An Appeal to Internet Users in NZ – IP Address Aggregation

International ISP’s in New Zealand are working closely with APNIC as well as many other ISPs, to consolidate existing IP addresses into internationally aggregated, routable blocks. This initiative is recognised by the New Zealand Network Operators’ Group (NZNOG), International Internet numbering authorities such as APNIC and IANA, and ISP’s world-wide, as being necessary for the good of the Internet as a whole, and will help ensure reliable connectivity for all New Zealand Internet users. This is an appeal for end-user organisations to get behind the drive to tidy up New Zealand allocated Internet address space.

Internet address space is a globally managed resource, administered by the Internet registry system for and on behalf of the Internet community as a whole. The Asia Pacific Network Information Centre (APNIC) is the regional body that allocates IP addresses for the South Pacific area, including New Zealand. APNIC is one of 3 Regional Internet Registries, which operate under the auspices of the Internet Assigned Numbers Authority (IANA), providing allocation and registration services that support the operation of the Internet globally.

APNIC provide addresses to International ISP’s such as Telecom, Telstra, IBM, The Internet Group and Clearnet, for sub-allocation to ISPs or customers around the country. Each downstream ISP can then assign the addresses to their end-user customers. APNIC also allocate directly to multi-homed ISPs or companies requiring large amounts of IP address space, such as /19 (32 Class C’s) or larger.

Address space is allocated to meet documented requirements and when the address space is no longer required, the address space should be returned to the allocating organisation. As such, historical and current Internet registry policy does not recognise the concept of address “ownership” or the buying and selling of address space.

All IP address allocations are registered with APNIC and the end-user details on the APNIC database must be updated regularly. There is a responsibility on the International ISP’s to ensure this occurs, as it is an important part of the procedure to maintain efficiency in allocations and to obtain additional address space.

On behalf of the Internet community within New Zealand, we are asking for your help to allow us to aggregate overseas Internet advertisements as much as possible. If you have addresses from a previous supplier, and now use a different International ISP, it is in your own interest as well as best Internet practises, to return those addresses to the previous supplier. These addresses will be re-distributed to other customers, whilst your current International ISP will provide new IP addresses for your network.

It must be stated that this is entirely voluntary, and if individual companies choose not to renumber at this time, for any particular reason, it is entirely their choice. However, it should also be stated that it is estimated that connectivity may be less reliable in the future and extended outages may become more frequent unless your company’s addresses are being advertised in aggregatable or large blocks. Reasons for this forecast are detailed in the following Q&A section below. This letter is intended to start an education process on the issues surrounding IP address advertisement on the Internet.

It is in every user’s “best interest” to keep routing tables as simple as possible by advertising international routes efficiently. To do this, every administrator of registered IP address space has the responsibility to act in the best interests of Internet users, and respect the global issues of route advertisements and portability of IP addresses.

I have attached some questions and answers that may help you to understand the background and necessity for the changes. If you have any further questions you should contact your ISP or upstream provider. Additional supporting information can be found at http://www.your-website.yyy.nz

Yours sincerely

YYY

Title

Organisation

Contact phone number

Questions

Question: What are the issues?

IP addresses, allocated by APNIC to each International ISP, need to be advertised from that particular supplier’s gateway, allowing large blocks of addresses to be advertised to the Internet with maximum routing efficiency. This process is called supernetting or route aggregation using Classless Inter-Domain Routing (CIDR). Documentation on the need for route aggregation can be found at:

http://search.ietf.org/internet-drafts/draft-ietf-idr-aggregation-tutorial-01.txt.

International Internet routing can be very complex, leading to large routing tables and router limitations being stretched. Many customers are trying to move the addresses they are using to different gateways, breaking down the maximum block size and causing routing tables to increase in size. The problem is Global in scope and is not just in New Zealand. One way to provide “Internet friendly” advertisements is for provider dependent IP addressing. This means non-portable IP addresses between International ISP’s, and is the current APNIC policy for address assignments within NZ.

Problems are foreseen due to memory limitations and CPU performance on current backbone routers that are stretched because of the sheer number of routes required to advertise the large number of networks. If customer XXX moves from International ISP A to International ISP B, and continues to use the same IP address range, Int.ISP A must now advertise two smaller blocks, as well as advertising the larger block (supernet), increasing the table size. The route table of Int.ISP B also increases with the advertisement of the new range. Overseas supplier’s routers then need to handle both increases (increased advertisements from A and B) on their route table. As additional customers move to and from suppliers, the effect increases, until memory limits on individual routers are reached.

When limits are reached on individual routers, filtering can be implemented to ensure the more specific, longer prefix, (or smaller) routes can be dropped to enable the router to carry on operating. Also, when networks have connectivity problems, the overseas supplier can configure dampening to occur. This shuts off access for that network for extended periods, and is typically much longer for small networks than for larger networks. Documentation on route-flap dampening parameters can be found at: http://www.ripe.net/docs/ripe-178.html

It is estimated that the frequency and impact of dampening and filtering by overseas suppliers will increase over the next few years to the point where un-aggregated address space cannot be guaranteed to have reliable connectivity or be routed internationally.

Question: If nothing is done, what is likely to happen?

If present trends continue we may not be able to obtain more IP address space for distribution within New Zealand, and we may be unable to route non-contiguous Class C networks internationally. This will negatively impact service for all customers using Provider Independent (PI) address space which are small and not aggregatable. Documentation on the comparison between Provider Independent (PI) and Provider Aggregatable (PA) address space can be found at: http://www.ripe.net/docs/ripe-127.html

Question: What can we do about it?

The only way to minimise New Zealand routes negatively impacting on the Internet in the future is to advertise New Zealand routes in contiguous blocks (supernets). The larger the blocks the better. Because routes emanating from New Zealand are currently fragmented between International ISP’s, the routes must be consolidated (aggregated) into contiguous blocks.

To achieve this, we need to work together to convert current network address schemes into PA address space. Each IP address allocation and assignment must be provided as non-portable, and existing IP address assignments should be renumbered into the aggregated blocks.

The Internet is a self regulated organism and as such is driven entirely by it’s end-users. To ensure reliable connectivity in the future for all users, some changes may have to take place from time to time as the Internet develops and matures. Some of these changes may be harder for certain user’s than for others to implement, but we would ask for your support in doing what will benefit the vast majority of users.

Question: Does this affect me?

This appeal may affect you if your network uses IP address space supplied by someone other than your current International ISP, and will affect all New Zealand organisations by the ongoing allocation of IP addresses.

We would request that all IP addresses from previous International ISP’s should be returned to that supplier, or directly to APNIC. Your current supplier will work with you to supply you with the equivalent address space (in a contiguous block). Your company may have to look at renumbering their network.

Renumbering has no effect on Domain Names or Email addresses other than behind the scenes configuration, so business cards and stationery should not be affected. Documentation covering the need to renumber can be found at:

http://sunsite.hr/cgi-bin/rfc/rfc1900.txt and http://sunsite.hr/cgi-bin/rfc/rfc2008.txt

Question: What are my options if my company has to renumber?

There are many options available, but some may not be viable for your companies requirements. We hope you will spend some time researching the pro’s and con’s of each option, and act in the best interests of New Zealand Internet users, and in the spirit of global Internet best practises. The various options include:

Implement a firewall for your company. This means you can keep the numbering scheme you are using and not have to renumber. All access to the network can be through a firewall, for enhanced security, and you will only need a handful (at the most) of new registered IP addresses. The old registered IP addresses will be able to be returned to the original supplier.

The network will effectively be on a private numbering scheme, interfacing with the Internet registered addressing scheme by means of a network address translation (NAT) mechanism. The benefit of this method is independence from supplier’s numbers (apart from the external firewall addresses) which means swapping suppliers in the future will not impact you nearly as much. NAT technology is improving all the time and allowing more flexibility than in earlier versions.
Apply NAT functionality or Web-proxy functionality without a firewall. This gives you Internet access without having to renumber your existing network. You may want to review your network security.
If you use dynamic IP allocation techniques such as DHCP for your network, the amount of work required to renumber is greatly reduced. Reconfiguring your DHCP server and rebooting network devices will renumber your devices automatically. You may still require several new static IP addresses for devices which support DHCP technology i.e. for devices such as nameservers on production networks you may still require several new static IP addresses.
Unfortunately, if you have static IP addressing throughout your network, and your network does not easily support either NAT or DHCP reconfiguration, you may have to manually renumber your network.
If your company is using large amounts of IP address space, such as /19 (32 Class Cs) or larger, you can approach APNIC directly, requesting your own provider independent IP address block.

Question: Who is driving the changes?

International Internet numbering authorities such as IANA, APNIC, RIPE and ARIN recommend “Best Internet Practises” be maintained by all suppliers of Internet services.
Within New Zealand, International ISP’s such as Telecom, Telstra, Clear, The Internet Group, and IBM are supporting the initiative, along with national ISP’s, all of whom sub-allocate IP addresses under APNIC policy.
Internet user’s world-wide benefit by New Zealand successfully implementing these changes.

There does need to be a combined and rational approach to the problem, so International ISP’s, national ISP’s and end-users will need to work closely and communicate effectively to co-ordinate the changes as they take place.

Question: Whom can I contact to get more information?

Your ISP or upstream Internet Service Provider should be able to help with any questions regarding renumbering.

Your International ISP will also be able to help you by supplying new contiguous IP address blocks.

Additional supporting information can be found at http://www.netgate.net.nz, which has references to the latest APNIC RFC’s and policy documentation regarding IP address allocations (such as RFC 2050).

Contact can also be made directly with APNIC at http://www.apnic.net for IP address allocation request forms and further information.