|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: 69/8...this sucks
> According to ARIN's whois server, there are 95 subdelegations for > NET-69-0-0-0-0...we're the 95th. Clearly this problem is going to get a lot worse before it gets better. And since most network operators are not on NANOG or USENET or any other mailing list, there are really only two means of contact. Either every affected party probes the net, identifies misconfigured networks and contacts them one by one using email, phone and letters. Or we use the press to make the problem and solution widely visible. In either case, I think it would be a mistake to just fix the immediate problem of a few ISPs needed full reachability from 69/8 space. Since we have to put the effort into this problem, let's try to fix the general problem, not just a small part of it. The general problem is that ever large numbers of devices are getting IPv4 address ranges hard-coded into their configurations with no process in place for reviewing and changing those configurations. These devices are not just routers but also firewalls and application servers. In order to solve the general problem we need to make it easy for people to review and change their configurations. This is not a lot different from the problems that DNS solved. When you configure a device with a domain name, the device will dynamically review and update the IP address that it uses for communication. No human intervention is necessary. Essentially, what we need is something that provides a capability similar to DNS except that it works for IP address ranges, not for individual IP addresses. This is where ARIN comes in. Because ARIN has the top-level authority for IP address ranges in North America, they are the *ONLY* organization that can authoritatively identify who an IP address range is delegated to. I have suggested that ARIN should set up an LDAP server to publish the delegation of all their IP address space updated on a daily basis. And that organizations which sub-delegate space, i.e. ISPs, should also run LDAP servers as part of a delegation hierarchy similar to DNS. This type of referral LDAP is part of the IETF standard and has been implemented by most LDAP software vendors. Because LDAP is a widespread technology that is used in the enterprise for identification and authentication, there is a high likelihood that the suppliers of firewalls and application servers will build in support for querying the ARIN delegation hierarchy. > I realize ARIN can't guarantee global routability of IP space, but should > they continue to give out IP blocks they absolutely know are not fully > routable on the internet today? ISPs make addresses routable. ARIN is not an ISP. ARIN members are ISPs. ARIN does not compete with its members. Therefore, ARIN should focus on the problem of how to publish authoritative data about which IP addresses should be routable. The appropriate technology combined with the appropriate publicity will create demand from enterprise network admins which will drive all ISPs and device vendors to fix the problem. If anyone wants to discuss this further, then I suggest that the upcoming ARIN meeting in Memphis is the ideal venue to do so. --Michael Dillon
|