[arin-ppml] /20 initial allocation for single-homed server?

[Michael Loftis]

--On Monday, May 24, 2010 6:27 PM -0500 James Hess <mysidia at gmail.com> 
wrote:

> On Mon, May 24, 2010 at 3:29 PM, Ted Mittelstaedt <tedm at ipinc.net> wrote:
>>
> [snip]
>
> Well,   I would suggest then that  technical justifications have some
> artificial restrictions imposed,  above and beyond policy, so that...
>
> (1)  Additional IP addresses 'needed' solely to evade IP-based blocks,
> blacklists, or rate limits     should be rejected
> and
> (2) Additional IP addresses to be used to  reduce  per-IP
> transaction request  rates,  average, or load-balance requests  among
> a large number of IP addresses    should also be rejected
>
> Both should be considered unacceptable  technical justifications.

No, no, and a million times no.  Policy like that completely disallows 
things like Google, Yahoo, Hotmail, hell even *IBM* from having a web site.

>
> And  each IP  address  must be used by some distinct resource  or
> customer, that cannot be a resource shared with the other IPs.
>
> (In other words, the IP address has to actually identify something unique)
>
> Resource being...  separate physical device, DNS second level domain
> name,  or some other thing  that  cannot be  expanded  infinitely,
> based on the applicant's  arbitrary wishes.

I can generate five million DNS records, with PTRs, right now, easily.  So 
that breaks your assumption there.

Having to have a separate physical device is also ridiculous in the age of 
virtualized machines.  There's also the HUGE problem of SSL still not quite 
supporting host/names based certificate selection.  It'll be some time 
before that's a reality for the majority.

Having a couple hundred virtualized machines tied to specific customers on 
a single machine is extremely common.