draft-ietf-grow-embed-addr-03.txt   draft-ietf-grow-embed-addr-04.txt 
Global Routing Operations D. Plonka Global Routing Operations D. Plonka
Internet-Draft University of Wisconsin Internet-Draft University of Wisconsin
Expires: December 7, 2004 June 8, 2004 Expires: April 22, 2005 October 22, 2004
Embedding Globally Routable Internet Addresses Considered Harmful Embedding Globally Routable Internet Addresses Considered Harmful
draft-ietf-grow-embed-addr-03 draft-ietf-grow-embed-addr-04
Status of this Memo Status of this Memo
This document is an Internet-Draft and is in full conformance with This document is an Internet-Draft and is subject to all provisions
all provisions of Section 10 of RFC2026. of section 3 of RFC 3667. By submitting this Internet-Draft, each
author represents that any applicable patent or other IPR claims of
which he or she is aware have been or will be disclosed, and any of
which he or she become aware will be disclosed, in accordance with
RFC 3668.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as other groups may also distribute working documents as
Internet-Drafts. Internet-Drafts.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt. http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html. http://www.ietf.org/shadow.html.
This Internet-Draft will expire on December 7, 2004. This Internet-Draft will expire on April 22, 2005.
Copyright Notice Copyright Notice
Copyright (C) The Internet Society (2004). All Rights Reserved. Copyright (C) The Internet Society (2004).
Abstract Abstract
This document means to clarify best current practices in the Internet This document means to clarify best current practices in the Internet
community. Internet hosts should not contain globally routable community. Internet hosts should not contain globally routable
Internet Protocol addresses embedded within firmware or elsewhere as Internet Protocol addresses embedded within firmware or elsewhere as
part of their default configuration such that it influences run-time part of their default configuration such that it influences run-time
behavior. behavior.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4
2. Problems . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
3. Recommendations . . . . . . . . . . . . . . . . . . . . . . . 5
3.1 Disable Unused Features . . . . . . . . . . . . . . . . . 6
3.2 Provide User Interface for IP Features . . . . . . . . . . 6
3.3 Use Domain Names as Service Identifiers . . . . . . . . . 6
3.4 Use Special-Purpose, Reserved IP Addresses When
Available . . . . . . . . . . . . . . . . . . . . . . . . 7
3.5 Discover and Utilize Local Services . . . . . . . . . . . 7
3.6 Avoid Mentioning the IP Addresses of Services . . . . . . 8
4. Security Considerations . . . . . . . . . . . . . . . . . . . 8
5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 8
6. Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . 8
7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 9
8. References . . . . . . . . . . . . . . . . . . . . . . . . . . 9
8.1 Normative References . . . . . . . . . . . . . . . . . . . . 9
8.2 Informative References . . . . . . . . . . . . . . . . . . . 9
Author's Address . . . . . . . . . . . . . . . . . . . . . . . 10
A. Background . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Intellectual Property and Copyright Statements . . . . . . . . 11
Revision History Revision History
RFC-EDITOR: PLEASE REMOVE REVISION HISTORY BEFORE PUBLICATION. The RFC-EDITOR: PLEASE REMOVE REVISION HISTORY BEFORE PUBLICATION. The
following is the revision history of this document following is the recent revision history of this document
$Log: draft-ietf-grow-embed-addr.xml,v $ $Log: draft-ietf-grow-embed-addr.xml,v $
Revision 1.17 2004/06/08 20:27:02 plonka Revision 1.19 2004/10/22 16:08:17 plonka
minor edits edits based on initial IESG evaluation for BCP:
renamed from "-02" to "-03"
Revision 1.16 2004/06/08 20:15:03 plonka
minor edits, fixed some typos
Revision 1.15 2004/06/08 14:16:45 plonka
revised conclusion based on input from Geoff Huston
added netgear-sntp technical report to list of informative references
Revision 1.14 2004/06/07 18:16:27 plonka
split references into normative and informative sections
Revision 1.13 2004/06/07 16:32:10 plonka
Set category to BCP.
Rewrote/resized abstract and introduction as suggested by Pekka Savola.
Improved section about using DNS names, re; hard-coding caveats, as
suggested by Pekka Savola.
Encouraged use of IPv4 documentation/example prefix 192.0.2.0/24 rather * fixed a typo reported by Spencer Dawkins
than private addresses, as noted by Pekka Savola.
Mentioned IPv6 2001:DB8::/32 documentation prefix, as noted by Tom Petch. * reworded the introduction as suggested by Ted Hardie to make it clear that
the document is about service identifiers used by the device, not the host
IP address it uses as a client of those services
Added note for RFC-editor requesting that revision history be removed. * improved recommendation to use DNS names based on comments by Harald
Alvestrand, Steve Bellovin, and Pekka Savola
Reworded various portions. * under Security Considerations, strengthened the opposition to ad hoc remote
control mechanisms by mentioned that they should be able to be disabled,
based on comment by Russ Housley
Renamed from "-00" to "-01" and updated date. * used the term "mobility" rather than "portability" and "networks"
rather than "internets" based on comment by Thomas Narten.
Revision 1.12 2003/12/05 15:51:23 plonka Revision 1.18 2004/10/21 20:24:35 plonka
typo fixes and updates from Michael Patton changed from full RFC2026 to RFC3667 compliance
Revision 1.11 2003/12/02 22:28:04 plonka used compact as suggested by Pekka Savola
renamed from draft-plonka-embed-addr to draft-ietf-grow-embed-addr
integrated suggestions from Paul Barford added table of contents and sortrefs
reordered references to match the text
added quote from RFC2101 re: use of IPv4 addresses as identifiers added headings and subsections for specific recommendations
as mentioned by Brian Carpenter
Revision 1.10 2003/11/03 17:06:54 plonka added example of how domain names might be used, based on suggestion by
added background information in appendix Pekka Savola
Revision 1.9 2003/11/03 16:39:30 plonka added reference to RFC3849 now that it's available (re: IPv6 documentation
various updates based on input from Mike O'Connor: prefix)
- indicated that DNS server(s) should be configurable
- clarified DNS round-robin behavior
- clarified "unsolicited traffic" by saying "IP traffic"
added revision history and appendix A other minor edits
Figure 1 Figure 1
1. Introduction 1. Introduction
Vendors of consumer electronics and network gear have produced and Vendors of consumer electronics and network gear have unfortunately
sold hundreds of thousands of Internet hosts with globally routable chosen to embed, or "hard-code", globally routable Internet Protocol
Internet Protocol addresses embedded within their products' firmware. addresses within their products' firmware. These products use these
These products are now in operation world-wide and primarily include, embedded IP addresses as service identifiers and direct service
but are not necessarily limited to, low-cost routers and middleboxes requests (unsolicited Internet traffic) to them. One recent example
for personal or residential use. was the embedding of the globally routable IP address of a Network
Time Protocol server in the firmware of hundreds of thousands of
Internet hosts that are now in operation world-wide. The hosts are
primarily, but are not necessarily limited to, low-cost routers and
middleboxes for personal or residential use.
This "hard-coding" of globally routable IP addresses as identifiers This "hard-coding" of globally routable IP addresses as identifiers
within the host's firmware presents significant problems to the within the host's firmware presents significant problems to the
operation of the Internet and to the management of its address space. operation of the Internet and to the management of its address space.
Ostensibly, this practice arose as an attempt to simplify Ostensibly, this practice arose as an attempt to simplify
configuration of IP hosts by preloading them with IP addresses as configuration of IP hosts by preloading them with IP addresses as
service identifiers. Products that rely on such embedded IP service identifiers. Products that rely on such embedded IP
addresses initially may appear convenient to both the product's addresses initially may appear convenient to both the product's
designer and its operator or user, but this dubious benefit comes at designer and its operator or user, but this dubious benefit comes at
skipping to change at page 5, line 7 skipping to change at page 4, line 39
This document denounces the practice of embedding references to This document denounces the practice of embedding references to
unique, globally routable IP addresses in Internet hosts, describes unique, globally routable IP addresses in Internet hosts, describes
some of the resulting problems, and considers selected alternatives. some of the resulting problems, and considers selected alternatives.
It also reminds the Internet community of the ephemeral nature of It also reminds the Internet community of the ephemeral nature of
unique, globally routable IP addresses and that the assignment and unique, globally routable IP addresses and that the assignment and
use of IP addresses as identifiers is temporary and therefore should use of IP addresses as identifiers is temporary and therefore should
not be used in fixed configurations. not be used in fixed configurations.
2. Problems 2. Problems
In a number cases, the embedding of IP addresses has caused Internet In a number cases, the embedding of IP addresses in products has
products to rely on a single central Internet service. This can caused an increasing number of Internet hosts to rely on a single
result in a service outage when the aggregate workload overwhelms central Internet service. This can result in a service outage when
that service. When fixed addresses are embedded in an the aggregate workload overwhelms that service. When fixed addresses
ever-increasing number of client IP hosts, this practice runs are embedded in an ever-increasing number of client IP hosts, this
directly counter to the design intent of hierarchically deployed practice runs directly counter to the design intent of hierarchically
services that would otherwise be robust solutions. deployed services that would otherwise be robust solutions.
The reliability, scalability, and performance of many Internet The reliability, scalability, and performance of many Internet
services require that the pool of users not directly access a service services require that the pool of users not directly access a service
by IP address. Instead they typically rely on a level of indirection by IP address. Instead they typically rely on a level of indirection
provided by the Domain Name System, RFC 2219 [6]. DNS permits the provided by the Domain Name System, RFC 2219 [6]. When appropriately
service operator to reconfigure the resources for maintenance and to utilized, DNS permits the service operator to reconfigure the
load-balance without the participation of the users. For instance, resources for maintenance and to load-balance without the
one common load-balancing technique employs multiple DNS records with participation of the users and without necessitating configuration
the same name that are then rotated in a round-robin fashion in the changes in the client hosts. For instance, one common load-balancing
set of answers returned by many DNS server implementations. Upon technique employs multiple DNS records with the same name that are
receiving such a response to a query, resolvers typically will try then rotated in a round-robin fashion in the set of answers returned
the answers in order, until one succeeds, thus enabling the operator by many DNS server implementations. Upon receiving such a response
to distribute the user request load across a set of servers with to a query, resolvers typically will try the answers in order, until
discrete IP addresses that generally remain unknown to the user. one succeeds, thus enabling the operator to distribute the user
request load across a set of servers with discrete IP addresses that
generally remain unknown to the user.
Embedding globally unique IP addresses taints the IP address blocks Embedding globally unique IP addresses taints the IP address blocks
in which they reside, lessening the usefulness and portability of in which they reside, lessening the usefulness and mobility of those
those IP address blocks and increasing the cost of operation. IP address blocks and increasing the cost of operation. Unsolicited
Unsolicited traffic may continue to be delivered to the embedded traffic may continue to be delivered to the embedded address well
address well after the IP address or block has been reassigned and no after the IP address or block has been reassigned and no longer hosts
longer hosts the service for which that traffic was intended. Circa the service for which that traffic was intended. Circa 1997, the
1997, the authors of RFC 2101 [5] made this observation: authors of RFC 2101 [7] made this observation:
Due to dynamic address allocation and increasingly frequent Due to dynamic address allocation and increasingly frequent
network renumbering, temporal uniqueness of IPv4 addresses is no network renumbering, temporal uniqueness of IPv4 addresses is no
longer globally guaranteed, which puts their use as identifiers longer globally guaranteed, which puts their use as identifiers
into severe question. into severe question.
When IP addresses are used as service identifiers in the When IP addresses are used as service identifiers in the
configuration of many Internet hosts, the IP address blocks become configuration of many Internet hosts, the IP address blocks become
encumbered by their historical use. This may interfere with the encumbered by their historical use. This may interfere with the
ability of the Internet Assigned Numbers Authority (IANA) and the ability of the Internet Assigned Numbers Authority (IANA) and the
Internet Registry (IR) hierarchy to usefully reallocate IP address Internet Registry (IR) hierarchy to usefully reallocate IP address
blocks. Likewise, to facilitate IP address reuse, RFC 2050 [1], blocks. Likewise, to facilitate IP address reuse, RFC 2050 [1],
encourages Internet Service Providers (ISPs) to treat address encourages Internet Service Providers (ISPs) to treat address
assignments as "loans". assignments as "loans".
Because consumers are not necessarily experienced in the operation of Because consumers are not necessarily experienced in the operation of
skipping to change at page 7, line 9 skipping to change at page 5, line 47
Internet hosts, they are not able to be relied upon to fix problems Internet hosts, they are not able to be relied upon to fix problems
if and when they arise. As such, a significant responsibility lies if and when they arise. As such, a significant responsibility lies
with the manufacturer or vendor of the Internet host to avoid with the manufacturer or vendor of the Internet host to avoid
embedding IP addresses in ways which cause the aforementioned embedding IP addresses in ways which cause the aforementioned
problems. problems.
3. Recommendations 3. Recommendations
Internet host and router designers, including network product Internet host and router designers, including network product
manufacturers, should not assume that their products will be deployed manufacturers, should not assume that their products will be deployed
and used in only a single global Internet that they happen to observe and used in only the single global Internet that they happen to
today. A myriad of private or future internets in which these observe today. A myriad of private or future internetworks in which
products will be used may not allow those hosts to establish these products will be used may not allow those hosts to establish
end-to-end communications with arbitrary hosts on the global communications with arbitrary hosts on the global Internet. Since
Internet. Since the product failure modes resulting from unknown the product failure modes resulting from unknown future states cannot
future states cannot be fully explored, one should avoid assumptions be fully explored, one should avoid assumptions regarding the
regarding the longevity of our current Internet. longevity of our current Internet.
The following recommendations are presented as best practice today:
3.1 Disable Unused Features
Vendors should, by default, disable unnecessary features in their Vendors should, by default, disable unnecessary features in their
products. This is especially true of features that generate products. This is especially true of features that generate
unsolicited IP traffic. In this way these hosts will be conservative unsolicited Internet traffic. In this way these hosts will be
regarding the unsolicited Internet traffic they produce. For conservative regarding the unsolicited Internet traffic they produce.
instance, one of the most common uses of embedded IP addresses has For instance, one of the most common uses of embedded IP addresses
been the hard-coding of addresses of well know public Simple Network has been the hard-coding of addresses of well known public Simple
Time Protocol (SNTP RFC 2030 [7]) servers, even though only a small Network Time Protocol (SNTP RFC 2030 [8]) servers, even though only a
fraction of the users benefits from these products even having some small fraction of the users benefits from these products even having
notion of the current date and time. some notion of the current date and time.
3.2 Provide User Interface for IP Features
Vendors should provide an operator interface for every feature that Vendors should provide an operator interface for every feature that
generates unsolicited IP traffic. A prime example of this is that generates unsolicited Internet traffic. A prime example of this is
the Domain Name System resolver should have an interface enabling the that the Domain Name System resolver should have an interface
operator to either explicitly set the servers of his choosing or to enabling the operator to either explicitly set the servers of his
enable the use of a standard automated configuration protocol such as choosing or to enable the use of a standard automated configuration
DHCP, defined by RFC 2132 [8]. Within the operator interface, these protocol such as DHCP, defined by RFC 2132 [9]. Within the operator
features should originally be disabled so that one consequence of interface, these features should originally be disabled so that one
subsequently enabling these features is that the operator becomes consequence of subsequently enabling these features is that the
aware that the feature exists. This will mean that it is more likely operator becomes aware that the feature exists. This will mean that
that the product's owner or operator can participate in problem it is more likely that the product's owner or operator can
determination and mitigation when problems arise. participate in problem determination and mitigation when problems
arise.
RFC 2606 [2] defines the IANA-reserved "example.com", "example.net",
and "example.org" domains for use in example configurations and
documentation. These are candidate examples to be used in user
interface documentation.
3.3 Use Domain Names as Service Identifiers
Internet hosts should use the Domain Name System to determine the IP Internet hosts should use the Domain Name System to determine the IP
addresses associated with the Internet services they require. addresses associated with the Internet services they require.
However, simply hard-coding DNS names rather than IP addresses is not
a panacea. Entries in the domain name space are also ephemeral and When using domain names as service identifiers in the configurations
can change owners for various reasons including acquisitions and of deployed Internet hosts, designers and vendors are encouraged to
litigation. A given vendor ought not assume that anyone will retain introduce service names either within a domain which they control or
control of a given zone indefinitely. RFC 2606 [2] defines the have entered into an agreement with its operator to utilize (such as
IANA-reserved "example.com", "example.net", and "example.org" domains for public services provided by the Internet community). This is
for use in example configurations and documentation. commonly done by simply introducing a service-specific prefix to the
domain name.
For instance, a vendor named "Example, Inc." with the domain
"example.com" might configure its product to find its SNTP server by
the name "sntp-server.config.example.com" or even by a product and
version-specific name such as
"sntp-server.v1.widget.config.example.com". Here, the
"config.example.com" namespace is dedicated to that vendor's product
configuration, with sub-domains introduced as deemed necessary. Such
special-purpose domain names enable ongoing maintenance and
reconfiguration of the services for their client hosts and can aid in
the ongoing measurement of service usage throughout the product's
lifetime.
An alternative to inventing vendor-specific domain naming conventions
for a product's service identifiers is to utilize SVR resource
records (RR), defined by RFC 2782 [10]. SRV records are a generic
type of RR which uses a service-specific prefix in combination with a
base domain name. For example, an SVR-cognizant SNTP client might
discover Example, Inc.'s suggested NTP server by performing an
SVR-type query to lookup for "_ntp._udp.example.com".
However, note that simply hard-coding DNS name service identifiers
rather than IP addresses is not a panacea. Entries in the domain
name space are also ephemeral and can change owners for various
reasons including acquisitions and litigation. As such, developers
and vendors should explore a product's potential failure modes
resulting from the loss of administrative control of a given domain
for whatever reason.
3.4 Use Special-Purpose, Reserved IP Addresses When Available
Default configurations, documentation, and example configurations for Default configurations, documentation, and example configurations for
Internet hosts should use Internet addresses that reside within Internet hosts should use Internet addresses that reside within
special blocks that have been reserved for these purposes, rather special blocks that have been reserved for these purposes, rather
than unique, globally routable IP addresses. For IPv4, RFC 3330 [3] than unique, globally routable IP addresses. For IPv4, RFC 3330 [3]
states that the 192.0.2.0/24 block has been assigned for use in states that the 192.0.2.0/24 block has been assigned for use in
documentation and example code. The IPv6 global unicast address documentation and example code. The IPv6 global unicast address
prefix 2001:DB8::/32 has been similarly reserved for documentation prefix 2001:DB8::/32 has been similarly reserved for documentation
purposes. Private Internet Addresses, as defined by RFC 1918 [4], purposes RFC 3849 [4]. Private Internet Addresses, as defined by RFC
should not be used for such purposes. 1918 [5], should not be used for such purposes.
3.5 Discover and Utilize Local Services
Service providers and enterprise network operators should advertise Service providers and enterprise network operators should advertise
the identities of suitable local services, such as NTP. For the identities of suitable local services, such as NTP. Very often
instance, the DHCP protocol, as defined by RFC 2132 [8], enables one these services exist, but the advertisement and automated
to configure a server to answer queries for service identitifiers to configuration of their use is missing. For instance, the DHCP
clients that ask for them. When local services including NTP are protocol, as defined by RFC 2132 [9], enables one to configure a
available but not pervasively advertised using such common protocols, server to answer queries for service identitifiers to clients that
designers are more likely deploy ad hoc initialization mechanisms ask for them. When local services including NTP are available but
that unnecessarily rely on central services. not pervasively advertised using such common protocols, designers are
more likely deploy ad hoc initialization mechanisms that
unnecessarily rely on central services.
3.6 Avoid Mentioning the IP Addresses of Services
Operators that provide public services on the global Internet, such Operators that provide public services on the global Internet, such
as the NTP community, should deprecate the explicit advertisement of as those in the NTP community, should deprecate the explicit
the IP addresses of public services. These addresses are ephemeral. advertisement of the IP addresses of public services. These
As such, their widespread citation in public service indexes addresses are ephemeral. As such, their widespread citation in
interferes with the ability to reconfigure the service as necessary public service indexes interferes with the ability to reconfigure the
to address unexpected, increased traffic. service as necessary to address unexpected, increased traffic and the
aforementioned problems.
4. Security Considerations 4. Security Considerations
Embedding or "hard-coding" IP addresses within a host's configuration Embedding or "hard-coding" IP addresses within a host's configuration
often means that a host-based trust model is being employed, and that often means that a host-based trust model is being employed, and that
the Internet host with the given address is trusted in some way. Due the Internet host with the given address is trusted in some way. Due
to the ephemeral roles of routable IP addresses, the practice of to the ephemeral roles of globally routable IP addresses, the
embedding them within products' firmware or default configurations practice of embedding them within products' firmware or default
presents a security risk in that unknown parties may inadvertently be configurations presents a security risk in that unknown parties may
trusted. inadvertently be trusted.
Internet host designers may be tempted to implement some sort of Internet host designers may be tempted to implement some sort of
remote control mechanism within a product, by which its Internet host remote control mechanism within a product, by which its Internet host
configuration can be changed without reliance on, interaction with, configuration can be changed without reliance on, interaction with,
or even the knowledge of its operator or user. This raises security or even the knowledge of its operator or user. This raises security
issues of its own. If such a scheme is implemented, this should be issues of its own. If such a scheme is implemented, its presence
fully disclosed to the customer, operator, and user so that an should be fully disclosed to the customer, operator, and user so that
informed decision can be made, perhaps in accordance with local an informed decision can be made, perhaps in accordance with local
security or privacy policy. Furthermore, the significant possibility security or privacy policy. Furthermore, the significant possibility
of malicious parties exploiting such a remote control mechanism may of malicious parties exploiting such a remote control mechanism may
completely negate any potential benefit of the remote control scheme. completely negate any potential benefit of the remote control scheme.
As such, remote control mechanisms should be disabled by default to
be subsequently enabled and disabled by the user.
5. IANA Considerations 5. IANA Considerations
This document creates no new requirements on IANA namespaces. This document creates no new requirements on IANA namespaces.
6. Conclusion 6. Conclusion
When large numbers of homogenous Internet hosts are deployed, it is When large numbers of homogenous Internet hosts are deployed, it is
particularly important that both their designers and other members of particularly important that both their designers and other members of
the Internet community diligently assess host implementation quality the Internet community diligently assess host implementation quality
skipping to change at page 13, line 18 skipping to change at page 9, line 35
[1] Hubbard, K., "INTERNET REGISTRY IP ALLOCATION GUIDELINES", RFC [1] Hubbard, K., "INTERNET REGISTRY IP ALLOCATION GUIDELINES", RFC
2050, BCP 12, November 1996. 2050, BCP 12, November 1996.
[2] Eastlake, D., "Reserved Top Level DNS Names", RFC 2606, BCP 32, [2] Eastlake, D., "Reserved Top Level DNS Names", RFC 2606, BCP 32,
June 1999. June 1999.
[3] Internet Assigned Numbers Authority, "Special-Use IPv4 [3] Internet Assigned Numbers Authority, "Special-Use IPv4
Addresses", RFC 3330, September 2002. Addresses", RFC 3330, September 2002.
[4] Rekhter, Y., "Address Allocation for Private Internets", RFC [4] Huston, G., "IPv6 Address Prefix Reserved for Documentation",
RFC 3849, July 2004.
[5] Rekhter, Y., "Address Allocation for Private Internets", RFC
1918, BCP 5, February 1996. 1918, BCP 5, February 1996.
8.2 Informative References 8.2 Informative References
[5] Carpenter, B., "IPv4 Address Behaviour Today", RFC 2101,
February 1997.
[6] Hamilton, M., "Use of DNS Aliases for Network Services", RFC [6] Hamilton, M., "Use of DNS Aliases for Network Services", RFC
2219, BCP 17, October 1997. 2219, BCP 17, October 1997.
[7] Mills, D., "Simple Network Time Protocol (SNTP) Version 4 for [7] Carpenter, B., "IPv4 Address Behaviour Today", RFC 2101,
February 1997.
[8] Mills, D., "Simple Network Time Protocol (SNTP) Version 4 for
IPv4, IPv6 and OSI", RFC 2030, October 1996. IPv4, IPv6 and OSI", RFC 2030, October 1996.
[8] Alexander, S., "DHCP Options and BOOTP Vendor Extensions", RFC [9] Alexander, S., "DHCP Options and BOOTP Vendor Extensions", RFC
2132, March 1997. 2132, March 1997.
[9] Plonka, D., "Flawed Routers Flood University of Wisconsin [10] Gulbrandsen, A., "A DNS RR for specifying the location of
services (DNS SRV)", RFC 2782, February 2000.
[11] Plonka, D., "Flawed Routers Flood University of Wisconsin
Internet Time Server", August 2003, Internet Time Server", August 2003,
<http://www.cs.wisc.edu/~plonka/netgear-sntp/>. <http://www.cs.wisc.edu/~plonka/netgear-sntp/>.
Author's Address Author's Address
David Plonka David Plonka
University of Wisconsin - Madison University of Wisconsin - Madison
EMail: plonka AT doit DOT wisc DOT edu EMail: plonka AT doit DOT wisc DOT edu
URI: http://net.doit.wisc.edu/~plonka/ URI: http://net.doit.wisc.edu/~plonka/
skipping to change at page 14, line 30 skipping to change at page 10, line 48
significant operational problems. significant operational problems.
These flawed routers are widely deployed throughout the global These flawed routers are widely deployed throughout the global
Internet and are likely to remain in use for years to come. As such, Internet and are likely to remain in use for years to come. As such,
the University of Wisconsin with the cooperation of NetGear will the University of Wisconsin with the cooperation of NetGear will
build a new anycast time service which aims to mitigate the damage build a new anycast time service which aims to mitigate the damage
caused by the misbehavior of these flawed routers. caused by the misbehavior of these flawed routers.
A technical report regarding the details of this situation is A technical report regarding the details of this situation is
available on the world wide web: Flawed Routers Flood University of available on the world wide web: Flawed Routers Flood University of
Wisconsin Internet Time Server [9]. Wisconsin Internet Time Server [11].
Intellectual Property Statement Intellectual Property Statement
The IETF takes no position regarding the validity or scope of any The IETF takes no position regarding the validity or scope of any
intellectual property or other rights that might be claimed to Intellectual Property Rights or other rights that might be claimed to
pertain to the implementation or use of the technology described in pertain to the implementation or use of the technology described in
this document or the extent to which any license under such rights this document or the extent to which any license under such rights
might or might not be available; neither does it represent that it might or might not be available; nor does it represent that it has
has made any effort to identify any such rights. Information on the made any independent effort to identify any such rights. Information
IETF's procedures with respect to rights in standards-track and on the procedures with respect to rights in RFC documents can be
standards-related documentation can be found in BCP-11. Copies of found in BCP 78 and BCP 79.
claims of rights made available for publication and any assurances of
licenses to be made available, or the result of an attempt made to Copies of IPR disclosures made to the IETF Secretariat and any
obtain a general license or permission for the use of such assurances of licenses to be made available, or the result of an
proprietary rights by implementors or users of this specification can attempt made to obtain a general license or permission for the use of
be obtained from the IETF Secretariat. such proprietary rights by implementers or users of this
specification can be obtained from the IETF on-line IPR repository at
http://www.ietf.org/ipr.
The IETF invites any interested party to bring to its attention any The IETF invites any interested party to bring to its attention any
copyrights, patents or patent applications, or other proprietary copyrights, patents or patent applications, or other proprietary
rights which may cover technology that may be required to practice rights that may cover technology that may be required to implement
this standard. Please address the information to the IETF Executive this standard. Please address the information to the IETF at
Director. ietf-ipr@ietf.org.
Full Copyright Statement
Copyright (C) The Internet Society (2004). All Rights Reserved. Disclaimer of Validity
This document and translations of it may be copied and furnished to This document and the information contained herein are provided on an
others, and derivative works that comment on or otherwise explain it "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
or assist in its implementation may be prepared, copied, published OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
and distributed, in whole or in part, without restriction of any ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
kind, provided that the above copyright notice and this paragraph are INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
included on all such copies and derivative works. However, this INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
document itself may not be modified in any way, such as by removing WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
the copyright notice or references to the Internet Society or other
Internet organizations, except as needed for the purpose of
developing Internet standards in which case the procedures for
copyrights defined in the Internet Standards process must be
followed, or as required to translate it into languages other than
English.
The limited permissions granted above are perpetual and will not be Copyright Statement
revoked by the Internet Society or its successors or assignees.
This document and the information contained herein is provided on an Copyright (C) The Internet Society (2004). This document is subject
"AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING to the rights, licenses and restrictions contained in BCP 78, and
TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING except as set forth therein, the authors retain all their rights.
BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Acknowledgment Acknowledgment
Funding for the RFC Editor function is currently provided by the Funding for the RFC Editor function is currently provided by the
Internet Society. Internet Society.
 End of changes. 

This html diff was produced by rfcdiff 1.23, available from http://www.levkowetz.com/ietf/tools/rfcdiff/