IEN 110
On Problems                                      IEN No. 110
 Our finest plans have fallen                    Vint Cerf
 through, our airiest castles,                   DARPA/IPTO
 tumbled over by lines at first                  31 August l979
 we neatly drew, and later,
 neatly stumbled over.
                   -  Piet Hien
        Internet Addressing and Naming in a Tactical Environment
A basic premise in the Internet and Transmission Control Protocols is
that addresses are unambiguous.  An addressable object may own more than
one address, but each address is unambiguous.  The transformation from
names to addresses might yield several addresses, but it has been
assumed that this transformation would take place above the TCP and IP
protocol layers [1,2].
Three realistic situations have been identified which suggest the need
to re-think this position.  The first situation was informally described
by R. Tomlinson as a "network partitioning" problem in which a
particular host, H in network N, is reachable from one gateway attached
to network N but not another, because network N has become partitioned
into two or more pieces.  If the system of internet gateways in fact
provides connectivity, it is desirable to find some way to route traffic
to the gateway that can reach the destination host, even if this would
require that traffic be routed out of network N, through networks A, B,
and C, and back into network N again.
The second situation was described in a private note from W. Plummer and
R. Tomlinson to the author and concerns hosts which are attached to more
than one network.  In the present paradigm, such a host has two distinct
addresses, but might have only one name.  Once a TCP connection is set
up, for example, the connection ID consists of source and destination
net and host addresses as well as source and destination port
identifiers.  Since a net and host address is bound to a particular
connection to a given network, the failure of a particular interface can
only be recovered by setting up a new TCP connection to an alternate
destination or from an alternate source.  Simultaneous recovery when
both source and destination have alternate addresses could lead to
synchronization problems if each site happens to choose a different
destination on which to home during recovery.  Depending on the subnet
services, even hosts which are multi-homed onto the same net (e.g.,
ARPANET) may have different alternate addresses.
The third situation arises in connection with an advanced airborne
packet radio application.  It first emerged in conversations with Major
L. Druffel of the DARPA/IPT office.  In this case, long-range packet
radios (200-300 miles) are installed in aircraft and on the ground at
selected sites.  The ground sites may or may not have connectivity with
each other (e.g., through a wire network and gateways).  While aircraft
are aloft, they communicate with each other and the ground via packet
radios.  If we treat the ground packet radio networks as a single net
Cerf                                                            [Page 1]
                                                                 IEN 110
Internet Addressing and Naming in a Tactical Environment
(for internet addressing purposes) and include the airborne packet
radios as a part of that net, then this creates the partitioned network
problem which was raised by R. Tomlinson.
If, on the other hand, each ground network is treated as a distinct
network, the airborne packet radios would effectively join and depart
from different nets, sometimes operating in radio connectivity with two
of the distinct ground nets at the same time (during transition from one
packet radio net to another).  This model rapidly unravels into a
classical can of worms, since the internet address of the airborne
packet radio would need to change as it moves from one net to the next,
leading to a problem related to the W. Plummer multi-homed internet host
problem.
Furthermore, at the packet radio level, there is no built-in concept of
which internetwork network identifier is associated with ARPANET, just
as there is no such self-identification in the SATNET, ARPANET, LCSNET,
etc.  Xerox Parc has introduced network identification through the use
of broadcast servers in each ethernet gateway which responds with the
network ID to queries coming in on a given physical port.
The problem is compounded in a tactical ground environment when two
mobile packet radio nets, each with their own network ID's and gateways
to other nets (e.g., SATNET) suddenly move within radio range of each
other.  If they are to continue to be treated as distinct networks, then
they must interface via gateways, and each must somehow ignore packets
being sent by radios in the other network.  Worse, there really should
be a way to gateway the two nets together via radio, but this implies
the existence of a radio link between gateway nodes - the radio link
then needs to be treated either as a very special link between gateway
halves (i.e., line of sight only).  Alternatively, the two networks must
somehow collapse into a single network with two identifiers (the dual of
a host which is attached to two distinct nets).
As a strawman, I would like to offer an opinion as to the way in which
these problems should be treated, for purposes of stimulating discussion
in the internet working group.
   1.  If the packet radio networks (airborne or ground mobile) are
   operating on a common channel they should be treated as a single
   network.  This creates a partitioned network problem which must be
   solved.
   2.  If the packet radio networks are operating in different frequency
   bands, then methods of connecting their gateways are needed.  An
   obvious strategy is to attach a gateway to two packet radios, one
   operating on one net and the other in the second.  Simultaneous
Cerf                                                            [Page 2]
                                                                 IEN 110
Internet Addressing and Naming in a Tactical Environment
   operation in both nets by a single radio is not presently feasible,
   but could be studied as a research problem.
   3.  Hosts which are deliberately multihomed on distinct networks
   should be able to recover from interface failures, but by mechanisms
   above the TCP/internet layer, not within them.
To deal with the partitioned network problem, it should be possible to
broadcast (or send distinct copies of) a message from a host to all
gateways attached to the net(s) the host interfaces with, requesting
indications as to which gateway(s) are able to reach a given network.
Using source routing, it should be possible to query the host by
emitting packets which are forced to go through all gateways on the
host's network to get to the desired destination.  These queries would
elicit responses which contain source routing information useful to the
source.  It isn't yet clear whether the source routing needed to achieve
this capability needs to be used recursively to force traversal of all
possible gateway paths into the destination network, but I suspect
something like that is required (a sort of multi-network route-finding
packet very analogous to a similar object described in the packet radio
network protocols for stationless operation [3]).
An alternative strategy might be to attempt to maintain a model of the
entire internetwork topology in each gateway and to respond to host
queries about all known paths (sequences of nets and gateways) from the
source net into the destination network.  For even moderately rich
network interconnection the computation to supply a response and/or the
quantity of response data might be excessive.
A third possibility is to introduce knowledge of all hosts in all nets
into each gateway and to perform routing updates based on host
identifiers rather than network identifiers.  This seems even more
prohibitive than keeping track of internet topology in each gateway.
SUMMARY
The basic catch-22 in the airborne packet radio case is that we must
either assume that all nets remain "connected" and therefore have the
airborne radio join different nets (and have a higher level protocol for
readdressing of TCP or internet packets).  Or we must deal with the
partitioned network problem.  Since the packet radio network is designed
to adapt to the appearance of new packet radios that have not appeared
before, it seems natural to consider the combination of ground and
airborne networks as a single network, possibly partitioned, with
connectivity available via gateways to other networks. If we can solve
the problem of routing "out of the network" to reach a disconnected
partition, we can also look forward to providing increased robustness in
wire nets through the use of satellite networks, for example.
Cerf                                                            [Page 3]
                                                                 IEN 110
Internet Addressing and Naming in a Tactical Environment
The multi-homed internet host problem may arise in both the case of a
conventional host and the case of a gateway connecting two or more nets.
It appears to be most straightforward to retain multiple addresses for
such hosts and to supply knowledge of the multiple addresses through
internet name server services.
                               References
1.  DARPA, Transmission Control Protocol, IEN No. 81, February 1979,
    NTIS Accession No. ADA 067072.
2.  DARPA, Internet Protocol, IEN No. 80, February 1979, NTIS Accession
    No. ADA 067849.
3.  R. Kahn, S. Gronemeyer, J. Burchfiel and R. Kunzelman, "Advances in
    Packet Radio Technology," IEEE Proceedings, Vol. 66, No. 11, Nov.
    1978, Special Issue on Packet Communication Networks.
Cerf                                                            [Page 4]