New Policy: Use of PennNet IP Address Space - Almanac, Vol. 46, No. 21, 2/15/2000

Information Systems and Computing has issued the following policy effective January 24, 2000. For the full policy, including Recommendations and Best Practices not listed here, please see www.isc-net.upenn.edu/policy/approved/20000124-ipaddress.html.

Highlights of New Policy on the Use of PennNet IP Address Space

(No. 20000124-ipaddress)

I. Background

As the Internet continues to grow, the need to maintain accurate IP address information becomes increasingly important for the proper management of Penn's network. Unregistered IP addresses can cause significant problems to the effective use of PennNet. While unregistered addresses may appear to function correctly, they can lead to:

operational failure of network devices (those that have been properly registered as well as unregistered devices or sometimes both)
inability of network and information security technicians to troubleshoot the network
inaccurate or misrepresented billing charges due to lack of accurate tracking data
increased costs to all users due to theft of services

II. Policy Scope

This policy applies to:

all network-connected devices (desktop computers, servers, network printers, etc.) configured with PennNet IP addresses and/or devices with non-globally routable IP addresses which rely upon PennNet for connection to the Internet
devices that have either static or dynamic (such as through the Dynamic Host Configuration Protocol (DHCP) or similar means) IP address configuration
devices that may connect using a Network Address Translation (NAT) service

A table of IP address ranges covered by this policy is available at www.isc-net.upenn.edu/policy/supporting/pennnet-ipranges.html.

III. Policy Statement

Every network interface configured with one or more IP addresses, including addresses from the non-globally routable ranges, must have corresponding entries for all of these IP addresses in Penn's central database--Assignments. (See www.isc-net.upenn.edu/networking/assignments/ for more information on the Assignments database.)
Network-connected devices that have static IP configurations must not use IP addresses already registered in the Assignments database for other devices.
IP addresses registered in the Assignments database for dynamic IP address assignment must not be used as part of a static configuration by any network-connected device.

IV. Recommendations

The following related practices are strongly recommended by ISC

Networking, towards a more efficient, secure and reliable network.
Record and update accurate information about all registered devices in the Assignments program, including device location, vendor and model, and associated technical contact(s) and primary user(s). Accurate and complete records help make rapid notification to the LSP and/or the network user possible in the event of a problem.
Remove from the Assignments database entries for devices that have been permanently disconnected from PennNet. This helps to preserve addresses for use by active nodes, and helps to maintain more accurate billing information.
Avoid "pre-registering" blocks of addresses in Assignments intended for use later in static IP configurations. While some areas have used this practice in the past to allow for more rapid address assignment in cases where Assignments users have been unavailable, it can result in inefficient use of network address space and needless charges for unused IP addresses. The preferred approach to rapid address assignment is to have more than one authorized Assignments user within any area where such rapid address assignment is a frequent issue.
Configure any existing devices that connect using a NAT (Network Address Translation) service with IP addresses from one of the non-globally routable IP address ranges.
Use IP addresses from one of the non-globally routable IP address ranges for special-purpose private networks that interconnect servers for purposes such as clustering, disk sharing, data backups, etc., and that are configured to not forward traffic off that private network.
Recommendations on the selection of addresses in the non-globally routable IP address ranges can be found at www.isc-net.upenn.edu/policy/supporting/nonroutable.html. Multiple people may register the same address from within the non-globally routable ranges. These addresses are not required to be unique.

V. Amnesty Period

Through June 30, 2000, ISC Networking encourages current users of unregistered IP addresses to properly register them using the practices described in this policy. Starting July 1, 2000, ISC Networking reserves the right to actively scan the network infrastructure components (e.g., routers, switches, etc.) in an effort to discover non-compliant devices which will thereafter be subject to the full terms of the Compliance section of the policy, including possible disconnection from the network.

--Information Systems and Computing, Networking

Almanac, Vol. 46, No. 21, February 15, 2000

| FRONT PAGE | CONTENTS | JOB-OPS | CRIMESTATS | TAT: "Teaching With New Tools" (P. Kuriloff) | TALK ABOUT TEACHING ARCHIVE | BETWEEN ISSUES | FEBRUARY at PENN |