IP assignment for virtual webhosting
Dear LIR-WG, We would like to hear your opinions on the issue of IP assignments for virtual webhosting. The current policy is rather old and in the meantime a lot of things have changed; most importantly the market for webhosting products, as well as the development of the HTTP protocol and related software. TERMINOLOGY Before we begin, however, we would like to address the issue of terminology for this subject. The term 'virtual webhosting' is being used a lot but it is often not clear in which way it should be interpreted. We suggest the following terminology: Server: A physical computer with an operating system installed on it. This could be UNIX, Windows, Mac, or something else. The webserver runs as an application on this OS. Webserver: An application program that accepts connections in order to service requests by sending back responses. That is, a piece of software that runs on a physical server. Examples of webservers are Apache, IIS, and Stronghold. User agent / Client: The client that initiates a request. These are often browsers, editors, spiders (web-traversing robots), or other end-user tools. Hostname: A nameserver entry that resolves to an IP address. This could be an A or a CNAME record. Virtual host: A hostname resolving to the IP address of a server, the webserver of which handles several hostnames. IP-based virtual hosting: Many hostnames hosted on the same server, one IP address for each hostname. Namebased virtual hosting: Many hostnames hosted on the same server, all hostnames resolve to the same IP address. OUR SUGGESTION The RIPE NCC has followed the deployment of HTTP 1.1 closely over the past year. According to recent surveys, a vast majority of clients now support HTTP 1.1 (namebased HTTP requests). It is our belief that the majority of webserver applications support namebased webhosting as well. In recent years we have seen a boom in the registration of second-level domains. This has led to a great demand for webhosting services. Using one IP address per domain uses an enormous amount of IP addresses. With HTTP 1.1 this is no longer necessary. We therefore suggest to promote namebased webhosting and to change the current policy so that IP addresses can no longer be assigned for IP-based webhosting. Please provide us with any feedback or comments you might have. Kind regards, Nurani Nimpuno (Registration Services Manager) and Simon Skals (Hostmaster) RIPE NCC
Hi, On Wed, 17 Nov 1999, Nurani Nimpuno wrote: [snipp]
OUR SUGGESTION
The RIPE NCC has followed the deployment of HTTP 1.1 closely over the past year. According to recent surveys, a vast majority of clients now support HTTP 1.1 (namebased HTTP requests). It is our belief that the majority of webserver applications support namebased webhosting as well.
In recent years we have seen a boom in the registration of second-level domains. This has led to a great demand for webhosting services. Using one IP address per domain uses an enormous amount of IP addresses. With HTTP 1.1 this is no longer necessary. We therefore suggest to promote namebased webhosting and to change the current policy so that IP addresses can no longer be assigned for IP-based webhosting.
we would very much welcome this. We successfully run HTTP host header based hosting on all our mass virtual servers. These are servers with mainly static content and some light cgi,php mysql usage. Usage of IP Addresses for virtual hosting should be restricted to purposes where this might be explicitly required for example for a SSL certificate for a server. But not for running massive hosting of "homepages". The current policy seems to allow for a LIR to enter /32 for each virtual server into the database. This is happening in a huge extent bloating up the ripe database. Needles to say that most of this behaviour is propably automated and we will see lots of duplicate person handles.... Greetings Christian Kratzer Toplink -- TopLink Internet Services GmbH ck@171.2.195.in-addr.arpa Christian Kratzer http://www.toplink.net/ Phone: +49 7032 2701-0 Fax: +49 7032 2701-19 FreeBSD spoken here!
Hi, I agree that every hosting provider should try to convert all it's websites to support namebased webhosting, however... SSL connections do require a seperate IP per website, and I think we will be seeing more and more of those in the near future with the emerging of e-commerce. Also for e.g. virtual FTP hosting (mostly combined with webhosting) you need a seperate IP /site. I'd rather see a very strict policy which basically denies the use of IP addresses for that purpose unless a *very* good explenation as to why is provided to the hostmaster. Just my few cents... On Wed, 17 Nov 1999, Nurani Nimpuno wrote:
OUR SUGGESTION
The RIPE NCC has followed the deployment of HTTP 1.1 closely over the past year. According to recent surveys, a vast majority of clients now support HTTP 1.1 (namebased HTTP requests). It is our belief that the majority of webserver applications support namebased webhosting as well.
In recent years we have seen a boom in the registration of second-level domains. This has led to a great demand for webhosting services. Using one IP address per domain uses an enormous amount of IP addresses. With HTTP 1.1 this is no longer necessary. We therefore suggest to promote namebased webhosting and to change the current policy so that IP addresses can no longer be assigned for IP-based webhosting.
Please provide us with any feedback or comments you might have.
Kind regards,
Nurani Nimpuno (Registration Services Manager) and Simon Skals (Hostmaster) RIPE NCC
-- Eric Senior Network & Systems Engineer | http://www.online.be Online Internet nv | email: eric@noc.online.be . . . . . . . . . . . . . . . . . . . . . . . | Tel : +32 (0)9 244.11.11 RIPE Handle: EL357-RIPE | Fax : +32 (0)9 222.64.80 "It is not true that life is one damn thing after another -- it's one damn thing over and over."
Eric said:
I'd rather see a very strict policy which basically denies the use of IP addresses for that purpose unless a *very* good explenation as to why is provided to the hostmaster.
But what is a "very good explanation" ? Is RIPE going to start judging what are "good" and "bad" applications ? -- Clive D.W. Feather | Work: <clive@demon.net> | Tel: +44 20 8371 1138 Internet Expert | Home: <clive@davros.org> | Fax: +44 20 8371 1037 Demon Internet | WWW: http://www.davros.org | Mobile: +44 7973 377646
On 1999-11-17T15:22:30, "Clive D.W. Feather" <clive@demon.net> said:
But what is a "very good explanation" ? Is RIPE going to start judging what are "good" and "bad" applications ?
Now, that would be a totally new concept for the RIPE hostmasters to decide whether to approve an inetnum request or not... ;) Sincerely, Lars Marowsky-Brie -- Lars Marowsky-Brie Network Management teuto.net Netzdienste GmbH
Lars Marowsky-Bree wrote:
On 1999-11-17T15:22:30, "Clive D.W. Feather" <clive@demon.net> said:
But what is a "very good explanation" ? Is RIPE going to start judging what are "good" and "bad" applications ?
Now, that would be a totally new concept for the RIPE hostmasters to decide whether to approve an inetnum request or not... ;)
I see some issues: * The scope to "The fair distribution of public Internet address space according to the operational needs of the end users operating networks using this address space. In order to maximize the lifetime of the public Internet address space resource, addresses must be distributed according to need, and stockpiling must be prevented. ( RIPE-185 2.2) + Keeping our customers happy so that they can get the service and usability they actually pay for. But still do this within the guidelines that exists today. We have to remember that these are the people that actually make many of us exist. + "Force" those users that can - but still hasn't bother, to upgrade to http 1.1. And who today uses big amount of address space because of this. + Define and understand those who still can not follow the proposed new guidelines. And add this into the proposal. To find a good and balanced combination of this, is imho the goal. But i fully support the idea that "close the door" on http 1.0 if not exceptional reasons applies. Regards -- amar Telia Net
Please provide us with any feedback or comments you might have.
This breaks both SSL hosting and assigning multiple hostnames to the same virtual host (unless each of them are configured manually). Nick -- | Nick Hilliard | nick@iol.ie | | Tel: +353 1 6046800 | Advanced Systems Architect | | Fax: +353 1 6046888 | Ireland On-Line System Operations |
In response to Nurani Nimpuno:
In recent years we have seen a boom in the registration of second-level domains. This has led to a great demand for webhosting services. Using one IP address per domain uses an enormous amount of IP addresses. With HTTP 1.1 this is no longer necessary. We therefore suggest to promote namebased webhosting and to change the current policy so that IP addresses can no longer be assigned for IP-based webhosting.
I would agree with _promoting_ name-based web hosting but not with actually _prohibiting_ IP-based web hosting. We have got some clients who want to have a separate IP address for their web site so that they can point multiple domains at it, possibly domains registered by other parts of their company with a different ISP. We see this for example with customers who are multi-national companies and want www.customer.co.uk www.klant.nl , www.afdeling1.klant.nl , and www.kunde.de , all registered with different ISPs, to point to the same site. It is quicker and easier for them to use an IP address and just ask their other ISPs to change the DNS instead of having to ask us to change our web server configuration every time they add a new domain. I agree that these are special cases and we do not expect very many of them, but we would still like to have the flexibility to offer them this if they need it (and pay extra for it). (Note: This is quite separate from our present web service, where the software is out of date and only supports IP-based hosting; we are planning to withdraw this and replace it with name-based hosting for most of our customers once the existing contracts with the customers end.) Gyan Mathur Senior Systeembeheerder, Demon Internet Nederland
Gyan Mathur wrote:
I would agree with _promoting_ name-based web hosting but not with actually _prohibiting_ IP-based web hosting. [...]
Fully seconded! Best regards, Carsten Schiefner -- Carsten Schiefner mailto:carsten.schiefner@tcpip-gmbh.de TCP/IP GmbH, Berlin (Germany) http://www.tcpip-gmbh.de Phone: +49.30.443366-0 Fax: +49.30.443366-15 Mobile: +49.172.5425797 TCP/IP GmbH runs the Contrib.Net backbone http://www.contrib.net ======================================================================
On 1999-11-17T10:51:14, Nurani Nimpuno <nurani@ripe.net> said:
In recent years we have seen a boom in the registration of second-level domains. This has led to a great demand for webhosting services. Using one IP address per domain uses an enormous amount of IP addresses. With HTTP 1.1 this is no longer necessary. We therefore suggest to promote namebased webhosting and to change the current policy so that IP addresses can no longer be assigned for IP-based webhosting.
Please provide us with any feedback or comments you might have.
We would look forward to a very strong recommendation from RIPE with regard to this issue, promoting name based virtual servers. Apache can handle this perfectly (migration is quite easy too), the problem with virtual ftp servers can be "solved" with a special directory tree, encoding a username/password into the URL or something alike. All browsers I know of (even lynx, w3m) support this feature by now. Acceptance on the customer side is somehow suddenly vastly increased if we can point the customer at an official RIPE document/RFC, at least in our experience. Some "peer pressure" on browser/server developers sure would help to solve the last remaining problems with non-working SSL virtual hosting etc. Said strong recommendation may include reclaiming "wasted" address space as far as we are concerned. (But we do perfectly well with just a /27 for virtual hosting, hosting a few 100s of servers on a single IP, and haven't received a complain about this in the last 2 years. I can see how some LIRs may not look forward to renumbering a /21 full of virtual servers...) Sincerely, Lars Marowsky-Brie -- Lars Marowsky-Brie Network Management teuto.net Netzdienste GmbH
Lars Marowsky-Bree wrote:
Some "peer pressure" on browser/server developers sure would help to solve the last remaining problems with non-working SSL virtual hosting etc.
How do you propose to implement this? The SSL handshake - including checking of the server's certificate by the browser - takes place before any data can be sent over the connection, like a Host: header. I could be wrong but as far as I know there is no way for the client to say "I expect this certificate." -- Niels.
Hi Nurani,
OUR SUGGESTION
The RIPE NCC has followed the deployment of HTTP 1.1 closely over the past year. According to recent surveys, a vast majority of clients now support HTTP 1.1 (namebased HTTP requests). It is our belief that the majority of webserver applications support namebased webhosting as well.
In recent years we have seen a boom in the registration of second-level domains. This has led to a great demand for webhosting services. Using one IP address per domain uses an enormous amount of IP addresses. With HTTP 1.1 this is no longer necessary. We therefore suggest to promote namebased webhosting and to change the current policy so that IP addresses can no longer be assigned for IP-based webhosting.
I believe it's a very good idea to strongly promote using namebased webhosting. We've done surveys on our own website, and found out the amount of clients connecting with 1.0 is next to nothing. So the 'old clients' excuse just isnt there. And in cases where we've had complaints, customers were more than willing to upgrade their browsers after we explain whats going on. We've had to do this like twice this year, no big deal. I dont think though that prohibiting ip based virtual hosting is a good idea. There will always be reasons to use ip based hosting. You've heard some already. But people should just have a damn good reason. Reclaiming already assigned virtual webhosting space is a little over the top. Especially in cases where it might only be 1 or 2 /24s. Ofcourse, if some ISP is using 2 /16's for virtual hosting, then it might be another matter. If reclaiming is done, I would suggest taking a very long grace period. Regards, Cor Bosman
Cor Bosman (cor@xs4all.net) wrote:
Nurani Nimpuno <nurani@ripe.net> wrote:
We therefore suggest to promote namebased webhosting and to change the current policy so that IP addresses can no longer be assigned for IP-based webhosting.
I believe it's a very good idea to strongly promote using namebased webhosting. We've done surveys on our own website, and found out the amount of clients connecting with 1.0 is next to nothing. So the 'old clients' excuse just isnt there. And in cases where we've had complaints, customers were more than willing to upgrade their browsers after we explain whats going on. We've had to do this like twice this year, no big deal.
Although the amount of clients connecting with 1.0 may be very little in most cases, it does still happen. We have customers specifically state that they do not want to set up http 1.1 because at the end of the day, some people will not be able to view their (and/or their clients') web sites, which is fair enough. If they want to ensure that every person possible can access their site, I believe they should have that right. And yes, then there is the issue of SSL certificates requiring a unique IP per site. John Crain, RIPE NCC's Internal Manager, told me this shouldn't be the case, but I see that others here are bringing it up as well. (Admittedly, SSL requirements are something I have no experience with.)
I dont think though that prohibiting ip based virtual hosting is a good idea.
Ditto. Prohibiting is not a good thing. Requesting, advising, and preferring http 1.1 is one thing. RIPE NCC's demanding it is another and is very dictatorial. That would then lead to a prohibition on static-IPs for dial-ups, as well, I'm sure. Sam Bradford ----------------------------------------------------------------- sam bradford, hostmaster sam.bradford@demon.net Demon Internet / Thus plc e-mail: hostmaster@demon.net 322 Regents Park Road, Finchley, London N3 2QQ, UK (0181-371-1000) Herengracht 433, 1017 BR, Amsterdam, Netherlands (020-4222-000)
[apologies for the large Cc: list, not sure what to take out] According to Sam Bradford:
Although the amount of clients connecting with 1.0 may be very little in most cases, it does still happen. We have customers specifically state that they do not want to set up http 1.1 because at the end of the day, some people will not be able to view their (and/or their clients') web sites, which is fair enough. If they want to ensure that every person possible can access their site, I believe they should have that right.
There is one thing people are forgetting to mention. This isn't about HTTP/1.1. It is about the Host: header, which is indeed in the HTTP/1.1 standard but is _also_ an allowed extension to HTTP/1.0. In fact, all HTTP/1.0 compliant browsers less than say four or five years old send this Host: header even in HTTP/1.0 requests. Netscape 1.x and up do, MSIE 3.x and up do. Is there anyone still using Netscape 0.x or MSIE 2.x ? If so, chances are that they can't view 95% of all sites anyway because of HTML shortcomings .. Mike. -- First things first, but not necessarily in that order.
Although the amount of clients connecting with 1.0 may be very little in most cases, it does still happen. We have customers specifically state that they do not want to set up http 1.1 because at the end of the day, some people will not be able to view their (and/or their clients') web sites, which is fair enough.
I hope this doesn't mean they don't deply http 1.1-capable servers, but that they don't actually utilize the virtual hosting functionality based on the Host: header in http 1.1? Not doing 1.1 server-side would be extremely bad for the http 1.1 clients and the general health of the network. By the way, anyone want to take bets about when the next craze about "always on" network service becomes significantly widespread, and how that will affect IP address space consumption? ;-) (No, I'm not an IPv6 advocate, if that's what you're thinking, just putting this all in some larger perspective.) - Håvard
Hi, On Wed, Nov 17, 1999 at 10:51:14AM +0100, Nurani Nimpuno wrote:
We would like to hear your opinions on the issue of IP assignments for virtual webhosting. The current policy is rather old and in the meantime a lot of things have changed; most importantly the market for webhosting products, as well as the development of the HTTP protocol and related software.
We think that HTTP/1.1 name based virtual hosting should be strongly encouraged, but we do not want to have IP based virtual hosting to be "forbidden". For pure WWW/HTTP hosting, there is no need to use IP based virtual hosting, but for customers demanding special solutions, like https/SSL, anonymous FTP servers (they want their *own* anonymous FTP server, not something like /pub/<customer name>/..., being able to see all other customers' servers), RealAudio service, etc., IP based virtual hosting is necessary. kind regards, Gert Doering -- SpaceNet NetMaster -- SpaceNet GmbH Mail: netmaster@Space.Net Joseph-Dollinger-Bogen 14 Tel : +49-89-32356-0 80807 Muenchen Fax : +49-89-32356-299
Hi At 10:51 17-11-1999 +0100, Nurani Nimpuno wrote:
OUR SUGGESTION
The RIPE NCC has followed the deployment of HTTP 1.1 closely over the past year. According to recent surveys, a vast majority of clients now support HTTP 1.1 (namebased HTTP requests). It is our belief that the majority of webserver applications support namebased webhosting as well.
In recent years we have seen a boom in the registration of second-level domains. This has led to a great demand for webhosting services. Using one IP address per domain uses an enormous amount of IP addresses. With HTTP 1.1 this is no longer necessary. We therefore suggest to promote namebased webhosting and to change the current policy so that IP addresses can no longer be assigned for IP-based webhosting.
IMO prohibiting all use of public IP address for virtual webhosting solutions its going to be a step to far for now, since some of those addresses are used in SSL certificates. Maybe if we separate common V W hosting from Secure Web Hosting we can apply diferent policies. For example: Current Special verification Methods can be applyed for Secure Web Hosting address space and analised separatly, while the use of HTTP1.1 is promoted. Pedro Goncalves Telepac - Comunicações Interactivas
Hi,
OUR SUGGESTION
The RIPE NCC has followed the deployment of HTTP 1.1 closely over the past year. According to recent surveys, a vast majority of clients now support HTTP 1.1 (namebased HTTP requests). It is our belief that the majority of webserver applications support namebased webhosting as well.
In recent years we have seen a boom in the registration of second-level domains. This has led to a great demand for webhosting services. Using one IP address per domain uses an enormous amount of IP addresses. With HTTP 1.1 this is no longer necessary. We therefore suggest to promote namebased webhosting and to change the current policy so that IP addresses can no longer be assigned for IP-based webhosting.
Please provide us with any feedback or comments you might have.
We think this is the right way to do it (btw, we are currently engaged in switching to name-based hosting, and if this is to become the official way I strongly advise a long transition period for existing servers). But an official RIPE-policy should mention the exceptions, like SSL (as long as there is no common way to do this on a named basis -- at least apache can not do it (at least, not yet)). It should be obvious that only virtual _web_-hosting is what the policy is for, and that anon ftp, real audio etc. are not what is handled by this (better to state this explicitly so noone gets a wrong impression). Of course, all these other hosting activities are in the same basket of "virtual ip based hosting only as long as name-based hosting is not technically widespread". As long as other protocols are provided on a host which is also providing the virtual web host for a domain there is no reason for not using ip-based virtual webhosting because the addresses are used up by these other protocols anyway. But the reason for IP-based hosting in these cases is clearly in the other protocols, so this should not be an issue. The "political", i.e. customer-based reasons for IPbwh are harder to handle. With a RIPE policy in place some of the reasons will no longer be an issue because we all can point at the policy ("this is how it is done, and everyone has to do it this way, so there"). I would count 'Missing DNS reverse lookup' to these. Of the remaining reasons I think we need a list to battle on so that in the end we all have the same opinions about what is a reason and what is not. If we reach consensus that there is no reason at all: even better. Regards, Juergen Kammer -- Juergen Kammer Hostmaster SaarNet InfoServe GmbH / eurodata GmbH & Co. KG Tel. +49 681 8808761 Grossblitterdorfer Str. 257-259 Fax: +49 681 8808300 D-66119 Saarbruecken Email: kammer@infoS.de,j.kammer@eurodata.de
participants (17)
-
Amar -
Carsten Schiefner -
Christian Kratzer -
Clive D.W. Feather -
Cor Bosman -
Eric -
Gert Doering, Netmaster -
Gyan Mathur -
Havard.Eidnes@runit.sintef.no -
Juergen Kammer -
Lars Marowsky-Bree -
Miquel van Smoorenburg -
Nick Hilliard -
Niels Bakker -
Nurani Nimpuno -
Pedro Gonçalves -
Sam Bradford