Slashdot Mirror

← Back to Stories (view on slashdot.org)

ARIN: No More IP's For IP-Based Virtual Hosts

Posted by ryuzaki0 on from the I-will-call-mine-eclaire dept.

Mike writes: "ARIN (the guys who hand out IP addresses) has a policy change where they will no longer allocate IP addresses for IP-based virtual hosting. They are expecting everyone to move to name-based hosting now. ARIN is solicting comments to their public policy mailing list: ppml@arin.net. What do you guys think? Is name based virtual hosting ready for prime time?"

8 of 249 comments (clear)

  1. host header is fine.. unless.... by posilipo · · Score: 4
    APNIC (Asia Pacific NIC) has had a "move to host header" policy for awhile now, and when we ask for more addresses (we presently have a request for a large block in with them), they want to see your network address plan, and they want to see how many host header boxes versus how many IP'd webservers you have.

    Host header, as dirty a word as it is, seems to work fine (we use Micro$oft IIS, ugh) - oh. there's one sticking point. You cant use bundle per-virtual-server anonymous FTP access on the domain name to clients. This minor problem aside, I think it's a good thing. The number of borign web sites we have wasting IP addresses haunts me every time I open that address database...

  2. IPv4 is the reason for this, I'll wager by Matt+Ownby · · Score: 4

    they wouldn't have any problem with ip-based virtual hosting if there were more IPs than people know what to do with floating around.
    I predict IPv6 sees a return to ip-based virtual hosting.

    Name based hosting isn't a bad idea though, since most people use a browser that supports it nowadays.

  3. Re:what does this mean? by posilipo · · Score: 4

    http://www.stu d.ifi.uio.no/~lmariusg/download/artikler/HTTP_tut. html read that, it explains the HTTP protocol. Basically, host header webservers host multiple sites (different domain names, e.g. "http://www.example.com" and "http://www.fred.com") on the same IP address. They distinguish between which site to send to the client based on the HTTP request itself, rather than purely the DNS lookup.

  4. Yes and no. by Skorpion · · Score: 5
    For normal (http) virtual web sites, hostname based virtuality is OK. But it isn't OK for https (SSL secured) web servers. A web server certificate is issued for name and IP and you can't have two of those on one IP.

    I think moving to name-based virtual servers is a good idea in general, but the https problem needs to be resolved first.

    Alex

  5. No, because of SSL by kinkie · · Score: 5

    Secure sites can't move to name-based virtual hosting, as site and key selection takes place before a single HTTP header line is sent.
    In other words, a secure site requires an unique IP address.
    So as a general policy it's pretty dumb, unless exceptions are made for secure sites, and from the announcement it doesn't seem so.

    --
    /kinkie
  6. Re:Does this work with old clients? by Ed+Random · · Score: 5

    In the HTTP/1.0 spec, sending a "Host:" header with your GET request was optional. In HTTP/1.1, it became mandatory.

    This means that all requests from your browser to websites will look something like this:

    GET /index.html HTTP/1.1
    Host: mydomain.dom
    <nl>

    This is kind of similar to using a proxy; you need to tell your browser to use a proxy. The browser will then send 'absolute URLs' instead of 'relative URLs' as in my example above. That way, the proxy knows which server you are really trying to reach.

    I think that name-based virtual hosting is a great thing (I run 3 domains off my single IP).

    Unfortunately, I can only run 1 SSL-capable secure website on that same IP address since the SSL handshake needs to complete before the request is interpreted at the HTTP level.

    And I have another issue: I want to run a "reverse proxy" (multiple physical webservers, possibly running different OS's) with name-based virtual hosting. I haven't found a way of doing that [with Apache] yet.

    --
    Greetings,
    Ed.

    --
    -- Gxis! Ed.
  7. this problem has already been solved. by Karmageddon · · Score: 4
    man, everybody's jawing away in here: a lot of good info, reasonable suggestions, and stuff I didn't know.

    But this problem has already been solved: private property and free markets. Just auction IP addresses through a central exchange, all IP addresses, including the sacrosanct class As. You want an IP, or a block of IPs, you pay for them. How much? Who knows, who cares, we'll find out when they go up for sale.

    Some regulations are required: don't allow monopolies or cartels; declare IPs fungible to allow central administrators to reallocate or consolidate blocks for routing purposes.

    Problem solved.

  8. Re:37% of browsers use HTTP/1.1, the rest use 1.0 by tshak · · Score: 4

    We run thousands of sites off of one IP and tested Netscape 2.0 (1% of our users) and have had no problems. SSL is no problem because we setup a central secure site for everyone. For example: https://secure.[hostingcompany].com/[customer] Now you've just used 2 IPs to run your entire web service. Then you've got your PIX, your 3600's, mail servers etc. and you don't even need a full class C!

    --

    There is no longer anything that can be done with computers that is nontrivial and clearly legal. -- Paul Phillips