As per Relevance of the word different, we have this rfc below:
Network Working Group S.
Request for Comments: 1681 AT&T Bell
Category: Informational August 1994
On Many Addresses per
Status of this
This memo provides information for the Internet community. This
does not specify an Internet standard of any kind. Distribution
this memo is unlimited
This document was submitted to the IETF IPng area in response to
1550. Publication of this document does not imply acceptance by
IPng area of any ideas expressed within. Comments should
submitted to the big-internet@munnari.oz.au mailing list
Overview and
Currently, most hosts have only one address. With comparatively
exceptions, hosts as hosts -- as opposed to hosts acting as
or PPP servers -- are single-homed. Our address space
reflect this; we are assuming that we can estimate the size of
address space by counting hosts. But this may be a serious error.
suggest that that model may -- and should -- change
For the ideas outlined below, I do not claim that multiple
per host is the only or even necessarily the best way to
the goal. I do claim that my ideas are at the very least plausible
and that I expect that many of them will be tried
Encoding
More and more often, services are being encoded in the host name
One can fetch files from ftp.research.att.com, look up an IP
on ns.uu.net, synchronize clocks from ntp.udel.edu, etc. Should
practice be generalized to the IP address domain
In some cases it would be a very good idea. Certain services need
be configured by IP address; they are either used when the DNS
being bootstrapped (such as in glue records and root server
records), or when its unavailable (i.e., when booting after a
hit, and the local name servers are slower to reboot than
diskless clients
Bellovin [Page 1]
RFC 1681 On Many Addresses per Host August 1994
Security is another reason, in some cases. Address-
authentication is bad enough; relying on the name service
another layer of risk. An attacker can go after the DNS, in
case. A risk-averse system manager might prefer to avoid the
exposure, instead granting privileges (i.e., rlogin or NFS)
address instead of name. But that, of course, leads to all the
headaches when the location of the service changes. If the
for the service could be held constant, there would be much
freedom to move it to another machine. One way to do that is
assigning the serving host a secondary address
A related notion comes from the need to offer different views of
service from a single host. For example, research.att.com has
offered two distinct FTP archives, with slightly different
policies. It would be nice if both could live on the same machine
without asking the user community to learn new protocols or
port numbers
Archie is an even better example. There are three principal ways
use Archie: use a special protocol, and hence a special
program, on a dedicated port and host that is probably
archie.foo.bar; telnet to archie.foo.bar and go through an extra
gratuitous login as archie, or telnet to some special port
archie.foo.bar. The latter two are examples of using a
protocol (telnet) to offer a different service. Neither
is very convenient
It would be better if archie.foo.bar provided the Archie service
while host.foo.bar provided a login prompt. Again -- an easy way
do this is to assign the host a separate IP address for its
service
Note that there are security advantages here, too. A firewall
be configured to allow access to the address associated with
Archie server, but not the other addresses on that host. That
provide a high degree of safety, assuming, of course, that the
servers on that host were bound to its primary addresses, and not
exposed address
Another way to implement this concept would be to extend the DNS,
return port number information as well as IP addresses. Thus
netlib.att.com might return 192.20.225.3/221. But that
necessitate changing every FTP client program, a daunting task
We could also look on this as the extension of the MX concept.
records are very valuable, but they apply only to mail, and
don't supply port numbers. Again, changing this would
massive client program changes
Bellovin [Page 2]
RFC 1681 On Many Addresses per Host August 1994
Accounting and
For better or worse, some parts of the Internet are moving
usage-sensitive charging. At least four charging schemes
possible; doubtless, the marketeers in charge of such things can
will come up with more
The first is the traditional "pay as you go" approach. Each host
responsible for its own packets. Of course, that means that in
typical conversation, both parties pay -- and the providers of
FTP archives will end up paying dearly for their beneficence.
leads to our second model: caller pays. Other people might want
make collect calls, much as is done on the telephone today. Finally
there might be the equivalent of American "900" numbers: the
pays a premium to the server
This is not at all far-fetched; UUNET already has a 900 number
anonymous uucp clients. No need to register in advance; just
in, and let the phone company act as your agent
Given all these schemes, it is vital that the caller and
know in advance who will pay. It is not acceptable for users
learn, only after the fact, that they have incurred a cost. We
envision use of IP options, but again, that would preclude use
today's standard clients
It is not sufficient to present a message at connection time
of the charges. Many interactions do not provide a hook for
interaction. And there are security concerns -- suppose that
puts up a gopher server that redirects a caller to some pay-to-
address, without displaying the required warning. A scam? Sure --
but it's already happened with the phone network, and I see no
to think that the Internet will be far behind
My suggestion, of course, is to encode the charge algorithm in
destination address (and perhaps in the DNS name space as well).
bits themselves would determine who pays. Organizational
routers could implement policies on pay services; the
workstations in a dorm computer lab wouldn't be allowed to
collect
An extension of this scheme would use a comparatively large number
bits, letting the address act not just as a policy indicator,
also as an index to a charge algorithm table
Bellovin [Page 3]
RFC 1681 On Many Addresses per Host August 1994
Addresses per
It may be useful to assign each user on a host a separate IP address
for the duration of the login session. This has a number
advantages
The first ties in with the charging scheme given above. Usage
sensitive accounting today is done by routers, and they have
notion of who is using the hosts. If each user had a separate
address, we could continue to gather the accounting data at
router. The host would simply have to record the
assignments; billing could be done offline
Similarly, different classes of users could have different forms
addresses. Those with hard-money accounts might have some bits
in the address that would allow for access to costly services.
border routers could make this sort of distinction, using today'
technology
An IP address per user also fits in well with encryption. There is
lot of attention today focused on network-layer encryption. But
provides host-level granularity of protection, which is
insufficient. Transport-layer encryptors provide finer-
protection, but does the Internet need two different low-
encryption schemes? If each user had a separate IP address --
perhaps had it only on hosts that cared about such matters --
could provide user-level protection and accounability, with the
infrastructure used to support host-level accountability
Low-Grade
There are several schemes under discussion for mobile IP hosts
These are aimed at a fairly general model of hosts moving anywhere
While that is important, there is also some need for
mobility, within a subnet. This could be used for load-balancing.
mail relay that had just been asked to send a large message to a
mailing list could offload some of its IP addresses to its peers
That would divert future incoming messages without
thousands of cached MX records and their associated IP addresses
Similarly, servers for low-speed X terminals could reside
different physical machines, all the while not disturbing sessions
progress
Merging
There has long been some need to merge subnets. Sometimes this
due to organizational changes; other times, people have
bridges when routers would have been a more appropriate choice.
Bellovin [Page 4]
RFC 1681 On Many Addresses per Host August 1994
hosts need to live on both logical networks at once, to avoid
extra hop through a router. It would be useful to be able to
them such addresses
How Many Addresses Do We Need
Assuming that some of these ideas bear fruit, how many addresses
we need, per host
Most of these schemes are fairly cheap. Few people would offer
than a handful of distinct service views per system. But
address-per-user notion could be quite costly. We also have
account for address mask assignment policies. In many of today'
networks, enough bits of host address have to be allocated to
for the largest subnet in an organization. Even if we assume
IPng's routing protocols will be smarter about such things,
in address allocation will be needed to allow headroom for
networks to grow, while still maintaining a contiguous netmask.
in turn will contribute to sparse utilization of the address space
Accordingly, I recommend that we allow for 2^6, and perhaps as
as 2^8, extra addresses per host, to leave room for the
presented here
I should note that the idea of encoding the service in the
address bears some relation to OSI's model. That similarity
not, of course, invalidate the idea
Some of these ideas were derived from conversations with Matt Blaze
Security
Security issues are discussed throughout this memo
Author's
Steven M.
Software Engineering Research
AT&T Bell
600 Mountain
Murray Hill, NJ 07974,
Phone: +1 908-582-5886
Fax: +1 908-582-3063
EMail: smb@research.att.
Bellovin [Page 5]
if you see any problems within the linking, don't worry be happy,
this is version 0.1 of the Relevance System and you gotta expect some crappy subroutines sometimes,
just be content we did not write this in Java, which would have made this "bigger and better" HAHAHHA.
RFC documents can be found at I.E.T.F.
Relevance System Copyright © 2002 Spectrum WorldResearch
other technical nosh by ServerMasters Corporation
collaboration of BobX
