Internet DRAFT - draft-hain-1918bis

draft-hain-1918bis




                                                                        
   Internet Draft                                                T.Hain 
   Document: draft-hain-1918bis-01.txt                    Cisco Systems 
   Expires: July 2005                                      January 2005 
    
    
             Expanded Address Allocation for Private Internets 
    
    
Status of this Memo 
    
   "By submitting this Internet-Draft, I certify that any applicable 
   patent or other IPR claims of which I am aware have been disclosed, 
   or will be disclosed, and any of which I become aware will be 
   disclosed, in accordance with RFC 3668." 
    
   Internet-Drafts are working documents of the Internet Engineering 
   Task Force (IETF), its areas, and its working groups.  Note that      
   other groups may also distribute working documents as Internet-
   Drafts. 
    
   Internet-Drafts are draft documents valid for a maximum of six months 
   and may be updated, replaced, or obsoleted by other documents at any 
   time.  It is inappropriate to use Internet-Drafts as reference 
   material or to cite them other than as "work in progress." 
    
   The list of current Internet-Drafts can be accessed at 
        http://www.ietf.org/ietf/1id-abstracts.txt 
   The list of Internet-Draft Shadow Directories can be accessed at 
        http://www.ietf.org/shadow.html. 
    
    
Abstract 
    
   This document updates RFC 1918 and identifies additional IPv4 address 
   space for use in private networks.  
    
    
Table of Contents 
    
   Introduction......................................................2 
   Example cases.....................................................2 
   Private Address Space.............................................5 
   IANA Considerations...............................................5 
   Security Considerations...........................................5 
   References........................................................5 
   Author's Addresses................................................5 
    
    

 
 
<Hain>                   Expires - July 2005                 [Page 1] 
          Expanded Address Allocation for Private Internets   Jan 2005 
 
 
Introduction 
    
   A number of organizations have expanded their autonomous private 
   networks to the point of exhausting the address space identified in 
   RFC 1918, in addition to the publicly routed space that has been 
   assigned to them. Given the policies for acquiring additional public 
   space it is not reasonable for them to acquire such space for use in 
   their private networks. 
    
   While it is tempting to tell them to just switch to IPv6, that is not 
   realistic from application availability, and transition timeframe 
   standpoint. They need additional IPv4 space to continue to grow 
   during the transition period. That space should be formally allocated 
   rather than simply taken on the assumption it will not be publicly 
   allocated before they complete a transition to IPv6.  
    
   Any deployment will be gated by the following factors: 
      -  Product availability 
      -  Budget availability 
      -  Acquisition timeframe 
      -  Operations training 
      -  Testing / interoperability assurance window 
      -  Deployment window 
    
   To the degree that the organization uses the normal life-cycle 
   replacement approach to minimize any explicit IPv6 budget items, the 
   acquisition timeframe by itself could be 5 years or more. In any 
   event, the organization has typical timeframes for the period between 
   product / service availability and when they consider that to be 
   operationally deployed. This document points out that those 
   deployment timeframes extend well beyond the point where they will 
   have exhausted the space defined in RFC 1918.  
    
    
Example cases 
    
   A global organization, with over 5000 existing facilities, allocates 
   a /21 to each from 10/8 (consolidating multiple disjoint /24's that 
   evolved in the older facilities). They have allocated /16's to the 
   set of data center facilities from 172.16/12, along with a number of 
   globally routed /16's for their public facing systems. Internal 
   infrastructure has consumed the 192.168/16 space. This organization 
   is growing at about 1.1% per month. For several years the number of 
   devices on the network is growing at 3 times that rate, not counting 
   the pending entry-level deployment of 100,000 IP phones. At their 
   current size this requires a /12 per year, deployed as approximately 
   40 new /21 facilities per month (~ three /17's). While there is still 
   a little room in the private space allocated through RFC 1918, 
   barring a sudden new demand on addresses their compounded annual 
 
 
Hain                     Expires - July 2005                 [Page 2] 
          Expanded Address Allocation for Private Internets   Jan 2005 
 
 
   growth rate can only be sustained for another 36 months. Faced with 
   the limitations of the RFC 1918 address pool, they are being forced 
   to modify business processes by deploying major new applications in 
   address space that overlaps between facilities. The resulting sub-
   optimal economics of the unnatural business process will eventually 
   drive a migration to IPv6. Unfortunately even in a best case scenario 
   this migration will take longer than their run rate on the remaining 
   1918 pool. 
    
   Their IPv6 deployment plan ... 
    
   Availability of router software & hardware                  -  2004 
   Deployment of updated router software or hardware           -  + 3 
    
   Availability of other network devices (DNS, Firewall, etc)  -  ???? 
   Deployment of other network devices                         -  + 2 
    
   Availability of IPv6 service from ISP's                     -  ???? 
   Deployment of IPv6 service from ISP's                       -  + 1 
    
   Availability of network management applications & tools     -  ???? 
   Deployment of network management applications & tools       -  + 2 
    
   Availability of desktop OS from vendor                      -  2004 
   Deployment of updated desktop OS                            -  + 3 
    
   Availability of primary business applications from vendors  -  ???? 
   Deployment of primary business applications                 -  + 3 
    
   Availability of other business applications from vendors    -  ???? 
   Deployment of other business applications                   -  + 4 
    
   Availability of embedded appliance stack update from vendor -  ???? 
   Deployment of embedded appliance stack update               -  + 5 
    
    
   Even if all products and services were available with an IPv6 
   equivalent today, they would require *n* years to work through their 
   normal acquisition, testing, and deployment process. Given that very 
   few application vendors have even announced that IPv6 is on their 
   development roadmap, the actual useful deployment date is easily more 
   than 3 years from now. 
    
    
    
    
   Several Internet access providers have deployed private address space 
   across the upstream side of their CPE for management purposes. With 
   dynamic customer count per aggregation point coupled with multiple 
 
 
Hain                     Expires - July 2005                 [Page 3] 
          Expanded Address Allocation for Private Internets   Jan 2005 
 
 
   addressable entities per CPE device, to manage operational logistics 
   they have reached the point where they need to reuse some address 
   ranges. This overlap creates a burden on operations as they attempt 
   to maintain accurate accounting records and ensure the correct 
   configuration is applied to the overlapped devices. 
    
   To illustrate the problem; 
   Address utilization efficiency for large numbers decreases with 
   topology hierarchies (RFC 3194). For a typical 60% efficiency, 6 
   million customer devices requires 10 million of the available 16 
   million in 10.x. With business partner uses in the neighborhood of 4 
   million, and additional internal services/losses in the neighborhood 
   of 3 million addresses, these providers have already exceeded the 
   capability of the existing space defined in RFC 1918. 
    
    
   Their IPv6 deployment plan ... 
    
   Availability of router software & hardware                  -  2004 
   Deployment of updated router software or hardware           -  + 3 
    
   Availability of other network devices (DNS, Firewall, etc)  -  ???? 
   Deployment of other network devices                         -  + 2 
    
   Availability of network management applications & tools     -  ???? 
   Deployment of network management applications & tools       -  + 2 
    
   Availability of accounting applications from vendors        -  ???? 
   Deployment of accounting applications                       -  + 2 
    
   Availability of server OS from vendor                       -  2004 
   Deployment of updated server OS                             -  + 3 
    
   Availability of business partner network IPv6 peering       -  ???? 
   Deployment of business partner network IPv6 peering         -  + 2 
    
   Availability of CPE devices from vendors                    -  2007 
   Deployment of CPE devices                                   -  + 4 
    
    
   Even if all products and services were available with an IPv6 
   equivalent today, they would require *n* years to work through their 
   normal acquisition, testing, service development, and deployment 
   process. Since the standards process to include IPv6 support to the 
   CPE devices has not even started at the end of 2004, it will be at 
   least 2 years before standards based versions of those products will 
   be widely available in the market. The actual deployment rate of 
   those CPE devices could take many years beyond availability as that 
   activity is frequently gated by the end customer. 
 
 
Hain                     Expires - July 2005                 [Page 4] 
          Expanded Address Allocation for Private Internets   Jan 2005 
 
 
    
    
    
    
    
Private Address Space 
    
   The Internet Assigned Numbers Authority (IANA) has reserved the 
   following blocks of the IPv4 address space for private internets: 
    
   x.0.0.0 /8  
   y.0.0.0 /8 
   z.0.0.0 /8 
    
IANA Considerations 
    
   IANA should select additional IPv4 /8's for this purpose from those 
   least likely to be allocated for public use. The prefix 1 /8 is a 
   prime candidate as the author is aware of multiple networks that have 
   historically used that one for private use. Another candidate, 223 /8 
   was recently returned to IANA due to conflicts with RFC 3330.  
    
    
Security Considerations 
    
   While product marketing frequently confuses the use of private 
   address space with security, there are no such claims being made or 
   validated by this document. 
    
    
References 
    
    
    
Author's Addresses 
    
   Tony Hain 
   Cisco Systems 
   500 108th NE, Bellevue, Wa. 98004 
   Email: alh-ietf@tndh.net 
     
    
    
   "Copyright (C) The Internet Society 2004.  This document is subject 
   to the rights, licenses and restrictions contained in BCP 78, and 
   except as set forth therein, the authors retain all their rights." 
    
   "This document and the information contained herein are provided on 
   an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE 
 
 
Hain                     Expires - July 2005                 [Page 5] 
          Expanded Address Allocation for Private Internets   Jan 2005 
 
 
   REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE 
   INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR 
   IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF 
   THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED 
   WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE." 












































 
 
Hain                     Expires - July 2005                 [Page 6]