The ISP Column An occasional column on things Internet Addressing Policies Geoff Huston When does an experiment in networking technology become a public utility? Does it happen on a single date, or is it a more gradual process of incremental change? And at what point do you change that way in which resources are ma>naged to admit a broader spectrum of public interests? And how are such interests to be expressed in the context of the network itself, in terms of the players, their motivation and the level of common interest in one network? While many may be of the view that this has already happened some years ago in the case of the Internet, when you take a global perspective many parts of the globe are only coming to appreciate the significant role of the Internet in the broader context of enablers of national wealth. I'd like to take one example here to illustrate the forms of issues that arise when public policy considerations of a national nature are added into a resource management debate. It could well be that November 2005 is recorded one of the landmark months in the continuing story of the Internet. That month sees the culmination of some years of preparation for the World Summit on the Information Society, and it will be the time when a relatively complete set of national delegations will meet, consider and ultimately vote on a set of resolutions about the future structure of the global communications industry from the perspective of an international public policy perspective. It’s not the only show in town of course and a few weeks later the Internet Corporation for the Assignment of Names and Numbers will meet in Vancouver, and continue their endeavours in advising the government of the United States of America as to appropriate decisions regarding the carriage of the domain name system, protocol parameter assignment and the distribution of address resources, in the expectation that in the following year ICANN will assume a greater level of autonomy in undertaking this role. In looking at the various perspectives that come to bear of these issues, the area of address distribution policy is certainly illustrative of the broader picture. So in this article I'd like to take a look at the ITU-T's proposal for introducing competition into the allocation of IP addresses through the proposed establishment of national IPv6 address registries. We will examine some of the assumptions about IP addresses that underlie the proposal and look at the significant issues that the proposal raises regarding Internet infrastructure and the related task of address resource management. It is certainly the case that the basic assumptions about the role of addresses in the Internet that underlie this proposal are very important ones to consider, as they tend to be consistent themes of many resources that form a public good. However, it is also the case that the proposal as it stands could trigger some unpalatable unintended outcomes for the Internet, and some likely unpalatable consequences for all of us as users of this rather unique public utility. The Proposal In November of 2004 a proposal has been made for the introduction of competition into the system of allocation of IP addresses. The proposal has been made by Houlin Zhao of the ITU-T, and calls for the ITU-T to establish new IPv6 address registries in each nation, each of which would compete with the existing Regional Internet Registries (RIRs). This proposal can be found at: http://www.itu.int/ITU-T/tsb-director/tut-wsis/files/zhao-netgov02.doc This proposal has been published as part of the broader program of work associated with Phase II of the World Summit on the Information Society (http://www.wsis.org). A summary of the essential elements of this proposal is: - To allocate an IPv6 address block to the ITU-T, who would then allocate to each nation a contiguous address block, sufficient to meet the needs of its national population. The precise nature of how the size of such national address blocks would be determined is not specified in the proposal, so details as to what would constitute a national requirement and the anticipated timeframe of such an allocation is also not described. - That each nation would establish a national registry framework to manage their national address block. Whether this would be established as a central service entity within each nation, or a set of such entities within each nation, is not covered in the proposal. Whether this would be a function of a public agency or one that is part of a national, deregulated industry structure or some other arrangement is not specified. - That such national address registries would be expected to operate in competition with the established Regional Internet Registry (RIR) system. - That domestic entities would have a choice of obtaining IPv6 address space using a RIR or using the national address registry service. Some Assumptions about Address Attributes There are a number of underlying assumptions about the characteristics of IPv6 addresses that lie behind the ITU-T’s proposal, and it is useful to enumerate these in broad terms. - Addresses are a global resource Addresses are not just numbers - they are an enabler for communications services. By inference of their property of being a intrinsic component of a global communications infrastructure, IP addresses are also validly to be considered as a global resource. In the context of the ITU-T’s perspective of global activities as being a matter of coordination and collaboration of various national activities, the logical implication is that this is an international issue of resource allocation, and the resource should be distributed in a manner that is fair in terms of relative amounts of resource allocation to each national entity. - Addresses are a public resource Nations should be able to express their preferences as to how addresses are spread around. Public communications systems form part of a public utility service, and the components of their infrastructure can be validly considered as resources that form part of public good. Following this line of argument, as a public resource, national public policy processes should be capable of setting national address access, distribution and use policies, as determined by national policy environments. - Addresses are a critical resource If a national community cannot gain access to addresses then bad things may result for that community. Each nation should be able to secure national access to address resources irrespective of actions by other national entities, or indeed by any entity that does not fall within the national domain. - Addresses are a network resource Deployment of communications services and access to addresses go hand-in-hand. Access to the benefits of Internet-based communications services by a national community are predicated by enabling access to address resources by that community. Securing access to addresses by national communities is not an end in and of itself, but is an essential prerequisite for utilizing the benefits and opportunities of access to the common communications service. - Addresses are an infinite resource Addresses may have to last for a very long time. This is perhaps an overstatement of the assumption. The key aspect here is that the total capacity of the address plant is sufficient to accommodate the cumulative sum of national requirements across some 200 nations, in addition to the requirements of the established RIR system. Irrespective of the mechanism of determining national allocations, there is assumed to be sufficient address resources available to meet these requirements. Some Issues with the proposal As it stands, the proposal raises some significant issues that appear to be counter to the experience gained to date in the deployment of Internet infrastructure and the related task of address resource management. While this is not a complete list, and does not represent an exhaustive analysis of each of these issues, the following is a summary of the most apparent areas where the proposal raises matters of concern. - The proposal leads to the creation of policy confusion in addressing The ITU-T framework respects national sovereignty, and does not operate though mandate, but uses a structure of recommendations. Allowing each national address registry to operate under a nationally determined policy does not induce an outcome of conformity across all policy regimes. The expression of concern here is that this has a direct impact on the stable and scaleable operation of the Internet’s routing system, and also leads to concerns about the authenticity of addresses described in associated route objects. There is a relatively high level of aggregation constraint that is necessary to ensure that the routing environment continues to scale to the size of the network. It is unclear how such a diverse set of address policy domains will be capable of expressing this necessary common constraint. In addition, in a broad spectrum of national public policy regimes it is reasonable to expect that some regimes may elect to associate binding national address use policies with national address distribution channels. To date the policies that can be expressed in the network relate to path preference selection, while address use constraints, such as variations of propagation controls, have proved difficult to integrate into the routing system. - The proposal does not align to regional and global business models The Internet has developed in a regime of progressive liberalization of the global telecommunications environment. Many industry players operate in a number of national regimes. If an enterprise had to operate their network within the constraints of a collection of address policies, and likely also a collection of diverse and potentially conflicting national address use policies, it would impose a significant additional imposition on industry. Does it ultimately benefit the provider or the end user if a global or regional service enterprise is required to deal with up to 200 different address sources, each with various potential use constraints placed on such addresses? - The proposal creates competition regimes based on policy dilution The likely outcome of competitive address distribution systems in an unregulated regime would be the progressive dilution of associated access policies and procedures, and a continuing acceleration in address space allocation rates. This would lead to premature exhaustion of the entire address pool, even one as large at the IPv6 address space, resulting from poor constraint signalling within the market due to the partitioned nature of the market and the particular nature of addresses as a market commodity. This outcome would appear to compromise the fundamental goals of responsible stewardship of a finite, common public resource, and would create irrevocable outcomes resulting from an artificially excessive consumption of the resource. - The proposal creates impetus for rapid consumption through address hoarding The poor level of market signalling in such a competitive, partitioned supply system would increase the constraint of perceptions of a finite supply. Together with common policy dilution, as well as deliberate maintenance of national address reserves, this would rapidly lead to induced rapid consumption of the entire available resource. This hoarding behaviour, coupled with the exhaustion of the neutral supply of new addresses into the market, would lead to the generation of trading markets, where addresses are placed into the role of a commodity supply. The consequent distortion of the role of addresses would have negative impacts on the network, running the risk of addresses being withheld from the network so that they could be released with potentially higher exploitative returns on the associated trading market. This also leads to incentives for address fraud in order to reap the rewards of generating more addresses into the trading market for rapid financial gain. It is also possible for national entities to see this as a form of foreign income, in the same manner as existing practices in certain country code domain names. This could result in national address blocks being deliberately withheld from meeting local needs in order to facilitate the formation of a trading market upon which the withheld resources could be played as a foreign currency revenue stream. To call this form of outcome chaotic and undesirable should be considered an understatement. - The proposal has no visible relationship to known routing capabilities Address distribution functions are deliberately constrained in order to achieve a number of common outcomes. One of these outcomes is to limit the number of address prefixes that enter the routing system, in order to ensure that the routing system stays within the constraints of the capabilities of the routing system. The removal of that constraint through the progressive dilution of address distribution policies as they relate to aggregation capability would potentially place unconstrained growth strains on the routing system. There is also the risk that national address use constraints would be introduced which would assume a level of policy-based control over route propagation that would conflict with the capability of Internet routing technology. - The proposal eliminates the common interest in one network This proposal may well place shorter term national interests above the common network interest, leading to a localized set of interests being considered more important than the network itself. The question here is whether national registry structures will be willing to apply constraints to their function in order to meet a common objective of a scaleable and sustainable routing system. Environmental economics has previously demonstrated that, in such situations, it is often the case that longer term, common interests are not given primary importance. - The proposal compromises any hope of enhancing routing integrity and security The proposal eliminates the goal of a robust and resilient trust hierarchy to support a viable, secure network routing environment. Distributed trust systems, such as those being proposed for securing inter-domain routing and securing the integrity of the address plant when it is passed into the routing environment, rely on a clear grounding in reliable trust anchors. It is an open question whether every nation state at all times would be able to operate such a system at such levels of integrity. This question is particularly relevant when there are potential benefits in operating an address registry in a competitive environment where the competition discriminator includes policy dilution. - The proposal creates further churn in perceptions of the stability and viability of IPv6 In the case of the Internet, addressing lies at the very heart of the network. Without a framework of stable, unique and ubiquitous addresses there is no single cohesive network. Without a continuing stable supply of addresses, further growth of the network simply cannot be sustained. Without absolute confidence in the continuing stability in this supply chain, the global communications industry will inevitably be forced to look elsewhere for a suitable technology platform to meet the needs of networked data communications. If the industry is pushed into such an uncomfortable position of turning its attention elsewhere, simply because the Internet is incapable of operating its infrastructure in a stable, consistent and cost effective manner, this would be a most unfortunate, unintended outcome for the Internet and the billions of current and future users of this uniquely valuable common resource. Some Options to Respond There are some options for consideration by a broader community of stakeholders related to this proposal. On the basis of a considerable body of experience gained in the task of address stewardship of Internet protocol addresses there are a number of ways in which the stakeholder communities could offer some form of contribution to the ITU-T and also to the World Summit for the Internet Society, wherein this ITU-T proposal may be considered. Agree: It may be that the general perception of the benefits of this form of diversity of address distribution far outweigh the concerns here, in which case the appropriate option may be to encourage this proposal to move forward. Disagree: On the other hand, it may be that the general perception of the risks associated with this proposal are at such a level that the proposal, if implemented in any form, would unleash an irrevocable set of actions that would threaten the future viability of adoption of the IPv6 global network. In such a case it would be responsible to disagree strongly with the proposal and highlight the basis upon which such disagreement is based. Discuss: Another option is to "discuss". If there is a perception of validity in the set of assumptions relating to attributes of addresses, and in the related proposition that national interests are an integral component of this environment, then further discussion would be necessary. In such a scenario there may be value in an exploration of mechanisms that could accommodate the underlying perspectives and mitigate, or even eliminate, the current collection of concerns associated with the current ITU-T proposal. Much time, effort, money and hope has been invested in the World Summit on the Information Society over the past several years, and there is little doubt that there will be resolutions and that some of these resolutions will take stances that are at some variance with the current structure. Whether we will be capable of achieving a wise balance between these public sector interests and the strictures of what enables cost effective technology to work is just one of those areas where we will need to wait to find out. And, yes, I promise to leave the rarefied heights of policies and return to a geek topic next month! Disclaimer: The above views do not represent the views or positions of the Asia Pacific Network Information Centre, nor those of the Internet Society. About the Author: GEOFF HUSTON holds a B.Sc. and a M.Sc. from the Australian National University. He has been closely involved with the development of the Internet for many years, particularly within Australia, where he was responsible for the initial build of the Internet within the Australian academic and research sector. He is author of a number of Internet-related books, and is currently the Senior Internet Researcher at APNIC, the Regional Internet Registry serving the Asia Pacific region.