Network Addressing and Uniqueness

Have you ever pondered why network addresses need to be unique? Well, probably not. Why would you? But a lot of very smart people have. Here’s the kicker. They don’t agree on the reasons, or even on the premise itself!

I should point out that no matter which side of the debate people are on, there is no debate that addressing has to be unique within a particular local scope, however that is defined. So, for instance, for your iPhone, PC, and Wii to all coexist happily on your home network, they must all have unique addresses. Otherwise, when one devices wants to talk to another, there is no way for the desired device to know it needs to listen. But even then, those addresses only have to be unique during that instant in time! They can change over time without impairing the ability of two devices to actually communicate, so long as there is some way for those devices to discover who has what address when it’s time to talk.

Consider that the same has to apply for any network, no matter its size. So, for your PC on your home network to retrieve a web page from Japan, both your PC and the web server in Japan need to have unique addresses, the former so the web server can get its answer back to you and the latter so you can make the request in the first place. But again, these addresses need not be constant over time, only for long enough for a conversation to happen.

Some folks noticed a long time ago that not every device is trying to communicate at the same time. They realized that they could share one address between multiple devices by adding a device between those devices and the network. This is known as Network Address Translation, or NAT. NAT can be used for multiple purposes but it is usually used to attach a whole home network to the Internet on a consumer connection that only allows one device (one address). And, for the most part, this works as long as the magic in the NAT device works properly in the face of what the devices behind it want to do.

The fact that NAT has been very successful in many circumstances where only limited network connectivity is required (browse web pages, read email) has led to a lot of confusion over why a network operator might need a pool of globally unique addresses on his network even if it is not connected to the global network. After all, he could just use NAT, couldn’t he? And isn’t it a waste if those addresses are not used publicly?

Well, on a small scale, that is correct. However, consider the case of a company whose business requires a lot of private interconnections with customers. There are many viable reasons why this might be so, but the most important is dealing with sensitive data. It still doesn’t sound bad, does it? The big company can just provide an address from its network to each of the companies it connects with and the private communication can happen without impacting anyone, and without using a globally unique address, right? Well, possibly. As long as none of the companies connecting to $bigcorp is using the same address numbers on its network. Of course, that can be worked around.

Now consider that among all those associates of $bigcorp, we have subsets who must communicate with each other but don’t care about the rest. Lets say that $a and $b have an interconnect. And assume that $b and $c do. Let’s add in $e, $f, $g, and $g who have a mutual shared mesh between them. And lets consider $othercorp, who has no need to talk to $bigcorp, has interconnects with $a through $g. Start drawing out the connection graphs and you will see that this becomes absurd very quickly.

On the Internet, there are several ranges of addresses that are set aside for non-connected or private use. But these are limited. As the number of participants in a web of interconnections increases, it becomes harder and harder to make sure that those groups that wish to talk to each other can. And any time a new participant comes in, another level of complexity is added. It is theoretically possible to manage it so that unique addressing is not required for every participant, but as the complexity increases, this becomes a problem of diminishing returns, especially as the level of interconnectedness between all participants becomes more complete or denser.

Instead, if every participant in $bigcorp’s mesh has globally unique addresses, and the same applies for $othercorp’s mesh, there is no problem with addressing. There is no need for complex address mapping at every border. There is no need for deep packet mangling to fix higher level protocols. None of that is necessary. Paradoxically, it also becomes easier to apply security policies across interconnects due to the unambiguous nature of the addresses on either side. Further, as each new participant in the interconnection web joins, there is no increase in addressing complexity.

This sort of web of private data interchange links may seem far fetched, but it is a lot more common than most people believe. So, while NAT and a private use range may be fine for a home user or small business with modest networking needs, that should not be used as a metric to say that everyone can or should make do with  NAT.  It also highlights why addresses currently allocated by the central address authorities but which are not currently visible on the public Internet are not necessarily wasted or unused. In fact, the public Internet is the anomaly in all of this; it just happens to be an interconnection web that has an extremely high level of interconnectedness over a very wide scope. But it is not the only network or internetwork that uses the same protocols nor is it entirely independent of those other internetworks.

So, the next time you hear about how $entity has $bignum addresses that they are not using, consider that they may very well be using them in some circumstance that you cannot see.

In fact, it is one of my greatest hopes that when IPv6 is finally deployed widely, anyone who wishes to obtain globally unique addresses is allowed to do so. It will simply make the pain a lot less. Of course, there will need to be a lot of paradigm shifting before that happens as most of the people involved are used to the current IPv4 regime where addresses are in such short supply that severe restrictions on allocations have to be maintained. IPv6 does not, for the moment, suffer from that problem.

 

Leave a Reply

Your email address will not be published. Required fields are marked *