNS) is an essential part of the
   networking infrastructure.  It establishes a global distributed
   database for mapping host names into IP addresses and for delivering
   electronic mail.  Its efficient and reliable functioning is vital to
   nearly all Internet users.

   Some DNS operations depend upon the existence of a complete database
   at certain "root" servers, in particular at the Internet Registry
   (IP) located at the Defense Data Net Network Information Center at
   SRI International (DDN-NIC).  The past policy has been to tie
   inclusion in this database to approval of Internet interconnection by
   a U.S. Government agency.  This "connected" status restriction is no
   longer viable, and recommendations for its replacement have been put
   forward.

   In any case, we believe that the DNS database is not the proper
   architectural level for enforcement of administrative access
   restrictions, e.g., controls over the announcement of networks in the
   routing protocols.

   The Internet Activities Board (IAB) therefore strongly endorses the
   following recommendation from the Federal Engineering Planning Group
   to the Federal Networking Council, to provide DNS service regardless
   of access control policies:

      "There has been a great deal of discussion about domain
      nameservers, the IN-ADDR domain, and "connected" status as the
      Internet has grown to include many more nations than just the
      United States.  As we move to a more global Internet, it seems
      like it would be a good idea to re-evaluate some of the rules that
      have governed the naming and registration policies that exist.

      The naming and routing should be completely decoupled.  In
      particular, it should be possible to register both a name/domain,
      as well as address servers within the IN-ADDR domain, independent
      of whether the client has "connected" status or not.  This should
      be implemented immediately by the IR at the DDN-NIC.  No U.S.
      Government sponsor should be required for domain name/address
      registration."

Security Considerations

   Security issues are not addressed in this memo.




Cerf                                                            [Page 8]

RFC 1174       Identifier Assignment and Connected Status    August 1990


Author's Address

   Vinton G. Cerf
   Corporation for National Research Initiatives
   1895 Preston White Drive, Suite 100
   Reston, VA 22091

   Phone: (703) 620-8990

   EMail: vcerf@nri.reston.va.us









































Cerf                                                            [Page 9]