draft-ietf-grow-embed-addr-05.txt   rfc4085.txt 
Global Routing Operations D. Plonka
Internet-Draft University of Wisconsin
Expires: May 24, 2005 November 23, 2004
Embedding Globally Routable Internet Addresses Considered Harmful
draft-ietf-grow-embed-addr-05
Status of this Memo
This document is an Internet-Draft and is subject to all provisions
of section 3 of RFC 3667. By submitting this Internet-Draft, each
author represents that any applicable patent or other IPR claims of
which he or she is aware have been or will be disclosed, and any of
which he or she become aware will be disclosed, in accordance with
RFC 3668.
Internet-Drafts are working documents of the Internet Engineering Global Routing Operations D. Plonka
Task Force (IETF), its areas, and its working groups. Note that Network Working Group University of Wisconsin
other groups may also distribute working documents as Request for Comments: 4085 June 2005
Internet-Drafts. BCP: 105
Category: Best Current Practice
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at Embedding Globally-Routable Internet Addresses Considered Harmful
http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at Status of This Memo
http://www.ietf.org/shadow.html.
This Internet-Draft will expire on May 24, 2005. This document specifies an Internet Best Current Practices for the
Internet Community, and requests discussion and suggestions for
improvements. Distribution of this memo is unlimited.
Copyright Notice Copyright Notice
Copyright (C) The Internet Society (2004). Copyright (C) The Internet Society (2005).
Abstract Abstract
This document means to clarify best current practices in the Internet This document discourages the practice of embedding references to
community. Internet hosts should not contain globally routable unique, globally-routable IP addresses in Internet hosts, describes
Internet Protocol addresses embedded within firmware or elsewhere as some of the resulting problems, and considers selected alternatives.
part of their default configuration such that it influences run-time This document is intended to clarify best current practices in this
behavior. regard.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 1. Introduction ....................................................2
2. Problems . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Problems ........................................................2
3. Recommendations . . . . . . . . . . . . . . . . . . . . . . . 4 3. Recommendations .................................................4
3.1 Disable Unused Features . . . . . . . . . . . . . . . . . 5 3.1. Disable Unused Features ....................................4
3.2 Provide User Interface for IP Features . . . . . . . . . . 5 3.2. Provide User Interface for IP Features .....................4
3.3 Use Domain Names as Service Identifiers . . . . . . . . . 5 3.3. Use Domain Names as Service Identifiers ....................4
3.4 Use Special-Purpose, Reserved IP Addresses When 3.4. Use Special-Purpose, Reserved IP Addresses When Available ..5
Available . . . . . . . . . . . . . . . . . . . . . . . . 6 3.5. Discover and Utilize Local Services ........................6
3.5 Discover and Utilize Local Services . . . . . . . . . . . 6 3.6. Avoid Mentioning the IP Addresses of Services ..............6
3.6 Avoid Mentioning the IP Addresses of Services . . . . . . 7 4. Security Considerations .........................................6
4. Security Considerations . . . . . . . . . . . . . . . . . . . 7 5. Conclusion ......................................................7
5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 7 6. Acknowledgements ................................................7
6. Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . 7 7. References ......................................................7
7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 8 Appendix A. Background ............................................9
8. References . . . . . . . . . . . . . . . . . . . . . . . . . . 8
8.1 Normative References . . . . . . . . . . . . . . . . . . . . 8
8.2 Informative References . . . . . . . . . . . . . . . . . . . 8
Author's Address . . . . . . . . . . . . . . . . . . . . . . . 9
A. Background . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Intellectual Property and Copyright Statements . . . . . . . . 10
1. Introduction 1. Introduction
Vendors of consumer electronics and network gear have unfortunately Some vendors of consumer electronics and network gear have
chosen to embed, or "hard-code", globally routable Internet Protocol unfortunately chosen to embed, or "hard-code", globally-routable
addresses within their products' firmware. These products use these Internet Protocol addresses within their products' firmware. These
embedded IP addresses as service identifiers and direct service embedded IP addresses are typically individual server IP addresses or
requests (unsolicited Internet traffic) to them. One recent example IP subnet prefixes. Thus, they are sometimes used as service
was the embedding of the globally routable IP address of a Network identifiers, to which unsolicted requests are directed, or as subnet
Time Protocol server in the firmware of hundreds of thousands of identifiers, specifying sets of Internet addresses that the given
Internet hosts that are now in operation world-wide. The hosts are product somehow treats specially.
primarily, but are not necessarily limited to, low-cost routers and
middleboxes for personal or residential use.
This "hard-coding" of globally routable IP addresses as identifiers One recent example was the embedding of the globally-routable IP
address of a Network Time Protocol server in the firmware of hundreds
of thousands of Internet hosts that are now in operation worldwide.
The hosts are primarily, but are not necessarily, limited to low-cost
routers and middleboxes for personal or residential use. In another
case, IP address prefixes that had once been reserved by the Internet
Assigned Numbers Authority (IANA) were embedded in a router product
so that it can automatically discard packets that appear to have
invalid source IP addresses.
Such "hard-coding" of globally-routable IP addresses as identifiers
within the host's firmware presents significant problems to the within the host's firmware presents significant problems to the
operation of the Internet and to the management of its address space. operation of the Internet and to the management of its address space.
Ostensibly, this practice arose as an attempt to simplify Ostensibly, this practice arose as an attempt to simplify IP host
configuration of IP hosts by preloading them with IP addresses as configuration by pre-loading hosts with IP addresses. Products that
service identifiers. Products that rely on such embedded IP rely on such embedded IP addresses initially may appear to be
addresses initially may appear convenient to both the product's convenient to the product's designer and to its operator or user, but
designer and its operator or user, but this dubious benefit comes at this dubious benefit comes at the expense of others in the Internet
the expense of others in the Internet community. community.
This document denounces the practice of embedding references to This document denounces the practice of embedding references to
unique, globally routable IP addresses in Internet hosts, describes unique, globally-routable IP addresses in Internet hosts, describes
some of the resulting problems, and considers selected alternatives. some of the resulting problems, and considers selected alternatives.
It also reminds the Internet community of the ephemeral nature of It also reminds the Internet community of the ephemeral nature of
unique, globally routable IP addresses and that the assignment and unique, globally-routable IP addresses; the assignment and use of IP
use of IP addresses as identifiers is temporary and therefore should addresses as identifiers is temporary and therefore should not be
not be used in fixed configurations. used in fixed configurations.
2. Problems 2. Problems
In a number cases, the embedding of IP addresses in products has The embedding of IP addresses in products has caused an increasing
caused an increasing number of Internet hosts to rely on a single number of Internet hosts to rely on a single central Internet
central Internet service. This can result in a service outage when service. This can result in a service outage when the aggregate
the aggregate workload overwhelms that service. When fixed addresses workload overwhelms that service. When fixed addresses are embedded
are embedded in an ever-increasing number of client IP hosts, this in an ever-increasing number of client IP hosts, this practice runs
practice runs directly counter to the design intent of hierarchically directly counter to the design intent of hierarchically deployed
deployed services that would otherwise be robust solutions. services that would otherwise be robust solutions.
The reliability, scalability, and performance of many Internet The reliability, scalability, and performance of many Internet
services require that the pool of users not directly access a service services require that the pool of users not access a service using
by IP address. Instead they typically rely on a level of indirection its IP address directly. Instead, they typically rely on a level of
provided by the Domain Name System, RFC 2219 [6]. When appropriately indirection provided by the Domain Name System, RFC 2219 [6]. When
utilized, DNS permits the service operator to reconfigure the appropriately utilized, the DNS permits the service operator to
resources for maintenance and to load-balance without the reconfigure the resources for maintenance and to perform load
participation of the users and without necessitating configuration balancing, without the participation of the users and without a
changes in the client hosts. For instance, one common load-balancing requirement for configuration changes in the client hosts. For
technique employs multiple DNS records with the same name that are instance, one common load-balancing technique employs multiple DNS
then rotated in a round-robin fashion in the set of answers returned records with the same name; the set of answers that is returned is
by many DNS server implementations. Upon receiving such a response rotated in a round-robin fashion in successive queries. Upon
to a query, resolvers typically will try the answers in order, until receiving such a response to a query, resolvers typically will try
one succeeds, thus enabling the operator to distribute the user the answers in order, until one succeeds, thus enabling the operator
request load across a set of servers with discrete IP addresses that to distribute the user request load across a set of servers with
generally remain unknown to the user. discrete IP addresses that generally remain unknown to the user.
Embedding globally unique IP addresses taints the IP address blocks Embedding globally-unique IP addresses taints the IP address blocks
in which they reside, lessening the usefulness and mobility of those in which they reside, lessening the usefulness and mobility of those
IP address blocks and increasing the cost of operation. Unsolicited IP address blocks and increasing the cost of operation. Unsolicited
traffic may continue to be delivered to the embedded address well traffic may continue to be delivered to the embedded address well
after the IP address or block has been reassigned and no longer hosts after the IP address or block has been reassigned and no longer hosts
the service for which that traffic was intended. Circa 1997, the the service for which that traffic was intended. Circa 1997, the
authors of RFC 2101 [7] made this observation: authors of RFC 2101 [7] made this observation:
Due to dynamic address allocation and increasingly frequent Due to dynamic address allocation and increasingly frequent
network renumbering, temporal uniqueness of IPv4 addresses is no network renumbering, temporal uniqueness of IPv4 addresses is no
longer globally guaranteed, which puts their use as identifiers longer globally guaranteed, which puts their use as identifiers
into severe question. into severe question.
When IP addresses are used as service identifiers in the When IP addresses are embedded in the configuration of many Internet
configuration of many Internet hosts, the IP address blocks become hosts, the IP address blocks become encumbered by their historical
encumbered by their historical use. This may interfere with the use. This may interfere with the ability of the Internet Assigned
ability of the Internet Assigned Numbers Authority (IANA) and the Numbers Authority (IANA) and the Internet Registry (IR) hierarchy to
Internet Registry (IR) hierarchy to usefully reallocate IP address usefully reallocate IP address blocks. Likewise, to facilitate IP
blocks. Likewise, to facilitate IP address reuse, RFC 2050 [1], address reuse, RFC 2050 [1], encourages Internet Service Providers
encourages Internet Service Providers (ISPs) to treat address (ISPs) to treat address assignments as "loans".
assignments as "loans".
Because consumers are not necessarily experienced in the operation of Because consumers are not necessarily experienced in the operation of
Internet hosts, they are not able to be relied upon to fix problems Internet hosts, they cannot be relied upon to fix problems, if and
if and when they arise. As such, a significant responsibility lies when they arise. Therefore, a significant responsibility lies with
with the manufacturer or vendor of the Internet host to avoid the manufacturer or vendor of an Internet host to avoid embedding IP
embedding IP addresses in ways which cause the aforementioned addresses in ways that cause the aforementioned problems.
problems.
3. Recommendations 3. Recommendations
Internet host and router designers, including network product Internet host and router designers, including network product
manufacturers, should not assume that their products will be deployed manufacturers, should not assume that their products will be deployed
and used in only the single global Internet that they happen to and used in only the single global Internet that they happen to
observe today. A myriad of private or future internetworks in which observe today. A myriad of private or future internetworks in which
these products will be used may not allow those hosts to establish these products will be used may not allow those hosts to establish
communications with arbitrary hosts on the global Internet. Since communications with arbitrary hosts on the global Internet. Since
the product failure modes resulting from unknown future states cannot the product failure modes resulting from an unknown future
be fully explored, one should avoid assumptions regarding the internetwork environment cannot be fully explored, one should avoid
longevity of our current Internet. assumptions regarding the longevity of our current Internet.
The following recommendations are presented as best practice today: The following recommendations are presented as best practice today.
3.1 Disable Unused Features 3.1. Disable Unused Features
Vendors should, by default, disable unnecessary features in their Vendors should, by default, disable unnecessary features in their
products. This is especially true of features that generate products. This is especially true of features that generate
unsolicited Internet traffic. In this way these hosts will be unsolicited Internet traffic. In this way, these hosts will be
conservative regarding the unsolicited Internet traffic they produce. conservative regarding the unsolicited Internet traffic they produce.
For instance, one of the most common uses of embedded IP addresses For instance, one of the most common uses of embedded IP addresses
has been the hard-coding of addresses of well known public Simple has been the hard-coding of addresses of well known public Simple
Network Time Protocol (SNTP RFC 2030 [8]) servers, even though only a Network Time Protocol (SNTP RFC 2030 [8]) servers in products.
small fraction of the users benefits from these products even having However, only a small fraction of users will benefit from these
some notion of the current date and time. products having some notion of the current date and time.
3.2 Provide User Interface for IP Features 3.2. Provide User Interface for IP Features
Vendors should provide an operator interface for every feature that Vendors should provide an operator interface for every feature that
generates unsolicited Internet traffic. A prime example of this is generates unsolicited Internet traffic. A prime example is this:
that the Domain Name System resolver should have an interface the Domain Name System resolver should have an interface enabling the
enabling the operator to either explicitly set the servers of his operator to either explicitly set the choice of servers or enable a
choosing or to enable the use of a standard automated configuration standard automated configuration protocol such as DHCP, defined by
protocol such as DHCP, defined by RFC 2132 [9]. Within the operator RFC 2132 [9]. These features should originally be disabled within
interface, these features should originally be disabled so that one the operator interface, and subsequently enabling these features
consequence of subsequently enabling these features is that the should alert the operator that the feature exists. This will make it
operator becomes aware that the feature exists. This will mean that more likely that the product's owner or operator can participate in
it is more likely that the product's owner or operator can problem determination and mitigation when problems arise.
participate in problem determination and mitigation when problems
arise.
RFC 2606 [2] defines the IANA-reserved "example.com", "example.net", RFC 2606 [2] defines the IANA-reserved "example.com", "example.net",
and "example.org" domains for use in example configurations and and "example.org" domains for use in example configurations and
documentation. These are candidate examples to be used in user documentation. These are candidate examples to be used in user
interface documentation. interface documentation.
3.3 Use Domain Names as Service Identifiers 3.3. Use Domain Names as Service Identifiers
Internet hosts should use the Domain Name System to determine the IP Internet hosts should use the Domain Name System to determine the IP
addresses associated with the Internet services they require. addresses associated with the Internet services they require.
When using domain names as service identifiers in the configurations When using domain names as service identifiers in the configurations
of deployed Internet hosts, designers and vendors are encouraged to of deployed Internet hosts, designers and vendors are encouraged to
introduce service names either within a domain which they control or introduce service names. These names should be within a domain that
have entered into an agreement with its operator to utilize (such as they either control or are permitted to utilize by an agreement with
for public services provided by the Internet community). This is its operator (such as for public services provided by the Internet
commonly done by simply introducing a service-specific prefix to the community). This is commonly done by introducing a service-specific
domain name. prefix to the domain name.
For instance, a vendor named "Example, Inc." with the domain For instance, a vendor named "Example, Inc." with the domain
"example.com" might configure its product to find its SNTP server by "example.com" might configure its product to find its SNTP server by
the name "sntp-server.config.example.com" or even by a product and the name "sntp-server.config.example.com" or even by a name that is
version-specific name such as specific to the product and version, such as "sntp-
"sntp-server.v1.widget.config.example.com". Here, the server.v1.widget.config.example.com". Here the "config.example.com"
"config.example.com" namespace is dedicated to that vendor's product namespace is dedicated to that vendor's product configuration, with
configuration, with sub-domains introduced as deemed necessary. Such subdomains introduced as deemed necessary. Such special-purpose
special-purpose domain names enable ongoing maintenance and domain names enable ongoing maintenance and reconfiguration of the
reconfiguration of the services for their client hosts and can aid in services for their client hosts and can aid in the ongoing
the ongoing measurement of service usage throughout the product's measurement of service usage throughout the product's lifetime.
lifetime.
An alternative to inventing vendor-specific domain naming conventions An alternative to inventing vendor-specific domain naming conventions
for a product's service identifiers is to utilize SRV resource for a product's service identifiers is to utilize SRV resource
records (RR), defined by RFC 2782 [10]. SRV records are a generic records (RRs), defined by RFC 2782 [10]. SRV records are a generic
type of RR which uses a service-specific prefix in combination with a type of RR that uses a service-specific prefix in combination with a
base domain name. For example, an SRV-cognizant SNTP client might base domain name. For example, an SRV-cognizant SNTP client might
discover Example, Inc.'s suggested NTP server by performing an discover Example, Inc.'s suggested NTP server by performing an SRV-
SRV-type query to lookup for "_ntp._udp.example.com". type query to lookup for "_ntp._udp.example.com".
However, note that simply hard-coding DNS name service identifiers However, note that simply hard-coding DNS name service identifiers
rather than IP addresses is not a panacea. Entries in the domain rather than IP addresses is not a panacea. Entries in the domain
name space are also ephemeral and can change owners for various name space are also ephemeral and can change owners for various
reasons including acquisitions and litigation. As such, developers reasons, including acquisitions and litigation. As such, developers
and vendors should explore a product's potential failure modes and vendors should explore a product's potential failure modes
resulting from the loss of administrative control of a given domain resulting from the loss of administrative control of a given domain
for whatever reason. for whatever reason.
3.4 Use Special-Purpose, Reserved IP Addresses When Available 3.4. Use Special-Purpose, Reserved IP Addresses When Available
Default configurations, documentation, and example configurations for Default configurations, documentation, and example configurations for
Internet hosts should use Internet addresses that reside within Internet hosts should use Internet addresses that reside within
special blocks that have been reserved for these purposes, rather special blocks that have been reserved for these purposes, rather
than unique, globally routable IP addresses. For IPv4, RFC 3330 [3] than unique, globally-routable IP addresses. For IPv4, RFC 3330 [3]
states that the 192.0.2.0/24 block has been assigned for use in states that the 192.0.2.0/24 block has been assigned for use in
documentation and example code. The IPv6 global unicast address documentation and example code. The IPv6 global unicast address
prefix 2001:DB8::/32 has been similarly reserved for documentation prefix 2001:DB8::/32 has been similarly reserved for documentation
purposes RFC 3849 [4]. Private Internet Addresses, as defined by RFC purposes RFC 3849 [4]. Private Internet Addresses, as defined by RFC
1918 [5], should not be used for such purposes. 1918 [5], should not be used for such purposes.
3.5 Discover and Utilize Local Services 3.5. Discover and Utilize Local Services
Service providers and enterprise network operators should advertise Service providers and enterprise network operators should advertise
the identities of suitable local services, such as NTP. Very often the identities of suitable local services, such as NTP. Very often
these services exist, but the advertisement and automated these services exist, but the advertisement and automated
configuration of their use is missing. For instance, the DHCP configuration of their use is missing. For instance, the DHCP
protocol, as defined by RFC 2132 [9], enables one to configure a protocol, as defined by RFC 2132 [9], enables one to configure a
server to answer queries for service identitifiers to clients that server to answer client queries for service identifiers. When local
ask for them. When local services including NTP are available but services, including NTP, are available but not pervasively advertised
not pervasively advertised using such common protocols, designers are using such common protocols, designers are more likely to deploy ad
more likely deploy ad hoc initialization mechanisms that hoc initialization mechanisms that unnecessarily rely on central
unnecessarily rely on central services. services.
3.6 Avoid Mentioning the IP Addresses of Services 3.6. Avoid Mentioning the IP Addresses of Services
Operators that provide public services on the global Internet, such Operators who provide public services on the global Internet, such as
as those in the NTP community, should deprecate the explicit those in the NTP community, should deprecate the explicit
advertisement of the IP addresses of public services. These advertisement of the IP addresses of public services. These
addresses are ephemeral. As such, their widespread citation in addresses are ephemeral. As such, their widespread citation in
public service indexes interferes with the ability to reconfigure the public service indexes interferes with the ability to reconfigure the
service as necessary to address unexpected, increased traffic and the service when necessary to address unexpected, increased traffic and
aforementioned problems. the aforementioned problems.
4. Security Considerations 4. Security Considerations
Embedding or "hard-coding" IP addresses within a host's configuration Embedding or "hard-coding" IP addresses within a host's configuration
often means that a host-based trust model is being employed, and that often means that a host-based trust model is being employed, and that
the Internet host with the given address is trusted in some way. Due the Internet host with the given address is trusted in some way. Due
to the ephemeral roles of globally routable IP addresses, the to the ephemeral roles of globally-routable IP addresses, the
practice of embedding them within products' firmware or default practice of embedding them within products' firmware or default
configurations presents a security risk in that unknown parties may configurations presents a security risk in which unknown parties may
inadvertently be trusted. be trusted inadvertently.
Internet host designers may be tempted to implement some sort of Internet host designers may be tempted to implement some sort of
remote control mechanism within a product, by which its Internet host remote control mechanism within a product, by which its Internet host
configuration can be changed without reliance on, interaction with, configuration can be changed without reliance on, interaction with,
or even the knowledge of its operator or user. This raises security or even the knowledge of, its operator or user. This raises security
issues of its own. If such a scheme is implemented, its presence issues of its own. If such a scheme is implemented, its presence
should be fully disclosed to the customer, operator, and user so that should be fully disclosed to the customer, operator, and user, so
an informed decision can be made, perhaps in accordance with local that an informed decision can be made, perhaps in accordance with
security or privacy policy. Furthermore, the significant possibility local security or privacy policy. Furthermore, the significant
of malicious parties exploiting such a remote control mechanism may possibility of malicious parties exploiting such a remote control
completely negate any potential benefit of the remote control scheme. mechanism may completely negate any potential benefit of the remote
As such, remote control mechanisms should be disabled by default to control scheme. Therefore, remote control mechanisms should be
be subsequently enabled and disabled by the user. disabled by default, to be subsequently enabled and disabled by the
user.
5. IANA Considerations
This document creates no new requirements on IANA namespaces.
6. Conclusion 5. Conclusion
When large numbers of homogenous Internet hosts are deployed, it is When large numbers of homogeneous Internet hosts are deployed, it is
particularly important that both their designers and other members of particularly important that both their designers and other members of
the Internet community diligently assess host implementation quality the Internet community diligently assess host implementation quality
and reconfigurability. and reconfigurability.
Implementors of host services should avoid any kind of use of unique Implementors of host services should avoid any kind of use of unique
globally routable IP addresses within a fixed configuration part of globally-routable IP addresses within a fixed configuration part of
the service implementation. If there is a requirement for the service implementation. If there is a requirement for pre-
pre-configured state then care should be taken to use an appropriate configured state, then care should be taken to use an appropriate
service identifier and use standard resolution mechanisms to service identifier and to use standard mechanisms for dynamically
dynamically resolve the identifier into an IP address. Also, any resolving the identifier into an IP address. Also, any such
such identifiers should be alterable in the field through a identifiers should be alterable in the field through a conventional
conventional command and control interface for the service. command and control interface for the service.
7. Acknowledgements 6. Acknowledgements
The author thanks the following reviewers for their contributions to The author thanks the following reviewers for their contributions to
this document: Paul Barford, Geoff Huston, David Meyer, Mike this document: Paul Barford, Geoff Huston, David Meyer, Mike
O'Connor, Michael Patton, Tom Petch, and Pekka Savola. Harald O'Connor, Michael Patton, Tom Petch, and Pekka Savola. Harald
Alvestrand, Spencer Dawkins, Ted Hardie, and Thomas Narten provided Alvestrand, Spencer Dawkins, Ted Hardie, David Kessens, and Thomas
valuable feedback during AD and IESG review. Narten provided valuable feedback during AD and IESG review.
8. References 7. References
8.1 Normative References 7.1. Normative References
[1] Hubbard, K., "INTERNET REGISTRY IP ALLOCATION GUIDELINES", RFC [1] Hubbard, K., Kosters, M., Conrad, D., Karrenberg, D., and J.
2050, BCP 12, November 1996. Postel, "Internet Registry IP Allocation Guidelines", BCP 12,
RFC 2050, November 1996.
[2] Eastlake, D., "Reserved Top Level DNS Names", RFC 2606, BCP 32, [2] Eastlake 3rd, D. and A. Panitz, "Reserved Top Level DNS Names",
June 1999. BCP 32, RFC 2606, June 1999.
[3] Internet Assigned Numbers Authority, "Special-Use IPv4 [3] IANA, "Special-Use IPv4 Addresses", RFC 3330, September 2002.
Addresses", RFC 3330, September 2002.
[4] Huston, G., "IPv6 Address Prefix Reserved for Documentation", [4] Huston, G., Lord, A., and P. Smith, "IPv6 Address Prefix
RFC 3849, July 2004. Reserved for Documentation", RFC 3849, July 2004.
[5] Rekhter, Y., "Address Allocation for Private Internets", RFC [5] Rekhter, Y., Moskowitz, B., Karrenberg, D., de Groot, G., and E.
1918, BCP 5, February 1996. Lear, "Address Allocation for Private Internets", BCP 5, RFC
1918, February 1996.
8.2 Informative References 7.2. Informative References
[6] Hamilton, M., "Use of DNS Aliases for Network Services", RFC [6] Hamilton, M. and R. Wright, "Use of DNS Aliases for Network
2219, BCP 17, October 1997. Services", BCP 17, RFC 2219, October 1997.
[7] Carpenter, B., "IPv4 Address Behaviour Today", RFC 2101, [7] Carpenter, B., Crowcroft, J., and Y. Rekhter, "IPv4 Address
February 1997. Behaviour Today", RFC 2101, February 1997.
[8] Mills, D., "Simple Network Time Protocol (SNTP) Version 4 for [8] Mills, D., "Simple Network Time Protocol (SNTP) Version 4 for
IPv4, IPv6 and OSI", RFC 2030, October 1996. IPv4, IPv6 and OSI", RFC 2030, October 1996.
[9] Alexander, S., "DHCP Options and BOOTP Vendor Extensions", RFC [9] Alexander, S. and R. Droms, "DHCP Options and BOOTP Vendor
2132, March 1997. Extensions", RFC 2132, March 1997.
[10] Gulbrandsen, A., "A DNS RR for specifying the location of [10] Gulbrandsen, A., Vixie, P., and L. Esibov, "A DNS RR for
services (DNS SRV)", RFC 2782, February 2000. specifying the location of services (DNS SRV)", RFC 2782,
February 2000.
[11] Plonka, D., "Flawed Routers Flood University of Wisconsin [11] Plonka, D., "Flawed Routers Flood University of Wisconsin
Internet Time Server", August 2003, Internet Time Server", August 2003.
<http://www.cs.wisc.edu/~plonka/netgear-sntp/>. http://www.cs.wisc.edu/~plonka/netgear-sntp/
Author's Address
David Plonka
University of Wisconsin - Madison
EMail: plonka AT doit DOT wisc DOT edu
URI: http://net.doit.wisc.edu/~plonka/
Appendix A. Background Appendix A. Background
In June 2003, the University of Wisconsin discovered that a network In May 2003, the University of Wisconsin discovered that a network
product vendor named NetGear had manufactured and shipped over product vendor named NetGear had manufactured and shipped over
700,000 routers with firmware containing a hard-coded reference to 700,000 routers with firmware containing a hard-coded reference to
the IP address of one of the University's NTP servers: the IP address of one of the University's NTP servers:
128.105.39.11, which was also known as "ntp1.cs.wisc.edu", a public 128.105.39.11, which was also known as "ntp1.cs.wisc.edu", a public
stratum-2 NTP server. stratum-2 NTP server.
Due to that embedded fixed configuration and an unrelated bug in the Due to that embedded fixed configuration and an unrelated bug in the
SNTP client, the affected products occasionally exhibit a failure SNTP client, the affected products occasionally exhibit a failure
mode in which each flawed router produces one query per second mode in which each flawed router produces one query per second
destined for the IP address 128.105.39.11, and hence produces a destined for the IP address 128.105.39.11, and hence produces a large
large-scale flood of Internet traffic from hundreds-of-thousands of scale flood of Internet traffic from hundreds of thousands of source
source addresses, destined for the University's network, resulting in addresses, destined for the University's network, resulting in
significant operational problems. significant operational problems.
These flawed routers are widely deployed throughout the global These flawed routers are widely deployed throughout the global
Internet and are likely to remain in use for years to come. As such, Internet and are likely to remain in use for years to come. As such,
the University of Wisconsin with the cooperation of NetGear will the University of Wisconsin, with the cooperation of NetGear, will
build a new anycast time service which aims to mitigate the damage build a new anycast time service that aims to mitigate the damage
caused by the misbehavior of these flawed routers. caused by the misbehavior of these flawed routers.
A technical report regarding the details of this situation is A technical report regarding the details of this situation is
available on the world wide web: Flawed Routers Flood University of available on the world wide web: Flawed Routers Flood University of
Wisconsin Internet Time Server [11]. Wisconsin Internet Time Server [11].
Intellectual Property Statement Author's Address
David Plonka
University of Wisconsin - Madison
EMail: plonka@doit.wisc.edu
URI: http://net.doit.wisc.edu/~plonka/
Full Copyright Statement
Copyright (C) The Internet Society (2005).
This document is subject to the rights, licenses and restrictions
contained in BCP 78, and except as set forth therein, the authors
retain all their rights.
This document and the information contained herein are provided on an
"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Intellectual Property
The IETF takes no position regarding the validity or scope of any The IETF takes no position regarding the validity or scope of any
Intellectual Property Rights or other rights that might be claimed to Intellectual Property Rights or other rights that might be claimed to
pertain to the implementation or use of the technology described in pertain to the implementation or use of the technology described in
this document or the extent to which any license under such rights this document or the extent to which any license under such rights
might or might not be available; nor does it represent that it has might or might not be available; nor does it represent that it has
made any independent effort to identify any such rights. Information made any independent effort to identify any such rights. Information
on the procedures with respect to rights in RFC documents can be on the procedures with respect to rights in RFC documents can be
found in BCP 78 and BCP 79. found in BCP 78 and BCP 79.
Copies of IPR disclosures made to the IETF Secretariat and any Copies of IPR disclosures made to the IETF Secretariat and any
assurances of licenses to be made available, or the result of an assurances of licenses to be made available, or the result of an
attempt made to obtain a general license or permission for the use of attempt made to obtain a general license or permission for the use of
such proprietary rights by implementers or users of this such proprietary rights by implementers or users of this
specification can be obtained from the IETF on-line IPR repository at specification can be obtained from the IETF on-line IPR repository at
http://www.ietf.org/ipr. http://www.ietf.org/ipr.
The IETF invites any interested party to bring to its attention any The IETF invites any interested party to bring to its attention any
copyrights, patents or patent applications, or other proprietary copyrights, patents or patent applications, or other proprietary
rights that may cover technology that may be required to implement rights that may cover technology that may be required to implement
this standard. Please address the information to the IETF at this standard. Please address the information to the IETF at ietf-
ietf-ipr@ietf.org. ipr@ietf.org.
Disclaimer of Validity
This document and the information contained herein are provided on an
"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Copyright Statement
Copyright (C) The Internet Society (2004). This document is subject
to the rights, licenses and restrictions contained in BCP 78, and
except as set forth therein, the authors retain all their rights.
Acknowledgment Acknowledgement
Funding for the RFC Editor function is currently provided by the Funding for the RFC Editor function is currently provided by the
Internet Society. Internet Society.
 End of changes. 

This html diff was produced by rfcdiff 1.25, available from http://www.levkowetz.com/ietf/tools/rfcdiff/