On Wed, Jan 20, 1999 at 09:51:56AM -0600, Phil Howard wrote:
John Fraizer wrote:
1) You should have domain servers for ANY domain you register that live in NON-RFC1918 space. Otherwise, Why register the domain at all? If it's for use behind the firewall, why not use internic.net or whitehouse.gov? You say "Because they want to receive email at the domain!" Well, to receive email, the rest of the world has to be able to find the mx records and to do that, your domain servers have to live in NON-RFC space and we have now completely and totally blown your first point out of the water and made it, in your own words, "moot."
You have totally missed the concept that businesses can connect to other businesses which connect other businesses and so on, and conduct network protocols using the TCP/IP suite, just as if it were an Internet, but in fact is highly isolated and segmented. Any ONE company in it may only be able to reach those companies they connected directly to, but the other companies reach many more companies.
And Phil has, I think possibly unintentionally, put this thread on topic for NANOG.
Using RFC1918 space for this won't work because there has to be some kind of administration of the space to ensure enough uniqueness that no two companies that are visible to any one company have the same addressing. There can be only one such administration of any practicality even though this "closed Internet" is chopped into isolated segments.
The question is: are these disconnected nets part of "The Internet", and if they aren't, how should their addressing and DNS be handled?
Further, many companies with these networks also allow direct access to the real open Internet. That means for sure that addresses in use on the open Internet cannot be duplicated anywhere else. So the allocation of space within the closed network has to be unique even compared to the open Internet.
So it makes sense that every company connecting this way must obtain their own unique address space.
Yes, it does. _I_ think. Even if these nets aren't routable to the Internet, they may be populated by machines that are dual-homed, but are _not_ routers, and address collisions would be A Bad Thing. Now, in these class-less days, I have _no_ idea who you'd get such an address block from...
2) DNS servers that are behind a firewall are useless in the context you describe above.
Not true. The DNS servers exist and are used by many of these companies. Only those companies that need to use them can reach them.
This raises the companion question: should such networks have 'Internet' DNS, as well, even though they're not visible to the net at large; that is, must they have root nameservers visible to the InterNIC. Phil asserts that no, they need not, and having done the exposition, I find I must agree with him... but that does raise some interesting questions...
4) If you don't intend to be routed on the global internet, you SHOULD be required to use RFC1918 space. NOBODY should be allocate routable address space for internal, off-net use.
This is neither practical nor possible. wave your hands all you want, but it won't happen because RFC1918 space cannot ever hope to allow every one of these companies to have address space that they can communicate with each other uniquely, entirely within the RFC1918 space. There are two reasons for this and based on mail I've received from a few people, it is clear to me that a lot of people need these spelled out.
I disagree; we'll hit the points.
1. There is not enough space in RFC1918 to assign UNIQUE addresses to each company that interconnects with many other companies, that further interconnect with many others, and on and on.
Counted the number of /24's in a class A lately, Po Ok, there are only 64k. But that's a lot of industry. Just how many people want to do this?
2. Even if there was enough space, there is no one doing any administration of such space to ensure that all such assignments are sufficiently unique to ensure that every company connecting to many others will never see two or more such companies using the space part of RFC1918 space.
True. So start one. :-) You'd have to do it under the auspices of one of the 800-pound gorillas you mentioned... Or move them all to IPv6 space.
Think of these "closed Internets" as businesses conducting business with each other over the Internet, but then deciding to get guaranteed bandwidth by directly connecting to each peer, not routing to the real open Internet, and basically becoming isolated except for the fact that in many of these companies their computers (servers and desktops) can not only reach many other companies this way, but also the real open Internet.
A private backbone which only accepts packets from peers. Nothing unusual about that...
Likewise, name spaces also have to be unique, and the NS servers that are authority for them may not be reachable by you or perhaps even anyone else on the open Internet. But that doesn't mean they aren't real and being used by many different businesses.
Yeah... but this raises the question of whether the charter of the InterNIC is to maintain (protection for) domain names that are _intentionally_ never visible to their customers (the net at large), simply to make life easier for a much smaller crowd... And, AFAICS, that's the _real_ crux of the issue, right there. Cheers, -- jra -- Jay R. Ashworth jra@baylink.com Member of the Technical Staff Buy copies of The New Hackers Dictionary. The Suncoast Freenet Give them to all your friends. Tampa Bay, Florida http://www.ccil.org/jargon/ +1 813 790 7592