[22763] in North American Network Operators' Group
Should Extranets be congruent with the Internet? (was Re: Incompetance abounds at the InterNIC)
daemon@ATHENA.MIT.EDU (Jay R. Ashworth)
Wed Jan 20 20:21:33 1999
Date: Wed, 20 Jan 1999 19:47:58 -0500
From: "Jay R. Ashworth" <jra@scfn.thpl.lib.fl.us>
To: nanog@merit.edu
In-Reply-To: <199901201551.JAA02161@whistler.intur.net>; from Phil Howard <phil@whistler.intur.net> on Wed, Jan 20, 1999 at 09:51:56AM -0600
On Wed, Jan 20, 1999 at 09:51:56AM -0600, Phil Howard wrote:
> John Fraizer wrote:
> > 1) You should have domain servers for ANY domain you register that live in
> > NON-RFC1918 space. Otherwise, Why register the domain at all? If it's for
> > use behind the firewall, why not use internic.net or whitehouse.gov? You
> > say "Because they want to receive email at the domain!" Well, to receive
> > email, the rest of the world has to be able to find the mx records and to
> > do that, your domain servers have to live in NON-RFC space and we have now
> > completely and totally blown your first point out of the water and made it,
> > in your own words, "moot."
>
> You have totally missed the concept that businesses can connect to other
> businesses which connect other businesses and so on, and conduct network
> protocols using the TCP/IP suite, just as if it were an Internet, but in
> fact is highly isolated and segmented. Any ONE company in it may only be
> able to reach those companies they connected directly to, but the other
> companies reach many more companies.
And Phil has, I think possibly unintentionally, put this thread on
topic for NANOG.
> Using RFC1918 space for this won't work because there has to be some kind
> of administration of the space to ensure enough uniqueness that no two
> companies that are visible to any one company have the same addressing.
> There can be only one such administration of any practicality even though
> this "closed Internet" is chopped into isolated segments.
The question is: are these disconnected nets part of "The Internet",
and if they aren't, how should their addressing and DNS be handled?
> Further, many companies with these networks also allow direct access to
> the real open Internet. That means for sure that addresses in use on the
> open Internet cannot be duplicated anywhere else. So the allocation of
> space within the closed network has to be unique even compared to the
> open Internet.
>
> So it makes sense that every company connecting this way must obtain their
> own unique address space.
Yes, it does. _I_ think. Even if these nets aren't routable to the
Internet, they may be populated by machines that are dual-homed, but
are _not_ routers, and address collisions would be A Bad Thing.
Now, in these class-less days, I have _no_ idea who you'd get such an
address block from...
> > 2) DNS servers that are behind a firewall are useless in the context you
> > describe above.
>
> Not true. The DNS servers exist and are used by many of these companies.
> Only those companies that need to use them can reach them.
This raises the companion question: should such networks have
'Internet' DNS, as well, even though they're not visible to the net at
large; that is, must they have root nameservers visible to the
InterNIC.
Phil asserts that no, they need not, and having done the exposition, I
find I must agree with him... but that does raise some interesting
questions...
> > 4) If you don't intend to be routed on the global internet, you SHOULD be
> > required to use RFC1918 space. NOBODY should be allocate routable address
> > space for internal, off-net use.
>
> This is neither practical nor possible. wave your hands all you want, but
> it won't happen because RFC1918 space cannot ever hope to allow every one
> of these companies to have address space that they can communicate with
> each other uniquely, entirely within the RFC1918 space. There are two
> reasons for this and based on mail I've received from a few people, it is
> clear to me that a lot of people need these spelled out.
I disagree; we'll hit the points.
> 1. There is not enough space in RFC1918 to assign UNIQUE addresses to each
> company that interconnects with many other companies, that further
> interconnect with many others, and on and on.
Counted the number of /24's in a class A lately, Po
Ok, there are only 64k. But that's a lot of industry. Just how many
people want to do this?
> 2. Even if there was enough space, there is no one doing any administration
> of such space to ensure that all such assignments are sufficiently unique
> to ensure that every company connecting to many others will never see
> two or more such companies using the space part of RFC1918 space.
True.
So start one. :-) You'd have to do it under the auspices of one of
the 800-pound gorillas you mentioned...
Or move them all to IPv6 space.
> Think of these "closed Internets" as businesses conducting business with
> each other over the Internet, but then deciding to get guaranteed bandwidth
> by directly connecting to each peer, not routing to the real open Internet,
> and basically becoming isolated except for the fact that in many of these
> companies their computers (servers and desktops) can not only reach many
> other companies this way, but also the real open Internet.
A private backbone which only accepts packets from peers. Nothing
unusual about that...
> Likewise, name spaces also have to be unique, and the NS servers that are
> authority for them may not be reachable by you or perhaps even anyone else
> on the open Internet. But that doesn't mean they aren't real and being
> used by many different businesses.
Yeah... but this raises the question of whether the charter of the
InterNIC is to maintain (protection for) domain names that are
_intentionally_ never visible to their customers (the net at large),
simply to make life easier for a much smaller crowd...
And, AFAICS, that's the _real_ crux of the issue, right there.
Cheers,
-- jra
--
Jay R. Ashworth jra@baylink.com
Member of the Technical Staff Buy copies of The New Hackers Dictionary.
The Suncoast Freenet Give them to all your friends.
Tampa Bay, Florida http://www.ccil.org/jargon/ +1 813 790 7592
