FEATURE

The Prospect Of IP Renumbering

by Christine Hudgins-Bonafield

Nine months ago, the Internet was on the verge of collapse. A routing protocolimplementation problem coupled with the incessant flow of routing updatescaused periodic router shutdowns across multiple backbones. Major changesin routing information triggered scenarios in which backbone routers stoppedforwarding packets in deference to the enormous burden of processing thisrouting information.

Cisco Systems quickly issued a fix for its routers, which predominate ontoday's Internet backbones. Cisco also provided technology, known as routedampening, to reduce the frequency of updates and, therefore, reduce overhead.

Thus began a grace period. But some experts predict that by year's end theInternet may once again be in danger, unless steps are taken to remedy problemsassociated with the size of today's routing tables and the process usedto update them.

And those steps are generating a small firestorm in the Internet community,where many agree that the critical step is ensuring the hierarchical aggregationof addresses. The term sounds innocuous enough, but for small Internet ServiceProviders (ISPs) and all but the largest user organizations, it may meanhaving to renumber networks whenever a decision is made to change ISPs orupstream providers . And for users with "inefficient addresses,'' itmay mean renumbering even without a provider change-out.

In mid-April, the Internet Engineering Task Force (IETF) began putting thefinishing touches on a recommendation that users and ISPs renumber wheneverthey change service providers. But few seem thrilled with its logical outcome:Users and small ISPs must lock their organizations into a single provideror face the often expensive and complicated task of network renumbering.Small ISPs have an extra concern. They fear that users will go directlyto the large ISPs rather than risk facing a situation where a smaller ISPchanges providers, forcing its own customers to renumber.

The blunt assessment of Jeffrey Schiller, MIT's network manager and areadirector for security on the Internet Engineering Steering Group, is thatthe IETF has an over-representation of router vendors and large ISPs. Hesuggests that since users aren't around to protest, the large ISPs are shiftingtheir own pain onto the user community. "Users will be locked intotheir service provider," he says. "Their service provider canrake them over the coals and jerk them around, and in order to change providersthey will have to go through this painful renumbering process."

Others, including Harvard senior technical consultant, Sco tt Bradner, saythat if there was a better solution, ISPs would already be using it to winbusiness from those who don't want to renumber. The fundamental problemis one of physics, he says. While the size of the Internet doubles everynine months, the fast memory chips (SRAM) needed by routers double in storagecapacity only every 1.75 to two years. And it generally is thought thatthis type of memory can't be upgraded without installing new equipment.

How We Got There To understand why network renumbering appears increasinglyinevitable, some history helps. Before "the Internet phenomenon,''a user with five computers might go to the InterNIC and get the smallestaddress alloca tion, a class C, capable of supporting 254 machines. Abouttwo years ago, the realization that address space was dwindling and routerscould not handle table entries for each separate allocation led to a processcalled Classless Interdomain Routing (CIDR). The goal was to aggregate addressesto reduce routing table entries. I n addition, the InterNIC instructed bothusers and smaller ISPs that they should get addresses from their ISP oran upstream provider, rather than the InterNIC. The process meant that addresses-whichare allocated in ranges-could be used more efficiently.

The concept is sometimes compared to giving ISPs the equivalent of a telephonearea code, where backbone routing is simplified because there's only a setof area codes to work with rather than myriad individual telephone numbers.However, a key difference is that when users change "long distanceproviders," they aren't forced to change their telephone number. Today,even with aggregation, routers must support almost 35,000 routes. As theInternet grows, the problems compound.

Robert Hinden, software director of Ipsilon Networks and co-chair of theIETF's IPng Working group, says, "We're now finding that CIDR isn'tscaling as well as we thought it would" and "backbone routersare always at the point of 'falling over.'"

How Bad Is It? The most significant problem for backbone networks,given the growth of the Internet, is provisioning OC-3 and higher bandwidth.But maintaining router integrity remains an interwoven priority. Bradnerbelieves that if current practices continue and users do not take addresseswith them when they change providers, router integrity will be livable.

Sean Doran, Sprint's senior network engineer, however, believes that ifwe "just let things go" on the Internet, a nonfunctional Internetwould result in five to 10 months. "The Internet is held together inmany places by not much more than force of will, and any further pressureis very scary," he says. (For an expanded version of this article,including a Q&A with Doran, see http://www.Network Computing.com/docs/news.html).

Pushpendra Mohta, vice president and chief technical officer for CERFnet,also warns that if nothing is done, the Internet will become "unstableand unusable" by year's end. Mohta adds that if he turned off Cisco'sdampening code, backbone routers would be reduced to processing router updatesand not passing packets. That's living on a technological drop-off, andMohta would like to see solutions put in place that provide more movingroom.

But even though a wide range of solutions is being discussed, technologistsconsider many to be mere Band-Aids. Those that are not are often controversial.

Evaluating Alternatives Among the options being considered at theIETF or beyond are:

·A proposal about to be presented to the IETF to charge users and ISPsfor IP addresses and routing;

·ISP-based decisions to stop routing traffic for unaggregated addressesthat are seen as taking up too much room on routing tables;

·Investigating ways to make IP renumbering easier, including promotingIPv6, with its tools to automate the renumbering of hosts; designing networkswith renumbering in mind; expanded use of DHCP; and new efforts like theIETF's PIER Working Group, which is collecting and distributing informationabout methods and tools to help renumber IPv4 networks;

·Promoting technologies that hide internal organizations from the largerInternet, such as firewalls that include application gateways and priceynetwork address technology;

·IETF evaluation of a mapping/encapsulation scheme designed to simplifybackbone routing by adding a new 20-byte header to backbone traffic;

·Evaluating ways to ease the forced marriage of small ISPs to theirupstream providers, which is made necessary by address aggregation. Oneidea is blessing ISP cooperatives of sufficient size to obtain aggregatableaddresses on their own (so renumb ering only becomes necessary if a co-opmember leaves the co-op);

Paying the Piper Of course fees for addresses and routing are aptto be among the most controversial fixes, especially given the brouhahacaused by the InterNIC's decision last year to establish fees for domainnames.

In April, work was underway by Yakov Rekhter, Cisco's technical leader,to write an Internet draft on the topic of charging for route advertisements.Bradner says he has suggested that the proposal combine the concept of chargingfees for addresses with that of charging fees for advertising routes. Rekhtersays a key goal is to provide economic incentives for users and ISPs touse addresses that can be aggregated hierarchically. The problem today,says Rekhter, is that there are no financial incentives to renumber and,moreover, strong disincentives. Rekhter stressed, however, that the workin this area is still early and fundamental questions remain, like definingwhat might happen among providers of similar size and disparate size. Thereare also important questions about what types of fees should be charged,whether they should be for updates or routing table entries, and who shouldreceive funds from these charges. It was unclear in April whether the draftwould be ready for discussion at the IETF's meeting in June, but a birds-of-a-feathersession on the topic is planned.

Some, like Mohta, believe the best approach is to limit the routing chargesto those ISPs generating the most changes in router tables-a process knownas flapping, which tends to bring down routers. The largest backbone providerstend to generate the most flaps because they carry the most traffic, hesays. But many other providers come up with a disproportionate share, especiallyif they advertise the status of dial-up links.

Large providers single out small inexperienced ISPs as some of the worstflappers and suggest that educating these ISPs about the damage they causeis a pressing priority. But Bradner says there's also a minority of ISPsthat flap because it lessens the performance pressure on their own routers.By updating the entire world that a dial-up or other type of connectionis up or down, they save their own routers from having to discard packetsdestined for an unavailable location on their own network.

The problem with flappin g is leading many major backbone providers to peeronly with providers of a similar size. These providers then can police theirown downstream providers by aggregating their traffic and dampening, ordelaying, disproportionate updates. If fees are charged for flapping, thosefees are apt to be provider-to-provider charges, raising the specter amongsome settlements. Mohta, for example, believes the charges will have tobe part of a larger discussion on financial models for the Internet.

The other issue, says William Simpson, self-titled day-dreamer at Ann Arbor,Mich.-based Computer Systems Consulting Service, is that companies likeSprint and MCI really hate this kind proposal. They have vast numbers ofcustomers with unaggregated addresses and they want to continue making moneywithout causing pain for these customers, he says. Simpson says that smallerISPs actually announce fewer routes than the large ISPs, and he adds thatthe large ISPs would not be interested in paying each small ISP to advertiseroutes bec ause they'd lose money.

Still, if incentives, like route charges, can be found to assure hierarchicalaggregation, some believe a door will open allowing better use of addressspace. Their suggestion is to allow the transfer/sale of Internet addresses.Today, if an address is no longer in use (for example, through the decommissioningof a network), it can only be kept or returned to the InterNIC, not sold.One idea being explored is the creation of a second organization externalto the InterNIC-whether it's a brokerage, an auction or something else-inwhich addresses can be freely bought and sold. It would differ from theInterNIC, which requires that organizations present a business plan beforereceiving addresses and often provides fewer addresses than a start-up organizationmight want. The new organization might also provide an incentive for organizationsto renumber their networks in order to free up addresses that could be sold.

How much addresses would sell for is anyone's guess-and it's an issue withwhich the IETF cannot legally dabble. AT&ampT's Steve Bellovin toldIETF members that he understood that a $100,000 price tag was put on a ClassB address over the course of internal negotiations for AT&ampT's recentbreakup. But Bradner believes that price may be too high, especially comparedto the cost of using a few Class C blocks coupled with a firewall that hasapplication gateway functionality.

While many IETF members are enthusiastic about routing fees, the case foraddress fees is much fuzzier. In part, that's because some anticipate a"feeding frenzy" if things were opened up. Others suggest thatif users bought addresses, they'd insist on taking them along when theychanged providers. It also isn't exactly clear that there is a shortageof addresses. By some estimates, the Internet will have sufficient addressspace for something like 150 years. On the other hand, Bradner says if youdefine a shortage as people not being able to get as many addresses as theywant, we're already in its throes.

The School of Hard Knocks Yet another approach to addressing androuter meltdown issues is for ISPs to simply stop routing those addressesthat can't be readily aggregated. These addresses are typically newer addresses,obtained directly (beginning last summer) from the InterNIC by a user orsmall ISP. Last fall, Sprint made the controversial decision to head offimminent backbone router problems by failing to route those "inefficient"addresses that came to its network from other providers (see http://www.NetworkComputing.com/docs/news.html).

Sprint's Doran joins other ISP engineers in his belief that the effort helpednot only Sprint, but other ISPs. It did so by forcing smaller sho ps andindividuals to renumber, thus giving up space on the router that's equivalentto the space needed for organizations that can represent hundreds of thousandsof users. It also may have forced more users to consider going to an ISP,rather than directly to the InterNIC for addresses.

Doran says he is evaluating technology changes that could be made in conjunctionwith filtering inefficient addresses or that might even help Sprint to relaxits filtering policy. According to Doran, Sprint is now testing some toolsdeveloped by Cisco that would let it "dampen," or delay routerupdates, according to the efficiency of an address. If the address was aggregatedand the flap gentle, Sprint might decide to do nothing. But flapping froman inefficient address might be suppressed for several hours-leading tocustomer complaints that cause the ISP to investigate the problem. "Thatway, people will have an incentive either to aggregate their prefixes intobigger blocks, to renumber into aggregatable address space or to ensurethat their announcements are very stable on a long-term basis."

Doran suggests that some of the most important steps needed to be takento preserve Internet stability include: more mandatory aggregation, a crackdownon those producing instability and the evolu tion of a system that chargesthose who won't aggregate or those who flap for infrastructure upgrades.But the key to making network stability "less scary," he says,"is the development of tools that make network renumbering painless."

Easing the Renumbering Pains Today, IP renumbering is anything buteasy. Silicon Graphics, for instance, spent nearly $700,000 (and will bespending more) in the first few months of a long-term effort to renumberits global network of 150 sites and 7,000 hosts-and that's with a fairlyhomogenous host platform base.

Among the upfront costs faced by SGI was that of producing a script to renumberSGI machines automatically-something SGI believes could be generalized toother platforms and which its network manager plans to make available toothers. By the time SGI's renumbering staff of eight had piloted the scriptat five small sites, it was able to get the task down to 1.5 hours per site,but SGI staffers warn that renumbering can bring entire si tes down for aday.

Simpson remembers an effort to renumber Michigan universities back in 1989that took more than three months, "and that's with only a few thousandcomputers around." At MIT, Schiller says efforts to renumber 100 machineshave taken up to three weeks with "five or six highly paid people toget everyone coordinated." Network Computing's own Art Wittmann, however,is skeptical of high renumbering fees. He says he renumbered a 2,000-hostnetwork at the College of Engineering at the University of Wisconsin withvirtually no additional budget.

At the last IETF meeting a working group, known as PIER (Procedures forInternet Enterprise Renumbering), met for the first time to discuss whatusers will face with IP renumbering and ways to spare them pain. While renumberingthe configuration files in hosts can be a colossal burden, the group alsopointed to some special problems many users are apt to encounter. For example,many of the top network management systems have licenses based on IP addresses.Before users can renumber these machines, they need get new licenses. Aneven tougher problem lies with manufacturing equipment for which an IP addresshas been hard-coded and burned onto a chip. For more information about PIER,subscribe to Pier@isi.edu.

Users can also spare themselves pain if they keep renumbering in mind whenthey build a network. For example, more and more new operating system kernelsinclude support for DHCP, which helps in renumbering.

NATs, Maps and Encaps Yet another approach for insulating backbonerouters from the enormity of the Internet was recently resurrected afterits 1992 introduction by Hinden. It calls for creating static mapping tables,essentially databases, at the boundary between regional and backbone networks.These boxes would encapsulate information traveling across the backboneby adding new, more efficient header information at the network boundaries(Map and Encap). The drawbacks are fear that the system would be error proneand a lack of evident vendor buy-in.

Another idea with somewhat narrow appeal is that of network address translation.NATs are able to translate addresses for an organization on the fly. Theproblem is that building a NAT isn't exactly trivial, and few exist. A morepopular approach is to rely on firewalls that include application gateways.These firewalls typically differ from NATs, which translate on the fly.

It Takes a Village to Raise Router Consciousness Several IETF membersalso think an educational campaign would help their cause, especially ifthey could convince ISPs that the Internet has simply become too big toadvertise every network change to the rest of the world. The message isthat it's more efficient to send a message across the network and have itdropped near its destination than to alert every router that the messagewon't be able to get through. Mohta says the primary problem lies with a"lack of experience of some of the network service providers in howthey design their net works."

But even those critical of small ISPs see value in their services, especiallyto dial-up customers. Fear of being overrun by large ISPs has resulted inseveral proposals for forming small ISP cooperatives. But even some of thosemaking presentations have little optimism that such co-ops will actuallyform.

Rekhter, for example, says even before he suggested a co-op concept, calledStratum, he was skeptical. First, he says, if a co-op member leaves theco-op, that ISP (and its customers) will still need to renumber. Second,joining a co-op means "giving up control or at least part of your control."And some observers think the highly competitive nature of small ISPs willprevent them from signing up for such gro ups.

Other proposals have involved organizing co-ops around metropolitan areas,which can be problematic because many ISPs like to go tariff shopping. Thereis also concern that a strict geographical structure might result in a governmentseizing control of co-ops w ithin its borders. Last spring, Simpson proposeda geographically neutral approach, known as Metropolitan Internet Exchanges,that would let co-ops choose their own peering location. These co-ops wouldselect local and transit providers at will without the need to re-address.Simpson's proposal calls for using the IP address assignment authority ofthe Internet community to organize and enforce such groups. While the ideagets around many previous problems, it remains to be seen whether ISPs willcooperate this way.

A Cure or Many Band-Aids What are the best solutions? It's difficultto say, especially given that for good or ill, no one is in charge of theInternet. Hinden, for example, believes in aggregation, but he says hisown company faced a situation where an ISP sent it a renewal rate that was2.5 times what it charged during the first year. "Our first reactionwas let's find another ISP, maybe it would be cheaper and a second later,we said, 'Oh, we'd have to renumber.' This makes people's liv es more difficult.I understand why it's important, but it's difficult for organizations tohave to renumber. It's reasonable to encourage people to renumber, but it'snot for the ISPs to control the business of their customers."

If Hinden's reaction is typical, ISPs may have a hard time mandating renumbering-evenif the IETF blesses the practice. But the alternatives-short of an unexpectedand massive move to DHCP or the anointing of an Internet czar-seems to bethat of deploying as many Band-Aids as possible and praying that the patientstays alive.

Christine Hudgins-Bonafield can be reached at cbonafield@nwc.com.

Updated May 31, 1996