Folks, Appended is a proposal on address allocation for private internets. It was drafted by myself and Bob Moskowitz (Chrysler Corp.). Yakov & Bob. P.S. The proposal incorporates comments that we received from several people. The Acknowledgement section will be added to reflect their contributions. --------------------------------cut here-------------------------------- Address Allocation for Private Internets Hosts within sites that use IP can be partitioned into three categories: - hosts that do not require Internet access - hosts that need access to a limited set of Internet services (e.g. E-mail, FTP, netnews, remote login) which can be handled by application layer relays - hosts that need unlimited access (provided via IP connectivity) to the Internet Hosts within the first category may use IP addresses that are unambiguous within a site, but may be ambiguous within the Internet. For many hosts in the second category an unrestricted Internet access (provided via IP connectivity) may be more than just unnecessary -- it may be undesirable for privacy/security reasons. Just like hosts within the first category, such hosts may use IP addresses that are unambiguous within a site, but may be ambiguous within the Internet. Only hosts in the last category require IP addresses that are unambiguous within the Internet. It is common for organizations to build private internets which have little or no hosts falling into the third category. Even if an organization has a mixed category of hosts, in many cases within the organization hosts in the first and the second category are interconnected in such a way as to disable their IP level connectivity to the Internet, and hosts in the third category are segregated into a separate segment(s) of topology (separate Link Layer subnetwork). Only these segments need to have IP level connectivity to the Internet. Even if the hosts in the third category are not segregated into a separate physical segment of topology, such hosts can be segregated on a common (with the hosts in the first or the second category) physical segment of topology by assigning two distinct subnetwork numbers to the segment. To conserve IP network address space utilization for the public Internet, hosts within private internets that fall into the first or the second category may take their addresses out of the specific IP address block to be used exclusively by such hosts. The size of the block is expected to be sufficient to accommodate most or all of the practical situations. The reserved block consists of three sub-blocks: a single Class A network number (X), 8 contiguous Class B network numbers (from Y to Z), and 255 contiguous Class C network number (from W to V). For sites with fewer than 1,000 hosts we suggest to use addresses out of the sub-block of Class C network numbers. For sites with more than 10,000 hosts we suggest to use addresses out of the Class A network number. For all other sites we suggest to use addresses out of the sub-block of Class B network numbers. Of course, it is also possible for a site to use addresses out of more than one sub-block (using a mix of Class A, B, and C network numbers) An organization that uses addresses out of the pool allocated for private networks can be more liberal in terms of address space utilization, as compared to the address space utilization of the Internet-visible address space. Thus, rather than using variable-length subnettting, a site may use fixed-length subnetting. In many cases use of Class C network numbers may be helpful to avoid dealing with IP subnetting altogether. The reserved IP address block will not be routed in the Internet. Routers in the Internet are expected to be configured to reject (filter out) Network Layer Reachability Information associated with the destinations identified by the address block. If a router receives such information the rejection shall not be treated as a routing protocol error. Since within a single internet IP addresses have to be unambigous, assigning IP addresses out of the block allocated for private internets has the following implications: - when a host that is taken its IP address from the block moves from the first or the second category into the third one, the host has to change its IP address. - if several previously unconnected sites (several private internets) that have hosts numbered out of the block decide to interconnect (merge their internets into a single internet), this may require changing addresses of the hosts. Since the IP addresses within the block will not be routed in the Internet, a host that takes its IP address from the block will be unreachable (at the network layer) from any host in the Internet. That offers additional firewall protection. With the proposed scheme many large corporate sites can use a relatively small block of addresses from the global IP address space. That would benefit the Internet by conserving the use of IP address space.
participants (1)
-
yakov@watson.ibm.com