doc: Add RFC documents

1 files changed, 451 insertions, 0 deletions

diff --git a/doc/rfc/rfc1597.txt b/doc/rfc/rfc1597.txt
new file mode 100644
index 0000000..a9d747c
--- /dev/null
+++ b/doc/rfc/rfc1597.txt
@@ -0,0 +1,451 @@
+
+
+
+
+
+
+Network Working Group                                        Y. Rekhter
+Request for Comments: 1597       T.J. Watson Research Center, IBM Corp.
+Category: Informational                                    B. Moskowitz
+                                                         Chrysler Corp.
+                                                          D. Karrenberg
+                                                               RIPE NCC
+                                                            G. de Groot
+                                                               RIPE NCC
+                                                             March 1994
+
+
+                Address Allocation for Private Internets
+
+Status of this Memo
+
+   This memo provides information for the Internet community.  This memo
+   does not specify an Internet standard of any kind.  Distribution of
+   this memo is unlimited.
+
+1. Introduction
+
+   This RFC describes methods to preserve IP address space by not
+   allocating globally unique IP addresses to hosts private to an
+   enterprise while still permitting full network layer connectivity
+   between all hosts inside an enterprise as well as between all public
+   hosts of different enterprises. The authors hope, that using these
+   methods, significant savings can be made on allocating IP address
+   space.
+
+   For the purposes of this memo, an enterprise is an entity
+   autonomously operating a network using TCP/IP and in particular
+   determining the addressing plan and address assignments within that
+   network.
+
+2. Motivation
+
+   With the proliferation of TCP/IP technology worldwide, including
+   outside the Internet itself, an increasing number of non-connected
+   enterprises use this technology and its addressing capabilities for
+   sole intra-enterprise communications, without any intention to ever
+   directly connect to other enterprises or the Internet itself.
+
+   The current practice is to assign globally unique addresses to all
+   hosts that use TCP/IP.  There is a growing concern that the finite IP
+   address space might become exhausted.  Therefore, the guidelines for
+   assigning IP address space have been tightened in recent years [1].
+   These rules are often more conservative than enterprises would like,
+   in order to implement and operate their networks.
+
+
+
+Rekhter, Moskowitz, Karrenberg & de Groot                       [Page 1]
+
+RFC 1597        Address Allocation for Private Internets      March 1994
+
+
+   Hosts within enterprises that use IP can be partitioned into three
+   categories:
+
+      - hosts that do not require access to hosts in other enterprises
+        or the Internet at large;
+
+      - hosts that need access to a limited set of outside services
+        (e.g., E-mail, FTP, netnews, remote login) which can be handled
+        by application layer gateways;
+
+      - hosts that need network layer access outside the enterprise
+        (provided via IP connectivity);
+
+      - hosts within the first category may use IP addresses that are
+        unambiguous within an enterprise, but may be ambiguous between
+        enterprises.
+
+   For many hosts in the second category an unrestricted external access
+   (provided via IP connectivity) may be unnecessary and even
+   undesirable for privacy/security reasons.  Just like hosts within the
+   first category, such hosts may use IP addresses that are unambiguous
+   within an enterprise, but may be ambiguous between enterprises.
+
+   Only hosts in the last category require IP addresses that are
+   globally unambiguous.
+
+   Many applications require connectivity only within one enterprise and
+   do not even need external connectivity for the majority of internal
+   hosts.  In larger enterprises it is often easy to identify a
+   substantial number of hosts using TCP/IP that do not need network
+   layer connectivity outside the enterprise.
+
+   Some examples, where external connectivity might not be required,
+   are:
+
+      - A large airport which has its arrival/departure displays
+        individually addressable via TCP/IP. It is very unlikely that
+        these displays need to be directly accessible from other
+         networks.
+
+      - Large organisations like banks and retail chains are switching
+        to TCP/IP for their internal communication.  Large numbers of
+        local workstations like cash registers, money machines, and
+        equipment at clerical positions rarely need to have such
+        connectivity.
+
+
+
+
+
+
+Rekhter, Moskowitz, Karrenberg & de Groot                       [Page 2]
+
+RFC 1597        Address Allocation for Private Internets      March 1994
+
+
+      - For security reasons, many enterprises use application layer
+        gateways (e.g., firewalls) to connect their internal network to
+        the Internet.  The internal network usually does not have direct
+        access to the Internet, thus only one or more firewall hosts are
+        visible from the Internet.  In this case, the internal network
+        can use non-unique IP numbers.
+
+      - If two enterprises communicate over their own private link,
+        usually only a very limited set of hosts is mutually reachable
+        from the other enterprise over this link. Only those hosts need
+        globally unique IP numbers.
+
+      - Interfaces of routers on an internal network usually do not
+        need to be directly accessible from outside the enterprise.
+
+3. Private Address Space
+
+   The Internet Assigned Numbers Authority (IANA) has reserved the
+   following three blocks of the IP address space for private networks:
+
+        10.0.0.0        -   10.255.255.255
+        172.16.0.0      -   172.31.255.255
+        192.168.0.0     -   192.168.255.255
+
+   We will refer to the first block as "24-bit block", the second as
+   "20-bit block, and to the third as "16-bit" block.  Note that the
+   first block is nothing but a single class A network number, while the
+   second block is a set of 16 contiguous class B network numbers, and
+   third block is a set of 255 contiguous class C network numbers.
+
+   An enterprise that decides to use IP addresses out of the address
+   space defined in this document can do so without any coordination
+   with IANA or an Internet registry.  The address space can thus be
+   used by many enterprises.  Addresses within this private address
+   space will only be unique within the enterprise.
+
+   As before, any enterprise that needs globally unique address space is
+   required to obtain such addresses from an Internet registry.  An
+   enterprise that requests IP addresses for its external connectivity
+   will never be assigned addresses from the blocks defined above.
+
+   In order to use private address space, an enterprise needs to
+   determine which hosts do not need to have network layer connectivity
+   outside the enterprise in the foreseeable future.  Such hosts will be
+   called private hosts, and will use the private address space defined
+   above.  Private hosts can communicate with all other hosts inside the
+   enterprise, both public and private.  However, they cannot have IP
+   connectivity to any external host.  While not having external network
+
+
+
+Rekhter, Moskowitz, Karrenberg & de Groot                       [Page 3]
+
+RFC 1597        Address Allocation for Private Internets      March 1994
+
+
+   layer connectivity private hosts can still have access to external
+   services via application layer relays.
+
+   All other hosts will be called public and will use globally unique
+   address space assigned by an Internet Registry.  Public hosts can
+   communicate with other hosts inside the enterprise both public and
+   private and can have IP connectivity to external public hosts.
+   Public hosts do not have connectivity to private hosts of other
+   enterprises.
+
+   Moving a host from private to public or vice versa involves a change
+   of IP address.
+
+   Because private addresses have no global meaning, routing information
+   about private networks shall not be propagated on inter-enterprise
+   links, and packets with private source or destination addresses
+   should not be forwarded across such links.  Routers in networks not
+   using private address space, especially those of Internet service
+   providers, are expected to be configured to reject (filter out)
+   routing information about private networks.  If such a router
+   receives such information the rejection shall not be treated as a
+   routing protocol error.
+
+   Indirect references to such addresses should be contained within the
+   enterprise.  Prominent examples of such references are DNS Resource
+   Records and other information referring to internal private
+   addresses.  In particular, Internet service providers should take
+   measures to prevent such leakage.
+
+4. Advantages and Disadvantages of Using Private Address Space
+
+   The obvious advantage of using private address space for the Internet
+   at large is to conserve the globally unique address space by not
+   using it where global uniqueness is not required.
+
+   Enterprises themselves also enjoy a number of benefits from their
+   usage of private address space: They gain a lot of flexibility in
+   network design by having more address space at their disposal than
+   they could obtain from the globally unique pool.  This enables
+   operationally and administratively convenient addressing schemes as
+   well as easier growth paths.
+
+   For a variety of reasons the Internet has already encountered
+   situations where an enterprise that has not between connected to the
+   Internet had used IP address space for its hosts without getting this
+   space assigned from the IANA.  In some cases this address space had
+   been already assigned to other enterprises.  When such an enterprise
+   later connects to the Internet, it could potentially create very
+
+
+
+Rekhter, Moskowitz, Karrenberg & de Groot                       [Page 4]
+
+RFC 1597        Address Allocation for Private Internets      March 1994
+
+
+   serious problems, as IP routing cannot provide correct operations in
+   presence of ambiguous addressing.  Using private address space
+   provides a safe choice for such enterprises, avoiding clashes once
+   outside connectivity is needed.
+
+   One could argue that the potential need for renumbering represents a
+   significant drawback of using the addresses out of the block
+   allocated for private internets.  However, we need to observe that
+   the need is only "potential", since many hosts may never move into
+   the third category, and an enterprise may never decide to
+   interconnect (at IP level) with another enterprise.
+
+   But even if renumbering has to happen, we have to observe that with
+   Classless Inter-Domain Routing (CIDR) an enterprise that is connected
+   to the Internet may be encouraged to renumber its public hosts, as it
+   changes its Network Service Providers.  Thus renumbering is likely to
+   happen more often in the future, regardless of whether an enterprise
+   does or does not use the addresses out of the block allocated for
+   private networks.  Tools to facilitate renumbering (e.g., DHCP) would
+   certainly make it less of a concern.
+
+   Also observe that the clear division of public and private hosts and
+   the resulting need to renumber makes uncontrolled outside
+   connectivity more difficult, so to some extend the need to renumber
+   could be viewed as an advantage.
+
+5. Operational Considerations
+
+   A recommended strategy is to design the private part of the network
+   first and use private address space for all internal links.  Then
+   plan public subnets at the locations needed and design the external
+   connectivity.
+
+   This design is not fixed permanently.  If a number of hosts require
+   to change status later this can be accomplished by renumbering only
+   the hosts involved and installing another physical subnet if
+   required.
+
+   If a suitable subnetting scheme can be designed and is supported by
+   the equipment concerned, it is advisable to use the 24-bit block of
+   private address space and make an addressing plan with a good growth
+   path.  If subnetting is a problem, the 16-bit class C block, which
+   consists of 255 contiguous class C network numbers, can be used.
+
+   Using multiple IP (sub)nets on the same physical medium has many
+   pitfalls. We recommend to avoid it unless the operational problems
+   are well understood and it is proven that all equipment supports this
+   properly.
+
+
+
+Rekhter, Moskowitz, Karrenberg & de Groot                       [Page 5]
+
+RFC 1597        Address Allocation for Private Internets      March 1994
+
+
+   Moving a single host between private and public status will involve a
+   change of address and in most cases physical connectivity.  In
+   locations where such changes can be foreseen (machine rooms etc.)  it
+   may be advisable to configure separate physical media for public and
+   private subnets to facilitate such changes.
+
+   Changing the status of all hosts on a whole (sub)network can be done
+   easily and without disruption for the enterprise network as a whole.
+   Consequently it is advisable to group hosts whose connectivity needs
+   might undergo similar changes in the future on their own subnets.
+
+   It is strongly recommended that routers which connect enterprises to
+   external networks are set up with appropriate packet and routing
+   filters at both ends of the link in order to prevent packet and
+   routing information leakage.  An enterprise should also filter any
+   private networks from inbound routing information in order to protect
+   itself from ambiguous routing situations which can occur if routes to
+   the private address space point outside the enterprise.
+
+   Groups of organisations which foresee a big need for mutual
+   communication can consider forming an enterprise by designing a
+   common addressing plan supported by the necessary organisational
+   arrangements like a registry.
+
+   If two sites of the same enterprise need to be connected using an
+   external service provider, they can consider using an IP tunnel to
+   prevent packet leaks form the private network.
+
+   A possible approach to avoid leaking of DNS RRs is to run two
+   nameservers, one external server authoritative for all globally
+   unique IP addresses of the enterprise and one internal nameserver
+   authoritative for all IP addresses of the enterprise, both public and
+   private.  In order to ensure consistency both these servers should be
+   configured from the same data of which the external nameserver only
+   receives a filtered version.
+
+   The resolvers on all internal hosts, both public and private, query
+   only the internal nameserver.  The external server resolves queries
+   from resolvers outside the enterprise and is linked into the global
+   DNS.  The internal server forwards all queries for information
+   outside the enterprise to the external nameserver, so all internal
+   hosts can access the global DNS.  This ensures that information about
+   private hosts does not reach resolvers and nameservers outside the
+   enterprise.
+
+
+
+
+
+
+
+Rekhter, Moskowitz, Karrenberg & de Groot                       [Page 6]
+
+RFC 1597        Address Allocation for Private Internets      March 1994
+
+
+6. References
+
+   [1] Gerich, E., "Guidelines for Management of IP Address Space", RFC
+       1466, Merit Network, Inc., May 1993.
+
+7. Security Considerations
+
+   While using private address space can improve security, it is not a
+   substitute for dedicated security measures.
+
+8. Conclusion
+
+   With the described scheme many large enterprises will need only a
+   relatively small block of addresses from the globally unique IP
+   address space.  The Internet at large benefits through conservation
+   of globally unique address space which will effectively lengthen the
+   lifetime of the IP address space. The enterprises benefit from the
+   increased flexibility provided by a relatively large private address
+   space.
+
+9. Acknowledgments
+
+   We would like to thank Tony Bates (RIPE NCC), Jordan Becker (ANS),
+   Hans-Werner Braun (SDSC), Ross Callon (Wellfleet), John Curran
+   (NEARNET), Vince Fuller (Barrnet), Tony Li (cisco Systems), Anne Lord
+   (RIPE NCC), Milo Medin (NSI), Marten Terpstra (RIPE NCC), and Geza
+   Turchanyi (RIPE NCC) for their review and constructive comments.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Rekhter, Moskowitz, Karrenberg & de Groot                       [Page 7]
+
+RFC 1597        Address Allocation for Private Internets      March 1994
+
+
+10. Authors' Addresses
+
+   Yakov Rekhter
+   T.J. Watson Research Center, IBM Corp.
+   P.O. Box 218
+   Yorktown Heights, NY, 10598
+
+   Phone: +1 914 945 3896
+   Fax: +1 914 945 2141
+   EMail: yakov@watson.ibm.com
+
+
+   Robert G Moskowitz
+   Chrysler Corporation
+   CIMS: 424-73-00
+   25999 Lawrence Ave
+   Center Line, MI 48015
+
+   Phone: +1 810 758 8212
+   Fax: +1 810 758 8173
+   EMail: 3858921@mcimail.com
+
+
+   Daniel Karrenberg
+   RIPE Network Coordination Centre
+   Kruislaan 409
+   1098 SJ Amsterdam, the Netherlands
+
+   Phone: +31 20 592 5065
+   Fax: +31 20 592 5090
+   EMail: Daniel.Karrenberg@ripe.net
+
+
+   Geert Jan de Groot
+   RIPE Network Coordination Centre
+   Kruislaan 409
+   1098 SJ Amsterdam, the Netherlands
+
+   Phone: +31 20 592 5065
+   Fax: +31 20 592 5090
+   EMail: GeertJan.deGroot@ripe.net
+
+
+
+
+
+
+
+
+
+
+Rekhter, Moskowitz, Karrenberg & de Groot                       [Page 8]
+