Home / Blogs

Address Policies

Geoff Huston

When does an experiment in networking technology become a public utility? Does it happen on a single date, or is it a more gradual process of incremental change? And at what point do you change that way in which resources are managed to admit a broader of public interests? And how are such interests to be expressed in the context of the network itself, in terms of the players, their motivation and the level of common interest in one network? While many may be of the view that this has already happened some years ago in the case of the Internet, when you take a global perspective many parts of the world are only recently coming to appreciate the significant role of the Internet in the broader context of enablers of national wealth.

I'd like to take one example here to illustrate the forms of issues that arise when public policy considerations of a national nature are added into a resource management debate.

It could well be that November 2005 is recorded one of the landmark months in the continuing story of the Internet. That month sees the culmination of some years of preparation for the World Summit on the Information Society, and it will be the time when a relatively complete set of national delegations will meet, consider and ultimately vote on a set of resolutions about the future structure of the global communications industry from the perspective of an international public policy perspective. It's not the only show in town of course and a few weeks later the Internet Corporation for the Assignment of Names and Numbers will meet in Vancouver, and continue their endeavours in advising the government of the United States of America as to appropriate decisions regarding the carriage of the domain name system, protocol parameter assignment and the distribution of address resources, in the expectation that in the following year ICANN will assume a greater level of autonomy in undertaking this role.

In looking at the various perspectives that come to bear of these issues, the area of address distribution policy is certainly illustrative of the broader picture. So in this article I'd like to take a look at the ITU-T's proposal for introducing competition into the allocation of IP addresses through the proposed establishment of national IPv6 address registries. We will examine some of the assumptions about IP addresses that underlie the proposal and look at the significant issues that the proposal raises regarding Internet infrastructure and the related task of address resource management. It is certainly the case that the basic assumptions about the role of addresses in the Internet that underlie this proposal are very important ones to consider, as they tend to be consistent themes of many resources that form a public good. However, it is also the case that the proposal as it stands could trigger some unpalatable unintended outcomes for the Internet, and some likely unpalatable consequences for all of us as users of this rather unique public utility.

The Proposal

In November of 2004 a proposal has been made for the introduction of competition into the system of allocation of IP addresses.

The proposal has been made by Houlin Zhao of the ITU-T, and calls for the ITU-T to establish new IPv6 address registries in each nation, each of which would compete with the existing Regional Internet Registries (RIRs). This proposal has been published as part of the broader program of work associated with Phase II of the World Summit on the Information Society.

A summary of the essential elements of this proposal is:

• To allocate an IPv6 address block to the ITU-T, who would then allocate to each nation a contiguous address block, sufficient to meet the needs of its national population.

The precise nature of how the size of such national address blocks would be determined is not specified in the proposal, so details as to what would constitute a national requirement and the anticipated timeframe of such an allocation is also not described.

• That each nation would establish a national registry framework to manage their national address block.

Whether this would be established as a central service entity within each nation, or a set of such entities within each nation, is not covered in the proposal. Whether this would be a function of a public agency or one that is part of a national, deregulated industry structure or some other arrangement is not specified.

• That each nation would be able to set whatever policies for address management that they felt to be appropriate for their individual national situation.

In setting up such a framework of national address management, aspects of national sovereignty must be recognised. Any overall structure that is proposed is of the form of a recommendation rather than a binding commitment that nations must adhere to.

• That such national address registries would be expected to operate in competition with the established Regional Internet Registry (RIR) system.

• That domestic entities would have a choice of obtaining IPv6 address space using a RIR or using the national address registry service.

Some Assumptions about Address Attributes

There are a number of underlying assumptions about the characteristics of IPv6 addresses that lie behind the ITU-T's proposal, and it is useful to enumerate these in broad terms.

• Addresses are a global resource

Addresses are just numbers - they are an enabler for communications services.

By inference of their property of being a intrinsic component of a global communications infrastructure, IP addresses are also validly to be considered as a global resource. In the context of the ITU-T's perspective of global activities as being a matter of coordination and collaboration of various national activities, the logical implication is that this is an international issue of resource allocation, and the resource should be distributed in a manner that is fair in terms of relative amounts of resource allocation to each national entity.

• Addresses are a public resource

Nations should be able to express their preferences as to how addresses are spread around.

Public communications systems form part of a public utility service, and the components of their infrastructure can be validly considered as resources that form part of a public good. Following this line of argument, as a public resource, national public policy processes should be capable of setting national address access, distribution and use policies, as determined by national policy environments.

• Addresses are a critical resource

If a national community cannot gain access to addresses then bad things may result for that community.

Each nation should be able to secure national access to address resources irrespective of actions by other national entities, or indeed by any entity that does not fall within the national domain.

• Addresses are a network resource

Deployment of communications services and access to addresses go hand-in-hand.

Access to the benefits of Internet-based communications services by a national community are predicated by enabling access to address resources by that community. Securing access to addresses by national communities is not an end in and of itself, but is an essential prerequisite for utilizing the benefits and opportunities of access to the common communications service.

• Addresses are an infinite resource

Addresses may have to last for a very long time.

This is perhaps an overstatement of the assumption. The key aspect here is that the total capacity of the address plant is sufficient to accommodate the cumulative sum of national requirements across some 200 nations, in addition to the requirements of the established RIR system. Irrespective of the mechanism of determining national allocations, there is assumed to be sufficient address resources available to meet these additional requirements.

Some Issues with the proposal

As it stands, the proposal raises some significant issues that appear to be counter to the experience gained to date in the deployment of Internet infrastructure and the related task of address resource management. While this is not a complete list, and does not represent an exhaustive analysis of each of these issues, the following is a summary of the most apparent areas where the proposal raises matters of concern.

• The proposal leads to the creation of policy confusion in addressing

The ITU-T framework respects national sovereignty, and does not operate though mandate, but uses a structure of recommendations.

Allowing each national address registry to operate under a nationally determined policy does not induce an outcome of conformity across all policy regimes. The expression of concern here is that this has a direct impact on the stable and scaleable operation of the Internet's routing system, and also leads to concerns about the authenticity of addresses described in associated route objects. There is a relatively high level of aggregation constraint that is necessary to ensure that the routing environment continues to scale to the size of the network. It is unclear how such a diverse set of address policy domains will be capable of expressing this necessary common constraint. In addition, in a broad spectrum of national public policy regimes it is reasonable to expect that some regimes may elect to associate binding national address use policies with national address distribution channels. To date the policies that can be expressed in the network relate to path preference selection, while address use constraints, such as variations of propagation controls, have proved difficult to integrate into the routing system.

• The proposal does not align to regional and global business models

The Internet has developed in a regime of progressive liberalization of the global telecommunications environment. Many industry players operate in a number of national regimes. If an enterprise had to operate their network within the constraints of a collection of address policies, and likely also a collection of diverse and potentially conflicting national address use policies, it would impose a significant additional imposition on industry. Does it ultimately benefit the provider or the end user if a global or regional service enterprise is required to deal with up to 200 different address sources, each with various potential use constraints placed on such addresses?

• The proposal creates competition regimes based on policy dilution

The likely outcome of competitive address distribution systems in an unregulated regime would be the progressive dilution of associated access policies and procedures, and a continuing acceleration in address space allocation rates. This would lead to premature exhaustion of the entire address pool, even one as large at the IPv6 address space, resulting from poor constraint signalling within the market due to the partitioned nature of the market and the particular nature of addresses as a market commodity. This outcome would appear to compromise the fundamental goals of responsible stewardship of a finite, common public resource, and would create irrevocable outcomes resulting from an artificially induced excessive consumption of the resource.

• The proposal creates impetus for rapid consumption through address hoarding

The poor level of market signalling in such a competitive, partitioned supply system would increase the constraint of perceptions of a finite supply. Together with common policy dilution, as well as deliberate maintenance of national address reserves, this would rapidly lead to induced rapid consumption of the entire available resource. This hoarding behaviour, coupled with the exhaustion of the neutral supply of new addresses into the market, would lead to the generation of trading markets, where addresses are placed into the role of a commodity supply. The consequent distortion of the role of addresses would have negative impacts on the network, running the risk of addresses being withheld from the network so that they could be released with potentially higher exploitative returns on the associated trading market. This also leads to incentives for address fraud in order to reap the rewards of generating more addresses into the trading market for rapid financial gain. It is also possible for national entities to see this as a form of foreign income, in the same manner as existing practices in certain country code domain names. This could result in national address blocks being deliberately withheld from meeting local needs in order to facilitate the formation of a trading market upon which the withheld resources could be played as a foreign currency revenue stream. To call this form of outcome chaotic and undesirable should be considered an understatement.

• The proposal has no visible relationship to known routing capabilities

Address distribution functions are deliberately constrained in order to achieve a number of common outcomes. One of these outcomes is to limit the number of address prefixes that enter the routing system, in order to ensure that the routing system stays within the constraints of the capabilities of the routing system. The removal of that constraint through the progressive dilution of address distribution policies as they relate to aggregation capability would potentially place unconstrained growth strains on the routing system. There is also the risk that national address use constraints would be introduced which would assume a level of policy-based control over route propagation that would conflict with the capability of Internet routing technology.

• The proposal eliminates the common interest in one network

This proposal may well place shorter term national interests above the common network interest, leading to a localized set of interests being considered more important than the network itself. The question here is whether national registry structures will be willing to apply constraints to their function in order to meet a common objective of a scaleable and sustainable routing system. Environmental economics has previously demonstrated that, in such situations, it is often the case that longer term, common interests are not given primary importance.

• - The proposal compromises any hope of enhancing routing integrity and security

The proposal eliminates the goal of a robust and resilient trust hierarchy to support a viable, secure network routing environment. Distributed trust systems, such as those being proposed for securing inter-domain routing and securing the integrity of the address plant when it is passed into the routing environment, rely on a clear grounding in reliable trust anchors. It is an open question whether every nation state at all times would be able to operate such a system at such levels of integrity. This question is particularly relevant when there are potential benefits in operating an address registry in a competitive environment where the competition discriminator includes policy dilution.

• - The proposal creates further churn in perceptions of the stability and viability of IPv6

In the case of the Internet, addressing lies at the very heart of the network. Without a framework of stable, unique and ubiquitous addresses there is no single cohesive network. Without a continuing stable supply of addresses, further growth of the network simply cannot be sustained. Without absolute confidence in the continuing stability in this supply chain, the global communications industry will inevitably be forced to look elsewhere for a suitable technology platform to meet the needs of networked data communications. If the industry is pushed into such an uncomfortable position of turning its attention elsewhere, simply because the Internet is incapable of operating its infrastructure in a stable, consistent and cost effective manner, this would be a most unfortunate, unintended outcome for the Internet and the billions of current and future users of this uniquely valuable common resource.

Some Options to Respond

There are some options for consideration by a broader community of stakeholders related to this proposal. On the basis of a considerable body of experience gained in the task of address stewardship of Internet protocol addresses there are a number of ways in which the stakeholder communities could offer some form of contribution to the ITU-T and also to the World Summit for the Internet Society, wherein this ITU-T proposal may be considered.

Agree: It may be that the general perception of the benefits of this form of diversity of address distribution far outweigh the concerns here, in which case the appropriate option may be to encourage this proposal to move forward.

Disagree: On the other hand, it may be that the general perception of the risks associated with this proposal are at such a level that the proposal, if implemented in any form, would unleash an irrevocable set of actions that would threaten the future viability of adoption of the IPv6 global network. In such a case it would be responsible to disagree strongly with the proposal and highlight the basis upon which such disagreement is based.

Discuss: Another option is to "discuss". If there is a perception of some degree of validity in the set of assumptions relating to attributes of addresses, and in the related proposition that national interests are an integral component of this environment, then further discussion would be an appropriate course of action. In such a scenario there may be value in an exploration of mechanisms that could accommodate the underlying perspectives and mitigate, or even eliminate, the set of concerns associated with the current ITU-T proposal.

Much time, effort, money and hope has been invested in the World Summit on the Information Society over the past several years. It is reasonable to predict that there will be a number of resolutions passed at this summit, and little doubt that some of these resolutions will take stances that are at some variance with the current structure. Whether we will be capable of achieving a wise and sustaining balance between these public sector interests and the strictures of common constraint that enable cost effective technology to be deployed efficiently in a public utility mode is just one of those areas where we will probably need to wait to find out.

By Geoff Huston, Author & Chief Scientist at APNIC. (The above views do not necessarily represent the views of the Asia Pacific Network Information Centre.)

Related topics: Cybersecurity, DNS, Enum, ICANN, Internet Protocol, IP Addressing, IPv6, Regional Registries


Don't miss a thing – get the Weekly Wrap delivered to your inbox.


Re: Address Policies Fergie  –  May 09, 2005 4:53 PM PDT

I have not seen a more detailed and rational description of the issues involved here. Great job, Geoff.

Re: Address Policies Suresh Ramasubramanian  –  May 09, 2005 6:40 PM PDT

Excellent. Though the origins of most of the opposition to the current structure can be summarized like this, is what I suspect:

* Large government owned telco + ISP is not too good at managing current address space, and finds it difficult to allocate new address space

* Customers of that ISP find it so difficult to prise addresses out of that ISP without high costs in bureaucracy and time that they resort to NAT'ting large networks, trying to run research labs off a single IP where they'd have at least a /24 elsewhere.

* The myth of IP address shortage spreads and is laid at the RIR's door

* The government owned telcos provide qualified experts in telecom public policy to their governments, which then recommend something like this.

There you go .. recipe for disaster

Re: Address Policies Matthew Elvey  –  May 14, 2005 4:08 PM PDT

Great introduction.

It would seem that the critical issue that Zhao's proposal intends to address is one of *allegedly* poorly run RIRs. 

It would seem that the critical issue of the proposal is the consequences of the incentive for policy dilution that it creates.

I think most observers and fair stakeholders will see that this proposal would be disastrous, but can its motivations be better addressed?

Are the RIRs policies set up to make it as clear as possible that they are being responsive?  It's rather difficult to make it clear that the RIRs, whose jobs are to sometimes say no to IP space requests, are nevertheless doing their jobs well, despite the dissatifaction that these 'NOs' often produce.  Would greater openness *in fact* help without compromising their task?  Can we contrast, e.g. RIR, ICANN, and IETF policies and their results?

Re: Address Policies Daniel Golding  –  May 23, 2005 8:40 PM PDT

The irony is that the RIRs are well run, for the most part. ICANN, the ITU and other more normative International organizations are, on the other hand, not in the same ball park, especially in terms of effectiveness.

Where is the line between deliberate falsehood and passionate advocacy? The "debate" surrounding RIRs and IPv6 is chock full of demonstrably untrue supositions such as the allegation of unfair address distribution. Do the folks who hold to such ideas realize that they are factually incorrect or are they well meaning but misinformed?

Suresh's comments concerning the PTTs are right on the mark - this is the result of government sponsored telecommunications entities that see addressing as another element to add to their quasi-monopolies. The RIRs present too uniform of a playing field, which clearly disagrees with government sponsored telco's, for whom self-identity and nationalism are uncomfortably intertwined. 

Re: Address Policies Alessandro Vesely  –  Aug 01, 2005 9:59 AM PDT

Even if Zhao's proposal is not the best technique for the assignment of IP addresses, it would be hightly desirable to bind each Internet user of an IP address to a National Governament.

Currently, we grab the country that an IP belongs to using techniques that are not official, not standardized, and not reliable. That is not sufficient for legal bindings, nor for applying any policy that requires legal support. We need an efficient and reliable way of determining an IP's Country of origin. Then, it is a technical point to reckon if assigning IPs on a per-Country basis is better or worse than an enhanced reverse lookup.

Let's not confuse those two points of view.

Re: Address Policies Matthew Elvey  –  Aug 01, 2005 11:49 AM PDT

In case it wasn't clear: I agree that the RIRs are both relatively and absolutely well-run.  I think it's appropriate to assume the line has been crossed into deliberate falsehood, and then figure out how to go from there.  Recent fabricated stories scandals suggest the mainstream media hasn't figured this out.

Ale: Given the expected continued prevalence of anonymous proxies, I see a (hypothetical) zero-cost, perfect IP:nation-state mapping as being only very slightly more useful than the current system; it would not provide the legal certainty you desire.

I can forsee Zhao's scheme leading to repetitions of past situations, (which have occurred in many if not most nations-the US and Peru come to mind, and there are probably contemporary examples) where getting a new # took months or years.

Re: Address Policies Alessandro Vesely  –  Aug 02, 2005 4:18 AM PDT

In the words of the Draft Declaration of Principles (verset 49/a) "policy authority for Internet-related public policy issues is the sovereign right of States. They have rights and responsibilities for international Internet-related public policy issues."

Thus the problem is not much with proxies, as they provide for explicit directives to get in direct touch with the user. Rather, the point is that National Governaments should take responsibility and liability for what their citizens do with IP addresses. It is a political question, but it requires clear and official statements as to which numbers have been assigned to which Nation. IMHO, that can be accomplished with an enhanced reverse-DNS or similar technology.

Zhao's proposal does not solve the problem of mapping IP addresses to Nations, since it provides for only a part of the IPv6 address space being assigned directly to National units, thereby missing IPv4 and the rest of IPv6.

To post comments, please login or create an account.

Related Blogs

Related News

Explore Topics

Dig Deeper

Afilias Mobile & Web Services

Mobile Internet

Sponsored by Afilias Mobile & Web Services

DNS Security

Sponsored by Afilias


Sponsored by Verisign

Promoted Posts

Now Is the Time for .eco

.eco launches globally at 16:00 UTC on April 25, 2017, when domains will be available on a first-come, first-serve basis. .eco is for businesses, non-profits and people committed to positive change for the planet. See list of registrars offering .eco more»

Industry Updates – Sponsored Posts

Verisign Named to the Online Trust Alliance's 2017 Audit and Honor Roll

Attacks Decrease by 23 Precent in 1st Quarter While Peak Attack Sizes Increase: DDoS Trends Report

Leading Internet Associations Strengthen Cooperation

Global Domain Name Registrations Reach 329.3 Million, 2.3 Million Growth in Last Quarter of 2016

Verisign Releases Q4 2016 DDoS Trends Report: 167% Increase in Average Peak Attack from 2015 to 2016

Neustar to be Acquired by Private Investment Group Led by Golden Gate Capital

Verisign Q3 2016 DDoS Trends Report: User Datagram Protocol (UDP) Flood Attacks Continue to Dominate

2016 U.S. Election: An Internet Forecast

Government Guidance for Email Authentication Has Arrived in USA and UK

Afilias Chairman Jonathan Robinson Wins ICANN's 2016 Leadership Award at ICANN 57

ValiMail Raises $12M for Its Email Authentication Service

MarkMonitor Supports Brand Holders' Efforts Regarding .Feedback Registry

Don't Gamble With Your DNS

Defending Against Layer 7 DDoS Attacks

Understanding the Risks of the Dark Web

New TLD? Make Sure It's Secure

Verisign Releases Q2 2016 DDoS Trends Report - Layer 7 DDoS Attacks a Growing Trend

How Savvy DDoS Attackers Are Using DNSSEC Against Us

Radix Adds Dyn as a DNS Service Provider

Facilitating a Trusted Web Space for Financial Service Professionals