When does an experiment in networking technology become a public utility? Does it happen on a single date, or is it a more gradual process of incremental change? And at what point do you change that way in which resources are managed to admit a broader of public interests? And how are such interests to be expressed in the context of the network itself, in terms of the players, their motivation and the level of common interest in one network? While many may be of the view that this has already happened some years ago in the case of the Internet, when you take a global perspective many parts of the world are only recently coming to appreciate the significant role of the Internet in the broader context of enablers of national wealth.
I'd like to take one example here to illustrate the forms of issues that arise when public policy considerations of a national nature are added into a resource management debate.
It could well be that November 2005 is recorded one of the landmark months in the continuing story of the Internet. That month sees the culmination of some years of preparation for the World Summit on the Information Society, and it will be the time when a relatively complete set of national delegations will meet, consider and ultimately vote on a set of resolutions about the future structure of the global communications industry from the perspective of an international public policy perspective. It's not the only show in town of course and a few weeks later the Internet Corporation for the Assignment of Names and Numbers will meet in Vancouver, and continue their endeavours in advising the government of the United States of America as to appropriate decisions regarding the carriage of the domain name system, protocol parameter assignment and the distribution of address resources, in the expectation that in the following year ICANN will assume a greater level of autonomy in undertaking this role.
In looking at the various perspectives that come to bear of these issues, the area of address distribution policy is certainly illustrative of the broader picture. So in this article I'd like to take a look at the ITU-T's proposal for introducing competition into the allocation of IP addresses through the proposed establishment of national IPv6 address registries. We will examine some of the assumptions about IP addresses that underlie the proposal and look at the significant issues that the proposal raises regarding Internet infrastructure and the related task of address resource management. It is certainly the case that the basic assumptions about the role of addresses in the Internet that underlie this proposal are very important ones to consider, as they tend to be consistent themes of many resources that form a public good. However, it is also the case that the proposal as it stands could trigger some unpalatable unintended outcomes for the Internet, and some likely unpalatable consequences for all of us as users of this rather unique public utility.
In November of 2004 a proposal has been made for the introduction of competition into the system of allocation of IP addresses.
The proposal has been made by Houlin Zhao of the ITU-T, and calls for the ITU-T to establish new IPv6 address registries in each nation, each of which would compete with the existing Regional Internet Registries (RIRs). This proposal has been published as part of the broader program of work associated with Phase II of the World Summit on the Information Society.
A summary of the essential elements of this proposal is:
• To allocate an IPv6 address block to the ITU-T, who would then allocate to each nation a contiguous address block, sufficient to meet the needs of its national population.
The precise nature of how the size of such national address blocks would be determined is not specified in the proposal, so details as to what would constitute a national requirement and the anticipated timeframe of such an allocation is also not described.
• That each nation would establish a national registry framework to manage their national address block.
Whether this would be established as a central service entity within each nation, or a set of such entities within each nation, is not covered in the proposal. Whether this would be a function of a public agency or one that is part of a national, deregulated industry structure or some other arrangement is not specified.
• That each nation would be able to set whatever policies for address management that they felt to be appropriate for their individual national situation.
In setting up such a framework of national address management, aspects of national sovereignty must be recognised. Any overall structure that is proposed is of the form of a recommendation rather than a binding commitment that nations must adhere to.
• That such national address registries would be expected to operate in competition with the established Regional Internet Registry (RIR) system.
• That domestic entities would have a choice of obtaining IPv6 address space using a RIR or using the national address registry service.
Some Assumptions about Address Attributes
There are a number of underlying assumptions about the characteristics of IPv6 addresses that lie behind the ITU-T's proposal, and it is useful to enumerate these in broad terms.
• Addresses are a global resource
Addresses are just numbers - they are an enabler for communications services.
By inference of their property of being a intrinsic component of a global communications infrastructure, IP addresses are also validly to be considered as a global resource. In the context of the ITU-T's perspective of global activities as being a matter of coordination and collaboration of various national activities, the logical implication is that this is an international issue of resource allocation, and the resource should be distributed in a manner that is fair in terms of relative amounts of resource allocation to each national entity.
• Addresses are a public resource
Nations should be able to express their preferences as to how addresses are spread around.
Public communications systems form part of a public utility service, and the components of their infrastructure can be validly considered as resources that form part of a public good. Following this line of argument, as a public resource, national public policy processes should be capable of setting national address access, distribution and use policies, as determined by national policy environments.
• Addresses are a critical resource
If a national community cannot gain access to addresses then bad things may result for that community.
Each nation should be able to secure national access to address resources irrespective of actions by other national entities, or indeed by any entity that does not fall within the national domain.
• Addresses are a network resource
Deployment of communications services and access to addresses go hand-in-hand.
Access to the benefits of Internet-based communications services by a national community are predicated by enabling access to address resources by that community. Securing access to addresses by national communities is not an end in and of itself, but is an essential prerequisite for utilizing the benefits and opportunities of access to the common communications service.
• Addresses are an infinite resource
Addresses may have to last for a very long time.
This is perhaps an overstatement of the assumption. The key aspect here is that the total capacity of the address plant is sufficient to accommodate the cumulative sum of national requirements across some 200 nations, in addition to the requirements of the established RIR system. Irrespective of the mechanism of determining national allocations, there is assumed to be sufficient address resources available to meet these additional requirements.
Some Issues with the proposal
As it stands, the proposal raises some significant issues that appear to be counter to the experience gained to date in the deployment of Internet infrastructure and the related task of address resource management. While this is not a complete list, and does not represent an exhaustive analysis of each of these issues, the following is a summary of the most apparent areas where the proposal raises matters of concern.
• The proposal leads to the creation of policy confusion in addressing
The ITU-T framework respects national sovereignty, and does not operate though mandate, but uses a structure of recommendations.
Allowing each national address registry to operate under a nationally determined policy does not induce an outcome of conformity across all policy regimes. The expression of concern here is that this has a direct impact on the stable and scaleable operation of the Internet's routing system, and also leads to concerns about the authenticity of addresses described in associated route objects. There is a relatively high level of aggregation constraint that is necessary to ensure that the routing environment continues to scale to the size of the network. It is unclear how such a diverse set of address policy domains will be capable of expressing this necessary common constraint. In addition, in a broad spectrum of national public policy regimes it is reasonable to expect that some regimes may elect to associate binding national address use policies with national address distribution channels. To date the policies that can be expressed in the network relate to path preference selection, while address use constraints, such as variations of propagation controls, have proved difficult to integrate into the routing system.
• The proposal does not align to regional and global business models
The Internet has developed in a regime of progressive liberalization of the global telecommunications environment. Many industry players operate in a number of national regimes. If an enterprise had to operate their network within the constraints of a collection of address policies, and likely also a collection of diverse and potentially conflicting national address use policies, it would impose a significant additional imposition on industry. Does it ultimately benefit the provider or the end user if a global or regional service enterprise is required to deal with up to 200 different address sources, each with various potential use constraints placed on such addresses?
• The proposal creates competition regimes based on policy dilution
The likely outcome of competitive address distribution systems in an unregulated regime would be the progressive dilution of associated access policies and procedures, and a continuing acceleration in address space allocation rates. This would lead to premature exhaustion of the entire address pool, even one as large at the IPv6 address space, resulting from poor constraint signalling within the market due to the partitioned nature of the market and the particular nature of addresses as a market commodity. This outcome would appear to compromise the fundamental goals of responsible stewardship of a finite, common public resource, and would create irrevocable outcomes resulting from an artificially induced excessive consumption of the resource.
• The proposal creates impetus for rapid consumption through address hoarding
The poor level of market signalling in such a competitive, partitioned supply system would increase the constraint of perceptions of a finite supply. Together with common policy dilution, as well as deliberate maintenance of national address reserves, this would rapidly lead to induced rapid consumption of the entire available resource. This hoarding behaviour, coupled with the exhaustion of the neutral supply of new addresses into the market, would lead to the generation of trading markets, where addresses are placed into the role of a commodity supply. The consequent distortion of the role of addresses would have negative impacts on the network, running the risk of addresses being withheld from the network so that they could be released with potentially higher exploitative returns on the associated trading market. This also leads to incentives for address fraud in order to reap the rewards of generating more addresses into the trading market for rapid financial gain. It is also possible for national entities to see this as a form of foreign income, in the same manner as existing practices in certain country code domain names. This could result in national address blocks being deliberately withheld from meeting local needs in order to facilitate the formation of a trading market upon which the withheld resources could be played as a foreign currency revenue stream. To call this form of outcome chaotic and undesirable should be considered an understatement.
• The proposal has no visible relationship to known routing capabilities
Address distribution functions are deliberately constrained in order to achieve a number of common outcomes. One of these outcomes is to limit the number of address prefixes that enter the routing system, in order to ensure that the routing system stays within the constraints of the capabilities of the routing system. The removal of that constraint through the progressive dilution of address distribution policies as they relate to aggregation capability would potentially place unconstrained growth strains on the routing system. There is also the risk that national address use constraints would be introduced which would assume a level of policy-based control over route propagation that would conflict with the capability of Internet routing technology.
• The proposal eliminates the common interest in one network
This proposal may well place shorter term national interests above the common network interest, leading to a localized set of interests being considered more important than the network itself. The question here is whether national registry structures will be willing to apply constraints to their function in order to meet a common objective of a scaleable and sustainable routing system. Environmental economics has previously demonstrated that, in such situations, it is often the case that longer term, common interests are not given primary importance.
• - The proposal compromises any hope of enhancing routing integrity and security
The proposal eliminates the goal of a robust and resilient trust hierarchy to support a viable, secure network routing environment. Distributed trust systems, such as those being proposed for securing inter-domain routing and securing the integrity of the address plant when it is passed into the routing environment, rely on a clear grounding in reliable trust anchors. It is an open question whether every nation state at all times would be able to operate such a system at such levels of integrity. This question is particularly relevant when there are potential benefits in operating an address registry in a competitive environment where the competition discriminator includes policy dilution.
• - The proposal creates further churn in perceptions of the stability and viability of IPv6
In the case of the Internet, addressing lies at the very heart of the network. Without a framework of stable, unique and ubiquitous addresses there is no single cohesive network. Without a continuing stable supply of addresses, further growth of the network simply cannot be sustained. Without absolute confidence in the continuing stability in this supply chain, the global communications industry will inevitably be forced to look elsewhere for a suitable technology platform to meet the needs of networked data communications. If the industry is pushed into such an uncomfortable position of turning its attention elsewhere, simply because the Internet is incapable of operating its infrastructure in a stable, consistent and cost effective manner, this would be a most unfortunate, unintended outcome for the Internet and the billions of current and future users of this uniquely valuable common resource.
Some Options to Respond
There are some options for consideration by a broader community of stakeholders related to this proposal. On the basis of a considerable body of experience gained in the task of address stewardship of Internet protocol addresses there are a number of ways in which the stakeholder communities could offer some form of contribution to the ITU-T and also to the World Summit for the Internet Society, wherein this ITU-T proposal may be considered.
Agree: It may be that the general perception of the benefits of this form of diversity of address distribution far outweigh the concerns here, in which case the appropriate option may be to encourage this proposal to move forward.
Disagree: On the other hand, it may be that the general perception of the risks associated with this proposal are at such a level that the proposal, if implemented in any form, would unleash an irrevocable set of actions that would threaten the future viability of adoption of the IPv6 global network. In such a case it would be responsible to disagree strongly with the proposal and highlight the basis upon which such disagreement is based.
Discuss: Another option is to "discuss". If there is a perception of some degree of validity in the set of assumptions relating to attributes of addresses, and in the related proposition that national interests are an integral component of this environment, then further discussion would be an appropriate course of action. In such a scenario there may be value in an exploration of mechanisms that could accommodate the underlying perspectives and mitigate, or even eliminate, the set of concerns associated with the current ITU-T proposal.
Much time, effort, money and hope has been invested in the World Summit on the Information Society over the past several years. It is reasonable to predict that there will be a number of resolutions passed at this summit, and little doubt that some of these resolutions will take stances that are at some variance with the current structure. Whether we will be capable of achieving a wise and sustaining balance between these public sector interests and the strictures of common constraint that enable cost effective technology to be deployed efficiently in a public utility mode is just one of those areas where we will probably need to wait to find out.
By Geoff Huston, Author & Chief Scientist at APNIC. (The above views do not necessarily represent the views of the Asia Pacific Network Information Centre.)
|Cybersquatting||Policy & Regulation|
|DNS Security||Registry Services|
|IP Addressing||White Space|
Neustar DDoS Protection
Minds + Machines
Neustar DNS Services