Private address and static IP as an commercial offer.
Hi All, I appreciate if someone clarifies the situations for the following; 1- Address Translation and Private Address Space Usage. Some of my customers want to use public addresses with no technical reason. Their main concern is to avoid the extra expenditure for a NAT/proxy/firewall. Should I force them to use one ? 2- I've seen the following advertisement on the net. Doesn't this constitute a violation of the policy as " IP addresses does not have any commercial value". There wasn't any extra info whether this amount was billed for dns records or any other service. Advertisement was from ARIN region. "For just an additional $15/month, you can get a single static IP address - perfect for using your company's VPN (Virtual Private Network) or accessing the corporate network. The Static IP feature is only available at your residential location. Currently, the feature is only available for new customers in certain areas. For more information and to order your Static IP address today, please call x-xxx-xxx-xxxx and ask for the "Static IP feature". " thnx arif ao189-ripe -------------------------------------------------------------- Arif OKTAY Türk Telekom Turk Telekom Biliþim Aðlarý Dairesi Informatics Department IP Uygulamalarý Müdürlüðü IP Applications Group Tel:+90 312 5551922 Fax:+90 312 5551959 -------------------------------------------------------------- JACK (V.O.) When deep space exploration ramps up, it will be corporations that name everything. The IBM Stellar Sphere. The Philip Morris Galaxy. Planet Starbucks. --------------------------------------- Fight Club ---
Hi Arif. Arif OKTAY wrote:
1- Address Translation and Private Address Space Usage. Some of my customers want to use public addresses with no technical reason. Their main concern is to avoid the extra expenditure for a NAT/proxy/firewall. Should I force them to use one ?
I wouldn't do so. Since it is not mandatory or at least strictly recommended to use NAT etc. the customer certainly can ask for public address space to connect his LAN or whatever to the Internet. And I would consider the try to avoid unnecessary expenditure (from their pont of view!) as quite reaso- nable - especially if it's a small, just starting company. Nevertheless it should generally be pointed out that the use of NAT etc. does have some benefits, i.e. address space conservation, and a LIR should offer this to customers as the first choice.
2- I've seen the following advertisement on the net. Doesn't this constitute a violation of the policy as " IP addresses does not have any commercial value". There wasn't any extra info whether this amount was billed for dns records or any other service. Advertisement was from ARIN region.
The absence of some mentioning of extra costs due to a static IP address doesn't imply the selling of an IP address itself for me, since inherently there might be some additional service costs for that (router config, reverse mapping etc. pp.) - but the question weather US$ 15/m (iow. US$ 180 per year!) for this kind of service are appropriate or not is another one... Best regards, Carsten iPrimus Telecommunications GmbH, Germany
| Nevertheless it should generally be pointed out that the use of NAT etc. does | have some benefits, i.e. address space conservation, and a LIR should offer | this to customers as the first choice. The current policy is not so. Alltough NAT has its advatages, it does also have its disadvatages. The current policy is, and shoud continue to be in my opinion, to give the customers the amount of addresses they can document a need for. -hph
At 11:45 14/06/2001, Arif OKTAY wrote:
2- I've seen the following advertisement on the net. Doesn't this constitute a violation of the policy as " IP addresses does not have any commercial value".
There is an argument to be made that assigning static IPs places a monetizable cost on the ISP, in terms of extra systems, configuration, support etc. Wouldn't these be legitimate reasons for charging? Alex.
Arif OKTAY wrote:
Hi All,
I appreciate if someone clarifies the situations for the following;
1- Address Translation and Private Address Space Usage. Some of my customers want to use public addresses with no technical reason. Their main concern is to avoid the extra expenditure for a NAT/proxy/firewall. Should I force them to use one ?
To quote ripe-185: "Private Address Space: Using private addresses helps to meet the conservation goal. For this reason, users should always be informed that private addresses might be a viable option. In particular, private address space can be employed if not all hosts require network layer access to the Internet. Although users are not required to use private address space even if it would satisfy their needs, it is important that they have considered the possi- bility. The private-considered field in the network overview form should be checked after the requester has indicated whether it is applicable for the user's network." Thus, as long as a customer is made aware of the possibility of using private address space, there is no *requirement* that private address space is actually used.
2- I've seen the following advertisement on the net. Doesn't this constitute a violation of the policy as " IP addresses does not have any commercial value". There wasn't any extra info whether this amount was billed for dns records or any other service. Advertisement was from ARIN region.
"For just an additional $15/month, you can get a single static IP address - perfect for using your company's VPN (Virtual Private Network) or accessing the corporate network. The Static IP feature is only available at your residential location. Currently, the feature is only available for new customers in certain areas. For more information and to order your Static IP address today, please call x-xxx-xxx-xxxx and ask for the "Static IP feature". "
In the RIPE region, again ripe-185 applies: 2) Charging Policies A Local IR must publish its charging policy. The policy is defined in ripe-152 [Norris96a]: "Address space is a finite resource with no intrinsic value and direct costs cannot be ascribed to it. While they may not charge for address space as such, registries may charge for their administrative and technical ser- vices. Registries must publish their operating procedures and details of the services they offer and the conditions and terms that apply, including scales of tariffs if applicable." Not knowing the details of this particular providers service, it's hard to comment too much. The $15/month (which may or may not be seen as reasonable) would probably be seen as an additional charge for "administrative and technical services" for the static IP *feature* rather than a charge for the IP address itself. James
Hi, On Thu, Jun 14, 2001 at 01:45:53PM +0300, Arif OKTAY wrote:
I appreciate if someone clarifies the situations for the following;
1- Address Translation and Private Address Space Usage. Some of my customers want to use public addresses with no technical reason. Their main concern is to avoid the extra expenditure for a NAT/proxy/firewall. Should I force them to use one ?
"I do not want to use NAT" *is* a valid reason for public address space. RIPE policy is NOT to force NAT on people. The policy is "tell people that NAT exists, explain to them what the benefits are, tell them that addresses *are* sparse, but if they want real addresses, give 'em some".
2- I've seen the following advertisement on the net. Doesn't this constitute a violation of the policy as " IP addresses does not have any commercial value". There wasn't any extra info whether this amount was billed for dns records or any other service. Advertisement was from ARIN region.
In the RIPE region, it's highly discouraged to offer IP addresses "for money". It's not too unusual, though, that a dynamic IP dialup account *is* cheaper than one with static addresses (because it's much more work for the ISP). The real problem are things like "with this contract, you get 32 IPs, and for another $100/month, you get a full Class C". Gert Doering -- NetMaster -- SpaceNet AG Mail: netmaster@Space.Net Joseph-Dollinger-Bogen 14 Tel : +49-89-32356-0 80807 Muenchen Fax : +49-89-32356-299
The policy is "tell people that NAT exists, explain to them what the benefits are
what benefits are there? and before you say "security" please go read just about any mailing list archive. the informal ietf position is that there are no advantages to nats, and lots of disadvantages. randy
Hi, On Mon, Jun 18, 2001 at 12:48:28AM -0700, Randy Bush wrote:
The policy is "tell people that NAT exists, explain to them what the benefits are
what benefits are there? and before you say "security" please go read just about any mailing list archive.
Ease of changing ISPs, ease of internal network structuring (that is: "just use class Cs because that's the default netmask in Windoze"), *plus* security. Yes, there are drawbacks, and it's not the maximum security you can get, but as long as the router isn't broken, it's more secure than giving full access to every machine in your network.
the informal ietf position is that there are no advantages to nats, and lots of disadvantages.
Which is a known point of view :) Gert Doering -- NetMaster -- SpaceNet AG Mail: netmaster@Space.Net Joseph-Dollinger-Bogen 14 Tel : +49-89-32356-0 80807 Muenchen Fax : +49-89-32356-299
| On Mon, Jun 18, 2001 at 12:48:28AM -0700, Randy Bush wrote: | > > The policy is "tell people that NAT exists, explain to them what the | > > benefits are | > | > what benefits are there? and before you say "security" please go read | > just about any mailing list archive. | | Ease of changing ISPs, I have to change my DHCP server, won't take too long. And if I had put in my sevrers there, with a static address it would be even simpler.
ease of internal network structuring (that is: | "just use class Cs because that's the default netmask in Windoze"), *plus*
Since I am using DHCP I enter the netmask there, nowere else. | security. My main security concern is people sending confidential documents as email attachments... |Yes, there are drawbacks, and it's not the maximum security | you can get, but as long as the router isn't broken, it's more secure | than giving full access to every machine in your network. Oh, that is 1 line of configuration "deny all" which breaks excactly the same things as NAT. | | > the informal ietf position is that there are no advantages to nats, and | > lots of disadvantages. | | Which is a known point of view :) Maybe that point of view is there for a reason ? -hph
Hi, On Mon, Jun 18, 2001 at 02:12:42PM +0200, Hans Petter Holen wrote:
| > the informal ietf position is that there are no advantages to nats, and | > lots of disadvantages. | Which is a known point of view :) Maybe that point of view is there for a reason ?
Well - the IETF considers IP an end-to-end thing, which is a valid point of view, but obviously not the only one. Especially for security reasons, things like proxies might be desireable, which also break end-to-end IP, just at a different layer. I'm not saying that NAT is the cure for all evils, I just want to state that it is not the *root* of all evils either. Gert Doering -- NetMaster -- SpaceNet AG Mail: netmaster@Space.Net Joseph-Dollinger-Bogen 14 Tel : +49-89-32356-0 80807 Muenchen Fax : +49-89-32356-299
I think, at least when I worked for the RIPE registry we did, the registry only makes people aware of the technology and doesn't support or denounce it. This is as it should be. To NAT or not to NAT is often a business decision that needs to be made by the end user. Keeping end users informed of such technology is a good thing. Forcing people to either use it or not use it would be a bad thing. I get the impression that NATs are widely used throughout Europe. Often seen as a way of addressing IP conservation issues and security at the same time. Often people aren't aware of the disadvantages though. JC
At 08:48 18/06/2001, Randy Bush wrote:
The policy is "tell people that NAT exists, explain to them what the benefits are
what benefits are there?
In practice, a major benefit to using NAT is that it doesn't require the co-operation of either the ISP or the registry. For many small/medium enterprises, the turnaround time and extra form filling to obtain an assignment aren't worth it, especially when combined with the other benefits to NAT mentioned here. Alex.
Alex French wrote:
At 08:48 18/06/2001, Randy Bush wrote:
The policy is "tell people that NAT exists, explain to them what the benefits are
what benefits are there?
In practice, a major benefit to using NAT is that it doesn't require the co-operation of either the ISP or the registry. For many small/medium enterprises, the turnaround time and extra form filling to obtain an assignment aren't worth it, especially when combined with the other benefits to NAT mentioned here.
Alex.
Hello all, Working for an ISP I find that NAT is advantageous over legitimate addressing for several reasons. The first is that which Alex mentioned, no paperwork = no delay. The wait queue at the Ripe NCC can be lengthy sometimes. Secondly, address space conservation, as far as our own /19 allocation is concerned we can more effectively use this space for those that truly need legitimate address space. The majority of commercial connections need at best a /29 or /28 for a mail server and or a web server the rest of their lan is usually either behind a firewall or nat'd on the router. Thirdly security. We used double NAT for firewalling customers, meaning the firewall is nat'd at the router and the local lan is nat'd behind the firewall. With access lists on the router this increases the security by adding more layers to the security model, rather than hard shell soft centre. I always ask the customer to think about what they really need legitimate addressing for. 99% of the time they just have no need for public address space. just my 2p's worth! (or 2cents or .02 euros worth) -- Mark S. Guz Senior System/Network Engineer IT Scotland On Line Technology Park Gemini Crescent Dundee DD2 1SW Tel + 44 (0) 1382 429000 Fax + 44 (0) 1382 429001 http://www.scotlandonline.co.uk This message is confidential and may contain privileged information. You should not disclose its contents to any other person. If you are not the intended recipient, please notify the sender named above immediately. It is expressly declared that this e-mail does not constitute nor form part of a contract or unilateral obligation. Opinions, conclusions and other information in this message that do not relate to the official business of Scotland On Line Limited shall be understood as neither given nor endorsed by it.
At 09:48 AM 18.6.01, Randy Bush wrote:
what benefits are there? and before you say "security" please go read just about any mailing list archive.
The immediate benefit is that you can use a *large* amount of address space. This allows you to make an addressing plan that matches the current and expected structure of your network much better than the smaller amount that is strictly necessary according to the assignment rules for public address space. If your network is of a mainly private nature with well defined needs for external connectivity that are not expected to change rapidly, NAT is an option. If you want your hosts on the Internet all the time and want to be able to meet the needs of new applications quickly then NAT is probably not a good idea. At home I run a neighbourhood network behind a NAT. The reason to choose for a NAT here is to allow for easy build-out and extension with an un-plannable number of hosts. Basically each house has a largish block of DHCP distributed addresses. This way people do not have to interact with me when they connect a new machine. You won't believe how many computers have surfaced in some homes. The newest fad is laptoys. Still I have had no complaints about services people cannot use. Daniel
participants (10)
-
Alex French -
Arif OKTAY -
Carsten Schiefner -
Daniel Karrenberg -
Gert Doering -
Hans Petter Holen -
James Aldridge -
John Crain -
Mark S. Guz -
Randy Bush