Never Use Registered IP Addresses!

How's that for flying in the face of common sense? Actually, what it should have said was "Only Internet Service Providers Should Use Registered Addresses." Let me explain...

What is a Registered Address?

Simply put, a registered network is a small section of the Internet. It does not have to be attached to the Internet, and if it isn't, it represents a hole where it would be... a gap in the addresses. Because of the routing mechanisms, messages don't fall into these "holes" and get lost. In fact, the Internet gets by quite nicely in spite of these gaps. The bad part, is that the Internet is running out of available addresses, and restoring these blocks of addresses, filling in the holes, would be a wonderful help in the growth of the Internet. These registered-but-not-attached networks represent a significant portion of all addresses.

Who Has Registered Addresses?

At one time, the common wisdom stated that:

"Anyone Using IP Should Get Registered Addresses!"

Boy, was this wrong! Of course, it didn't seem wrong at the time, since almost nobody actually used IP. The phenomenal growth was not foreseen, or a different recommendation would have been offered. Over the years, thousands of companies requested and were assigned large blocks of IP Addresses. These IP Addresses are almost never in actual use, and therefore represent millions of addresses lost.

Who Should Have Registered Addresses?

The Internet Service Providers should be the only ones with actual blocks of registered IP Addresses. These organizations are attached to each other (forming the Internet) and in turn provide the attachment points for companies, schools, societies, foundations and individuals.

The Internet Service Providers would issue a very few IP Addresses to the organizations or individuals that they serve.

Get By With "Just a Few?"

Where in the past each workstation needed its own registered address, technology exists today to allow thousands of client workstations to share a single IP Address between them. Not only does this increase by a vast quantity the number of organizations that can be attached, it greatly enhances the security of those organizations.

Wouldn't a New ISP Change the Addresses?

Since an organization's IP Addresses would be "loaned" to them by their Internet Service Provider, a change in ISP would result in a change in the external IP Address. This doesn't represent much of a problem, since most people and computers refer to addresses by name rather than by number. The numeric IP Address would change, but the mnemonic name would not have to. For this reason, an organization should contract for domain name service independent of Internet access, to prevent a change in ISP from interrupting the name-to-address mapping function.

How Many Addresses Does an Organization Need?

This is a simple rule. An organization needs one IP Address for each distinct server of a given type, plus one to be shared by all of their clients. For example, if an organization operates a Web "farm" of 40 Web Servers for customers, then a unique IP Address will be required for each of the 40 servers, plus one for internal clients, adding up to 41. The IP Addresses in use by the Web Servers may be shared with servers for other functions, like email, so that additional addresses would not be required. If an organization had no services that the outside world would need, than that organization would need just one IP Address to be shared by all internal clients.

How Does This Help Security?

Someone wishing to invade a network needs a number of clues. Concentration of all traffic through a single IP Address denies the potential intruder any knowledge about the size or topology of the target network. And, if there are no internal servers that the outside world needs to see, the devices would block all attempts at access.

What Should We Be Doing?

If there is any way to do it, we should be taking back the masses of IP Addresses that were issued to companies that are not Internet Service Providers before the growth began. This would recover millions upon millions of addresses for future use.

Whether we can do that or not, we should stop issuing IP Addresses to organizations that are not ISPs. We should always always always use RFC 1597 addresses in our network designs. These network addresses are free for the taking and work fine in a private network. If that private network needs to communicate with other networks or the Public Internet, add a NAT. Preferably add one of ours.

This page was last modified on 25 September, 1995.

This document is proprietary to Network Safety and may be copied and distributed freely, as long as this statement is retained in all copies. Network Safety, WebElite, DialNAT and NetNAT are trademarks of Network Safety. For information on our products and services, please contact our sales department. This page was prepared using WebElite, our professional editor for the Web.