Networking 101: Understanding Internet Governance
There's an alphabet soup of governing bodies overseeing the Internet's day-to-day operations. Here's how to tell your IANA from your ICANN.
The Internet is a wild and unruly place. When people talk about Internet governance, the conversation is normally related to IP allocation and domain name management, rather than censorship or control. The Internet actually is tightly managed with regards to network allocation. This edition of Networking 101 will clear up those mysterious organizational acronyms and explain what their purpose really is.
ICANN is the Internet Corporation for Assigned Names and Numbers. It is based in California, and is responsible for oversight. ICANN oversees, as the name implies, tasks relating to IP address and domain name assignment. Remember when someone decided that each country should have a 2-letter top-level domain? That was ICANN. The daily oversight of assigning IP addresses continues to be handled by IANA. (More on IANA in a second.) ICANN is a regulatory body, and it was created as a non-profit to take control away from the U.S. government, which relinquished it voluntarily.
IANA is the Internet Assigned Numbers Authority. It was in the game before ICANN was created in late 1998. IANA oversees the real IP and domain name management, as well as root-level DNS operations. IANA was founded and run by Jon Postel until the formation of ICANN, and Postel's death shortly thereafter. He is the father of the Internet, without question.
IANA manages IP delegation by assigning a set of numbers to Regional Internet Registries, or RIRs. These RIRs will then delegate, from their assigned IP addresses, IPs to very large Internet service providers. You're probably heard of some of them, the list is:
- ARIN (American Registry for Internet Numbers): North America
- APNIC (Asia-Pacific Network Information Centre): Asia and the Pacific
- RIPE NCC (RIPE Network Coordination Centre): Europe, Central Asia, and the Middle East
- LACNIC (Latin American and Caribbean Internet Address Registry): Latin America and the Caribbean
- AfriNIC (African Network Information Centre): Africa
Representatives of these five organizations sometimes meet and discuss RIR business cooperatively, and call themselves the NRO, or Number Resource Organization. RIRs also provide domain name registration services, and delegate them to companies, called registrars. RIRs also deal with ASN (Autonomous System Number) allocation and management. An ASN defines an organization, or part of one, and this is the number that's used to route traffic on the Internet. We'll learn all about ASNs when we talk about BGP and Internet routing in a future Networking 101.
Back to domain names, since that's a frequent source of confusion for many people, here's a brief description of how domain registration works:
There are the top-level domains (TLDs), such as .net, .com, and .org. These common TLDs are called generic, or gTLD names. ICANN will accredit certain companies to allow them to become registrars, which means they can sell domain names. Network Solutions, a private company, was the original registrar. At that time, there was no concept of having other registrars; everyone just went to NSI. They controlled the gTLD names, and were the actual registry for them. As a result of long legal battles in the late 1990s all registries are now required to share information and support multiple registrars. The Shared Registration System (SRS) was opened in 1999, and to this day is managed by ICANN. Every registrar uses the SRS, and domain name sales don't generally collide any more.
IANA also oversees domain name operations, which involves acting as a liaison between the root DNS server operators, as well as the top-level domain operations. IANA also deals with protocols, such as http, to the extent of conferring with the IETF to develop policies about which protocols should work Internet-wide.
Don't worry; we'll leave no acronym undefined. The IETF is the Internet Engineering Task Force. It develops Internet standards and protocols, such as TCP. Everything developed under the IETF is done in its own working group. These are open forums that work mostly through mailing lists, and anyone is welcome to participate. New ideas come in the form of an RFC, or Request for Comments. The finalized documents are actually the RFCs, and the really fresh ideas appear on the IETF's FTP site under "in-notes." After a working group churns out an RFC, it is revered worldwide, ignored, or hated. People always quote RFC document numbers, starting such flame wars as "your mail server isn't RFC-compliant." To assure that the Internet, and the applications that use it, function properly when implemented by disparate groups of people, RFC standards are supposed to be followed.
The IETF itself falls under the Internet Society (ISOC), which oversees the Internet Architecture Board (IAB). The IAB is a committee whose main purpose is to comment on, and act as a liaison for, the IETF and IRTF (Internet Research Task Force).
The previously mentioned ccTLDs (country code top-level domains, like .us) were actually defined by another standards body, called the ISO. The International Organization for Standardization (yes, they screwed up the acronym) has been around for much longer than the Internet. It deals with everything from toasters and paper sizes to Internet issues. Well, it tried to deal with Internet issues. Long ago, the ISO attempted to create a set of standards that should be used for network communication. They called this the Open Systems Interconnect, or OSI model. Vendors fought, blood was drawn, and the end result wasn't pretty.
The main players that you'll hear about in the news are generally ICANN, IANA, and the IETF. And VeriSign, which acquired NAI, and now controls certificates as well as being the second largest registrar.