GENWiki

Premier IT Outsourcing and Support Services within the UK

User Tools

Site Tools


rfc:rfc2008

Network Working Group Y. Rekhter Request for Comments: 2008 T. Li BCP: 7 Cisco Systems Category: Best Current Practice October 1996

            Implications of Various Address Allocation
                   Policies for Internet Routing

Status of this Memo

 This document specifies an Internet Best Current Practices for the
 Internet Community, and requests discussion and suggestions for
 improvements.  Distribution of this memo is unlimited.

IESG Note:

 The addressing constraints described in this document are largely the
 result of the interaction of existing router technology, address
 assignment, and architectural history.  After extensive review and
 discussion, the authors of this document, the IETF working group that
 reviewed it, and the IESG have concluded that there are no other
 currently deployable technologies available to overcome these
 limitations.  In the event that routing or router technology develops
 to the point that adequate routing aggregation can be achieved by
 other means or that routers can deal with larger routing and more
 dynamic tables, it may be appropriate to review these constraints.

1 Abstract

 IP unicast address allocation and management are essential
 operational functions for the Public Internet. The exact policies for
 IP unicast address allocation and management continue to be the
 subject of many discussions. Such discussions cannot be pursued in a
 vacuum - the participants must understand the technical issues and
 implications associated with various address allocation and
 management policies.
 The purpose of this document is to articulate certain relevant
 fundamental technical issues that must be considered in formulating
 unicast address allocation and management policies for the Public
 Internet, and to provide recommendations with respect to these
 policies.
 The major focus of this document is on two possible policies,
 "address ownership" and "address lending," and the technical
 implications of these policies for the Public Internet.  For the
 organizations that could provide reachability to a sufficiently large

Rekhter & Li Best Current Practice [Page 1] RFC 2008 October 1996

 fraction of the total destinations in the Internet, and could express
 such reachability through a single IP address prefix the document
 suggests to use the "address ownership" policy. However, applying the
 "address ownership" policy to every individual site or organization
 that connects to the Internet results in a non-scalable routing.
 Consequently, this document also recomments that the "address
 lending" policy should be formally added to the set of address
 allocation policies in the Public Internet. The document also
 recommends that organizations that do not provide a sufficient degree
 of routing information aggregation, but wish to obtain access to the
 Internet routing services should be strongly encouraged to use this
 policy to gain access to the services.

2 On the intrinsic value of IP addresses

 Syntactically, the set of IPv4 unicast addresses is the (finite) set
 of integers in the range 0x00000000 - 0xDFFFFFFF. IP addresses are
 used for Network Layer (IP) routing. An IP address is the sole piece
 of information about the node injected into the routing system.
 The notable semantics of an IP unicast address is its ability to
 interact with the Public Internet routing service and thereby
 exchange data with the remainder of the Internet. In other words, for
 the Public Internet, it is the reachability of an IP address that
 gives it an intrinsic value. Observe, however, that IP addresses are
 used outside of the Public Internet. This document does not cover the
 value of addresses in other than the Public Internet context.
 The above implies that in the Public Internet it is the service
 environment (the Internet) and its continued operation, including its
 routing system, which gives an IP address its intrinsic value, rather
 than the inverse. Consequently, if the Public Internet routing system
 ceases to be operational, the service disappears, and the addresses
 cease to have any functional value in the Internet. At this point,
 for the Public Internet, all address allocation and management
 policies, including existing policies, are rendered meaningless.

3 Hierarchical routing and its implication on address allocation

 Hierarchical routing [Kleinrock 77] is a mechanism that improves the
 scaling properties of a routing system. It is the only proven
 mechanism for scaling routing to the current size of the Internet.
 Hierarchical routing requires that addresses be assigned to reflect
 the actual network topology. Hierarchical routing works by taking the
 set of addresses covered by a portion of the topology, and generating
 a single routing advertisement (route) for the entire set. Further,

Rekhter & Li Best Current Practice [Page 2] RFC 2008 October 1996

 hierarchical routing allows this to be done recursively: multiple
 advertisements (routes) can be combined into a single advertisement
 (route). By exercising this recursion, the amount of information
 necessary to provide routing can be decreased substantially.
 A common example of hierarchical routing is the phone network, where
 country codes, area codes, exchanges, and finally subscriber lines
 are different levels in the hierarchy. In the phone network, a switch
 need not keep detailed routing information about every possible
 subscriber in a distant area code. Instead, the switch usually knows
 one routing entry for the entire area code.
 Notice that the effect on scaling is dramatic. If we look at the
 space complexity of the different schemes, the switch that knows
 about every subscriber in the world needs O(n) space for n worldwide
 subscribers.  Now consider the case of hierarchical routing. We can
 break n down into the number of subscribers in the local area (l),
 the other exchanges in the area code (e), the other area codes in the
 local country code (a) and other country codes (c). Using this
 notation, hierarchical routing has space complexity O(l + e + a + c).
 Notice that each of these factors is much, much less than n, and
 grows very slowly, if at all. This implies that a phone switch can be
 built today that has some hope of not running out of space when it is
 deployed.
 The fundamental property of hierarchical routing that makes this
 scalability possible is the ability to form abstractions: here, the
 ability to group subscribers into exchanges, area codes and country
 codes. Further, such abstractions must provide useful information for
 the ability to do routing. Some abstractions, such as the group of
 users with green phones, are not useful when it comes time to route a
 call.
 Since the information that the routing system really needs is the
 location of the address within the topology, for hierarchical
 routing, the useful abstraction must capture the topological location
 of an address within the network. In principle this could be
 accomplished in one of two ways.  Either (a) constrain the topology
 (and allowed topology changes) to match address assignment. Or, (b)
 avoid constraints on the topology (and topology changes), but require
 that as the topology changes, an entity's address change as well. The
 process of changing an entity's address is known as "renumbering."

Rekhter & Li Best Current Practice [Page 3] RFC 2008 October 1996

4 Scaling the Internet routing system

 The enormous growth of the Public Internet places a heavy load on the
 Internet routing system. Before the introduction of CIDR the growth
 rate had doubled the size of the routing table roughly every nine
 months. Capacity of computer technology doubles roughly every 24
 months. Even if we could double the capacities of the routers in the
 Internet every 24 months, inevitably the size of the routing tables
 is going to exceed the limit of the routers. Therefore, to preserve
 uninterrupted continuous growth of the Public Internet, deploying
 mechanisms that contain the growth rate of the routing information is
 essential.
 Lacking mechanisms to contain the growth rate of the routing
 information, the growth of the Internet would have to be either
 limited or frozen, or the Internet routing system would become
 overloaded. The result of overloading routing is that the routing
 subsystem will fail: either equipment (routers) could not maintain
 enough routes to insure global connectivity, or providers will simply
 exclude certain routes to insure that other routes provide
 connectivity to particular sites. This document assumes that neither
 of the outcomes mentioned in this paragraph is acceptable.
 Classless Inter-Domain Routing (CIDR) [RFC1518, RFC1519] has been
 deployed since late 1992 in the Public Internet as the primary
 mechanism to contain the growth rate of the routing information -
 without CIDR the Internet routing system would have already
 collapsed. For example, in October 1995, within AlterNet (one of the
 major Internet Service Providers) there were 3194 routes. Thanks to
 aggregation, AlterNet advertised only 799 routes to the rest of the
 Internet - a saving of 2395 routes (75%) [Partan 95]. In October 1995
 the Internet Routing Registry (IRR) contained 61,430 unique prefixes
 listed, not counting prefixes marked as withdrawn (or 65,191 prefixes
 with prefixes marked as withdrawn). That is roughly a lower bound
 since many prefixes are not registered in the IRR. CIDR aggregation
 resulted in less than 30,000 routes in the default-free part of the
 Internet routing system [Villamizar 95].
 CIDR is an example of the application of hierarchical routing in the
 Public Internet, where subnets, subscribers, and finally providers
 are some possible levels in the hierarchy. For example, a router
 within a site need not keep detailed routing information about every
 possible host in that site. Instead, the router maintains routing
 information on a per subnet basis. Likewise, a router within a
 provider need not keep detailed routing information about individual
 subnets within its subscribers. Instead, the router could maintain
 routing information on a per subscriber basis. Moreover, a router
 within a provider need not keep detailed routing information about

Rekhter & Li Best Current Practice [Page 4] RFC 2008 October 1996

 stub (single home) subscribers of other providers by maintaining
 routing information on a per provider basis.
 Because of pre-CIDR address allocation, many routes in the Internet
 are not suitable for hierarchical aggregation. Moreover, unconnected
 sites with pre-CIDR address allocations exist. If these sites connect
 to the Internet at some point in the future, the routes to these
 sites are unlikely to be suitable for hierarchical aggregation. Also,
 when a site uses addresses obtain from its provider, but then later
 switches to a different provider (while continuing to use the same
 addresses), the route to the site may no longer be suitable for
 hierarchical aggregation.
 Hierarchical routing requires that aggregation boundaries for the
 addressing information be formed along some hierarchy. As a result,
 many exceptions will be injected into the routing system in the
 future, besides those exceptions that currently exist. Each exception
 added to the routing system deters the scalability of the routing
 system. The exact number of exceptions that can be tolerated is
 dependent on the technology used to support routing. Unbridled growth
 in the number of such exceptions will cause the routing system to
 collapse.

5 Address allocation and management policies

 IP address allocation and management policy is a complex,
 multifaceted issue. It covers a broad range of issues, such as who
 formulates the policies, who executes the policies, what is the role
 of various registries, what is the role of various organizations
 (e.g., ISOC, IAB, IESG, IETF, IEPG, various government bodies, etc.),
 the participation of end users in requesting addresses, and so on.
 Address allocation and management and the scalability of the routing
 system are interrelated - only certain address allocation and
 management policies yield scalable routing. The Internet routing
 system is subject to both technological and fundamental constraints.
 These constraints restrict the choices of address allocation policies
 that are practical.

5.1 The "address ownership" allocation policy and its implications on

 the Public Internet
 "Address ownership" is one possible address allocation and management
 policy. The "address ownership" policy means that part of the address
 space, once allocated to an organization, remains allocated to the
 organization as long as that organization wants it. Further, that
 portion of the address space would not be allocated to any other
 organization.  Often, such addresses are called "portable." It was
 assumed that if an organization acquires its addresses via the

Rekhter & Li Best Current Practice [Page 5] RFC 2008 October 1996

 "address ownership" policy, the organization would be able to use
 these addresses to gain access to the Internet routing services,
 regardless of where the organization connects to the Internet.
 While it has never been explicitly stated that various Internet
 Registries use the "address ownership" allocation policy, it has
 always been assumed (and practiced).
 To understand the implications of the "address ownership" policy
 ("portable" addresses) on the scalability of the Internet routing
 system, one must observe that:
   (a) By definition, address ownership assumes that addresses, once
   assigned, fall under the control of the assignee. It is the
   assignee that decides when to relinquish the ownership (although
   the decision could be influenced by various factors).
   Specifically, the assignee is not required (but may be influenced)
   to relinquish the ownership as the connectivity of the assignee to
   the Internet changes.
   (b) By definition, hierarchical routing assumes that addresses
   reflect the network topology as much as possible.
 Therefore, the only presently known practical way to satisfy both
 scalable hierarchical routing and address ownership for everyone is
 to assume that the topology (or at least certain pieces of it) will
 be permanently fixed. Given the distributed, decentralized, largely
 unregulated, and global (international) nature of the Internet,
 constraining the Internet topology (or even certain parts of it) may
 have broad technical, social, economical, and political implications.
 To date, little is known of what these implications are; even less is
 known whether these implications would be acceptable (feasible) in
 practice. Therefore, at least for now, we have to support an Internet
 with an unconstrained topology (and unconstrained topological
 changes).
 Since the Internet does not constrain its topology (or allowed
 topology changes), we can either have address ownership for everyone
 or a routable Internet, but not both, or we need to develop and
 deploy new mechanisms (e.g., by decoupling the address owned by the
 end users from those used by the Internet routing, and provide
 mechanisms to translate between the two). In the absence of new
 mechanisms, if we have address ownership ("portable" addresses) for
 everyone, then the routing overhead will lead to a breakdown of the
 routing system resulting in a fragmented (partitioned) Internet.
 Alternately, we can have a routable Internet, but without address
  ownership ("portable" addresses) for everyone.

Rekhter & Li Best Current Practice [Page 6] RFC 2008 October 1996

5.2 The "address lending" allocation policy and its implications for the

 Public Internet
 Recently, especially since the arrival of CIDR, some subscribers and
 providers have followed a model in which address space is not owned
 (not portable), but is bound to the topology. This model suggests an
 address allocation and management policy that differs from the
 "address ownership" policy. The following describes a policy, called
 "address lending," that provides a better match (as compared to the
 "address ownership" policy) to the model.
 An "address lending" policy means that an organization gets its
 addresses on a "loan" basis. For the length of the loan, the lender
 cannot lend the addresses to any other borrower. Assignments and
 allocations based on the "address lending" policy should explicitly
 include the conditions of the loan. Such conditions must specify that
 allocations are returned if the borrower is no longer contractually
 bound to the lender, and the lender can no longer provide aggregation
 for the allocation. If a loan ends, the organization can no longer
 use the borrowed addresses, and therefore must get new addresses and
 renumber to use them. The "address lending" policy does not constrain
 how the new addresses could be acquired.
 This document expects that the "address lending" policy would be used
 primarily by Internet Registries associated with providers; however,
 this document does not preclude the use of the "address lending"
 policy by an Internet Registry that is not associated with a
 provider.
 This document expects that when the "address lending" policy is used
 by an Internet Registry associated with a provider, the provider is
 responsible for arranging aggregation of these addresses to a degree
 that is sufficient to achieve Internet-wide IP connectivity.
 This document expects that when the "address lending" policy is used
 by an Internet Registry associated with a provider, the terms and
 conditions of the loan would be coupled to the service agreement
 between the provider and the subscribers. That is, if the subscriber
 moves to another provider, the loan would be canceled.

Rekhter & Li Best Current Practice [Page 7] RFC 2008 October 1996

 To reduce disruptions when a subscriber changes its providers, this
 document strongly recommends that the terms and conditions of the
 loan should include provision for a grace period. This provision
 would allow a subscriber that disconnects from its provider a certain
 grace period after the disconnection. During this grace period, the
 borrower (the subscriber) may continue to use the addresses obtained
 under the loan. This document recommends a grace period of at least
 30 days. Further, to contain the routing information overhead, this
 document suggests that a grace period be no longer than six months.
 To understand the scalability implications of the "address lending"
 policy, observe that if a subscriber borrows its addresses from its
 provider's block, then the provider can advertise a single address
 prefix. This reduces the routing information that needs to be carried
 by the Internet routing system (for more information, see Section
 5.3.1 of RFC1518). As the subscriber changes its provider, the loan
 from the old provider would be returned, and the loan from the new
 provider would be established. As a result, the subscriber would
 renumber to the new addresses. Once the subscriber renumbers into the
 new provider's existing blocks, no new routes need to be introduced
 into the routing system.
 Therefore, the "address lending" policy, if applied appropriately, is
 consistent with the constraints on address allocation policies
 imposed by hierarchical routing, and thus promotes a scalable routing
 system.  Thus, the "address lending" policy, if applied
 appropriately, could play an important role in enabling the
 continuous uninterrupted growth of the Internet.
 To be able to scale routing in other parts of the hierarchy, the
 "lending" policy may also be applied hierarchically, so that
 addresses may in turn be lent to other organizations. The implication
 here is that the end of a single loan may have effects on
 organizations that have recursively borrowed parts of the address
 space from the main allocation. In this case, the exact effects are
 difficult to determine a priori.

5.3 In the absence of an explicit "address lending" policy

 Organizations connecting to the Internet should be aware that even if
 their current provider, and the provider they switch to in the future
 do not require renumbering, renumbering may still be needed to
 achieve Internet-wide IP connectivity. For example, an organization
 may now receive Internet service from some provider and allocate its
 addresses out of the CIDR block associated with the provider. Later
 the organization may switch to another provider. The previous
 provider may still be willing to allow the organization to retain
 part of the provider's CIDR block, and accept a more specific prefix

Rekhter & Li Best Current Practice [Page 8] RFC 2008 October 1996

 for that organization from the new provider. Likewise, the new
 provider may be willing to accept that organization without
 renumbering and advertise the more specific prefix (that covers
 destinations within the organization) to the rest of the Internet.
 However, if one or more other providers exist, that are unwilling or
 unable to accept the longer prefix advertised by the new provider,
 then the organization would not have IP connectivity to part of the
 Internet. Among the possible solutions open to the organization may
 be either to renumber, or for others to acquire connectivity to
 providers that are willing and able to accept the prefix.
 The above shows that the absence of an explicit "address lending"
 policy from a current provider in no way ensures that renumbering
 will not be required in the future when changing providers.
 Organizations should be aware of this fact should they encounter a
 provider making claims to the contrary.

6 Recommendations

 Observe that the goal of hierarchical routing in the Internet is not
 to reduce the total amount of routing information in the Internet to
 the theoretically possible minimum, but just to contain the volume of
 routing information within the limits of technology,
 price/performance, and human factors.  Therefore, organizations that
 could provide reachability to a sufficiently large fraction of the
 total destinations in the Internet and could express such
 reachability through a single IP address prefix could expect that a
 route with this prefix will be maintained throughout the default-free
 part of the Internet routing system, regardless of where they connect
 to the Internet.  Therefore, using the "address ownership" policy
 when allocating addresses to such organizations is a reasonable
 choice.  Within such organizations this document suggests the use of
 the "address lending" policy.
 For all other organizations that expect Internet-wide IP
 connectivity, the reachability information they inject into the
 Internet routing system should be subject to hierarchical
 aggregation. For such organizations, allocating addresses based on
 the "address ownership" policy makes hierarchical aggregation
 difficult, if not impossible. This, in turn, has a very detrimental
 effect on the Internet routing system. To prevent the collapse of the
 Internet routing system, for such organizations, this document
 recommends using the "address lending" policy. Consequently, when
 such an organization first connects to the Public Internet or changes
 its topological attachment to the Public Internet, the organization
 eventually needs to renumber. Renumbering allows the organization to
 withdraw any exceptional prefixes that the organization would
 otherwise inject into the Internet routing system. This applies to

Rekhter & Li Best Current Practice [Page 9] RFC 2008 October 1996

 the case where the organization takes its addresses out of its direct
 provider's block and the organization changes its direct provider.
 This may also apply to the case where the organization takes its
 addresses out of its indirect provider's block, and the organization
 changes its indirect provider, or the organization's direct provider
 changes its provider.
 Carrying routing information has a cost associated with it. This
 cost, at some point, may be passed back in full to the organizations
 that inject the routing information. Aggregation of addressing
 information (via CIDR) could reduce the cost, as it allows an
 increase in the number of destinations covered by a single route.
 Organizations whose addresses are allocated based on the "address
 ownership" policy (and thus may not be suitable for aggregation)
 should be prepared to absorb the cost completely on their own.
 Observe that neither the "address ownership," nor the "address
 lending" policy, by itself, is sufficient to guarantee Internet-wide
 IP connectivity. Therefore, we recommend that sites with addresses
 allocated based on either policy should consult their providers about
 the reachability scope that could be achieved with these addresses,
 and associated costs that result from using these addresses.
 If an organization doesn't require Internet-wide IP connectivity,
 then address allocation for the organization could be done based on
 the "address ownership" policy. Here, the organization may still
 maintain limited IP connectivity (e.g., with all the subscribers of
 its direct provider) by limiting the distribution scope of its
 routing information to its direct provider. Connectivity to the rest
 of the Internet can be handled by mediating gateways (e.g.,
 application layer gateways, Network Address Translators (NATs)). Note
 that use of mediating gateways eliminates the need for renumbering,
 and avoids burdening the Internet routing system with non-
 aggregatable addressing information; however they have other
 drawbacks which may prove awkward in certain situations.
 Both renumbering (due to the "address lending" policy), and non-
 aggregated routing information (due to the "address ownership"
 policy), and the use of mediating gateways result in some costs.
 Therefore, an organization needs to analyze its own connectivity
 requirements carefully and compare the tradeoffs associated with
 addresses acquired via either policy vs. having connectivity via
 mediating gateways (possibly augmented by limited IP connectivity)
 using addresses acquired via "address ownership." To reduce the cost
 of renumbering, organizations should be strongly encouraged to deploy
 tools that simplify renumbering (e.g., Dynamic Host Configuration
 Protocol [RFC 1541]). Use of the DNS should be strongly encouraged.

Rekhter & Li Best Current Practice [Page 10] RFC 2008 October 1996

7 Summary

 Any address allocation and management policy for IP addresses used
 for Internet connectivity must take into account its impact on the
 scalability of the Public Internet routing system. Among all of the
 possible address allocation and management policies only the ones
 that yield a scalable routing system are feasible. All other policies
 are self-destructive in nature, as they lead to a collapse of the
 Internet routing system, and therefore to the fragmentation
 (partitioning) of the Public Internet.
 Within the context of the current Public Internet, address allocation
 and management policies that assume unrestricted address ownership
 have an extremely negative impact on the scalability of the Internet
 routing system. Such policies are almost certain to exhaust the
 scalability of the Internet routing system well before we approach
 the exhaustion of the IPv4 address space and before we can make
 effective use of the IPv6 address space. Given the Internet's growth
 rate and current technology, the notion that everyone can own address
 space and receive Internet-wide routing services, despite where they
 connect to the Internet, is currently technically infeasible.
 Therefore, this document makes two recommendations. First, the
 "address lending" policy should be formally added to the set of
 address allocation policies in the Public Internet. Second,
 organizations that do not provide a sufficient degree of routing
 information aggregation to obtain access to the Internet routing
 services should be strongly encouraged to use this policy to gain
 access to the services.
 Since the current IPv6 address allocation architecture is based on
 CIDR, recommendations presented in this document apply to IPv6
 address allocation and management policies as well.

8 Security Considerations

 Renumbering a site has several possible implications on the security
 policies of both the site itself and sites that regularly communicate
 with the renumbering sites.
 Many sites currently use "firewall" systems to provide coarse-grained
 access control from external networks, such as The Internet, to their
 internal systems.  Such firewalls might include access control
 decisions based on the claimed source address of packets arriving at
 such firewall systems.  When the firewall policy relates to packets
 arriving on the firewall from inside the site, then that firewall
 will need to be reconfigured at the same time that the site itself
 renumbers.  When the firewall policy relates to packets arriving at
 the firewall from outside the site, then such firewalls will need to

Rekhter & Li Best Current Practice [Page 11] RFC 2008 October 1996

 be reconfigured whenever an outside site that is granted any access
 inside the site through the firewall is renumbered.
 It is highly inadvisable to rely upon unauthenticated source or
 destination IP addresses for security policy decisions. [Bellovin89]
 IP address spoofing is not difficult with widely available systems,
 such as personal computers.  A better approach would probably involve
 the use of IP Security techniques, such as the IP Authentication
 Header [RFC-1826] or IP Encapsulating Security Payload [RFC-1827], at
 the firewall so that the firewall can rely on cryptographic
 techniques for identification when making its security policy
 decisions.
 It is strongly desirable that authentication be present in any
 mechanism used to renumber IP nodes.  A renumbering mechanism that
 lacks authentication could be used by an adversary to renumber
 systems that should not have been renumbered, for example.
 There may be other security considerations that are not covered in
 this document.

9 Acknowledgments

 This document borrows heavily from various postings on various
 mailing lists. Special thanks to Noel Chiappa, Dennis Ferguson, Eric
 Fleischman, Geoff Huston, and Jon Postel whose postings were used in
 this document.
 Most of the Section 5.3 was contributed by Curtis Villamizar.  The
 Security section was contributed by Ran Atkinson.
 Many thanks to Scott Bradner, Randy Bush, Brian Carpenter, Noel
 Chiappa, David Conrad, John Curran, Sean Doran, Dorian Kim, Thomas
 Narten, Andrew Partan, Dave Piscitello, Simon Poole, Curtis
 Villamizar, and Nicolas Williams for their review, comments, and
 contributions to this document.
 Finally, we like to thank all the members of the CIDR Working Group
 for their review and comments.

Rekhter & Li Best Current Practice [Page 12] RFC 2008 October 1996

9 References

 [Bellovin89] Bellovin, S., "Security Problems in the TCP/IP Protocol
 Suite", ACM Computer Communications Review, Vol. 19, No. 2, March
 1989.
 [Kleinrock 77] Kleinrock, L., and K. Farouk, K., "Hierarchical
 Routing for Large Networks," Computer Networks 1 (1977), North-
 Holland Publishing Company.
 [Partan 95] Partan, A., private communications, October 1995.
 [RFC 1541] Droms, R., "Dynamic Host Configuration Protocol", October
 1993.
 [RFC 1519] Fuller, V., Li, T., Yu, J., and K. Varadhan, "Classless
 Inter-Domain Routing (CIDR): an Address Assignment and Aggregation
 Strategy", September 1993.
 [RFC 1518] Rekhter, Y., and T. Li, "An Architecture for IP Address
 Allocation with CIDR", September 1993.
 [RFC 1825] Atkinson, R., "IP Security Architecture", RFC 1825, August
 1995.
 [RFC 1826] Atkinson, R., "IP Authentication Header (AH), RFC 1826,
 August 1995.
 [RFC 1827] Atkinson, R., "IP Encapsulating Security Payload (ESP)",
 RFC 1827, August 1995.
 [Villamizar 95] Villamizar, C., private communications, October 1995.

10 Authors' Addresses

    Yakov Rekhter
    cisco Systems, Inc.
    170 Tasman Dr.
    San Jose, CA 95134
    Phone: (914) 528-0090
    EMail: yakov@cisco.com
    Tony Li
    cisco Systems, Inc.
    170 Tasman Dr.
    San Jose, CA 95134
    Phone: (408) 526-8186
    EMail: tli@cisco.com

Rekhter & Li Best Current Practice [Page 13]

/data/webs/external/dokuwiki/data/pages/rfc/rfc2008.txt · Last modified: 1996/10/11 19:49 by 127.0.0.1

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki