North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: ARIN Policy on IP-based Web Hosting

  • From: Deepak Jain
  • Date: Thu Aug 31 16:10:07 2000

This is not meant at anyone personally, its just something I noticed. 

When we are deciding that IP savings, etc are worth it, why not make all
Cable/DSL/Dialup providers use NAT to map access logins to a small pool of
IPs too? The software to do that transparently is already available for a
very high percentage of applications. Heck, even upstreams could then NAT
their downstreams' pools of IPs. We could run the whole internet off a
single class C again.

This would of course be an inconvenience to some networks that use a lot
of applications that haven't been updated, but we're sure the savings are
worth the pain too. 


I guess the point/concern I have is that the largest providers can now
pick up /13s because they use that many IPs in 3 months, but if you
subtract out the number of truly unique IPs even the largest network would
absolutely need, applying all available technology, the number might be as
low as a few hundred unique IPs.

Deepak Jain

On Thu, 31 Aug 2000, Alec H. Peterson wrote:

> "John A. Tamplin" wrote:
> > 
> > Well, if the policy is that you have to use name-based hosting everywhere
> > feasible and do something different for those customers that need
> > something different, that can be quite a hardship on existing setups.
> > For example, re-engineering all the tools to create and maintain vdom
> > services, changing existing customer setups, etc.  It is certainly easier
> > to treat all hosting customers alike, rather than have completely
> > separate setups and then have to change a customer from one to the other
> > when they add or delete services (including downtime).
> That was also brought up at the meeting, however it was generally agreed
> that the address savings were worth the work.
> > 
> > Another issue nobody has mentioned is security between virtual servers.
> > Under name-based hosting, they all run as the same user-id and thus to get
> > the same security you have with separate IP-based servers you have to put
> > all the access conrol checks in all the tools that can be used.  This can be
> > hard if not impossible to do when you allow full shell access to the files
> > used by the server.
> Not if you chroot() the user into their file space.  That may not be ideal,
> but there are ways to deal with it.
> Alec
> -- 
> Alec H. Peterson - [email protected]
> Staff Scientist
> CenterGate Research Group -
> "Technology so advanced, even _we_ don't understand it!"