|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Should Extranets be congruent with the Internet? (was Re: Incompetance abounds at the InterNIC)
On Wed, Jan 20, 1999 at 09:51:56AM -0600, Phil Howard wrote: > John Fraizer wrote: > > 1) You should have domain servers for ANY domain you register that live in > > NON-RFC1918 space. Otherwise, Why register the domain at all? If it's for > > use behind the firewall, why not use internic.net or whitehouse.gov? You > > say "Because they want to receive email at the domain!" Well, to receive > > email, the rest of the world has to be able to find the mx records and to > > do that, your domain servers have to live in NON-RFC space and we have now > > completely and totally blown your first point out of the water and made it, > > in your own words, "moot." > > You have totally missed the concept that businesses can connect to other > businesses which connect other businesses and so on, and conduct network > protocols using the TCP/IP suite, just as if it were an Internet, but in > fact is highly isolated and segmented. Any ONE company in it may only be > able to reach those companies they connected directly to, but the other > companies reach many more companies. And Phil has, I think possibly unintentionally, put this thread on topic for NANOG. > Using RFC1918 space for this won't work because there has to be some kind > of administration of the space to ensure enough uniqueness that no two > companies that are visible to any one company have the same addressing. > There can be only one such administration of any practicality even though > this "closed Internet" is chopped into isolated segments. The question is: are these disconnected nets part of "The Internet", and if they aren't, how should their addressing and DNS be handled? > Further, many companies with these networks also allow direct access to > the real open Internet. That means for sure that addresses in use on the > open Internet cannot be duplicated anywhere else. So the allocation of > space within the closed network has to be unique even compared to the > open Internet. > > So it makes sense that every company connecting this way must obtain their > own unique address space. Yes, it does. _I_ think. Even if these nets aren't routable to the Internet, they may be populated by machines that are dual-homed, but are _not_ routers, and address collisions would be A Bad Thing. Now, in these class-less days, I have _no_ idea who you'd get such an address block from... > > 2) DNS servers that are behind a firewall are useless in the context you > > describe above. > > Not true. The DNS servers exist and are used by many of these companies. > Only those companies that need to use them can reach them. This raises the companion question: should such networks have 'Internet' DNS, as well, even though they're not visible to the net at large; that is, must they have root nameservers visible to the InterNIC. Phil asserts that no, they need not, and having done the exposition, I find I must agree with him... but that does raise some interesting questions... > > 4) If you don't intend to be routed on the global internet, you SHOULD be > > required to use RFC1918 space. NOBODY should be allocate routable address > > space for internal, off-net use. > > This is neither practical nor possible. wave your hands all you want, but > it won't happen because RFC1918 space cannot ever hope to allow every one > of these companies to have address space that they can communicate with > each other uniquely, entirely within the RFC1918 space. There are two > reasons for this and based on mail I've received from a few people, it is > clear to me that a lot of people need these spelled out. I disagree; we'll hit the points. > 1. There is not enough space in RFC1918 to assign UNIQUE addresses to each > company that interconnects with many other companies, that further > interconnect with many others, and on and on. Counted the number of /24's in a class A lately, Po Ok, there are only 64k. But that's a lot of industry. Just how many people want to do this? > 2. Even if there was enough space, there is no one doing any administration > of such space to ensure that all such assignments are sufficiently unique > to ensure that every company connecting to many others will never see > two or more such companies using the space part of RFC1918 space. True. So start one. :-) You'd have to do it under the auspices of one of the 800-pound gorillas you mentioned... Or move them all to IPv6 space. > Think of these "closed Internets" as businesses conducting business with > each other over the Internet, but then deciding to get guaranteed bandwidth > by directly connecting to each peer, not routing to the real open Internet, > and basically becoming isolated except for the fact that in many of these > companies their computers (servers and desktops) can not only reach many > other companies this way, but also the real open Internet. A private backbone which only accepts packets from peers. Nothing unusual about that... > Likewise, name spaces also have to be unique, and the NS servers that are > authority for them may not be reachable by you or perhaps even anyone else > on the open Internet. But that doesn't mean they aren't real and being > used by many different businesses. Yeah... but this raises the question of whether the charter of the InterNIC is to maintain (protection for) domain names that are _intentionally_ never visible to their customers (the net at large), simply to make life easier for a much smaller crowd... And, AFAICS, that's the _real_ crux of the issue, right there. Cheers, -- jra -- Jay R. Ashworth [email protected] Member of the Technical Staff Buy copies of The New Hackers Dictionary. The Suncoast Freenet Give them to all your friends. Tampa Bay, Florida http://www.ccil.org/jargon/ +1 813 790 7592
|