I. Title

A. Name: Policy on the use of PennNet IP address space

B. Number: 20000124-ipaddress

C. Author: D.Kassabian, M.Levinson, M.Wehrle, J.Boone, (ISC Networking); J.Beitler (SEAS)

D. Status:

[ ] proposed [ ] under review [X] approved [ ] rejected [ ] obsolete

E. Date proposed: 1999-09-03

F. Date revised: 1999-09-24, 1999-10-21, 2012-10-15

G. Date approved: 2000-01-24, 2013-04-15

H. Effective date: 2000-01-24, 2013-04-15


II. Authority and Responsibility

Information Systems and Computing's Networking organization is responsible for the operation of PennNet (Penn's data networks) and therefore has the authority and responsibility to specify requirements for any devices connecting to PennNet. This authority extends to IP address registration requirements for all PennNet-connected devices.

III. Executive Summary

This policy specifies the IP address registration requirements for devices connected to PennNet. It also provides "best practice" recommendations to guide local network administrators in the use of the Assignments program, which is used for IP address registration at Penn.

IV. Purpose

The purpose of this policy is to specify the IP address registration requirements for all devices attached to PennNet. While unregistered IP addresses may in some cases appear to function correctly, their use can cause significant problems (see V. Risk of Non-compliance).

V. Risk of Non-compliance

Use of unregistered IP addresses can result in situations in which duplicate IP addresses are in use (two different network devices attempting to use the same IP address). This can cause operational failure for the network device which has properly registered the address, for the unregistered device, or for both. Additionally, it can make troubleshooting the network more difficult and time consuming. Associated costs may be billed to the network user (see IX. Compliance) at the discretion of ISC Networking.

Since the IP registration information is also used to record contact and location information, unregistered IP addresses result in devices that are difficult for Networking and Information Security officials to locate in the event of a problem.

Since the IP registration information is also a source of information for billing purposes, unregistered devices sometimes represent theft of services, and drive the costs higher for users of all registered devices.

VI. Definitions

IPv4: Internet Protocol version 4. Addresses are 32-bits long, usually represented in dot-decimal notation. This representation consists of four decimal numbers, each ranging from 0 to 255, separated by dots (for example, 192.168.254.1).

IPv6: Internet Protocol version 6. The successor to IPv4. Addresses are 128-bits long, usually represented in eight groups of four hexadecimal digits, separated by colons (for example, 2001:0db8:4567:8abc:def0:0fed:cba8:7654).

VII. Scope

This policy applies to all network-connected devices configured with PennNet IP addresses and/or devices with non-globally routable IP addresses which rely upon PennNet for connection to the Internet.

This policy applies equally to devices that have static IP address configuration and to devices which may acquire addresses dynamically such as through the Dynamic Host Configuration Protocol (DHCP) or similar means. This policy also applies to devices that may connect using a Network Address Translation (NAT) service.

IPv6 addresses configured using Stateless Address Autoconfiguration (SLAAC) are not covered by this policy.

A table of IPv4 address ranges covered by this policy is available at http://www.net.isc.upenn.edu/policy/supporting/pennnet-ipranges.html

A table of IPv6 address ranges covered by this policy is available at http://www.net.isc.upenn.edu/policy/supporting/pennnet-ipv6ranges.html

VIII. Statement of policy

  1. Every network interface configured with one or more IPv4 addresses, including addresses from the non-globally routable ranges, must have corresponding entries for all of these IPv4 addresses in the Assignments database.
  2. Network-connected devices that have static IP configurations must not use IP addresses already registered in the Assignments database for other devices.
  3. IP addresses registered in the Assignments database for IP address assignment via DHCP must not be used as part of a static configuration by any device.
  4. IPv6 address configured using a method other than SLAAC (such as static configurations or DHCPv6) must be registered in the Assignments database.

IX. Recommendations and Best Practices

The following related practices are strongly recommended by ISC Networking, towards a more efficient network.

  1. Record and update accurate information about all registered devices in the Assignments program, including device location, vendor and model, and associated technical contact(s) and primary user(s). This helps to make rapid notification to the LSP and/or the network user possible in the event of a problem.
  2. Remove from the Assignments database entries for devices that have been permanently removed from PennNet. This helps to preserve addresses for use by active nodes, and helps to maintain more accurate billing information.
  3. Avoid "pre-registering" blocks of addresses in Assignments intended for use later in static IP configurations. While this practice has been used in the past in some areas to allow for more rapid address assignment in cases where Assignments users have been unavailable, it can result in inefficient use of network address space and needless charges for unused IP addresses. The preferred approach to rapid address assignment is to have more than one authorized Assignments user within any area where such rapid address assignment is a frequent issue.
  4. Devices that connect (or that are configured to connect) using a Network Address Translation (NAT) service should be configured with IP addresses from one of the non-globally routable IP address ranges.
  5. Special-purpose private networks that interconnect servers for purposes such as clustering, disk sharing, data backups, etc., and that are configured to not forward traffic off that private network, should make use of IP addresses from one of the non-globally routable IP address ranges.
  6. Recommendations on the selection of addresses in the non-globally routable IP address ranges can be found at http://www.net.isc.upenn.edu/policy/supporting/nonroutable.html. Multiple people may register the same address from within the non-globally routable ranges. These addresses are not required to be unique.

X. Compliance

A. Verification: ISC Networking reserves the right to actively scan the network infrastructure, such as routers and switches, in an effort to discover non-compliant devices. Additionally, ISC Networking will act on those non-compliant devices discovered during the normal course of events in operating and/or troubleshooting the network.
B. Notification: Notification shall be made to the LSP for the area. Whenever possible and practical, the user of the unregistered network-connected device(s) will also be notified.
C. Remedy: Remedy will be the termination of network service for the unregistered device(s). ISC Networking will offer assistance to the LSP for the area in getting appropriate registration for the device, after which the device may be re-connected to the network.
D. Financial Implications: The administrative business units for users found to be in violation of this policy may in some cases be charged up to twelve (12) months' central service fee, as unregistered nodes do not pay their fair share of annual network charges.
Please see the Policy on Troubleshooting Charges for PennNet for information on additional fees that may be assessed to cover the costs incurred in troubleshooting related to violations of this policy.
E. Responsibility: Responsibility for remedy lies with the network user. In the vast majority of cases, the area LSP will have involvement in the implementation of the remedy.
F. Time Frame:Non-compliant devices must be remedied immediately to reduce risk of networking failures for other network users. Proper address registration usually takes no more than 20 minutes per device, after which the device may be returned to service on the network with an appropriately registered IP address.
G. Enforcement:Please see the Policy on Computer Disconnection from PennNet at http://www.upenn.edu/computing/policy/disconnect.html
H. Appeals:Please see the Appeals section of the Policy on Computer Disconnection from PennNet at http://www.upenn.edu/computing/policy/disconnect.html

XI. References

Valid HTML 4.0 Transitional