Open Network Addressing Howard Berkowitz

52-10-20 Open Network Addressing Howard Berkowitz Payoff Problems in addressing rank among the chief reasons that networked components fail to interoperate. The latest network addressing schemes can scale up to accommodate extremely large open internetworks; these schemes can coexist with older addressing methods that were suitable only for smaller networks. Introduction Proprietary networking architectures (e.g., System Network Architecture and NetWare) were designed to suit single organizations. The Novell identifier assigned to a workstation in one company can therefore duplicate that of a workstation in another company, and as business requirements continue to encourage internal and external networking among organizations, the duplication problem becomes much more significant. Proprietary address schemes also limit users' abilities to select alternative vendors' solutions when those alternatives use different yet incompatible addressing schemes. Basics of Naming and Addressing Names and addresses are the attributes of network objects that enable them to be found and identified by other network objects. A name can exist at different locations; an address is a specific logical or physical place at which names can be located. The systems that accomplish internetworking make use of addresses, not names. Names, on the other hand, are more easily understood by the human users of networks, so there must be a provision for translating names for the use of automated network elements. A subscriber's initial business relationship to a telephone company, for example, is based on a human name, which is then associated with a unique account number. The account number is then associated with one or more software-defined unique telephone numbers, and these telephone numbers are then associated with real wires at real locations. The business office deals with names, which may not be unique, and logical telephone number assignments. Plant personnel, however, deal with wires and other physical facilities that map to the telephone number. Most people accept that it would be impractical to label wires in a wire closet with the subscriber's name; a mapping to a telephone number would be all that is reasonably expected. Unfortunately, many data network users assume that name and address registration is a simple process in which an address is associated with a hardware address. Realistically, it is at least a two-step process, where a name is associated with a network layer address, and a network address is associated with a hardware address. Mapping Names to Addresses The names visible to users map to upper layer addresses. In X.400 this is done precisely, but not simply. The name Howard Berkowitz, for example, might map to an X.400 messaging address of C CA, ADMD DATAPAC, Private Management Domain PSC, SN BERKOWITZ. More complex mappings are possible, such as expansion of the name Washington Office to several individuals' X.400 addresses. Name-to-address mappings may involve organization policy decisions: If Mary Jones is promoted and transferred,

should business messages addressed to her be routed to her at her new location, or to her successor in her old job? People now put X.400 addresses on business cards, but X.400 may not become more popular until better directory tools free users from the details of addresses. If a relatively simple Internet name of hcb@ world.std.com is too complex for many people, an X.400 address with fields for country, administrative management domain, PRMD, organization, organization unit, subunit, and personal name can be overwhelming. X.400 addresses meet real technical needs; the problem is to improve the toosl for using these addresses rather than changing the address structure. Below the routing functions performed by the messaging service, which are geared to delivering the message to the end-user, are packet-oriented network layer routers and switches. Either a directory service or manually created table is necessary to map addresses between the upper layers and lower layers. If only a single address applies to upper and lower layers, a user's electronic mail address would have to change whenever that user moved to a new desk or used a laptop to read mail while traveling. Addressing conventions need to be more complex than, for example, the relatively simple rules that apply to human names. Humans can use context to decide with which of several people with identical names they wish to speak. Current computers, however, need to be told explicitly that Mary Smith, the CEO, is different from Mary Smith in Accounting. The most common and practical means of ensuring name and address uniqueness is to manage them in a hierarchy. A precedent for this exists in international telephony. An organization having international authority assigns country codes and then delegates the next level of addresses to national organizations. National organizations in turn assign area codes and delegate actual telephone number assignment to a subordinate organization. The scope in which an address authority can assign unique addresses is called a domain. A complete real-world address consists of segments that correspond to nested domains and subdomains; in practice, a real-world globally unique address usually contains a domain identifier as well as the addresses specific to those domains. The problem is not so much the theoretical maximum of network addresses as the number of unusable addresses created by an addressing scheme. If the country identifier forms the top level of the address, enough addresses have to be assigned to meet the needs of each country. If an addressing scheme supplies a country like the US with enough addresses and the same number of addresses are reserved for a country with much more modest requirements, many addresses will be wasted. In the current Internet addressing plan, the basic quanta of address assignment are blocks of approximately 65,000 or 250addresses. The former is too large for most organizations to fill; the latter is too small for many requirements. Mobile Addressing Considerations An evolving, and not completely solved, addressing problem becomes more apparent as cellular telephony and other mobile technologies become more common. As a car phone moves, it travels through a series of cells, or small radio service areas that connect the phone to the telephone network. Each cell has a number, and, while a cellular phone is in a cell, the phone uses a specific frequency between itself and the cellular telephone switch. Cellular switches are designed to keep track of the changing relationship between the persistently assigned telephone number and the transient cell number/frequency pair. While conventional network layer protocols can deal with an address (e.g., a LAN MAC address)

below the network layer, these protocols do not assume this hardware address will be dynamic. Application-Level Addressing If real networked applications are to work, system administrators must deal with both application-level and network-level naming and addressing. For example, if an organization wanted to be addressable for Internet electronic messaging, it would need both a domain name(e.g., whitehouse.gov) and an IP address for that domain. Users sometimes incorrectly assume that directory or other management tools can generate one given the other. The main global addressing need is for globally unique messaging addresses. The two main global addressing systems for messaging are those of the Open Systems Interconnection X.400 standard and the Internet's Domain Naming System. Both schemes are hierarchical, and the two can interwork by using a gateway to convert addresses from one scheme to the other. High-level Internet Domain Naming Service addresses are obtained from the Internet'sNetwork Information Center; subordinate addresses are managed by the user or user organization. Address assignment for X.400 is more complex. The International Telephone and Telegraph Consultative Committee(CCITT) authorizes certain organizations to act as X.400 national naming authorities, which can be national telecommunications monopolies, other national addressing authorities, or carriers offering public X.400 services. They are assigned address components at the Administrative Management Domain (ADMD) level. They, as national authorities, or ADMD owners, can in turn assign Private Management Domain (PRMD) address components. PRMD addresses directly assigned to user organizations by a national telecommunications monopoly may duplicate PRMD assigned by other Administrations. This does not create a practical problem, because an ADMD is not necessary if communication is directly betweenprmd not subordinate to ADMDs. For example, if airline A connects its X.400-based reservation system directly to that of airline B, there is no need for ADMDs as long as both airlines' PRMD are assigned by the national body, or are assigned by the national bodies of different countries. Such directory services as X.500 accept either name or high-level address arguments and return the appropriate network address. They can also do pure high-level name-to-address translation, distribution list expansion, and mappings based on local policies. Between Application and Network Both Open System Interconnection (OSI) and Internet have a concept of something on the network to which datagram are routed. In Internet protocol (IP), this is the Internet address. In Open Systems Interconnection this is technically the Network Entity Title, but the term Network Service Access Point address is commonly, if not quite precisely, used. To link to an actual transport or higher protocol in an IP host, a supplemental protocol identifier further qualifies the IP address; the combination of IP address and protocol identifier uniquely identifies a user of IP. In OSI, the network service access point (NSAP) address actually is composed of the network entity title (NET) and a selector field. If the selector field has a value of zero, the network service access point (NSAP) address identifies the target of routing(i.e., the specific host interface). Nonzero selector field values are similar to

the IP protocol identifier; they identify a user of the network service entity rather than the entity itself. Whereas application addresses identify service access point that are meaningful to users, and network addresses identify points in an intelligent network, there is often an additional need for identifiers between the application and network functions. Open Systems Interconnection compliant systems and the Internet, for example, both concatenate an end system service identifier to the network address of end systems. The Internet transport protocols (TCP and User Datagram Protocol) call this identifier the port number. In OSI, it is the Transport Service Access Point Identifier (TSAP-ID). The function of these transport-level identifiers may be more easily understood if they are viewed as analogous to extension numbers associated with a telephone switchboard. An Internet application may be reached using the IP address, protocol identifier, and an identifier of the user of the transport service above IP. The latter identifier is called the port number. OSI also has an identifier for the transport entity that uses the network service (i.e., the transport service access point identifier) but presentation and session service identifiers, as well as an application entity title, are necessary to reach the application. When these identifiers are used in a particular way by a vendor they are often complex and obscurely documented. Customers should demand that vendors clearly demonstrate address configuration procedures. Internetwork Addressing Functionally, both Open Systems Interconnection network layer protocols and the Internet protocol are equivalent. They differ primarily in address formats and parameter encodings, and it is feasible to build a single piece of software that processes both IP and OSI ConnectionLess Network Protocol. The OSI reference model definition of the network service applies well to both. Indeed, there is an active proposal called TCP and UDP over bigger addresses (TUBA) intended to deal with the IP address shortage by substituting CLNP for IP in existing TCP/IP stacks. In both architectures, the job of thenetwork layer is to forward traffic one logical step closer to the destination. These logical steps can be routers or can be the actual destination host. The same addresses are used for routers and for hosts, because upper layer addresses only are examined when the forwarded traffic reaches its destination. Common addressing for hosts and routes makes network administration far more consistent. Different types of intelligent systems cooperate at this architectural layer. End systems (ESs) are hosts (or gateways to other architectures); intermediate systems (ISs) are routers and packet switches. Intermediate systems do not contain application-level management functions, so management and control of ISs must be distributed to other entities including end systems. This entails problems with network layer communications between end systems, communications among ISs that are in a domain under a single administrative authority, and communications between ISs that are in different administrative domains. To participate in network layer interaction, an entity must know its address. Real network entities often have two levels of network address. They have one that belongs to the global, medium-independent addressing context defined by OSI or IP. They have another, hardware-oriented address to which the global address is mapped. Examples of such hardware addresses include LAN MAC addresses and X.25 addresses in the X.121 format. The lower level addressing environment, such as X.121, is called the subnetwork in relation to the higher-level true network address. OSI formalizes two address constructs

here, the Network Service Access Point address previously mentioned at the global level, and the subnetwork point of attachment (SNPA) address at the hardware level (as shown in Exhibit 1). network service access point (NSAP) and IP addresses are logical rather than physical, and always must map to an actual physical address. Open System NSAPs and SNPAs The word network usually refers to collections of wires and switches that carry bits of data. A network does not mean the same thing in Open Systems Interconnection. In OSI, the network service defines a set of capabilities of the network layer of a collection of open systems, which does not necessarily have to form a real-world network. The OSI term for a real-world network is subnetwork. In a similar manner, IP operates in catenets, that is, collections of intelligent networks that may not actually constitute a simple network. Subnetworks have SNPAs where OSI and nonosi systems can access their services. In contrast with SNPAs, Network Service Access Point identify conceptual access points for accessing open system capabilities, not for accessing subnetwork services. network service access point (NSAP) exist within a conceptual global address space used by OSI and are implemented inside open systems, not as addressable parts of communication networks. The IP uses a similar address model: IP addresses are defined for the global IP address space, and IP addresses are mapped to addresses defined by interface protocols of the subnetworks over which IP runs. OSI has an additional identifier, the Network Entity Title, which identifies the set of network service access point (NSAP) in an end system. Additional identifiers may be needed in the future, to deal with mobile communications. OSI network layer architecture includes three main functions common to modern network architecture. The subnetwork independent function defines the view of the pure network service within the architecture's global address space, the subnetwork access function defines the specific procedures for interfacing to a real subnetwork technology, and the subnetwork dependent convergence function maps between the preceding two. Understanding differences between subnetwork dependent and subnetwork access requirements, and understanding the convergence mechanisms, is the key to integratingosi and Internet network services with existing subnetworks. Open Network Address Structures The Internet addressing scheme has been in use long enough for there to be extensive experience with it. IP addressing has been effective, but is now showing some weaknesses as technologies and network sizes advance. The Network Service Access Point addresses used in Open Systems Interconnection are based on ideas first used in creating IP addresses. IP addresses are 32 bits long. They contain three fields of varying length, the first identifying the format of the rest of the address, the next identifying the network domain, and the third identifying a system within that domain. The structure of the 32-bit address, that is, the use of a format identification field and the division of the address into domain identifiers, means that all possible 32-bit addresses (i.e., 2(32), approximately 5.6 billion addresses) are not available for assignment to network entities. While other proposals are still being examined, the two main long-term solutions to IP address exhaustion are called the Simple Internet Protocol (SIP) and the TCP and UDP over bigger addresses proposal. the SMDS Interface Protocol extends IP addresses to 64 bits, while TUBA uses variable-length Open Systems Interconnection network service access point (NSAP) addresses. An interim solution called classless

interdomain (CIDR) has been adopted to provide better use of the existing 32-bit addresses. Its basic principle provides a mechanism to subdivide the approximately 65,000 address class B blocks into smaller units, still larger than the approximately 250 address class C blocks. Class B addresses were previously associated with single user organizations; they will now be shared. While Classless Inter-Domain does not require a completely new set of protocols, it does restrict the routing protocols usable to those that support variable length subnet masks. It also introduces new administrative procedures for address assignment. OSI network service access point (NSAP) addresses have a variable length, and can be up to 32octets long. Like IP addresses, they begin with a field that identifies the address format. This field, the Initial Domain Part, contains fields identifying both an addressing authority and the format of the domain-specific address. The remainder of the network service access point (NSAP) address, the domain specific part (DSP), is unique within an addressing domain. The DSP is large enough to contain complete subnetwork addresses, such as those used by X.25 or Integrated Services Digital Network (ISDN). As discussed below, LAN devices, which have a hardware-defined address, can automatically create their own network service access point (NSAP) address using their hardware address and higherlevel information that is broadcast by OSI routers. Subnetwork Addressing Subnetwork attachment protocols map Open Systems Interconnection network services onto an underlying real subnetwork, a subnetwork that may use an architectural model completely different from that of OSI. The subnetwork itself may have its own internal intelligence. Careful development of a subnetwork address structure and choice of switching logic are important in building private network, or in interfacing to externally provided subnetworks. Important subnetwork address structures include: CCITT X.121 addresses used by X.25 and X.75 ISDN circuit switching addresses IEEE medium access control (MAC)addresses D-channel addresses Frame relay addresses OSI provides a mechanism for compatibility with different subnetwork technologies. Network entities often can dynamically learn their NSAB addresses by fixing a subnetwork address with an appropriate Initial Domain Part, or by combining low-order address information with information obtained from broadcasts of layer management entities. X.25 and Open Network Addresses X.25 implementations defined under 1984 or later standards can directly support Network Service Access Point addresses of the OSI Connection-Oriented Network Service, by means of address extension fields. X.25 does not have built-in support for IP addressing.

Since there can be interoperability problems between connectionless (e.g., IP and ConnectionLess Network Protocol) and Connection-Oriented Network Service, X.25 is more often used as a subnetwork rather than a full network service. When X.25 is used as a subnetwork, IP or CLNP are layered on top of it. There are two contexts for X.25 addressing: pure X.25, and X.25within the context of such larger networking standards as OSI and the Internet protocol suite. CCITT's X.121 Recommendation defines the structure of X.25 addresses, which are split into an international unique prefix called the Data Network Identification Code and a national network part. The latter part is not internationally standardized, but prescribed by each network. It often takes the general form of a telephone number, that is, including an area code, city exchange, and subscriber (e.g., host) number. X.25 packet layer standards contain both persistent X.121 addresses and nonpersistent connection identifiers (i.e., logical channel numbers). Logical channel numbers are not part of the larger Open Systems Interconnection network service access point (NSAP)or IP addressing plans (as shown in Exhibit 2). The Distinction Between Persistent and Nonpersistent Connection Identifiers Configuring an X.25 Address Using the X.121 address as part of the network service access point (NSAP) address has the attraction of making the network service access point (NSAP) address self-configuring. There are advantages and disadvantages, however, to self-configuration. Self-configuring reduces system administrator workload and the chance of addressing errors caused by incorrect entry of addresses. But if individual human users (i.e., names) are bound to selfconfigured network service access point (NSAP) addresses, the situation is equivalent to permanently associating a telephone number with a human being. This situation has distinct operational problems if, for example, the individual moves to a location served by a different X.121 address or replaces X.25 service with LAN service. An alternative to self-configuration is to separate the network service access point (NSAP) and SNPA addresses. A user's Network Service Access Point address will then reflect an organizational structure, and the current SNPA address for the user whether X.25/X.121, LAN, or other service is obtained from a directory service. As mobile communications become more prevalent, such separation of network service access point (NSAP) and SNPA will become necessary. The telephony equivalent of not doing such a separation requires first trying an office number, then a car phone, then a residence number, and so on. Self-configuring OSI network service access point (NSAP) addresses, however, is a reasonable short-term mechanism. Self-configuration by including the X.121address is not a practical alternative for the Internet, because Internet addresses are too small to contain X.121 addresses. There is no single way to map between X.121 and Internet addresses, althoughregional Financial Center 1236 recommends one method. Standards bodies did recognize the need to interconnect public networks (i.e., those operated by Administrations and registered private operating agencies (RPOAs)). They defined the International Telegraph and Telephone Consultative Committee X.75 protocol as the means of interconnection. Where X.25 uses two addresses, calling and called, X.75 uses three

addresses: calling, gateway, and called. X.75 has not been implemented widely in packet switches intended for users as it is intended for intercarrier use. X.75 is generally reserved for interconnecting user X.25 networks with multiple public X.25 networks, each with their own X.121 addressing plans. A more practical and popular method of interconnecting is translating X.25 addresses from those of one network to those of another. Software to do this translation is switch- and user-specific. When translating between public and private X.25 addresses, the data switching equipment (DSE) maps public X.25/X.121 addresses into addresses meaningful within the private network. Such mapping is not part of CCITT or International Organization for Standardization (ISO) standards. As an example of user-specific address translation, a user organization established a convention that a zero in the data network identification code (DNIC) part of an X.121 address meant that the address was part of a local address space. In this address space, the first three digits of the X.121 address identified a DSE, and the last four digits identified a port on that switch. If the data network identification code (DNIC) part of an address was nonzero, switches were programmed to route that call to a gateway serving the external network identified by the data network identification code (DNIC). Address translation software would translate external references (e.g., 3020-888-001) to internal references (e.g., port 999 on switch 999). While an internal network user at 997-0002 would see a direct circuit to 3020-888-0001, thatvirtual circuit was actually composed of circuits between 997-0002 and 999-9998, and between 999-9998 at 3020-888-0001. Most newer public network technologies, such as Integrated Services Digital Network and frame relay, can accommodate existing applications that have an X.25interface. The underlying technologies, however, are quite different than those traditionally used with X.25. ISDN ISDN generally provides subnetwork technologies over which network services (i.e., Open Systems Interconnection or Internet services) run. Subnetwork facilities can be provided as on a semipermanent dedicated basis, on dynamically switched circuits, or through packet handling. Open Systems Interconnection Network Service Access Point can include Integrated Services Digital Network subnetwork addresses as the DSP. Semipermanent modes may provide a virtual wire to a network entity for conventional LAPB access. Alternatively, they may provide a mechanism for encapsulating X.25 packets and delivering them to a packet network. ISDN global addresses are not significant in semipermanent access using LAPB, because connectivity between end systems is established automatically by the ISDN provider. When semipermanent access is at the packet level, the ISDN provider defines the mapping of LAPD terminal endpoint identifiers to external X.25 destinations. Circuit switching, using the Q.931 protocol, can set up virtual wires on an asneeded basis. In this case, ISDN addresses are used to set up data telephone calls between X.25 entities. LAN Addressing IEEE standards for LANs use a scheme that assigns a unique hardware address to every LAN interface. This relieves the network administrator of assigning addresses to LAN

interfaces, but adds the complication that a MAC-sublayer address will change whenever the hardware is changed. Correspondences need to be established between MAC-sublayer addresses and network addresses. Internet Protocol suite systems use the address resolution protocol (ARP) to discover the network address assigned to them. OSI systems include the MAC address with their network service access point (NSAP) address, which is constructed using prefixes obtained from local router broadcasts. Collapsed Layered Addressing While the Open Systems Interconnection reference model broke valuable ground in subdividing network technologies into a set of layered functions, this model did not anticipate all transmission technologies. Especially where communications functions are built into such hardware as LANs and new high-speed transmission technologies, addresses associated with individual layers may be collapsed into addresses mappable to multiple layers. These collapsed addresses, which are used for transmission efficiency, are mapped into standard addresses at endpoints or internetwork gateways. Technologies using collapsed addresses include frame relay, Integrated Services Digital Network, and new transmission systems such as Asynchronous Transfer Mode. In both Frame relay and ISDN's nailed D-channel operation, the destination address into which the layer 2 address maps can be the access point for a standard X.25 network or an IP address. X.25packets run unchanged over these services, so multiple X.25 Switched Virtual Circuit can be run over a single ISDN or frame relay address pair. In Frame relay, a short layer 2 identifier is associated, by the network provider, to an endpoint of the Frame relay subnetwork. Frame relay endpoint addresses have only local significance. Permanent Virtual Circuit are defined between these endpoints. The Frame relay protocol is not aware of higher-level addresses, the Protocol Data Unit, that flow over it. Conclusions Such open network architectures as Open Systems Interconnection and Internet have mechanisms that support truly global networking over both new and old transmission systems. These powerful mechanisms can lead to interoperability problems if the associated configuration rules are not well understood. Users need both to understand general address mechanisms and to obtain clear configuration procedures from their vendors. Author Biographies Howard Berkowitz Howard C. Berkowitz is manager of Open Systems Technology for PSC International, McLean VA. He has been involved with the broad open systems problem from user, vendor, and standards body perspectives. His experience includes serving as the first technical staff member at the Corporation for Open Systems, co-developing national performance standards, developing advanced networking systems for many user organizations, and developing network management architecture for GTE Telenet. He is the author of numerous articles and the networking chapter of H.M. Deitel's An Introduction to Operating Systems,and is preparing books on general open systems and standards-based networking. Berkowitz has been nominated as vice-chair of ANSI X3S35, the digital communications performance subcommittee.