Network Working Group V. Cerf Request for Comments: 1174 CNRI August 1990
This informational RFC represents the official view of the Internet Activities Board (IAB), and describes the recommended policies and procedures on distributing Internet identifier assignments and dropping the connected status requirement. This RFC does not specify a standard. Distribution of this memo is unlimited.
Status of this Memo
1. Recommendation about Internet Identifiers
1.3. Proposed Method of Operation
2. Recommendation about Connected Status
2.a.1. Attachment 1
2.a.2. Attachment 2
This RFC includes two recommendations from the IAB to the FNC. The first is a "Recommended Policy on Distributing Internet Identifier Assignment", that is, a suggestion to distribute the function of assigning network and autonomous system numbers. The second is a "Recommended Policy Change to Internet 'Connected' Status", that is, a suggestion to drop the notion of connected status in favor of recording the acceptable use policy and traffic access policy for each network. Included in this second recommendation is the explict
suggestion that any registered network may be entered into the DNS database without regard to connected status.
To: Chairman, Federal Networking Council
From: Chairman, Internet Activities Board
CC: IAB, IESG
Subject: Recommended Policy on Distributing Internet
This document recommends procedures for distributing assignment of Internet identifiers (network and autonomous system numbers).
Throughout its entire history, the Internet system has employed a central Internet Assigned Numbers Authority (IANA) for the allocation and assignment of various numeric identifiers needed for the operation of the Internet. The IANA function is performed by USC Information Sciences Institute. The IANA has the discretionary authority to delegate portions of this responsibility and, with respect to numeric network and autonomous system identifiers, has lodged this responsibility with an Internet Registry (IR). This function is performed by SRI International at its Network Information Center (DDN-NIC).
With the rapid escalation of the number of networks in the Internet and its concurrent internationalization, it is timely to consider further delegation of assignment and registration authority on an international basis. It is also essential to take into consideration that such identifiers, particularly network identifiers of class A and B type, will become an increasingly scarce commodity whose allocation must be handled with thoughtful care.
It is proposed to retain the centralized IANA and IR functions.
The IR would continue to be the principal registry for all network and autonomous system numbers. It would also continue to maintain the list of root Domain Name System servers and a database of registered nets and autonomous systems.
In addition, however, the IR would also allocate to organizations approved by the Coordinating Committee for Intercontinental Research
Networking (CCIRN) blocks of network and autonomous system numbers, as needed, and delegate to them further assignment authority.
It is recommended that, at least initially, the IR serve as the default registry in cases where no delegated registration authority has been identified.
Copies of the aggregate Internet registration database(s) should be maintained by the IR and copies provided to each delegated registry to improve redundancy and access to this information. Updates to the database, however, would still be centralized at the IR with complete copies redistributed by file transfer or other means on a timely basis.
It is recommended that candidate delegated registries meet with the IANA and IR to review operational procedures and requirements and to produce documentation to be issued as RFCs describing the details of the proposed distributed mode of operation.
It is recommended that host Domain Name registration continue in its present form which already accommodates distribution of this function.
To: Chairman, Federal Networking Council (FNC)
From: Chairman, Internet Activities Board
CC: IAB, IESG
Subject: Recommended Policy Change to Internet "Connected" Status
This memorandum recommends a change in the current policy for associating "connected" status to a subset of networks which have been assigned an Internet identifier.
In the following, the term Internet Assigned Number Authority (IANA) refers to the organization which has primary authority to allocate and assign numeric identifiers required for operation of the Internet. This function is presently performed by USC Information Sciences Institute. The term Internet Registry (IR) refers to the organization which has the responsibility for gathering and registering information about networks to which identifiers (network numbers, autonomous system numbers) have been assigned by the IR. At present, SRI International serves as the IR.
Attachments (1) and (2) outline the rationale for and implications of changing the current policy for associating "connected" status with only a subset of networks which have been assigned Internet identifiers.
The following actions are recommended:
Attachment: (1) Recommendation for replacement of "Connected" Status (2) Recommendation on DNS and Connectivity
A revision of the current Internet procedures controlling connection
to the Internet is recommended to solve urgent problems caused by
Internet growth both in the US and internationally. The
recommendation involves relaxation of the present "connected" status rule and the creation of a policy database to guide network administrators.
With the demise of the ARPANET and the growth of a global Internet, the administration and registration of Internet network numbers has
outgrown its initially conceived client base: military, government and government-sponsored research organizations. Since the international growth has extended the Internet community to industry and a broad range of academic and research institutions, we must re- evaluate some of the criteria for assignment and use of Internet network numbers.
In the early phases of the Internet research project, numbers were assigned only to networks of organizations that were participating in the research effort. Later, as the system became more stable and expanded into a widespread infrastructure, other organizations with networks were assigned network numbers and allowed to interconnect if they were parts of the U.S. Government or sponsored by a Government organization. To ensure global uniqueness, a single Internet Registry (IR) was designated: the Defense Data Net Network Information Center (DDN-NIC) at SRI International.
As the Internet protocols became popular in the commercial marketplace, many organizations purchased and installed private networks that needed network number assignments but were not intended to be connected to the federally-sponsored system. The IR adopted a policy of assigning network numbers to all who requested them, while distinguishing networks permitted to link to the global Internet by assigning them "connected" status. Essentially, this meant that the network to which the number was assigned had the sanction of a U.S. Government sponsoring organization to link to the Internet.
The present day Internet encompasses networks that serve as intermediaries to access the federally-sponsored backbones. Many of these intermediate networks were initiated under the sponsorship of the National Science Foundation. Some have been founded without federal assistance as consortia of using organizations. The Government has expressed a desire that all such networks be self- supporting, without the need for federal subsidy. To achieve this goal, it has been essential for the intermediate networks to support an increasingly varied range of users. A great many industrial participants can be found on the intermediate level networks. Their use of the federally-sponsored backbones is premised on the basis that the traffic is in support of academic, scholarly or other research work. The criteria for use of the intermediate level networks alone is sometimes more relaxed and, in the cases of the newly-formed commercial networks, there are no restrictions at all.
In essence, each network needs to be able to determine, on the basis of its own criteria, with which networks it will interconnect and for which networks it will support transit service. There is no longer a simple binary correlation between "connected" status and acceptable use policy. The matter becomes even more complex as we contemplate
the large and growing number of non-U.S. networks joining the global Internet. It is inappropriate to require that all of these networks adhere to U.S. access and use criteria; rather, it can only be required that the traffic they send through the federally-sponsored networks be consistent with the federal criteria.
Since the concept of a single, global "connected" status is no longer meaningful, it is recommended that it be retired and to define new characteristics that could be used by networks within the Internet to determine a specific network's eligibility to communicate with other networks.
Some attributes which might be useful to track and could be used as criteria to determine the acceptability of Internet traffic for routing purposes include:
1) Country codes
2) Conformance to acceptable use policy for:
NSFNET, MILNET, NSI, ESnet, NORDUnet, ...
To implement this idea, the IR would update the current Internet- Number-Template to query applicants for the necessary information. This information would then be collected in a database containing, for instance, a matrix of network numbers over policies. Note that the policies might be presented in narrative form. In addition, the usage policies of the various networks must be publicly available so that applicants and other interested parties can be advised of policy issues as they relate to various networks.
Under this proposal, the IR would be charged with the registration and administration of the Internet number space but not with the enforcement of policy. The IR should collect enough information to permit network administrators to make intelligent decisions as to the acceptability of traffic destined to or from each and every legitimate Internet number. Enforcement of policies is discussed below.
At a later step, we anticipate that it will be desirable to distribute the IR function among multiple centers, e.g., with centers on different continents. This should be straight-forward once the IR function is divorced from policy enforcement.
It is already true in the current Internet that there are restrictions on certain traffic on particular networks. For example, two intermediate level networks that are willing to carry arbitrary traffic can link with each other but are barred from passing commercial traffic or any other traffic that is not for academic or scholarly purposes across the federally-sponsored backbones.
Routing of traffic based upon acceptable-use policies requires a technical ability known as "policy-based routing" (PBR). At the present time, the PBR mechanism available in the Internet operates as the level of an entire network; all users and hosts on a network are subject to the same routes for a given destination. Using this PBR mechanism, a network maintains routes (and provides transit services) only for networks with compatible use policies. For an intermediate level network, for example, the routing decisions must be made on the basis of the network numbers assigned to the organizations; some might be considered to have traffic conformant with federal use policies and some might not.
Although it is much more fine-grained than the current "on or off"
rule of connected status, the use of PBR based on networks is still a
very coarse measure of control. Since the decision on acceptability
is made at the network level, one has to assign a set of
characteristics to all traffic emanating from or entering into a given network to make this access control strategy work. Strict application of such controls could prevent a commercial organization from legitimately sending research or scholarly data across the federal backbone (e.g., IBM needs to communicate with MCI and MERIT about NSFNET, but other parts of IBM may need to communicate on commercial matters). Organizations with a variety of uses might have to artificially define several networks with which to associate different use policies.
The practical result is that in order to support desirable usage patterns, government-sponsored networks will sometimes have to depend upon self-policing by traffic sources, rather than upon strict mechanical enforcement of acceptable use policies. Higher certainty on usage will have a cost in terms of limiting desirable access.
An important project now underway in the Internet Engineering Task Force (IETF) is developing a more general mechanism for PBR that will allow control at the level of individual hosts and possibly even user. It will give an end host or user the ability to select routes, taking into consideration issues such as cost, performance and reliability of the transit networks.
The Internet Domain Name system (DNS) is an essential part of the networking infrastructure. It establishes a global distributed database for mapping host names into IP addresses and for delivering electronic mail. Its efficient and reliable functioning is vital to nearly all Internet users.
Some DNS operations depend upon the existence of a complete database at certain "root" servers, in particular at the Internet Registry (IP) located at the Defense Data Net Network Information Center at SRI International (DDN-NIC). The past policy has been to tie inclusion in this database to approval of Internet interconnection by a U.S. Government agency. This "connected" status restriction is no longer viable, and recommendations for its replacement have been put forward.
In any case, we believe that the DNS database is not the proper architectural level for enforcement of administrative access restrictions, e.g., controls over the announcement of networks in the routing protocols.
The Internet Activities Board (IAB) therefore strongly endorses the following recommendation from the Federal Engineering Planning Group to the Federal Networking Council, to provide DNS service regardless of access control policies:
"There has been a great deal of discussion about domain nameservers, the IN-ADDR domain, and "connected" status as the Internet has grown to include many more nations than just the United States. As we move to a more global Internet, it seems like it would be a good idea to re-evaluate some of the rules that have governed the naming and registration policies that exist.
The naming and routing should be completely decoupled. In particular, it should be possible to register both a name/domain, as well as address servers within the IN-ADDR domain, independent of whether the client has "connected" status or not. This should be implemented immediately by the IR at the DDN-NIC. No U.S. Government sponsor should be required for domain name/address registration."
Security issues are not addressed in this memo.
Vinton G. Cerf
Corporation for National Research Initiatives
1895 Preston White Drive, Suite 100
Reston, VA 22091
Phone: (703) 620-8990