Strato is not a good example... for a), you pointed out the important thing: It's inaccurate. If it would only be CPU-Power, you could use an own machine fopr that. forb), the main problem is to write such a software. Who of us has the time to do so? It would be very cool to have such a piece of software, but who can develop it? Or is there something that is capable to do so? Second problem, as you noticed, there could be a need to change your betwork layout. Our backbone is switched, and not every switch (in the Server-Racks we don't use the expensive Ciscos, there are simple Switches without Monitor-Port). So you would have to place the sniffer a) on the firewalls or the routers -> not a good idea - think of CPU, Diskspace, .. or b) but not always possible put in in the transfernet between firewalls and borderrouters. b) could be a olution for us if there were some kind of software usable for that. Greetings Henning Brauer Hostmaster BSWS ------------------------------------------------ BS Web Services Roedingsmarkt 14 20459 Hamburg Germany info@bsmail.de www.bsws.de fon: +49 40 3750357-0 fax: +49 40 3750357-5 PLEASE USE EMAIL WHERE POSSIBLE Entire Systems NOC To: "lir-wg@ripe.net" <lir-wg@ripe.net> <noc@entire-sy cc: stems.com> Subject: Re: IP assignment for virtual webhosting Sent by: owner-lir-wg@r ipe.net 11.05.00 13:30 On Thu, May 11, 2000 at 01:22:38PM +0200, Mark Lastdrager wrote:

Because of this system it is very hard to implement name-based virtual hosting, all accounting is done on one IP adress then and we have to rethink our accounting scheme of virthosts (which takes time, costs money etc. etc.)

Exactly. You basically have to either a) analyze webserver logs (very inaccurate, CPU-intensive) b) write your own accounting software basing on sniffing, analyzing packet payloads for HTTP 1.1 header information and tracing TCP streams. This can also lead to a restructuring of you networks to be able to sniff. AFAIK Strato (hosting >500.000 .de domains) does something like b) 'cause they can't afford spending CPU time on their hosting server to do any accounting... (but this is hearsay). Best regards, Daniel Roesen Entire Systems NOC -- Entire Systems Network Operations Center noc@entire-systems.com Entire Systems GmbH - Ferbachstrasse 12 - 56203 Hoehr-Grenzhausen, Germany InterNIC-Handle: ES1238-ORG RIPE-Handle: ESN10-RIPE Tel: +49 2624 9550-55 GnuPG/PGP Key-ID: 0xBF3C40C9 http://www.entire-systems.com/noc/noc-key.asc GnuPG/PGP Fingerprint: 1F3F B675 1A38 D87C EB3C 6090 C6B9 DF48 BF3C 40C9