CIDRD Working Group Y. Rekhter
INTERNET DRAFT cisco Systems
T.Li
cisco Systems
November 1995
Implications of Various Address Allocation Policies for Internet Routing
<draft-ietf-cidrd-addr-ownership-04.txt>
Status of this Memo
This document is an Internet Draft. Internet Drafts are
working documents of the Internet Engineering Task Force
(IETF), its Areas, and its Working Groups. Note that
other groups may also distribute working documents as
Internet Drafts.
Internet Drafts are draft documents valid for a maximum
of six months. Internet Drafts may be updated, replaced,
or obsoleted by other documents at any time. It is not
appropriate to use Internet Drafts as reference material
or to cite them other than as a ``working draft'' or
``work in progress.''
Please check the 1id-abstracts.txt listing contained in
the internet-drafts Shadow Directories on nic.ddn.mil,
nnsc.nsf.net, nic.nordu.net, ftp.nisc.sri.com, or
munnari.oz.au to learn the current status of any Internet
Draft.
1 Abstract
IP unicast address allocation and management are
essential operational functions for the Public Internet.
The exact policies for IP unicast address allocation and
management continue to be the subject of many
discussions. Such discussions cannot be pursued in a
vacuum - the participants must understand the technical
issues and implications associated with various address
allocation and management policies.
The purpose of this document is to articulate certain
relevant fundamental technical issues that must be
considered in formulating unicast address allocation and
management policies for the Public Internet. The major
focus of this document is on two possible policies,
"address ownership" and "address lending," and the
technical implications of these policies for the Public
Expiration Date May 1996 �[Page 1]
INTERNET DRAFT November 1995
Internet.
2 On the intrinsic value of IP addresses
Syntactically, the set of IPv4 unicast addresses is the
(finite) set of integers in the range 0x00000000 -
0xdfffffff. IP addresses are used for Network Layer (IP)
routing. An IP address is the sole piece of information
about the node injected into the routing system.
The notable semantics of an IP unicast address is its
ability to interact with the Public Internet routing
service and thereby exchange data with the remainder of
the Internet. In other words, for the Public Internet,
it is the reachability of an IP address that gives it an
intrinsic value - without reachability the address is
worthless.
The above implies that in the Public Internet it is the
service environment (the Internet) and its continued
operation, including its routing system, which gives an
IP address its intrinsic value, rather than the inverse.
Consequently, if the Public Internet routing system
ceases to be operational, the service disappears, and the
addresses cease to have any functional value in the
Internet. At this point, for the Public Internet, all
address allocation and management policies, including
existing policies, are rendered meaningless.
3 Hierarchical routing and its implication on address
allocation
Hierarchical routing [Kleinrock 77] is a mechanism that
improves the scaling properties of a routing system. It
is the only proven mechanism for scaling routing to the
current size of the Internet.
Hierarchical routing works by taking a set of addresses
and generating a single routing advertisement (route) for
the entire set. Further, if addresses are assigned
correctly, this can be done recursively: multiple
advertisements (routes) can be combined into a single
advertisement (route). By exercising this recursion, the
amount of information necessary to provide routing can be
decreased substantially.
A common example of hierarchical routing is the phone
network (and more precisely, the North American Numbering
Expiration Date May 1996 �[Page 2]
INTERNET DRAFT November 1995
Plan), where country codes, area codes, exchanges, and
finally subscriber lines are different levels in the
hierarchy. In the phone network, a switch need not keep
detailed routing information about every possible
subscriber in a distant area code. Instead, the switch
knows one routing entry for the entire area code.
Notice that the effect on scaling is dramatic. If we
look at the space complexity of the different schemes,
the switch that knows about every subscriber in the world
needs O(n) space for n worldwide subscribers. Now
consider the case of hierarchical routing. We can break
n down into the number of subscribers in the local area
(l), the other exchanges in the area code (e), the other
area codes in the local country code (a) and other
country codes (c). Using this notation, hierarchical
routing has space complexity O(l + e + a + c). Notice
that each of these factors is much, much less than n, and
grows very slowly, if at all. This implies that a phone
switch can be built today that has some hope of not
running out of space when it is deployed.
The fundamental property of hierarchical routing that
makes this scalability possible is the ability to form
abstractions: here, the ability to group subscribers into
exchanges, area codes and country codes. Further, such
abstractions must provide useful information for the
ability to do routing. Some abstractions, such as the
group of users with green phones, are not useful when it
comes time to route a call.
Since the information that the routing system really
needs is the location of the address within the topology,
for hierarchical routing, the useful abstraction must
capture the topological location of an address within the
network. In principle this could be accomplished in one
of two ways. Either (a) constrain the topology (and
allowed topology changes) to match address assignment.
Or, (b) avoid constraints on the topology (and topology
changes), but require that as the topology changes, an
entity's address change as well. The process of changing
an entity's address is known as "renumbering."
4 Scaling the Internet routing system
The enormous growth of the Public Internet places a heavy
load on the Internet routing system. The growth rate has
doubled the size of the routing table roughly every nine
months. Computer technology doubles roughly every 24
months. Even if we could double the capacities of the
routers in the Internet every 24 months, inevitably the
size of the routing tables is going to exceed the limit
Expiration Date May 1996 �[Page 3]
INTERNET DRAFT November 1995
of the routers. Therefore, to preserve uninterrupted
continuous growth of the Public Internet, deploying
mechanisms that contain the growth rate of the routing
information is essential.
Lacking mechanisms to contain the growth rate of the
routing information, the growth of the Internet would
have to be either limited or frozen, or the Internet
routing system would become overloaded. The result of
overloading routing is that the routing subsystem will
fail: either equipment (routers) could not maintain
enough routes to insure global connectivity, or providers
will simply exclude certain routes to insure that other
routes provide connectivity to particular sites. This
document assumes that neither of the outcomes mentioned
in this paragraph is acceptable.
Classless Inter-Domain Routing (CIDR) [RFC1518, RFC1519]
has been deployed since late 1992 in the Public Internet
as the primary mechanism to contain the growth rate of
the routing information - without CIDR the Internet
routing system would have already collapsed. For
example, in October 1995, within AlterNet (one of the
major Internet Service Providers) there were 3194 routes.
Thanks to aggregation, AlterNet advertised only 799
routes to the rest of the Internet - a saving of 2395
routes (75%) [Partan 95]. In October 1995 the IRR
contained 61,430 unique prefixes listed, not counting
prefixes marked as withdrawn (or 65,191 prefixes with
prefixes marked as withdrawn). That is roughly a lower
bound since many prefixes are not registered in the IRR.
CIDR aggregation resulted in less than 30,000 routes in
the default-free part of the Internet routing system
[Villamizar 95].
CIDR is an example of the application of hierarchical
routing in the Public Internet, where subnets,
subscribers, and finally providers are some possible
levels in the hierarchy. For example, a router within a
site need not keep detailed routing information about
every possible host in that site. Instead, the router
maintains routing information on a per subnet basis.
Likewise, a router within a provider need not keep
detailed routing information about individual subnets
within its subscribers. Instead, the router could
maintain routing information on a per subscriber basis.
Moreover, a router within a provider need not keep
detailed routing information about stub (single home)
subscribers of other providers by maintaining routing
information on a per provider basis.
Because of pre-CIDR address allocation, many routes in
the Internet are not suitable for hierarchical
aggregation. Moreover, unconnected sites with pre-CIDR
Expiration Date May 1996 �[Page 4]
INTERNET DRAFT November 1995
address allocations exist. If these sites connect to the
Internet at some point in the future, the routes to these
sites are unlikely to be suitable for hierarchical
aggregation.
The topology of the Public Internet, taken as a whole, is
not strictly hierarchical, although most parts are.
Hierarchical routing requires that aggregation boundaries
for the addressing information be formed along some
hierarchy. As a result, many exceptions will be injected
into the routing system in the future, besides those
exceptions that currently exist. Each exception added to
the routing system deters the scalability of the routing
system. The exact number of exceptions that can be
tolerated is dependent on the technology used to support
routing. Unbridled growth in the number of such
exceptions will cause the routing system to collapse.
4 Address allocation and management policies
IP address allocation and management policy is a complex,
multifaceted issue. It covers a broad range of issues,
such as who formulates the policies, who executes the
policies, what is the role of various registries, what is
the role of various organizations (e.g., ISOC, IAB, IESG,
IETF, IEPG, various government bodies, etc.), the
participation of end users in requesting addresses, and
so on.
Address allocation and management and the scalability of
the routing system are interrelated - only certain
address allocation and management policies yield scalable
routing. The Internet routing system is subject to both
technological and fundamental constraints. These
constraints restrict the choices of address allocation
policies that are practical.
4.1 The "address ownership" allocation policy and its
implications on the Public Internet
"Address ownership" is one possible address allocation
and management policy. The "address ownership" policy
means that part of the address space, once allocated to
an organization, remains allocated to the organization as
long as that organization wants it. Further, that
portion of the address space would not be allocated to
any other organization. Often, such addresses are called
"portable."
Expiration Date May 1996 �[Page 5]
INTERNET DRAFT November 1995
While it has never been explicitly stated that various
Internet Registries use the "address ownership"
allocation policy, it has always been assumed (and
practiced).
To understand the implications of the "address ownership"
policy ("portable" addresses) on the scalability of the
Internet routing system, one must observe that:
(a) by definition, address ownership assumes that
addresses, once assigned, do not change owners, i.e.,
the same addresses remain at the same organization no
matter how radically the organization might change its
connectivity to the Public Internet, and that
renumbering does not take place;
(b) by definition, hierarchical routing assumes that
addresses reflect the network topology as much as
possible.
Therefore, the only way to satisfy both address ownership
and hierarchical routing for everyone is to assume that
the topology (or at least certain pieces of it) will be
permanently fixed. Given the distributed, decentralized,
largely unregulated, and global (international) nature of
the Internet, constraining the Internet topology (or even
certain parts of it) may have broad technical, social,
economical, and political implications. To date, little
is known of what these implications are; even less is
known whether these implications would be acceptable
(feasible) in practice. Therefore, at least for now, we
have to support an Internet with an unconstrained
topology (and unconstrained topological changes).
Since the Internet does not constrain its topology (or
allowed topology changes), we can either have address
ownership for everyone or a routable Internet, but not
both. If we have address ownership ("portable"
addresses) for everyone, then the routing overhead will
lead to a breakdown of the routing system resulting in a
fragmented (partitioned) Internet. Alternately, we can
have a routable Internet, but without address ownership
("portable" addresses) for everyone.
4.2 The "address lending" allocation policy and its
implications on the Public Internet
Recently, especially since the arrival of CIDR,
subscribers and providers have followed a model in which
address space is not owned (not portable), but is bound
to the topology. This model suggests an address
Expiration Date May 1996 �[Page 6]
INTERNET DRAFT November 1995
allocation and management policy that differs from the
"address ownership" policy. The following describes a
policy, called "address lending," that provides a better
match (as compared to the "address ownership" policy) to
the model.
An "address lending" policy means that an organization
gets its addresses on a "loan" basis. For the length of
the loan, the lender cannot lend the addresses to any
other borrower. Assignments and allocations based on the
"address lending" policy should explicitly include the
conditions of the loan. Such conditions must include
that allocations are returned if the borrower is no
longer contractually bound to the lender, and the lender
can no longer provide aggregation for the allocation. If
a loan ends, the organization can no longer use the
borrowed addresses, and therefore must get new addresses
and renumber with new addresses. The "address lending"
policy does not constrain how the new addresses could be
acquired.
This document expects that the "address lending" policy
would be used primarily by Internet Registries associated
with providers; however, this document does not preclude
the use of the "address lending" policy by an Internet
Registry that is not associated with a provider.
This document expects that when the "address lending"
policy is used by an Internet Registry associated with a
provider, the provider is responsible for arranging
aggregation of these addresses to a degree that is
sufficient to achieve Internet-wide IP connectivity.
This document expects that when the "address lending"
policy is used by an Internet Registry associated with a
provider, the terms and conditions of the loan would be
coupled to the service agreement between the provider and
the subscribers. That is, if the subscriber moves to
another provider, the loan would be canceled.
To reduce disruptions when a subscriber changes its
providers, this document strongly recommends that the
terms and conditions of the loan should include a grace
period provision. This provision would allow a subscriber
that disconnects from its provider a certain grace period
after the disconnection. During this grace period, the
borrower (the subscriber) may continue to use the
addresses obtained under the loan. This document
recommends a grace period of at least 30 days. Further,
to contain the routing information overhead, this
document suggests that a grace period be no longer than
six months.
To understand the scalability implications of the
Expiration Date May 1996 �[Page 7]
INTERNET DRAFT November 1995
"address lending" policy, observe that if a subscriber
borrows its addresses from its provider's block, then the
provider can advertise a single address prefix. This
reduces the routing information that needs to be carried
by the Internet routing system (for more information, see
Section 5.3.1 of RFC1518). As the subscriber changes its
provider, the loan from the old provider would be
returned, and the loan from the new provider would be
established. As a result, the subscriber would renumber
to the new addresses. Once the subscriber renumber into
the new provider's existing blocks,no new routes need to
be introduced into routing.
Therefore, the "address lending" policy, if applied
appropriately, is consistent with the constraints on
address allocation policies imposed by hierarchical
routing, and thus promotes a scalable routing system.
Thus, the "address lending" policy, if applied
appropriately, could play an important role in enabling
the continuous uninterrupted growth of the Internet.
To be able to scale routing in other parts of the
hierarchy, the "lending" policy may also be applied
hierarchically, so that addresses may in turn be lent to
other organizations. The implication here is that the
end of a single loan may have effects on organization
that have recursively borrowed part of the address space
from the main allocation. In this case, the exact
effects are difficult to determine a priori. For
example, a borrowed prefix may represent a sufficient
degree of aggregation within a lower level of the
hierarchy and may subsequently be aggregated, thus not
affecting higher levels of the routing hierarchy.
4.3 In the absence of an explicit "address lending" policy
Organizations connecting to the Internet should be aware
that even if their current provider, and the provider
they switch to in the future would not require
renumbering, renumbering may still be needed to achieve
Internet-wide IP connectivity. For example, an
organization may now receive Internet service from some
provider and allocate its addresses out of the CIDR block
associated with the provider. Later the organization may
switch to another provider. The previous provider may
still be willing to allow that organization to retain
part of the provider's CIDR block, and accept a more
specific prefix for that organization from the new
provider. Likewise, the new provider may be willing to
accept that organization without renumbering and
advertise the more specific prefix (that covers
destinations within the organization) to the rest of the
Expiration Date May 1996 �[Page 8]
INTERNET DRAFT November 1995
Internet. However, if one or more other providers exist,
that are unwilling or unable to accept the longer prefix
advertised by the new provider, then the organization
would not have IP connectivity to part of the Internet.
In the future, this may become a large portion, and
perhaps even most of the Internet.
The above shows that the absence of an explicit "address
lending" policy from a current provider in no way insures
that renumbering will not be required in the future when
changing providers. Organizations should be aware of
this fact should they encounter a provider making claims
to the contrary.
5 Recommendations
Observe that the goal of hierarchical routing is not to
reduce the total amount of routing information to the
theoretical minimum, but just to contain the routing
information within the limits of technology,
price/performance, and human factors. Therefore, a
single prefix that provides reachability to a
sufficiently large fraction of the total number
destinations could be maintained throughout the default-
free part of the Internet routing system. Therefore,
using the "address ownership" policy when allocating such
prefixes is a reasonable choice. Within such prefixes,
this document suggests the use of the "address lending"
policy.
For all other organizations that expect Internet-wide IP
connectivity, the reachability information they inject
into the Internet routing system should be subject to
hierarchical aggregation. For such organizations,
allocating addresses based on the "address ownership"
policy makes hierarchical aggregation difficult, if not
impossible. This, in turn, has a very detrimental effect
on the Internet routing system. To prevent the collapse
of the Internet routing system, for such organizations,
this document recommends using the "address lending"
policy. Consequently, when such an organization first
connects to the Public Internet or changes its
topological attachment to the Public Internet, the
organization eventually needs to renumber. Renumbering
allows the organization to withdraw any exceptional
prefixes that the organization would otherwise inject
into the Internet routing system. This applies to the
case where the organization takes its addresses out of
its direct provider's block and the organization changes
its direct provider. This may also apply to the case
where the organization takes its addresses out of its
indirect provider's block, and the organization changes
Expiration Date May 1996 �[Page 9]
INTERNET DRAFT November 1995
its indirect provider.
Carrying routing information has a cost associated with
it. This cost, at some point, may be passed back in full
to the organizations that inject the routing information.
Aggregation of addressing information (via CIDR) could
reduce the cost, as it allows an increase in the number
of destinations covered by a single route. Organizations
whose addresses are allocated based on the "address
ownership" policy (and thus may not be suitable for
aggregation) should be prepared to absorb the cost
completely on their own.
Observe that neither the "address ownership," nor the
"address lending" policy, by itself, is sufficient to
guarantee Internet-wide IP connectivity. Therefore, we
recommend that sites with addresses allocated based on
either policy should consult their providers about the
reachability scope that could be achieved with these
addresses, and associated costs that result from using
these addresses.
If an organization doesn't require Internet-wide IP
connectivity, then address allocation for the
organization could be done based on the "address
ownership" policy. Here, the organization may still
maintain limited IP connectivity (e.g., with all the
subscribers of its direct provider) by limiting the
distribution scope of its routing information to its
direct provider. Connectivity to the rest of the
Internet can be handled by mediating gateways (e.g.,
application layer gateways, Network Address Translators
(NATs)). Note that use of mediating gateways eliminates
the need for renumbering, and avoids burdening the
Internet routing system with non-aggregatable addressing
information.
Both renumbering (due to the "address lending" policy),
and non-aggregated routing information (due to the
"address ownership" policy), and the use of mediating
gateways result in some costs. Therefore, an
organization needs to analyze its own connectivity
requirements carefully and compare the tradeoffs
associated with addresses acquired via either policy vs.
having connectivity via mediating gateways (possibly
augmented by limited IP connectivity) using addresses
acquired via "address ownership." To reduce the cost of
renumbering, organizations should be strongly encouraged
to deploy tools that simplify renumbering (e.g., Dynamic
Host Configuration Protocol [RFC 1541]). Use of the DNS
should be strongly encouraged.
Expiration Date May 1996 �[Page 10]
INTERNET DRAFT November 1995
6 Summary
Any address allocation and management policy for IP
addresses used for Internet connectivity must take into
account its impact on the scalability of the Public
Internet routing system. Among all of the possible
address allocation and management policies only the ones
that yield a scalable routing system are feasible. All
other policies are self-destructive in nature, as they
lead to a collapse of the Internet routing system, and
therefore to the fragmentation (partitioning) of the
Public Internet.
Within the context of the current Public Internet,
address allocation and management policies that assume
unrestricted address ownership have an extremely negative
impact on the scalability of the Internet routing system.
Such policies are almost certain to exhaust the
scalability of the Internet routing system well before we
approach the exhaustion of the IPv4 address space and
before we can make effective use the IPv6 address space.
Given the Internet's growth rate and current technology
or any foreseeable technology, the notion that everyone
can own address space and receive Internet-wide routing
services, despite where they connect to the Internet, is
technically infeasible. Therefore, this document makes
two recommendations. First, the "address lending" policy
should be formally added to the set of address allocation
policies in the Public Internet. Second, this policy
should be used to deliver routing services to
organizations that do not provide a sufficient degree of
routing information aggregation.
Since the current IPv6 address allocation architecture is
based on CIDR, recommendations presented in this document
apply to IPv6 address allocation and management policies
as well.
7 Security Considerations
Security issues are not discussed in this document.
Expiration Date May 1996 �[Page 11]
INTERNET DRAFT November 1995
8 Acknowledgments
This document borrows heavily from various postings on
various mailing lists. Special thanks to Noel Chiappa,
Dennis Ferguson, Eric Fleischman, Geoff Huston, and Jon
Postel whose postings were used in this document.
Many thanks to Scott Bradner, Randy Bush, Brian
Carpenter, Noel Chiappa, David Conrad, John Curran, Sean
Doran, Robert Elz, Dorian Kim, Thomas Narten, Andrew
Partan, Dave Piscitello, Simon Poole, Curtis Villamizar,
and Nicolas Williams for their review, comments, and
contributions to this document.
Finally, we like to thank all the members of the CIDR
Working Group for their review and comments.
9 References
[Kleinrock 77] Kleinrock, L., Farouk, K., "Hierarchical
Routing for Large Networks," Computer Networks 1 (1977),
North-Holland Publishing Company.
[Partan 95] Partan, A., private communications, October
1995.
[RFC 1541] Droms, R., "Dynamic Host Configuration
Protocol".
[RFC 1519] V. Fuller, T. Li, J. Yu, K. Varadhan,
"Classless Inter- Domain Routing (CIDR): an Address
Assignment and Aggregation Strategy".
[RFC 1518] Y. Rekhter, T. Li, "An Architecture for IP
Address Allocation with CIDR".
[Villamizar 95] Villamizar, C., private communications,
October 1995.
10 Authors' Addresses
Yakov Rekhter
cisco Systems, Inc.
170 Tasman Dr.
Expiration Date May 1996 �[Page 12]
INTERNET DRAFT November 1995
San Jose, CA 95134
Phone: (914) 528-0090
email: yakov@cisco.com
Tony Li
cisco Systems, Inc.
170 Tasman Dr.
San Jose, CA 95134
Phone: (408) 526-8186
email: tli@cisco.com
Expiration Date May 1996 �[Page 13]