Information Systems and Computing has issued the following policy
effective January 24, 2000. For the full policy, including Recommendations
and Best Practices not listed here, please see www.isc-net.upenn.edu/policy/approved/20000124-ipaddress.html.
Highlights of New Policy on the Use of PennNet IP Address
As the Internet continues to grow, the need to maintain accurate IP
address information becomes increasingly important for the proper management
of Penn's network. Unregistered IP addresses can cause significant problems
to the effective use of PennNet. While unregistered addresses may appear
to function correctly, they can lead to:
- operational failure of network devices (those that have been properly
registered as well as unregistered devices or sometimes both)
- inability of network and information security technicians to troubleshoot
- inaccurate or misrepresented billing charges due to lack of accurate
- increased costs to all users due to theft of services
II. Policy Scope
This policy applies to:
- all network-connected devices (desktop computers, servers, network
printers, etc.) configured with PennNet IP addresses and/or devices with
non-globally routable IP addresses which rely upon PennNet for connection
to the Internet
- devices that have either static or dynamic (such as through the Dynamic
Host Configuration Protocol (DHCP) or similar means) IP address configuration
- devices that may connect using a Network Address Translation (NAT)
A table of IP address ranges covered by this policy is available at
III. Policy Statement
- Every network interface configured with one or more IP addresses, including
addresses from the non-globally routable ranges, must have corresponding
entries for all of these IP addresses in Penn's central database--Assignments.
for more information on the Assignments database.)
- Network-connected devices that have static IP configurations must not
use IP addresses already registered in the Assignments database for other
- IP addresses registered in the Assignments database for dynamic IP
address assignment must not be used as part of a static configuration by
any network-connected device.
The following related practices are strongly recommended by ISC
- Networking, towards a more efficient, secure and reliable network.
- Record and update accurate information about all registered devices
in the Assignments program, including device location, vendor and model,
and associated technical contact(s) and primary user(s). Accurate and complete
records help make rapid notification to the LSP and/or the network user
possible in the event of a problem.
- Remove from the Assignments database entries for devices that have
been permanently disconnected from PennNet. This helps to preserve addresses
for use by active nodes, and helps to maintain more accurate billing information.
- Avoid "pre-registering" blocks of addresses in Assignments
intended for use later in static IP configurations. While some areas have
used this practice in the past to allow for more rapid address assignment
in cases where Assignments users have been unavailable, it can result in
inefficient use of network address space and needless charges for unused
IP addresses. The preferred approach to rapid address assignment is to
have more than one authorized Assignments user within any area where such
rapid address assignment is a frequent issue.
- Configure any existing devices that connect using a NAT (Network Address
Translation) service with IP addresses from one of the non-globally routable
IP address ranges.
- Use IP addresses from one of the non-globally routable IP address ranges
for special-purpose private networks that interconnect servers for purposes
such as clustering, disk sharing, data backups, etc., and that are configured
to not forward traffic off that private network.
- Recommendations on the selection of addresses in the non-globally routable
IP address ranges can be found at www.isc-net.upenn.edu/policy/supporting/nonroutable.html.
Multiple people may register the same address from within the non-globally
routable ranges. These addresses are not required to be unique.
V. Amnesty Period
Through June 30, 2000, ISC Networking encourages current users of unregistered
IP addresses to properly register them using the practices described in
this policy. Starting July 1, 2000, ISC Networking reserves the right to
actively scan the network infrastructure components (e.g., routers, switches,
etc.) in an effort to discover non-compliant devices which will thereafter
be subject to the full terms of the Compliance section of the policy, including
possible disconnection from the network.
--Information Systems and Computing, Networking
Almanac, Vol. 46, No. 21, February 15, 2000
PAGE | CONTENTS
"Teaching With New Tools" (P. Kuriloff) | TALK
ABOUT TEACHING ARCHIVE | BETWEEN
ISSUES | FEBRUARY at PENN