nanog mailing list archives
RE: ARIN Policy on IP-based Web Hosting
From: Karyn Ulriksen <kulriksen () publichost com>
Date: Thu, 31 Aug 2000 13:14:17 -0700
I second that. I believe that some are already doing it, but maybe more could... probably easier than some of the IP based virtual services could be modified. Karyn
-----Original Message----- From: Deepak Jain [mailto:deepak () ai net] Sent: Thursday, August 31, 2000 12:59 PM To: Alec H. Peterson Cc: John A. Tamplin; nanog () merit edu Subject: Re: ARIN Policy on IP-based Web Hosting This is not meant at anyone personally, its just something I noticed. When we are deciding that IP savings, etc are worth it, why not make all Cable/DSL/Dialup providers use NAT to map access logins to a small pool of IPs too? The software to do that transparently is already available for a very high percentage of applications. Heck, even upstreams could then NAT their downstreams' pools of IPs. We could run the whole internet off a single class C again. This would of course be an inconvenience to some networks that use a lot of applications that haven't been updated, but we're sure the savings are worth the pain too. --- I guess the point/concern I have is that the largest providers can now pick up /13s because they use that many IPs in 3 months, but if you subtract out the number of truly unique IPs even the largest network would absolutely need, applying all available technology, the number might be as low as a few hundred unique IPs. Deepak Jain AiNET On Thu, 31 Aug 2000, Alec H. Peterson wrote:"John A. Tamplin" wrote:Well, if the policy is that you have to use name-basedhosting everywherefeasible and do something different for those customers that need something different, that can be quite a hardship onexisting setups.For example, re-engineering all the tools to create andmaintain vdomservices, changing existing customer setups, etc. It iscertainly easierto treat all hosting customers alike, rather than have completely separate setups and then have to change a customer fromone to the otherwhen they add or delete services (including downtime).That was also brought up at the meeting, however it wasgenerally agreedthat the address savings were worth the work.Another issue nobody has mentioned is security betweenvirtual servers.Under name-based hosting, they all run as the sameuser-id and thus to getthe same security you have with separate IP-based serversyou have to putall the access conrol checks in all the tools that can beused. This can behard if not impossible to do when you allow full shellaccess to the filesused by the server.Not if you chroot() the user into their file space. Thatmay not be ideal,but there are ways to deal with it. Alec -- Alec H. Peterson - ahp () hilander com Staff Scientist CenterGate Research Group - http://www.centergate.com "Technology so advanced, even _we_ don't understand it!"
Current thread:
- Re: ARIN Policy on IP-based Web Hosting, (continued)
- Re: ARIN Policy on IP-based Web Hosting Daniel Senie (Aug 31)
- Re: ARIN Policy on IP-based Web Hosting dan (Aug 31)
- Message not available
- Re: ARIN Policy on IP-based Web Hosting J. Scott Marcus (Aug 31)
- RE: ARIN Policy on IP-based Web Hosting Christian Kuhtz (Aug 31)
- Re: What's a file extension? Jeff Wheat (Aug 31)
- Re: ARIN Policy on IP-based Web Hosting Patrick Evans (Aug 31)