guideline for name-based web hosting justification

[Haralds Jass]

Yes, agreed completely. That is why as I pointed out, we do have a 
ratio of roughly 8:1 for name-based:IP-based virtual hosting.
It could and would be more, IF features such as SSL, virtual FTP, 
etc. worked on a name (header) as opposed to IP basis.
When (I really do think when, not if) further improvements to the 
various protocols based on TCP/IP are made, then IPs can be used even 
less for such virtual applications.

I think it's important to keep in mind that while there are a lot of 
hosting companies out there "wasting" IPs (it's a matter of prestige 
having more IPs than the next guy - "mine [IP allocation] is 
bigger than yours," and many will use IPs where there is no clear 
need for them), there are also many who are conserving IPs as much as 
they can. This is why a clearly defined policy on this would go a 
long way - outling what typical uses of IPs are justified *for now*  
(until improvements to protocols are made), where there is no other 
way, and simultaneously pushing for conservation of IPs by not 
allowing arbitrary usage of "an IP per site," as so many hosting 
companies do, just to appear bigger. This is very, very common in 
industry. Some even use "one IP for web site, one for SMTP for the 
site, another for POP for it, etc." - trying to use as many IPs as 
possible. Now this has to stop!! ARIN should focus first on 
eliminating arbitrary use of IPs for virtual hosting where not 
needed. Then as a second step, why doesn't ARIN form some lobbying 
part of it that pushes the powers that be (software developers et al) 
to implement name-based recognition features in SSL, FTP, etc.?

Otherwise, now saying that IPs can't be used for virtual hosting at 
all is equivalant to saying that real IPs can't be used for dial-up 
(dynamically) at all, except that there is no NAT - no alternative of 
any sort. ARIN would never do that for dial-up, even though there is 
NAT. Yet to web hosting it's not only saying not to use IPs, it's 
doing so despite there being no alternatives to using IP for many 
common applications. This just makes no sense and it does seem like 
ARIN is heavily biased towards dial-up providers and against web 
hosts...or, more likely, it's just the lack of understanding I was 
referring to earlier.

Solution? Just a few steps
Step 1: write up clear, educated, guidelines based on feedback from 
  web hosts 
Step 2: [work towards] eliminat[ing] the truly arbitrary usage 
  present now - an important part of that is providing guidelines for 
  web hosts to follow in allocating IPs to their resellers, as those 
  are the people with "mine is bigger than yours" complex and inisist 
  on sitting lots of IPs they don't use, or use for an arbitrary 
  purpose at best
Step 3 (the holy grail): push for protocol improvements to aid 
  further IP conservation
Step 4: essentially no IPs for virtual hosting allowed

ARIN has went straigh to Step 4, yet there is no foundation for it 
that Steps 1 - 3 need to provide for it to work.


On 14 Sep 00 at 14:08, Mark Borchers wrote:

> Your post is certainly well-reasoned and well-written.  I would just
> like to make one comment.  That is, that the lack of knowledge cuts
> both ways in this issue.  
> 
> I think the web-hosting folks are asking that we perpetuate
> what is essentially a networking hack in order to maintain
> the status quo in the virtual hosting world.  IP addresses
> are fundamentally an entity for routing traffic to and
> from a network device.  To require a single device to be
> provisioned with an (IMHO) extravagant number of addresses
> from this finite pool is hard to swallow for a network
> engineer, when it would seem like other means would serve.
> 
> On 14 Sep 00, at 11:11, Haralds Jass wrote:
> 
> > I have been following this thread quite closely and I'd like to throw
> > in my comments, first arising from this thread specifically, and
> > secondly about the bigger issue at stake here.
> > 
> > It's been no surprise that those who don't really know web hosting
> > agree with the policy completely and talk of trivial solutions to real
> > problems and issues. Of course, it's always easier to talk than to
> > actually do something (and isn't it those who talk and can't do that
> > come up with hopelessly vague policies in the first place?). There
> > have been a number of valid issues brought up to show the many needs
> > for which there is no practical alternative to using unique IPs for
> > virtual sites. I feel that this side has been discussed fairly and
> > there have been no unbased needs put forth.
> > 
> > Now then, going to the specifics, there's a number of things
> > fundamentally wrong with the policy. It seems to be arising from the
> > fact that no one at ARIN really knows web hosting. Before this policy
> > was in effect, ARIN effectively had no notion of the existence of such
> > a thing as web hosting. At least, that's the impression I got, as
> > every person at ARIN would come up with totally different,
> > inconsistent, requirements for address usage proof to allocate IPs -
> > the rules were trivially made up on the spot. I know it's not just me,
> > as even before the policy was created, I was asked by the organizers
> > of the Web Host Expo (I'm on its board of advisors), regarding this
> > issue and I was told that most other hosting companies feel the same
> > way - that ARIN *should* develop some sort of clear policy for this,
> > effectively "recognizing" web hosting as a valid need of IPs. Well,
> > ARIN did indeed come up with a policy, however, one that shows total
> > lack of understanding of what web hosting is and what IPs are needed
> > for.
> > 
> > Now, I'm a firm believer in effective IP address usage on a per-need
> > basis, only. We have always, since we started back in the summer of
> > 1996, required our dedicated service customers to provide full
> > justification for IPs, including why can't what they need to do be
> > done using name based hosting instead, and closely following up on IP
> > usage and revoking allocated IPs where they are not used, or used with
> > no true justification. Also, we were one of the first (to the best of
> > my knowledge, the first) IPPs to provide full service name-based
> > hosting, compatible with *all* browsers (yes, HTTP/1.0 too). That was
> > back in late 1996 or early 1997 if I recall correctly. Now most of our
> > virtual hosting, as well as that of our hosting company customers, is
> > done using name-based sites. The split is about 8:1 -eight name based
> > virtual sites for every one IP-based one.
> > 
> > The thing to keep in mind here is that HTTP/1.0 browsers can still get
> > to name based sites no problem. All it takes is a simple shell script
> > that'll grab the HTTP_REFERRER and based on that (simple if...then)
> > redirect customer to the proper URL (say: namesite.com/namesite/) that
> > has been setup as a link specifically for the old browsers. (Funny how
> > ARIN's "instructions for using name-based virtual hosting" are utterly
> > useless and only provide links to some generic URLs giving no
> > solutions to the real problems, such as backward browser
> > compatibility, among many others.) So this is one issue that should be
> > of no concern, basic site functionality in stone-age browsers. (99.8%+
> > of web traffic now is fully name-based compliant anyhow from our
> > observations)
> > 
> > Before I outline the practical situations where name based hosting is
> > the best and is justified, let me first list clearly all the
> > limitations of it - all the reasons why IP based hosting is required
> > for some sites (why our name:IP ratio is 8:1 and not 80:1).
> > 
> > - SSL
> > 
> > - virtual FTP
> > 
> > - virtual POP
> > 
> > - a number of issues for large/complex sites, such as database
> > connectivity, proprietary application implementation, clustering,
> > accounting for bandwidth and not traffic, QoS, etc.
> > 
> > Now, these are service-related issues. There are other usability
> > related issues which are present for all name-based sites:
> > 
> > - search engine indexing - a real problem for some spiders, still, to
> > index name-based sites (way to overcome it: use
> > http://www.namesite.com/namesite/ URL, where the /namesite/ is a
> > symlink to the actual site public_html and works via HTTP/1.0. Of
> > course, not a favoured solution in customers' eyes as the URL doesn't
> > look as "respectable," but, it works.)
> > 
> > - IP blocking - a valid issue which there is no way to overcome (for
> > sure, no one can do any porn site hosting on a name-based basis, as if
> > one IP is blocked from spamming search engines, or from AOL, then all
> > customers are in trouble; solution: hosting 'controversial' and
> > 'high-risk' sites must be an exception until blocking mechanisms at
> > the powers that be are setup using names and not IPs, specifically for
> > HTTP and not all-out per IP)
> > 
> > Also, Virtual DNS (to the best of my knowledge we were the first
> > company offering this service back in late 1996). A separate issue,
> > but one to kept in mind - a very valid use of IPs, as every nameserver
> > must have a unique IP, so if a customer has ns1 & ns2.theirdomain.com
> > setup on the nameserver, two unique IPs must be used. 
> > 
> > All in all, this creates quite a few exceptions to the ARIN rules. A
> > lot of protocols used to provide services other than plain web hosting
> > are solely based on IPs, with no possible way - for now - to go on to
> > name-based basis instead. Knowing the web hosting industry by being an
> > active and innovative (we like to think so) part of it for the last 5
> > years, I am sure that there are going to be more exceptions - many,
> > many more - than compliance to the rules. ARIN needs to do its
> > homework and come up with rules that actually take into account the
> > needs of the web hosting industry, clearly outlined, and define what
> > it means by "web hosting," too. The way the policy stand now, it's not
> > any better than before when there were no rules, it'll just make it
> > even harder to get IPs for perfectly legitimate uses (such as
> > SSL-based sites, as we have already seen in this thread - ARIN
> > refusing IPs despite the very valid e'xceptionary' justification being
> > that sites are using SSL).
> > 
> > I don't think it's that complicated and hard to come up with a more
> > workable and clearly defined policy. Some key points to consider, what
> > I would put in there --
> > 
> > - Essentially, a simple "use name-based hosting unless IP-based
> > hosting is required" policy. Some hosting companies, such as us, have
> > been following that on their own initiative. Others will need to
> > change. No other choice here, though. Better sooner than later, it may
> > be painful, but it'll hurt less now than later (a policy on web
> > hosting IP allocation is some 3-4 years overdue already, where were
> > the ARIN policy makers for the last few years?).
> > 
> > - More specifically, define and differentiate "mid to high-range
> > hosting" and "low-end" hosting, whereby low-end is small, simple web
> > sites with no SSL, virtual FTP, or any custom applications, nor need
> > for real-time bandwidth measuring, QoS, and other high end services.
> > Require (or request) all mass-market web hosts to offer such a low-end
> > solution, so that users who do not need IPs are not automatically
> > given hosting that is IP-based (i.e. a offering an IP and services a
> > customer doesn't need 'forcibly' by there being no alternative does
> > not create grounds for exception). Allow web hosts to use "mid" or
> > "high-range" hosting services as justification for IPs, and perhaps
> > request to elaborate on that (specific features that need IPs). There
> > are simply much too many needs for IPs where there is NO clear
> > alternative, so unless ARIN can tell us how to use SSL, or virtual
> > FTP, or virtual POP, or create a unique nameserver (VDNS), or use one
> > of the many other many IP-dependant services on a name-based site,
> > those are all exceptions. 
> > 
> > - The exceptions are so many, that the basic principles of those
> > should be clearly defined and the process made less cumbersome by
> > allowing IPs for mid to high-end sites that need them for proper
> > functionality. Also, keep in mind the black-listing of IPs. To that
> > issue there is no solution, but, that alone can not be enough grounds
> > for using a unique IP for every site. However, ARIN could take the
> > high ground on this and try to request the vendors of the relevant
> > software to implement name-based HTTP-only blocking (of course, not as
> > easy as it sounds, but than sooner the effort starts, than better).
> > 
> > - Also, why not write up and publish a checklist that web hosts must
> > follow when allocating IPs to their dedicated clients, going by which
> > they can determine whether the IP request is justified, or not. I've
> > seen some companies get confused and say that all their customer IP
> > requests must be approved by ARIN; obviously ARIN wants to avoid that,
> > so why not write up IP allocation guidelines and a checklist for web
> > hosts offering dedicated service? 
> > 
> > I think that about sums it up. It's clear that ARIN didn't do its
> > homework, by creating this vague, unclear, policy. It is indeed very
> > much needed to push web hosts to use IPs effectively; however, a
> > policy can not be formed without first understanding the underlying
> > issues. Hopefully ARIN will listen to the many valid comments and
> > suggestions submitted in this thread and act accordingly in improving
> > this policy. By taking some time to develop reasonable, logical,
> > policies on web host IP allocation, ARIN could save itself, and the
> > hosting companies, a lot of headaches and wasted time.
> > 
> > As a final remark, it is also interesting how there have been very
> > few, virtually no, hosting companies participating in this discussion.
> > The general industry attitude I've seen on this is that there will be
> > always a way to get around the new rules, due to the wide open
> > exceptions allowance (or, even more so, just the same old tactics -
> > corresponding with ARIN until it gets sick and tired of you and gives
> > you the IPs you need, still not understanding what and how they are
> > used for). It would do everyone much good if the rules were more
> > clear, as then they could be also more firm. The new policy has not
> > hit the hosting industry nearly as strongly as it should have. Perhaps
> > because it is laughably vague and illogical, effectively changing
> > nothing. At least, that was my reaction when I first read it. Most
> > seem to think they can continue doing what they do, as opposed to
> > improving their IP usage efficiency, and just ride on ARIN's lack of
> > understanding of hosting. A clear policy with differentiated hosting
> > levels and IP justification criteria defined would change that.
> > 
> > I hope that someone at ARIN is listening...
> > 
> > 
> > --
> > Haralds Jass <HJass at SUPERB.NET>
> > Superb Internet - "Ahead of the Rest."
> > http://www.superb.net
> > 
> > "I am easily satisfied by the very best"
> > - Winston Churchill
> 


--
Haralds Jass <HJass at SUPERB.NET>
Superb Internet - "Ahead of the Rest."
http://www.superb.net

"I am easily satisfied by the very best"
- Winston Churchill