nanog mailing list archives
Re: Rate of growth on IPv6 not fast enough?
From: Florian Weimer <fw () deneb enyo de>
Date: Mon, 19 Apr 2010 12:54:24 +0200
* Patrick W. Gilmore:
Reality is that as soon as SSL web servers and SSL-capable web browsers have support for name-based virtual hosts, the number of IPv4 addresses required will drop. Right now, you need 1 IP address for 1 SSL site; SNI spec of SSL gets rid of that.Agreed. When do you expect Windows XP & earlier versions to be a small enough segment of the userbase that businesses will consider DoS'ing those customers? My guess is when the cost of additional v4 addresses is higher than the profit generated by those customers. Put another way: Not until it is too late.
I'm not so sure. Name-based virtual hosting for plain HTTP was introduced when Windows NT 4.0 was still in wide use. It originally came with Internet Explorer 2.0, which did not send the Host: header in HTTP requests. Anyway, I think the TLS thing is a bit of a red herring. It might be a popular justification for IP space at the formal level, but real-world requirements are a bit more nuanced. FTP and SSH/SFTP do not support name-based virtual hosting, so if you're a web hoster and structured things around "one IPv4 address per customer", then there might be another obstacle to collapsing everything on a single IPv4 address. It's also difficult to attribute DoS attackers at sub-HTTP layers to a customer if everything is on a single IPv4 address, making mitigation a bit harder.
Current thread:
- Rate of growth on IPv6 not fast enough? Franck Martin (Apr 18)
- Re: Rate of growth on IPv6 not fast enough? Randy Bush (Apr 18)
- Re: Rate of growth on IPv6 not fast enough? Franck Martin (Apr 18)
- Re: Rate of growth on IPv6 not fast enough? William Herrin (Apr 18)
- Re: Rate of growth on IPv6 not fast enough? Florian Weimer (Apr 19)
- Re: Rate of growth on IPv6 not fast enough? Randy Bush (Apr 18)
- Re: Rate of growth on IPv6 not fast enough? Patrick Giagnocavo (Apr 18)
- Re: Rate of growth on IPv6 not fast enough? Patrick W. Gilmore (Apr 18)
- Re: Rate of growth on IPv6 not fast enough? Florian Weimer (Apr 19)
- Re: Rate of growth on IPv6 not fast enough? Patrick W. Gilmore (Apr 19)
- Re: Rate of growth on IPv6 not fast enough? Florian Weimer (Apr 19)
- Re: Rate of growth on IPv6 not fast enough? Owen DeLong (Apr 19)
- Re: Rate of growth on IPv6 not fast enough? Patrick Giagnocavo (Apr 19)
- Re: Rate of growth on IPv6 not fast enough? Patrick W. Gilmore (Apr 19)
- Re: Rate of growth on IPv6 not fast enough? Owen DeLong (Apr 19)
- Re: Rate of growth on IPv6 not fast enough? Robert Brockway (Apr 19)
- Re: Rate of growth on IPv6 not fast enough? Franck Martin (Apr 18)
- Re: Rate of growth on IPv6 not fast enough? Dave Pooser (Apr 19)
- Re: Rate of growth on IPv6 not fast enough? Nick Hilliard (Apr 19)
- Re: Rate of growth on IPv6 not fast enough? Patrick Giagnocavo (Apr 19)
- Re: Rate of growth on IPv6 not fast enough? Randy Bush (Apr 18)