Possible Responses to the ITU-T Proposal Regarding IPv6 Address Distribution
April 2005, Geoff Huston - APNIC
The purpose of this document is to examine the ITU-T’s proposal for introducing competition into the allocation of IP addresses through the proposed establishment of national IPv6 address registries. This document will examine some of the assumptions about IP addresses that underlie the proposal and will provide a list of the significant issues that the proposal raises regarding Internet infrastructure and the related task of address resource management. While it is true that some of the assumptions that underlie the proposal are valid, such as the importance of IP addresses as part of a global, public network infrastructure, it is also true that the proposal as it stands could negatively impact on that critical network infrastructure. This document describes some of the key problems that would be caused by the ITU-T proposal, such as the elimination of the interest in a common network, the creation of policy dilution and the elimination of routing integrity and security.
In recent months a proposal has been made for the introduction of competition into the system of allocation of IP addresses. The proposal has been made by Houlin Zhao of the ITU-T for the ITU-T to establish new IPv6 address registries in each nation, each of which would compete with the existing Regional Internet Registries (RIRs).
This proposal can be found at: http://www.itu.int/ITU-T/tsb-director/tut-wsis/files/zhao-netgov02.doc
This proposal has been published as part of the broader program of work associated with Phase II of the World Summit on the Information Society (http://www.wsis.org).
A summary of the essential elements of this proposal is:
- to allocate an IPv6 address block to the ITU-T, who would then allocate to each nation a contiguous address block, sufficient to meet the needs of its national population
- The precise nature of how the size of such national address blocks would be determined is not specified in the proposal, so details as to what would constitute a national requirement and the anticipated timeframe of such an allocation are also not described.
- that each nation would establish a national registry framework to manage their national address block
- Whether this would be established as a central service entity within each nation, or a set of such entities within each nation, is not covered in the proposal. Whether this would be a function of a public agency or one that is part of a national, deregulated industry structure or some other arrangement is not specified.
- that such national address registries would be expected to operate in competition with the established Regional Internet Registry (RIR) system
- that domestic entities would have a choice of obtaining IPv6 address space using a RIR or using the national address registry service.
Some Assumptions about Address Attributes
There are a number of underlying assumptions about the characteristics of IPv6 addresses that lie behind the ITU-T’s proposal, and it is useful to enumerate these in broad terms.
- Addresses are a global resource
- By inference of their property of being a intrinsic component of a global communications infrastructure, IP addresses are also validly to be considered as a global resource. In the context of the ITU-T’s perspective of global activities as being a matter of coordination and collaboration of various national activities, the logical implication is that this is an international issue of resource allocation, and the resource should be distributed in a manner that is fair in terms of relative amounts of resource allocation to each national entity.
- Addresses are a public resource
- Public communications systems form part of a public utility service, and the components of their infrastructure can be validly considered as resources that form part of the public good. Following this line of argument, as a public resource, national public policy processes should be capable of setting national address access, distribution and use policies, as determined by national policy environments.
- Addresses are a critical resource
- Each nation should be able to secure national access to address resources irrespective of actions by other national entities, or indeed by any entity that does not fall within the national domain.
- Addresses are a network resource
- Access to the benefits of Internet-based communications services by a national community are predicated by enabling access to address resources by that community. Securing access to addresses by national communities is not an end, in and of itself, but is an essential prerequisite for utilising the benefits and opportunities of access to the common communications service.
- Addresses are an infinite resource
- This is perhaps an overstatement of the assumption. The key aspect here is that the total capacity of the address plant is sufficient to accommodate the cumulative sum of national requirements across some 200 nations, in addition to the requirements of the established RIR system. Irrespective of the mechanism of determining national allocations, there is assumed to be sufficient address resources available to meet these requirements.
Some Issues with the proposal
As it stands, the proposal raises some significant issues that appear to be counter to the experience gained to date in the deployment of Internet infrastructure and the related task of address resource management. While this is not a complete list, and does not represent an exhaustive analysis of each of these issues, the following is a summary of the most apparent areas where the proposal raises matters of concern.
- The proposal leads to the creation of policy confusion in addressing
- The ITU-T framework respects national sovereignty, and does not operate though mandate, but uses a structure of recommendations.
Allowing each national address registry to operate under a nationally determined policy does not induce an outcome of conformity across all policy regimes. The expression of concern here is that this has a direct impact on the stable and scaleable operation of the Internet’s routing system, and also leads to concerns about the authenticity of addresses described in associated route objects. There is a relatively high level of aggregation constraint that is necessary to ensure that the routing environment continues to scale to the size of the network. It is unclear how such a diverse set of address policy domains will be capable of expressing this necessary common constraint. In addition, in a broad spectrum of national public policy regimes it is reasonable to expect that some regimes may elect to associate binding national address use policies with national address distribution channels. To date the policies that can be expressed in the network relate to path preference selection, while address use constraints, such as variations of propagation controls, have proved difficult to integrate into the routing system.
- The ITU-T framework respects national sovereignty, and does not operate though mandate, but uses a structure of recommendations.
- The proposal does not align to regional and global business models
- The Internet has developed in a regime of progressive liberalization of the global telecommunications environment. Many industry players operate in a number of national regimes. If an enterprise had to operate their network within the constraints of a collection of address policies, and likely also a collection of diverse and potentially conflicting national address use policies, it would impose a significant additional imposition on industry. Does it ultimately benefit the provider of the end user if a global or regional service enterprise is required to deal with up to 200 different address sources, each with various potential use constraints placed on such addresses?
- The proposal creates competition regimes based on policy dilution
- The likely outcome of competitive address distribution systems in an unregulated regime would be the progressive dilution of associated access policies and procedures, and a continuing acceleration in address space allocation rates. This would lead to premature exhaustion of the entire address pool, even one as large at the IPv6 address space, resulting from poor constraint signalling within the market due to the partitioned nature of the market and the particular nature of addresses as a market commodity. This outcome would appear to compromise the fundamental goals of responsible stewardship of a finite, common public resource, and would create irrevocable outcomes resulting from an artificially excessive consumption of the resource.
- The proposal creates impetus for rapid consumption, hoarding and address trading markets
- The poor signalling in such a competitive, partitioned supply system would increase the constraint of a finite supply. Together with common policy dilution, as well as deliberate national reserve hoarding, this would rapidly lead to induced rapid consumption of the entire available resource. This hoarding behaviour, coupled with the exhaustion of the neutral supply of new addresses into the market, would lead to the generation of trading markets, where addresses are placed into the role of a commodity supply. The consequent distortion of the role of addresses would have negative impacts on the network, running the risk of addresses being withheld from the network so that they could be released with potentially higher exploitative returns on the associated trading market. This also leads to incentives for address fraud in order to reap the rewards of generating more addresses into the trading market for rapid financial gain. It is also possible for national entities to see this as a form of foreign income, in the same manner as existing practices in certain country code domain names. This could result in national address blocks being deliberately withheld from meeting local needs in order to facilitate the formation of a trading market upon which the withheld resources could be played as a foreign currency revenue stream. To call this form of outcome chaotic and undesirable should be considered an understatement.
- The proposal has no visible relationship to known routing capabilities
- Address distribution functions are deliberately constrained in order to achieve a number of common outcomes. One of these outcomes is to limit the number of address prefixes that enter the routing system, in order to ensure that the routing system stays within the constraints of its own capabilities. The removal of that constraint through the progressive dilution of address distribution policies as they relate to aggregation capability would potentially place unconstrained growth strains on the routing system. There is also the risk that national address use constraints would be introduced which would assume a level of policy-based control over route propagation that would conflict with the capability of Internet routing technology.
- The proposal eliminates the common interest in one network
- This proposal may well place shorter-term national interests above the common network interest, leading to a localized set of interests being considered more important than the network itself. The question here is whether national registry structures will be willing to apply constraints to their function in order to meet a common objective of a scaleable and sustainable routing system. Environmental economics has previously demonstrated that, in such situations, it is often the case that longer-term, common interests are not given primary importance.
- The proposal compromises any hope of enhancing routing integrity and security
- The proposal eliminates the goal of a robust and resilient trust hierarchy to support a viable, secure network routing environment. Distributed trust systems, such as those being proposed for securing inter-domain routing and securing the integrity of the address plant when it is passed into the routing environment, rely on a clear grounding in reliable trust anchors. It is an open question whether every nation state at all times would be able to operate such a system at such levels of integrity. This question is particularly relevant when there are potential benefits in operating an address registry in a competitive environment where the competition discriminator includes policy dilution.
- The proposal creates further churn in perceptions of the stability and viability of IPv6
- In the case of the Internet, addressing lies at the very heart of the network. Without a framework of stable, unique and ubiquitous addresses there is no single cohesive network. Without a continuing stable supply of addresses, further growth of the network simply cannot be sustained. Without absolute confidence in the continuing stability in this supply chain, the global communications industry will inevitably be forced to look elsewhere for a suitable technology platform to meet the needs of networked data communications. If the industry is pushed into such an uncomfortable position of turning its attention elsewhere, simply because the Internet is incapable of operating its infrastructure in a stable, consistent and cost effective manner, this would be a most unfortunate, unintended outcome for the Internet and the billions of current and future users of this uniquely valuable common resource.
Some Options to Respond
There are some options for consideration by a broader community of stakeholders related to this proposal. On the basis of a considerable body of experience gained in the task of address stewardship of Internet protocol addresses there are a number of ways in which the Regional Internet Registry community could offer some form of contribution to the ITU-T and also to the World Summit for the Internet Society, wherein this ITU-T proposal may be considered.
Agree: It may be that the general perception of the benefits of this form of diversity of address distribution far outweigh the concerns here, in which case the appropriate option may be to encourage this proposal to move forward.
Disagree: On the other hand, it may be that the general perception of the risks associated with this proposal are at such a level that the proposal, if implemented in any form, would unleash an irrevocable set of actions that would threaten the future viability of adoption of the IPv6 global network. In such a case it would be responsible to disagree strongly with the proposal and highlight the basis upon which such disagreement is based.
Discuss: Another option is to ‘discuss’. If there is a perception of validity in the set of assumptions relating to attributes of addresses, and in the related proposition that national interests are an integral component of this environment, then further discussion would be necessary. In such a scenario there may be value in an exploration of mechanisms that could accommodate the underlying perspectives and mitigate, or even eliminate, the current collection of concerns associated with the current ITU-T proposal.