rfc1627.txt
来自「RFC 的详细文档!」· 文本 代码 · 共 452 行 · 第 1/2 页
TXT
452 行
Network Working Group E. Lear
Request for Comments: 1627 Silicon Graphics, Inc.
Category: Informational E. Fair
Apple Computer, Inc.
D. Crocker
Silicon Graphics, Inc.
T. Kessler
Sun Microsystems, Inc.
July 1994
Network 10 Considered Harmful
(Some Practices Shouldn't be Codified)
Status of this Memo
This memo provides information for the Internet community. This memo
does not specify an Internet standard of any kind. Distribution of
this memo is unlimited.
SUMMARY
Re-use of Internet addresses for private IP networks is the topic of
the recent RFC 1597 [1]. It reserves a set of IP network numbers,
for (re-)use by any number of organizations, so long as those
networks are not routed outside any single, private IP network. RFC
1597 departs from the basic architectural rule that IP addresses must
be globally unique, and it does so without having had the benefit of
the usual, public review and approval by the IETF or IAB. This
document restates the arguments for maintaining a unique address
space. Concerns for Internet architecture and operations, as well as
IETF procedure, are explored.
INTRODUCTION
Growth in use of Internet technology and in attachments to the
Internet have taken us to the point that we now are in danger of
running out of unassigned IP network numbers. Initially, numbers
were formally assigned only when a network was about to be attached
to the Internet. This caused difficulties when initial use of IP
substantially preceded the decision and permission to attach to the
Internet. In particular, re-numbering was painful. The lesson that
we learned was that every IP address ought to be globally unique,
independent of its attachment to the Internet. This makes it
possible for any two network entities to communicate, no matter where
either might be located. This model is the result of a decades-long
evolution, through which the community realized how painful it can be
to convert a network of computers to use an assigned number after
Lear, Fair, Crocker & Kessler [Page 1]
RFC 1627 Network 10 Considered Harmful July 1994
using random or default addresses found on computers just out of the
box. RFC 1597 abrogates this model without benefit of general IETF
community discussion and consensus, leaving policy and operational
questions unasked and unanswered.
KEEP OUR EYES ON THE PRIZE: AN ARCHITECTURAL GOAL AND VIOLATION
A common -- if not universal -- ideal for the future of IP is for
every system to be globally accessible, given the proper security
mechanisms. Whether such systems comprise toasters, light switches,
utility power poles, field medical equipment, or the classic examples
of "computers", our current model of assignment is to ensure that
they can interoperate.
In order for such a model to work there must exist a globally unique
addressing system. A common complaint throughout the community is
that the existing security in host software does not allow for every
(or even many) hosts in a corporate environment to have direct IP
access. When this problem is addressed through proper privacy and
authentication standards, non-unique IP addresses will become a
bottleneck to easy deployment if the recommendations in RFC 1597 are
followed.
The IP version 4 (IPv4) address space will be exhausted. The
question is simply: when?
If we assert that all IP addresses must be unique globally, connected
or not, then we will run out of IP address space soon.
If we assert that only IP addresses used on the world-wide Internet
need to be globally unique, then we will run out of IP address space
later.
It is absolutely key to keep the Internet community's attention
focused on the efforts toward IP next generation (IPng), so that we
may transcend the limitations of IPv4. RFC 1597 produces apparent
relief from IPv4 address space exhaustion by masking those networks
that are not connecting to the Internet, today. However, this
apparent relief will likely produce two results: complacency on the
large part of the community that does not take the long term view,
and a very sudden IP address space exhaustion at some later date.
Prior to IPng deployment, it is important to preserve all the
semantics that make both the Internet and Internet technology so very
valuable for interoperability. Apple Computer, IBM, and Motorola
could not collaborate as easily as they have to produce the PowerPC
without uniquely assigned IP addresses. The same can be said of the
Silicon Graphics merger with MIPS. There are many, many more examples
Lear, Fair, Crocker & Kessler [Page 2]
RFC 1627 Network 10 Considered Harmful July 1994
that can be cited.
It should be noted that a scheme similar to RFC 1597 can be
implemented at the time that we actually run out of assignable IPv4
address space; it simply requires that those organizations which have
been assigned addresses but are not yet connected to the Internet
return their addresses to IANA. It is important that the IAB (and
IANA as its agent) reassert their ownership of the IP address space
now, to preclude challenges to this type of reassignment.
OPERATIONAL ISSUES
RFC 1597 Implementations
Methods are needed to ensure that the remaining addresses are
allocated and used frugally. Due to the current problems, Internet
service providers have made it increasingly difficult for
organizations to acquire public IP network numbers. Private networks
have always had the option of using addresses not assigned to them by
appropriate authorities. We do not know how many such networks
exist, because by their nature they do not interact with the global
Internet. By using a random address, a company must take some care
to ensure it is able to route to the properly registered owner of
that network.
RFC 1597 proposes to solve the routing problem by assigning numbers
that will never be used outside of private environments. Using such
standard numbers introduces a potential for clashes in another way.
If two private networks follow RFC 1597 and then later wish to
communicate with each other, one will have to renumber. The same
problem occurs if a private network wishes to become public. The
likely cost of renumbering is linear to the number of hosts on a
network. Thus, a large company with 10,000 hosts on a network could
incur considerable expense if it either merged with another company
or joined the Internet in such a way as to allow all hosts to
directly access the outside network.
The probability of address clashes occurring over time approach 100%
with RFC 1597. Picking a random network number reduces the chances
of having to renumber hosts, but introduces the routing problems
described above. Best of all, retrieving assigned numbers from the
appropriate authority in the first place eliminates both existing and
potential address conflicts at the cost of using a part of the
address space.
Apple Computer once believed that none of its internal systems would
ever speak IP directly to the outside world, and as such, network
operations picked IP class A network 90 out of thin air to use.
Lear, Fair, Crocker & Kessler [Page 3]
RFC 1627 Network 10 Considered Harmful July 1994
Apple is only now recovering from this error, having renumbered some
5,000 hosts to provide them with "desktop" Internet access. Unless
the Internet community reaffirms its commitment to a globally unique
address space, we condemn many thousands of organizations to similar
pain when they too attempt to answer the call of the global Internet.
Another timely example of problems caused by RFC 1597 is Sun's use of
Internet multicasting. Sun selectively relays specific multicast
conferences. This has the effect of making many hosts at Sun visible
to the Internet, even though they are not addressable via IP unicast
routing. If they had non-global addresses this would not work at
all. It is not possible to predict which machines need global
addresses in advance. Silicon Graphics has a similar configuration,
as is likely for others, as well.
Some might argue that assigning numbers to use for private networks
will prevent accidental leaks from occurring through some sort of
convention a'la Martian packets. While the proposal attempts to
create a standard for "private" address use, there is absolutely no
way to ensure that other addresses are not also used.
Hence, the "standard" becomes nothing but a misleading heuristic. In
fact, it is essential that routers to the global Internet advertise
networks based only on explicit permission, rather than refusing to
advertise others based on implicit prohibition, as supported by the
policy formally created in RFC 1597.
Security Issues
Administrators will have a hard time spotting unauthorized networks,
when their network has been breached (either intentionally or
unintentionally) because the other networks might have the same
numbers as those normally in the routing tables. More over, an
inadvertent connection could possibly have a double whammy effect of
partitioning two operational networks.
It is worth emphasizing that IP providers should filter out all but
authorized networks. Such a practice would not only prevent
accidents but also enhance the security of the Internet by reducing
the potential number of points of attack.
Internet multicasting adds a new dimension to security. In some
cases it may possible to allow multicasting through firewalls that
completely restrict unicast routing. Otherwise unconnected networks
might well need unique addresses, as illustrated in the example
above.
Lear, Fair, Crocker & Kessler [Page 4]
⌨️ 快捷键说明
复制代码Ctrl + C
搜索代码Ctrl + F
全屏模式F11
增大字号Ctrl + =
减小字号Ctrl + -
显示快捷键?