Discussion:
guideline for name-based web hosting justification
(too old to reply)
Alec H. Peterson
2000-09-12 02:29:11 UTC
Permalink
Yikes!
Have you ever tried to parse up to 1000 log files per system, with some of
them around 500MB in size. It's not nearly as easy as it sounds.
It is if you change how you write and parse your logs.
For some people it's feasable, but for most of us we *need* IP based
accounting.
By the way, we are setup to do a large number of URL's pointed at a single
IP for some hosting applications, but for the majority of our sites, it is
not an option.
Can't say that I have tried it. However at the same time I can think of
quite a few ways to make the task far easier and faster. For example, don't
do all of the parsing at once at the end of the day; modify the server to
keep a running tally of a customer's usage and have it write that alone to a
file on the disk every time it changes. Far more efficient.

That's just off the top of my head, and probably not a really efficient way
to do it. My point is that the Internet is made up of a lot of smart people
who are more than capable of solving these issues if they feel like it.
Whining about how today's methods of accounting won't work with tomorrow's
methods of virtual hosting is a lot like complaining about how yesterday's
chalk writes really poorly on today's white boards. If you don't want to be
left behind you have to keep on evolving.

After all, where would we be today if dial-up providers decided that it was
too much work to use dynamically allocated IP addresses and kept on giving
each user their own IP address?

However, name-based virtual hosts aren't exactly a new thing. Many large
web hosters have been using name-based virtual hosts for a while now, so
would any of those companies mind sharing a little wisdom on how this can be
done?

Thanks,

Alec
--
Alec H. Peterson - ***@hilander.com
Staff Scientist
CenterGate Research Group - http://www.centergate.com
"Technology so advanced, even _we_ don't understand it!"
Alec H. Peterson
2000-09-12 14:50:05 UTC
Permalink
I also find it interesting that in your presentation to the 11th NANOG
meeting that you did with Avi Freedman (Isn't he working for Digital
Island now? Or one of the other distributed content providers) you are
supporting a technology that not only assigns an IP address to a web site
but assigns multiple IP addresses to a single site. Perhaps I didn't
decipher your presentation correctly, but it sure seems like you are
supporting performance/service level issues above and beyond IP
conservation. Ah, I hear it coming, that each distributed node can handle
multiple distributed sites off of a single IP. Very true. Do you know
what the ratio of managed sites to in-service systems is? How many
locations is Akamai in? I really don't know what the IP "waste" ratio is.
But the point is you are supporting performance at the expense of IP
addresses however large or small that may be.
I hardly see what a single presentation I did with Avi several years ago has
to do with the issue at hand. As it happens, I can count on one hand the
number of conversations I've had with Avi this year.
In addition, you even argue against yourself. You say, "For example,
don't do all of the parsing at once at the end of the day; modify the
server to keep a running tally of a customer's usage and have it write
that alone to a file on the disk every time it changes. Far more
efficient. That's just off the top of my head, and probably not a really
efficient way to do it."
What?! How can it be *far more efficient* and then in the next line it's
*not a really efficient*" Can you see why I'm not very thrilled with your
off the cuff and seemingly inexperienced comments?
I stand by what I said. There is 'far more efficient' which is (sometimes)
quite different from 'optimally efficient'.

The fact that I may not have experience with specifically parsing WWW log
files by no means implies that I have no experience doing that sort of thing
in other applications. See, standard WWW transfer logs have tons of data in
them that does not relate to calculating bandwidth utilization. That extra
data all has to be looked at before the bandwidth numbers can even be
retrieved. Let's look at a line of a standard Apache transfer log:

128.220.221.16 - - [05/Mar/1998:18:20:32 -0500] "GET / HTTP/1.0" 200 1195

Now depending on how you count there are 6 fields on that one line of log
file, and the number of bytes transfered number is the very last field. So
that means that one way or another you need to look at each of the fields in
the file and check if it's the right one before you can even get the
appropriate data. I have to agree that parsing that logfile for bandwidth
utilization is a major pain.

But what if we changed the log file format to just look like this:

128.220.221.16 1195

Or perhaps an even better way would be to write over the same line in the
file again and again every time, so your utilization program just has to
look at the file once to see how much has been used. Granted you can't just
use Apache's mod_log_config for that, but it isn't a lot more work than
that.

My second statement about it not being a 'really efficient way to do it'
meant to say that the 30 seconds I spent thinking of how to make the parsing
process more efficient was probably not sufficient to come up with the
optimal solution. Perhaps I should have said 'probably not optimally
efficient' instead. Sorry about that.
By making light of some real issues that were brought up it sure seems
like your statements are hypocritical. Now like I said, I'm not the
smartest guy out here, so if I've badly misrepresented things I apologize
in advance.
I didn't mean to say it was no big deal. Making the changes I proposed
would certainly take some work. However, contrary to what some other people
said, the problem is not insoluble.

My point was that I can't stand excuses for doing 'the right thing',
especially when people insist on working against an organization that is
only trying to help. ARIN is not making these policy changes to make
everybodys' lives more difficult. ARIN is making the changes because it has
a responsibility to stretch IP space in its region of the world as far as
possible.

Also, as I tried to say before people on the 'net have come up with some
truly brilliant ways to deal with the issues that face us when they need
to. I really think it would be a far better use of our time here if we all
put our heads together to try and figure out a feasible way for everybody to
use name-based virutal hosts in as many applications as possible than
arguing about how hard it is. Then, if we as a group find that it is truly
not possible then we can state that (from experience, as opposed to just
from theoretical conjecture) at the next ARIN meeting and recommend an
appropriate policy change.
Bottom line, for every one out there saying it's no big deal to do single
IP virtual hosting I would like to see a solution that does not sacrifice
reliability, accountability, quality of service, and functionality. I
hate it when people (even smart people) start voicing opinions on things
they don't understand.
You may think that just because I don't run a web hosting outfit today I
don't understand the issues, and you're welcome to think that. It is true
that I don't know how every single web hosting outfit out there accounts for
usage, but I daresay you probably don't know that either. You know how you
do things, and that's all you need to know. This is the exact reason why I
or you alone are not responsible for creating ARIN policies. It is done by
member participation in ARIN. And the general idea is that ARIN and its
members benefit from having a hand in shaping what happens to IP allocation
policy.

Speaking to your request for a solution to your accounting woes, I really
don't think you want that from ARIN. See, if that happens then people will
start screaming about how ARIN dictates the way people must do business,
which gets into another rat-hole that we really don't want to go down.
There are many ways to skin this cat.

So I will say again, instead of arguing with me about how easy or not easy
this problem is to deal with, why don't we try actually solving the issues?
And if they are not solvable then we will know we have tried our best and we
can report those findings at the next ARIN meeting in an effort to get the
recently adopted policy changed.

And FYI, demanding a solution to your specific problem without providing any
suggestions of your own is not the best way to engage help from others.
I'm also not stubborn. I'm not running things the way I do because it's
my way, but because they work, they are scalable, they are functionable,
and we have zero down time. I've tried Microsoft IIS. It doesn't work.
Well doh, of course it works, but not for a company that demands uptime
and security and a fast and simple database. I have to reboot co-located
IIS machines all the time. My BSDI/Apache/MySQL/Perl/PHP/Raven boxes have
had zero downtime in the last 3 years. That is not an invitation to hack
or DOS my network. But thanks for thinking about me.
Not a bad setup. I don't really see what I said before would not apply to
this setup.
And like I said before, when appropriate we have assigned multiple sites
to a single IP. We actually do it by sending all requests into a CGI
script that grabs the HTTP_HOST env variable and creates the customized
web site on the fly with MySQL. So yes, we are trying to conserve IP
addresses, we are not greedy, whiny bastards trying to screw the Internet
up for everyone else.
Nobody ever said you were, and I truly resent having words put into my
mouth. Please refrain from doing so in the future.

If you recall, I was addressing a specific post where a person was demanding
specific solutions to every problem that this policy change would be
causing. I, for one, don't respond well to demands for help. And as I also
said, other people have solved these problems, and even think that the
policy was a pretty good idea. In fact some of them operate some of the
largest web farms in the world. So regardless of how little or much I may
know about web hosting, there are people out there who know far more than
both of us about it who have managed to make things work.
Cool! Now we all know how to do name based hosting... er, wait... what
about all those HTTP/1.0 browsers!? You don't think they exist any
more? Check this out. In fairness I sampled all my virtual hosts off of
one server from a selective time period. All my logs files are in the
webserver3: {17} % grep 'HTTP/1.1' www.*.com | wc -l
400441
webserver3: {18} % grep 'HTTP/1.0' www.*.com | wc -l
375412
48.4% of the browsers out there that accessed my customers' sites used
HTTP/1.0. For the uninitiated the 1.0 version of the HTTP protocol does
NOT support name based hosting.
That's the first number I've seen on the subject that is greater that 2%,
and I will confess it does concern me a great deal.

Does anybody else have any numbers they'd like to share?
Can I tell all my customers to call you when their online business drops
by almost 50%. By the way, can you use a shared IP for secure server
certificates?
No, you can't, which is why there are exceptions to the policy. Granted
there isn't a specific exception for SSL, which I think is one place where
the group (myself included) erred in Calgary last March.
I don't want to see any more comments that I should be doing things
smarter and better. I want to see explanations of how I can accomplish
the things that you say are so easy. Like I said I'm not stubborn... show
me the way. If you can't, then please refrain from making popular
political statements that don't affect YOUR business and your customers'
business.
I never meant to trivialize the changes. I merely meant to point out to
those who said they were not only non-trivial but were impossible that in
fact it was not impossible.
PS. If you are such an advocate for IP conservation why do you have a
whole block? I can't tell how many IPs you are wasting because your
provider has not swipped your block. But you have multiple web sites
running on multiple IPs! What's your excuse?
Name: gw1.hilander.com
Address: 216.241.32.33
This is actually its own machine.
Name: virthost.hilander.com
Address: 216.241.32.35
Name: ramirez.hilander.com
Address: 216.241.32.34
Hey, nobody's perfect. I'll have to look into changing that. Thanks for
pointing it out.
Pretty interesting web sites I might add.
Thanks for looking around, I spent years writing it.

Look, bottom line is that name-based virtual hosts have the ability to
stretch our IP utilization even further (and the way IPv6 is looking means
we'll really need to do this). Moreover, if you think the name-based
virtual hosting policy should be changed or repealed, then by all means
start participating in the process to make that happen.

And finally, there may well be some websites out there that cannot be
handled any way except for giving them their own IP address. I don't know
this for sure, but I'd say it's a pretty good guess.

Similarly, there are some dial-up users out there who insist on having a
static IP address. ISPs are free to do that, _JUST AS LONG AS MOST OF THEIR
LOW-END CLIENTS USE DYNAMIC IP ADDRESSES_. This can easily be extended to
virtual hosting. And I agree that this should be stated specifically, but I
really think ARIN's true intent was to change the default mom-and-pop
hosting account from a dedicated IP address to a name-based virtual host.

So perhaps the policy should be re-worded to state that for providers who
sell 'cheap' web-hosting for domains that get relatively few hits per month
they should use name-based virtual hosting for those clients?
Alec H. Peterson
2000-09-13 14:33:35 UTC
Permalink
ARIN could help stretch IP space by running around the different net
blocks and finding the unused space and reclaiming it.
Sure, there will be some pissed off people who have /16s that they are
using maybe a /22 out of, but so what? That is a lot of address space
that can be reassigned.
ARIN should, but in reality that is IANA's job.

This isn't ARIN trying to pass the buck, it's just due to the way the whole
Internet governance structure has been setup. And it's a really tricky job
at that.
We pay ARIN a fee to 'manage' our IP space, I would like some of that
fee to go to reclaimation of wasted IP space by small colleges, small
companies, and individuals who have who have space they aren't using.
See above. The AC has talked about how to reclaim space several times, but
the fact remains that ARIN doesn't have the authority to just wrench space
from any entity.
dropping the bomb is not fun, this new decision, while made
with other ARIN members, was sudden in its announcement and
did not give anyone a chance to start the cleanup before the
punishment is handed out.
That is certainly a valid point. We should re-think how we announce future
policy changes in that case.
there are a ton of IPs available on the 'net that are
allocated and underused - relaim those and these worries about
IP depletion can be put off for another couple of years.
See above.
random people with random comments about how my business is
supposed to be run is just not nice.
You call it dictating how your business is supposed to run, and that's
fine. One could argue that ARIN has been telling dialup ISPs how to run
their business for years, but I haven't heard any complaints to that affect.

Look, I want to see the policy changed so that all ARIN members feel their
opinions have been represented.

Here's what I'm going to do. Anybody who wants to see the policy changed in
some SPECIFIC way AND is not going to make it to the meeting in Herndon send
e-mail directly to me (***@hilander.com) with the subject ARIN WEB HOSTING.
Please only put your suggestions for how to fix what you don't like about
the policy in there, with some reasoning behind it so that I can pass that
long to the membership at large at the meeting.

Alec
--
Alec H. Peterson - ***@hilander.com
Staff Scientist
CenterGate Research Group - http://www.centergate.com
"Technology so advanced, even _we_ don't understand it!"
Alec H. Peterson
2000-09-13 15:38:08 UTC
Permalink
% gzcat * | wc
13133659 236790086 2910981757
% gzcat * | grep -c "HTTP/1.0"
6478695
or 49.32%
This is one set of logs from one machine in our cluster for one month.
It appears that looking at the browser version itself would be far more
revealing...

Alec
--
Alec H. Peterson - ***@hilander.com
Staff Scientist
CenterGate Research Group - http://www.centergate.com
"Technology so advanced, even _we_ don't understand it!"
Alec H. Peterson
2000-09-12 14:55:18 UTC
Permalink
Thing is, 'tomorrows way of web hosting' really is tomorrow.
Or don't you get it?
I don't think I do, since I'm not sure what you're getting at.
But why not put all dialups behind NAT, I mean, hell, fuck'em, they
don't need to play games on the 'net, do Netmeeting, ICQ and such, and
this would save me a couple thousand IPs and would save UUNET (and
other big boys) /14s and more of IP space.
Your sarcasm notwithstanding, I think the issues of placing dialup (or any
end-users for that matter) behind a NAT out-number the issues of using
name-based virtual hosting for entry-level web accounts.
Yep, it isn't new and many of us use name based virtual hosting
techniques when we can.
Thing is, it doesn't work all the time.
I agree with you 100% on that count.

And I think the ARIN policy should be re-worded so that it is more flexible.

See, the IP 'waste' that the membership was specifically concerned about
when crafting this policy is the mom-and-pop shops that only get a few
thousand hits per month and don't use SSL for their site. There are tens of
thousands of those sites out there now (probably more) and there is no
reason in the world why they shouldn't be on name-based virtual hosts.
Then, there are some sites that are so huge that for a variety of reasons it
is just unfeasible to put them on name-based virtual hosts. I think the
policy should be re-crafted to objectively define that in some way.

The point of my previous posts was to point out that there are ways to move
the name-based/IP-based line in the sand further out so that we can get even
better IP utilization.

Alec
--
Alec H. Peterson - ***@hilander.com
Staff Scientist
CenterGate Research Group - http://www.centergate.com
"Technology so advanced, even _we_ don't understand it!"
Alec H. Peterson
2000-09-13 15:41:59 UTC
Permalink
There was no 'ramp up' period, this policy takes effect *now*.
Ahh, now I do get it. As I think I said in a previous e-mail that's a valid
beef (IMO of course).
Ah, now it is entry level web accounts.
We already put entry level web accounts online via named virtual
hosts, the thing is, we don't do all that many of those, we do much
larger items.
Of course, the difinition of 'entry-level web accounts' could be
debated and probably will be.
Absolutely.
Going to be difficult to be objective, though.
Very difficult.
Yeah well, if it were going to be easy then we wouldn't have to bother with
all of these fun discussions ;-)

Alec
--
Alec H. Peterson - ***@hilander.com
Staff Scientist
CenterGate Research Group - http://www.centergate.com
"Technology so advanced, even _we_ don't understand it!"
Alec H. Peterson
2000-09-12 16:10:13 UTC
Permalink
I suspect the rest of them would have similar results.
We do high-volume (in terms of customers, not traffic) low-cost hosting
for small businesses under Cornerpost, where all of the pages are
generated dynamically out of a database using a custom web server. Only a
small number of customers have a domain name associated with it (the rest
get URLs like db.cornerpost.com/12567057007), and that all uses name-based
hosting. If an HTTP/1.0 request comes in without the identifier, they get
a "sorry, please upgrade your browser" message. When we started this, we
knew we were leaving out a large number of people with older browsers, but
this was the only way we could accomplish what we wanted in a scalable
fashion (people-wise as well as hardware). Fortunately, since relatively
few of these customers go to the trouble to get a domain name (although it is
increasing), it hasn't been an issue.
Interesting numbers, although some other people have pointed out that some
browsers that use HTTP/1.0 requests still send the Host: header as well. Is
there an easy way to get numbers on that?
For the more traditional hosting customers, we use IP-based hosting and
provide SMTP/POP/IMAP/FTP (including anonymous), and SSL if they pay for
that. It would require massive changes to our management tools, customer
setup, and business model to switch these to name-based hosting.
No doubt; especially since today's methods of doing SSL require a unique IP.

The policy allows for exceptions, and I hope we will be able to list some
specific ones at the next meeting.

If you don't mind sharing it, what percentage of your virtual hosts have
these other services (SMTP/POP/IMAP/FTP/SSL)? I'm just curious (I'm curious
what percentage of people want to pay for it).
In
addition, while if everyone did this it might spur those with older browsers
to upgrade (assuming they can -- some of them are using browsers on TV
set-top boxes, video game consoles, etc), if only some sites do this then
the customers will probably just go to other sites that still work. I doubt
customer paying for hosting want to lose even 10% of their customers, much
less 30-40%.
Agreed, although if some of these older browsers are also sending Host:
headers then it might not be as big an issue as it seems....

Alec
--
Alec H. Peterson - ***@hilander.com
Staff Scientist
CenterGate Research Group - http://www.centergate.com
"Technology so advanced, even _we_ don't understand it!"
Kent Crispin
2000-09-15 01:56:22 UTC
Permalink
Post by Alec H. Peterson
If you don't mind sharing it, what percentage of your virtual hosts have
these other services (SMTP/POP/IMAP/FTP/SSL)? I'm just curious (I'm curious
what percentage of people want to pay for it).
My tiny business caters almost exclusively to small businesses; in my
case all those services (with the exception of SSL), are part of the
standard package. In other words, people don't pay anything at all
extra for them. They pay $10/month to get it all. Frequently there are
services that are part of the package that they don't use, at least not
initially.

A great many small ISPs offer essentially the same kind of a package --
it frequently includes database support, shell access, and a bunch of
other stuff, for incredibly low prices. In my rudimentary marketing
stuff, I refer to this as a "virtual host" site to emphasize that what
the customer is getting is a package of services that look like their
own host on the internet.

Setting up a virtual host site for someone is mostly automated -- once
the infrastructure is in place it doesn't cost appreciably more to set
up someone with the above services than it does to just set up a web
site. They fill out a form and the whole thing is set up from that.
The biggest headache is dealing with the domain name -- if they don't
have one they have to try to pick out a good one; if they do have one
you have to deal with the various issues of effecting a transfer.

By default, I assign an IP address to every such customer. To do
otherwise would be simply stupid -- converting someone from a name-based
web site to an IP based web site is not much work, but it is the same
amount of work as setting up the site in the first place, and the real
cost is the human intervention of making the change.

What I think is fundamentally flawed with the new policy, from the point
of view of a business like mine, is that it in fact takes the
justification for use of an IP address down to the individual address
level -- you have to look at the characteristics of how each virtual
domain is used before you can decide whether it is justified to assign a
separate IP address. This makes no economic sense -- the incremental
monetary return for the use of the IP address is tiny -- less than the
policing cost of scrutinizing the use the customers make of their
address, or of maintaining.

I may not be expressing this well, but to back up a level, it seems to
me that this policy is reaching the point of diminishing returns -- we
are becoming insanely penurious. We are like starving people fighting
over crumbs. Indeed, we can talk about modifications to apache, and
pop, and imap and ftp and everything else so we can conserve a few more
precious addresses. But the deployment of those changes is a large
project in itself, and that energy is ultimately wasted. In my opinion
we would be better off to just run out of addresses, and thereby force
changes at another level.
--
Kent Crispin "Do good, and you'll be
***@songbird.com lonesome." -- Mark Twain
Ted Pavlic
2000-09-15 03:51:04 UTC
Permalink
Post by Kent Crispin
My tiny business caters almost exclusively to small businesses; in my
case all those services (with the exception of SSL), are part of the
standard package. In other words, people don't pay anything at all
extra for them. They pay $10/month to get it all. Frequently there are
services that are part of the package that they don't use, at least not
initially.
I think many providers have very similar packages; many offer FrontPage
Server Extension support to their users as well. FPSE requires more than a
bit more extra work to get them to work with name-based hosts.
Post by Kent Crispin
A great many small ISPs offer essentially the same kind of a package --
...
Post by Kent Crispin
own host on the internet.
This is true... And large ISPs require a great deal of automation as well.
In order for a large ISP to manage virtual hosts that are combinations of
name-based and IP-based causes a lot of extra stress.

Before I could create a database of virtual hosts and dump them to a
configuration file regularly...

Now some of my virtual hosts have to be IP based and, currently, those have
been entered into a configuration file manually. I'll have to add extra
logic to account for:

* Those virtual hosts that do not require anything unique
* Those virtual hosts which can be name-based, but cannot be mass virtual
hosted
* Those virtual hosts which have SSL or some other service which requires
IP-based hosting

While all of this can be done... It's a great deal of work to setup a clean
system which works for everyone -- plus deal with converting FrontPage SE, a
horrible package in general. The time it takes me to deal with this takes a
great deal of time away from other projects which require my almost
immediate attention.

Now if all the technology was already in place, things would be a lot
easier.

Also note that even the largest ISPs aren't using close to one quarter of
the IPs that the largest cable providers are. I really don't think it was a
good idea to throw this on the ISPs first. It just seems like the big
problem has been overlooked.
Post by Kent Crispin
By default, I assign an IP address to every such customer. To do
otherwise would be simply stupid -- converting someone from a name-based
web site to an IP based web site is not much work, but it is the same
amount of work as setting up the site in the first place, and the real
cost is the human intervention of making the change.
And changing from name-based to IP-based (or vice-versa) requires a certain
amount of downtime. While all the DNS changes are easily made at the
provider, all of the DNS servers on the Internet have to wait a certain time
period in order for their records to timeout. A site has to be both IP-based
and name-based during this (usually 24 hour) period or the site will be down
for a good deal of the users.
Post by Kent Crispin
What I think is fundamentally flawed with the new policy, from the point
...
Post by Kent Crispin
address, or of maintaining.
I have a problem with the policy regulating explicitly "webhosters." To me,
the web is made up of a lot more than just HTTP. I think it would have been
a better idea to regulate HTTP hosters... People who just provide simple
HTTP services could make the easy change and not worry much about it.
Regulating the entire web causes this great deal of argument about exactly
what is an exception and what is not. It's ridiculous.
Post by Kent Crispin
I may not be expressing this well, but to back up a level, it seems to
...
Post by Kent Crispin
changes at another level.
Personally, I would worry that these changes would decrease the QoS at each
webhoster causing its clients to spread out among much smaller webhosters
around the Internet that are still allowed to do IP-based webhosting because
they have a /24 or less. Eventually, all of the IPs that were saved will
just be allocated again -- just among a great deal more providers.

To me a few things have to happen...

*) The cable providers **NEED** to be regulated! @Home's 2.3 million IPs are
ridiculous -- they do not need that many IPs. Even if they were to give back
HALF of those IPs, that'd be TWICE the amount of IPs Verio has TOTAL.

*) IP needs to be changed... Either IPv6 needs to be pushed into place (ha
ha)... Or IPv4 needs to be changed. PERHAPS a decent idea would be to create
a second set of 4 (or 6 even) byte addresses and a new name-server
configuration. That is, all websites given to a particular webhost would
lookup to one IP which would go to that webhost. Each browser would then
lookup the name at another name registry that would give each specific
webhost its own identifier. That identifier (some numeric value again -- 4
or 6 bytes) could be stored as another word in the IP header. Different
servers could then use that information to route name-based sites to the
appropriate place... This is just one idea off the top of my head -- perhaps
it's not too viable -- but changes need to be put in place. Right now we
have the ability to work with the amount of IPs we have, we just need the
technology to actually do it.

*) xDSL providers need to be looked at. Most of the DSL providers I know of
are providing static IPs to each of their customers by default.

*) ARIN (and IANA) needs to improve their communication. I really think that
only certain interests were represented in this decision... (i.e. cable
Internet providers)

At least that's what I think, I could be wrong.

All the best --
Ted
j***@lewis.org
2000-09-12 16:49:10 UTC
Permalink
Cool! Now we all know how to do name based hosting... er, wait... what
about all those HTTP/1.0 browsers!? You don't think they exist any
more? Check this out. In fairness I sampled all my virtual hosts off of
one server from a selective time period. All my logs files are in the
webserver3: {17} % grep 'HTTP/1.1' www.*.com | wc -l
400441
webserver3: {18} % grep 'HTTP/1.0' www.*.com | wc -l
375412
48.4% of the browsers out there that accessed my customers' sites used
HTTP/1.0. For the uninitiated the 1.0 version of the HTTP protocol does
NOT support name based hosting.
This is BS. My own personal domain is a name-based virtual host (not by
choice, but due to necessity at the time it was setup), and 63% of the
hits on it are logged at HTTP/1.0. They still get the right files.

Many browsers that support name-based virtual hosting send requests as
HTTP/1.0. Netscape 4.75 does.

----------------------------------------------------------------------
Jon Lewis ****@lewis.org*| I route
System Administrator | therefore you are
Atlantic Net |
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
Mury
2000-09-12 16:44:08 UTC
Permalink
I don't think Alec has called anyone whiners.
Jeremy,

"Whining" was not my word. Please read his response to me more
Post by Alec H. Peterson
Whining about how today's methods of accounting won't work with
tomorrow's methods of virtual hosting is a lot like complaining about
It's pretty easy to disqualify someone's techincal issues by retorting
with it's just whining.
The policy has been
discussed and as presented does not change the business climate for
http://www.arin.net/announcements/policy_changes.html
Exceptions may be made for ISPs that provide justification for
requiring static addresses. ARIN will determine, on a case-by-case
basis, whether an exception is appropriate.
If you are sure that your use of one IP per Host is justfiable, then
you should have no problem getting an exception approved.
Perhaps if you are complaining maybe you don't feel that your
use has technical merit?
Here we go with just calling me a complainer again. Dear sir, do you know
what an awful process it is to get more space from ARIN. I beleive the
point is an exception should be a policy if in general you would have to
grant more exceptions than not. If the hosting world is not quite ready
for name based hosting why make most people fight to get exceptions?
Shouldn't it be a policy?

And don't get me wrong again, I can here it coming. I am concerned about
wasted IP space. I'm not advocating wasting IP space just because it's an
easier thing to do than conserve it.
"Back in the day" when I ran an ISP and Web hosting business for a living,
we used single IPs for WWW (http 1.1 didn't exist), assigned static
IPs to all customers, etc. When new technologies came about
and policies changed, we followed. We ended up renumber those static
customers and some significiant business cost, because it was the
right thing to do. It wasn't easy, the customers didn't like it,
it made accounting and access control harder.
Of course, name one ISP that hasn't done that. I haven't run into any.
With that said, theses issues were discussed at the ARIN policy meeting,
and there weren't huge objections, so the conclusion was reached that
there were significant objectors. Luckily there is a meeting in
just a few weeks, where you are invited to discusse it more, and
perhaps better wording can be determined that would allow existing
operations to switch to more efficient technologies in a reasonable
time frame, while still encouraging better utilization of
IP addressing.
Where is the meeting? Who shows up? Isn't emailing the group just as
an acceptable way of communicating, or do I need to show up and be called
a whiner in person?
I'm sure if several vocal www hosting business pushed for changed wording
that still encouraged better utilization, that it would be considered.
Mury
2000-09-12 17:02:56 UTC
Permalink
You're bending the truth here, quite a bit actually. The HTTP 1.0 proto
may not support the Host: header, but browsers that are using HTTP 1.0
may very well support he Host: header. Oh, i don't know, a smallish
browser called Netscape, v 2.0 or better, comes to mind. Grepping
through my access log for today I see over 65,000 1.0 requests. 98% of
those are to name-based virtual hosts (which is almost all i run
anymore), and they all worked.
jon
Good to know. Finally someone takes the time to correct me and not just
call me a whiner.

So, does anyone know a reliable source that keeps track of stats on
browsers? If it isn't 50% that won't get to the web site, is it
10%? 5%? .0001%?

Thanks.

Mury
GoldenGate Internet Services
Ted Pavlic
2000-09-14 05:05:14 UTC
Permalink
Not sure if anyone has responded to this yet, but most larger providers I
see say it's closer to 5% (tops).

----- Original Message -----
From: "Mury" <***@goldengate.net>
To: "Jon Rust" <***@vcnet.com>
Cc: "Alec H. Peterson" <***@hilander.com>; "Matt Bailey"
<***@journey.net>; <arin-***@arin.net>; <***@arin.net>
Sent: Tuesday, September 12, 2000 1:02 PM
Subject: Re: guideline for name-based web hosting justification
Post by Mury
You're bending the truth here, quite a bit actually. The HTTP 1.0 proto
may not support the Host: header, but browsers that are using HTTP 1.0
may very well support he Host: header. Oh, i don't know, a smallish
browser called Netscape, v 2.0 or better, comes to mind. Grepping
through my access log for today I see over 65,000 1.0 requests. 98% of
those are to name-based virtual hosts (which is almost all i run
anymore), and they all worked.
jon
Good to know. Finally someone takes the time to correct me and not just
call me a whiner.
So, does anyone know a reliable source that keeps track of stats on
browsers? If it isn't 50% that won't get to the web site, is it
10%? 5%? .0001%?
Thanks.
Mury
GoldenGate Internet Services
Mury
2000-09-12 18:01:47 UTC
Permalink
Post by Alec H. Peterson
I hardly see what a single presentation I did with Avi several years ago has
to do with the issue at hand. As it happens, I can count on one hand the
number of conversations I've had with Avi this year.
Ummm, it's what you are using one of our IPs for to promote. It's on one
of your multiple web servers. If it's not important to you any more,
perhaps you should do some cleaning up and return some IPs.
Post by Alec H. Peterson
The fact that I may not have experience with specifically parsing WWW log
files by no means implies that I have no experience doing that sort of thing
in other applications. See, standard WWW transfer logs have tons of data in
them that does not relate to calculating bandwidth utilization. That extra
data all has to be looked at before the bandwidth numbers can even be
128.220.221.16 - - [05/Mar/1998:18:20:32 -0500] "GET / HTTP/1.0" 200 1195
Now depending on how you count there are 6 fields on that one line of log
file, and the number of bytes transfered number is the very last field. So
that means that one way or another you need to look at each of the fields in
the file and check if it's the right one before you can even get the
appropriate data. I have to agree that parsing that logfile for bandwidth
utilization is a major pain.
128.220.221.16 1195
Or perhaps an even better way would be to write over the same line in the
file again and again every time, so your utilization program just has to
look at the file once to see how much has been used. Granted you can't just
use Apache's mod_log_config for that, but it isn't a lot more work than
that.
You know I agree with you on most of what you are getting at, but I need
to keep most of that log file anyway. Customers sometimes need to see
where there traffic is coming from and what pages they are hitting, so if
I need to log all that information it should go to the same file, so I
don't double the amount of writes I need for each request.

These days we spend almost the same amount of time explaining people's web
statistics as we do configuring their modems. That information is
important to them.
Post by Alec H. Peterson
My second statement about it not being a 'really efficient way to do it'
meant to say that the 30 seconds I spent thinking of how to make the parsing
process more efficient was probably not sufficient to come up with the
optimal solution. Perhaps I should have said 'probably not optimally
efficient' instead. Sorry about that.
Fair enough. I pulled out all the stops since you insinuated I was just
whining.
Post by Alec H. Peterson
I didn't mean to say it was no big deal. Making the changes I proposed
would certainly take some work. However, contrary to what some other people
said, the problem is not insoluble.
My point was that I can't stand excuses for doing 'the right thing',
especially when people insist on working against an organization that is
only trying to help. ARIN is not making these policy changes to make
everybodys' lives more difficult. ARIN is making the changes because it has
a responsibility to stretch IP space in its region of the world as far as
possible.
Hey, we try to do the right thing. I think this is where part of the
problem lies. There seems to be this impression that ISPs are guilty
before proven innocent, and not just during the long process of trying to
get new IP space. We are not greedy, whiny, little pricks.

Instead of putting the clamps on the ISPs why not focus on:

1) Reclaiming unused IP space to hold us out a little longer
2) Push a plan to get better client server technology out there, and once
it is out there get people using it. As an rotten example, but feeling
one is needed, what if the top 10 most popular sites had a message pop up
that informed people if they were using an old browser and encouraged them
to upgrade.

I'm not bitching just to bitch. I'm looking out for my ecommerce
customers. 90% of my revenue comes from businesses. If I don't watch out
for their bottom line, they sure the hell aren't going to look out for
mine. If I switch them to a name-based system, before the world is ready
for it and they lose hits do to software incompatibilites, or don't notice
that their traffic died, or they can't see how effective a commercial was
by using real-time accounting stats, or one of my customers gets DOSed and
I can't control the traffic at my core routers or at my upstream so I have
to take everyone down because they all share an IP, they are going to host
with someone who cheats the system and gets them an IP.
Post by Alec H. Peterson
Also, as I tried to say before people on the 'net have come up with some
truly brilliant ways to deal with the issues that face us when they need
to. I really think it would be a far better use of our time here if we all
put our heads together to try and figure out a feasible way for everybody to
use name-based virutal hosts in as many applications as possible than
arguing about how hard it is. Then, if we as a group find that it is truly
not possible then we can state that (from experience, as opposed to just
from theoretical conjecture) at the next ARIN meeting and recommend an
appropriate policy change.
Wonderful. I am with you 100% here. Like I said many times in my other
post, I'm sure you and most of the others here are a lot smarter than I
am. And I'm very willing to make changes that work, but no one seems to
be pointing me in the right direction, so all I can do is point out the
obvious nature of how things work as I understand them.
Post by Alec H. Peterson
You may think that just because I don't run a web hosting outfit today I
don't understand the issues, and you're welcome to think that. It is true
that I don't know how every single web hosting outfit out there accounts for
usage, but I daresay you probably don't know that either. You know how you
do things, and that's all you need to know. This is the exact reason why I
or you alone are not responsible for creating ARIN policies. It is done by
member participation in ARIN. And the general idea is that ARIN and its
members benefit from having a hand in shaping what happens to IP allocation
policy.
Obviously. And all I can do is let the group (ARIN) know that I for one
have a problem with it. And from judging by the number of responses sent
only to me last night, I'm not the only one. I'm not sure why most of
these people have not responded to the group. Maybe they don't want to be
labeled as a trouble maker and have even a tougher time getting IPs from
ARIN next time.
Post by Alec H. Peterson
Speaking to your request for a solution to your accounting woes, I really
don't think you want that from ARIN. See, if that happens then people will
start screaming about how ARIN dictates the way people must do business,
which gets into another rat-hole that we really don't want to go down.
There are many ways to skin this cat.
So I will say again, instead of arguing with me about how easy or not easy
this problem is to deal with, why don't we try actually solving the issues?
And if they are not solvable then we will know we have tried our best and we
can report those findings at the next ARIN meeting in an effort to get the
recently adopted policy changed.
And FYI, demanding a solution to your specific problem without providing any
suggestions of your own is not the best way to engage help from others.
Maybe the some of the hosting world just isn't ready for this new policy.
It's not like I've sat on my ass for the last 6 years without changing how
I've done business. I wouldn't be around if I didn't evolve as you put
it. I've watched just about everyone that has not sold their business, go
out of business, and there are plenty of reasons for that, but primary it
was due to a lack of adopting new technologies. The point being I have
tested and adopted my own suggestions already.

My suggestion to the core problem, is to reclaim unused IP space, push for
IPv6, and make appropriate IP saving changes when it does not
significantly hinder the ability to do business on the Internet.
Post by Alec H. Peterson
Not a bad setup. I don't really see what I said before would not apply to
this setup.
If eliminate multiple IPs I'm unsure how to:

1) Address the HTTP/1.0 issues in an acceptable clean fashion
2) Do real time web accounting. Remember we buy bandwidth by the Mbit, so
we need to sell it by the Mbit
3) Provide controls against DOS attacks. No we don't host porn sites
4) Provide secure server certificates
5) Provide database support from server to server. I'm not a programmer
any more so I don't know how big an issue it is, but my programmer told me
it would be a mess

Those are some of the issues that I don't know how to handle with single
IP hosting.
Post by Alec H. Peterson
And like I said before, when appropriate we have assigned multiple sites
to a single IP. We actually do it by sending all requests into a CGI
script that grabs the HTTP_HOST env variable and creates the customized
web site on the fly with MySQL. So yes, we are trying to conserve IP
addresses, we are not greedy, whiny bastards trying to screw the Internet
up for everyone else.
Nobody ever said you were, and I truly resent having words put into my
mouth. Please refrain from doing so in the future.
Miscommunication. I didn't mean to imply that you called me a greedy,
whiny bastard. I was trying to emphasize the point that ISPs, at least
mine, are trying to conserve IP space. ARIN's policy implies that ISPs
are not doing enough to conserve the space. And like I said before there
seems to be this mis-conception that ISPs are fighting change and IP
conservation. Hell, our business depends on more people getting
access. We of all people should be, and I beleive most are, promoting IP
conservation.
Post by Alec H. Peterson
If you recall, I was addressing a specific post where a person was demanding
specific solutions to every problem that this policy change would be
causing. I, for one, don't respond well to demands for help.
Look. My point is I live this business. I realize I'm not the smartest
guy out here, but I've been doing this a long time in Internet
years. ARIN has come up with a policy that I think is premature. With
the needs and tools I have, and I have do have a few, it's a bad
policy. But if someone can show me how I'm mistaken, I will gladly listen
and change my technologies.

Actually I think the policy would make a wonderful "Guideline". It
shouldn't affect IP allocation, but it should be encouraged at this time.
Post by Alec H. Peterson
Cool! Now we all know how to do name based hosting... er, wait... what
about all those HTTP/1.0 browsers!? You don't think they exist any
more? Check this out. In fairness I sampled all my virtual hosts off of
one server from a selective time period. All my logs files are in the
webserver3: {17} % grep 'HTTP/1.1' www.*.com | wc -l
400441
webserver3: {18} % grep 'HTTP/1.0' www.*.com | wc -l
375412
48.4% of the browsers out there that accessed my customers' sites used
HTTP/1.0. For the uninitiated the 1.0 version of the HTTP protocol does
NOT support name based hosting.
That's the first number I've seen on the subject that is greater that 2%,
and I will confess it does concern me a great deal.
Does anybody else have any numbers they'd like to share?
As someone pointed out. Apparently HTTP/1.0 can support name based
hosting. I was unaware of this.

And if that truely is the case, I would like to see some numbers. I would
have guessed ARIN would know this before instituting a policy. Perhaps
they would like to share.
Post by Alec H. Peterson
Can I tell all my customers to call you when their online business drops
by almost 50%. By the way, can you use a shared IP for secure server
certificates?
No, you can't, which is why there are exceptions to the policy. Granted
there isn't a specific exception for SSL, which I think is one place where
the group (myself included) erred in Calgary last March.
That's an easy one.
Post by Alec H. Peterson
Look, bottom line is that name-based virtual hosts have the ability to
stretch our IP utilization even further (and the way IPv6 is looking means
we'll really need to do this). Moreover, if you think the name-based
virtual hosting policy should be changed or repealed, then by all means
start participating in the process to make that happen.
That's what I'm trying to do! Or is this not the right place to
participate?
Post by Alec H. Peterson
And finally, there may well be some websites out there that cannot be
handled any way except for giving them their own IP address. I don't know
this for sure, but I'd say it's a pretty good guess.
Similarly, there are some dial-up users out there who insist on having a
static IP address. ISPs are free to do that, _JUST AS LONG AS MOST OF THEIR
LOW-END CLIENTS USE DYNAMIC IP ADDRESSES_. This can easily be extended to
virtual hosting. And I agree that this should be stated specifically, but I
really think ARIN's true intent was to change the default mom-and-pop
hosting account from a dedicated IP address to a name-based virtual host.
So perhaps the policy should be re-worded to state that for providers who
sell 'cheap' web-hosting for domains that get relatively few hits per month
they should use name-based virtual hosting for those clients?
Alec H. Peterson
2000-09-12 19:07:19 UTC
Permalink
Post by Mury
Ummm, it's what you are using one of our IPs for to promote. It's on one
of your multiple web servers. If it's not important to you any more,
perhaps you should do some cleaning up and return some IPs.
Probably, although those machines are actually Johns Hopkins property, so I
should probably get in touch with the folks back at the CNDS lab.
Post by Mury
You know I agree with you on most of what you are getting at, but I need
to keep most of that log file anyway. Customers sometimes need to see
where there traffic is coming from and what pages they are hitting, so if
I need to log all that information it should go to the same file, so I
don't double the amount of writes I need for each request.
It's a matter of which one takes more time, writing two logs, or writing one
big one and having to parse it for utilization data. I honestly don't know
which is better...
Post by Mury
Hey, we try to do the right thing. I think this is where part of the
problem lies. There seems to be this impression that ISPs are guilty
before proven innocent, and not just during the long process of trying to
get new IP space. We are not greedy, whiny, little pricks.
No, you aren't. And ARIN is not made up of a bunch of vindictive
narrow-minded pencil pushers who are trying to concerve IP addresses like
they're the last few molecules of oxygen in a sealed chamber.

We're all working towards the same end; making the 'net function as well as
possible. Having multiple sides to the discussion only helps the situation.
Post by Mury
1) Reclaiming unused IP space to hold us out a little longer
That's already being done, but there's a big problem. ARIN doesn't have
authority over the major offenders (legacy /8s and /16s). The AC has had
long, involved discussions about how is best to do this, and we're working
on it. For example, our first goal is to re-claim address space of
companies that have gone out of business. If you have some ideas on how we
can do this we'd _love_ to hear them.
Post by Mury
2) Push a plan to get better client server technology out there, and once
it is out there get people using it. As an rotten example, but feeling
one is needed, what if the top 10 most popular sites had a message pop up
that informed people if they were using an old browser and encouraged them
to upgrade.
Yuck!

I mean, it's an idea, but I see where you're going...

The idea is to get our members to try and help with this task as well...
Post by Mury
I'm not bitching just to bitch. I'm looking out for my ecommerce
customers. 90% of my revenue comes from businesses. If I don't watch out
for their bottom line, they sure the hell aren't going to look out for
mine. If I switch them to a name-based system, before the world is ready
for it and they lose hits do to software incompatibilites, or don't notice
that their traffic died, or they can't see how effective a commercial was
by using real-time accounting stats, or one of my customers gets DOSed and
I can't control the traffic at my core routers or at my upstream so I have
to take everyone down because they all share an IP, they are going to host
with someone who cheats the system and gets them an IP.
Those are legitimate gripes.

Can we come up with reasonable solutions to them?
Post by Mury
Obviously. And all I can do is let the group (ARIN) know that I for one
have a problem with it. And from judging by the number of responses sent
only to me last night, I'm not the only one. I'm not sure why most of
these people have not responded to the group. Maybe they don't want to be
labeled as a trouble maker and have even a tougher time getting IPs from
ARIN next time.
No, you aren't the only one, but at the same time, there were a huge number
of people at the last ARIN meeting who were in support of this policy,
however most of them have been silent through most of this (perhaps because
they feel they already made their feelings known at the last meeting).

And as far as being labled a trouble-maker, I know plenty of people who have
been far more vocal about ARIN policy than you and have had no problem
getting address space. Please don't spread the mis-conception that ARIN is
anything other than an objective organization. It isn't true and it makes
everyone's life much more difficult in getting support for the organization.
Post by Mury
Maybe the some of the hosting world just isn't ready for this new policy.
This may be true, but the longer we wait the more address space that's going
to get used up, and the less we'll have to play with in the future...
Post by Mury
1) Address the HTTP/1.0 issues in an acceptable clean fashion
See other discussions; the issue of legacy browsers IMO is a red herring.
It exists, but it's really small.
Post by Mury
2) Do real time web accounting. Remember we buy bandwidth by the Mbit, so
we need to sell it by the Mbit
Doing bandwidth (as opposed to bytes transfered per period of time) billing
is tough, although it sounds like more and more vendors are starting to sell
equipment that handles this.
Post by Mury
3) Provide controls against DOS attacks. No we don't host porn sites
But those are the money-makers! :-)

Seriously, I understand the DOS issue all too well, and it does need to be
addressed. Not sure how to at this point, except to say that this policy is
really targeted towards the bottom-of-the-line web hosting accounts. If you
have a customer who has a lot of traffic, pays you a lot of money and can't
afford to be off the air then it makes perfect sense to have him on a
dedicated IP (I think at least).
Post by Mury
4) Provide secure server certificates
That qualifies as an exception.
Post by Mury
5) Provide database support from server to server. I'm not a programmer
any more so I don't know how big an issue it is, but my programmer told me
it would be a mess
Not sure exactly what you're trying to do with server to server DB support
(more to the point why it would be a problem).
Post by Mury
Miscommunication. I didn't mean to imply that you called me a greedy,
whiny bastard. I was trying to emphasize the point that ISPs, at least
mine, are trying to conserve IP space. ARIN's policy implies that ISPs
are not doing enough to conserve the space. And like I said before there
seems to be this mis-conception that ISPs are fighting change and IP
conservation. Hell, our business depends on more people getting
access. We of all people should be, and I beleive most are, promoting IP
conservation.
Just because I don't water my lawn doesn't give me a right to suck up all of
the water from the local well with some other application (like starting a
car wash, for example).

Perhaps that's a bad analogy, but my point is that ARIN recognizes ISPs have
made great strides in conserving IP space. However, as more and more
companies and users hook up to the 'net every month, we need to do as much
as we can.
Post by Mury
Actually I think the policy would make a wonderful "Guideline". It
shouldn't affect IP allocation, but it should be encouraged at this time.
That's actually been proposed on another list, although I'm really not sure
if that would affect what people do. Anybody else have thoughts?
Post by Mury
As someone pointed out. Apparently HTTP/1.0 can support name based
hosting. I was unaware of this.
And if that truely is the case, I would like to see some numbers. I would
have guessed ARIN would know this before instituting a policy. Perhaps
they would like to share.
The numbers we got came from our members. I believe Gene had some extensive
data.
Post by Mury
That's what I'm trying to do! Or is this not the right place to
participate?
Well that's the tough part. Most of the member opinion polls take place at
the in-person meetings. We do need to try and find a better way to get the
pulse of the membership, I think.

However, it needs to be stated that officially the Board is the only group
that institutes new policy. To this date they have only done that with
policies that the membership or AC have recommended.
Post by Mury
Ah! Now we are getting somewhere. Where to draw the line though? That
extra 5% business for a company whether they are doing $10,000 or a
million or more is still pretty important, especially now with everyone's
margins so low while the fight for market share appears to be paramount.
True enough.
Post by Mury
Almost all my account are $50/month. Is this considered cheap? Do you
have to be a IBM selling $2500 accounts to gain the exception? Or, are
the $19.95 joints where the cutoff would be drawn? Just curious.
That's a very good question, I'm not sure what the answer is.
Post by Mury
Alec, I understand your and ARIN's points. However if a "policy" is going
to be created and enforced I think we some of these issues need to be
better addressed and defined so legit ISPs don't have to wait over a
month to get new IP space and go through a process of defending web
hosting IP space.
Which is why we really need more participation. Fortunately this policy
change has brought more of it forward, but as I said above we need a better
way to tally opinions in a fair manner...

Alec
--
Alec H. Peterson - ***@hilander.com
Staff Scientist
CenterGate Research Group - http://www.centergate.com
"Technology so advanced, even _we_ don't understand it!"
J. Scott Marcus
2000-09-14 00:10:19 UTC
Permalink
... And as far as being labled a trouble-maker, I know plenty of people
who have been far more vocal about ARIN policy than you and have had
no problem getting address space. Please don't spread the
mis-conception that ARIN is anything other than an objective
organization. It isn't true and it makes everyone's life much more
difficult in getting support for the organization.
I'll save this email :) ...
Please do.

This ppml mailing list (and our public policy meetings) are exactly the
right places to frankly and openly discuss issues like this. Moreover, we
specifically solicited opinions from the community on these actions. ARIN
_asked_ for this feedback.

I personally prefer that the discussions be polite, civil, and in a tone of
mutual respect, which has I think mostly been the case with this long
thread. With that said, it is VERY important that people feel free to
express their opinions candidly and directly.

ARIN does not (and must not) penalize people for expressing their opinions.

Cheers,
-- Scott Marcus (who is a Trustee of ARIN, but speaking for himself here)
J. Scott Marcus
2000-09-14 14:28:35 UTC
Permalink
Post by J Bacher
Post by J. Scott Marcus
This ppml mailing list (and our public policy meetings) are exactly the
right places to frankly and openly discuss issues like this. Moreover, we
specifically solicited opinions from the community on these actions. ARIN
_asked_ for this feedback.
Which segment of the community? I've not received any requests for
feedback on this policy in the last couple of years.
ARIN requested further discussion on this subject August 29, although the
connection to the far-ranging discussions that ensued may not be clear.
Post by J Bacher
Date: Tue, 29 Aug 2000 14:46:37 -0400 (EDT)
Subject: ARIN Web Hosting Policy
ARIN's new web hosting policy has recently been under discussion on the
ARIN IP allocations policy mailing list.
See http://www.arin.net/members/mailing.htm.
The policy is described at
http://www.arin.net/announcements/policy_changes.html
Some individuals have expressed their disagreement with this new policy.
Should the ARIN web hosting policy be changed?
ARIN would like your feedback on this issue. Please post your comments
feedback will be included in the discussions at the upcoming public
policy meeting.
Information about the meeting can be found at
http://www.arin.net/announcements/memmeet.html
I have not checked, but it's possible that this policy had not been
discussed on the list prior to the previous member meeting (as Randy
notes). If so, that would seem to have been an oversight.

I am also thinking that, while discussions like this should be HELD on
***@arin.net, maybe they should be ANNOUNCED on some other relevant lists,
such as nanog?

Cheers,
- Scott
Randy Bush
2000-09-14 15:04:38 UTC
Permalink
Post by J. Scott Marcus
ARIN requested further discussion on this subject August 29, although the
connection to the far-ranging discussions that ensued may not be clear.
"further" to what previous mailing list discussion?

randy
Mury
2000-09-12 18:10:13 UTC
Permalink
If you can send that email to me, I'll forward it to the list.
Post by Mury
So, does anyone know a reliable source that keeps track of stats on
browsers? If it isn't 50% that won't get to the web site, is it
10%? 5%? .0001%?
I sent a rather detailed e-mail on this to the list, but it didn't go
through, probably because I'm subscribed through a different list rather
than personally. Hopefully the maintainer will approve it and send it on
through.
Kim Scarborough
2000-09-12 16:08:05 UTC
Permalink
Cool! Now we all know how to do name based hosting... er, wait... what
about all those HTTP/1.0 browsers!? You don't think they exist any
more? Check this out. In fairness I sampled all my virtual hosts off of
one server from a selective time period. All my logs files are in the
webserver3: {17} % grep 'HTTP/1.1' www.*.com | wc -l
400441
webserver3: {18} % grep 'HTTP/1.0' www.*.com | wc -l
375412
48.4% of the browsers out there that accessed my customers' sites used
HTTP/1.0. For the uninitiated the 1.0 version of the HTTP protocol does
NOT support name based hosting.
Can I tell all my customers to call you when their online business drops
by almost 50%.
Wait a minute. When you posted that, I was really surprised. I looked
through my server logs and got similar percentages. Look at this:

/weblogs> grep 'HTTP/1.1' access.log |wc -l
485
/weblogs> grep 'HTTP/1.0' access.log |wc -l
449

But guess what. That's a name-based site. It shares an IP with several
sites I host. So obviously, that's not an accurate way to check if people
will load the site--nearly half of this site's hits are from 1.0 requests,
and yet it manages to get the site fine. I'm not sure how this
works--perhaps the browsers are misidentifying the HTTP version in their
requests?--but I can assure you, it does.

I work for an ISP that has hundreds of name-based sites. We haven't got
any complaints from any of our customers about *anybody* not being able to
load their sites in over a year. Saying that 50% of the people out there
can't view name-based sites is just absurd.

In fact, let's dig a little deeper. Netscape 2.0 and above and IE 3 and
above support name-based hosts. So, since IE 3 reports itself as Mozilla
2, IE 4 reports itself as Mozilla 3, etc., let's try this (on my main,
IP-based site this time):

/weblogs> egrep \(Mozilla/5\|Mozilla/4\|Mozilla/3\|Mozilla/2\) combined.log |wc -l
74210

/weblogs> egrep -v \(Mozilla/5\|Mozilla/4\|Mozilla/3\|Mozilla/2\) combined.log |wc -l
6456

So now we're down to 8%. But even that overstates the number of browsers
that can't view name-based sites, because the second number includes
search bots, less-used browsers like Lynx and Opera, and command-line
fetchers like fetch and wget--all of which also support name-based hosts.
I can prune it further upon request. But I would guess it's a fair
assumption that just about the only browsers in use by almost anybody that
can't get to name-based sites are stray copies of Netscape 1.x. So let's
look for that:

/weblogs> grep Mozilla/1 combined.log | wc -l
79

0.1% of all my hits this month.

So while y'all have a point about the bandwidth accounting, you're on
pretty thin ice when talking about browser incompatability.



--------------73E596B1E8048DB4AD31BD1A--
Mury
2000-09-12 19:17:08 UTC
Permalink
Was there no "Unknown" browsers? My logging and analysis tools have a
very high percentage that come back as "Unknown," which I'm inclined to
beleive are older browsers.

Mury
Tracking browsers....
Yes we did and we were amazed with the results.
In fact we still dont believe them....
Where is Netscape?...this is a sampling too!!
Mozilla/4.0 (compatible; MSIE 5.0; AOL 5.0; Windows 98;
DigExt) 16605 (26.2%) 176388k (34.0%)
Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 4.0) 4288
(6.8%) 8060k (1.6%)
Mozilla/4.0 (compatible; MSIE 5.0; AOL 5.0; Windows 95;
DigExt) 3675 (5.8%) 38714k (7.5%)
Mozilla/4.0 (compatible; MSIE 5.0; Windows NT; DigExt) 3477
(5.5%) 11312k (2.2%)
Mozilla/4.0 (compatible; MSIE 5.0; Windows 98; DigExt) 2500
(3.9%) 13682k (2.6%)
Mozilla/4.0 (compatible; MSIE 5.01; AOL 5.0; Windows 98)
2051 (3.2%) 21238k (4.1%)
Mozilla/4.0 (compatible; MSIE 5.0; AOL 4.0; Windows 98;
DigExt) 1906 (3.0%) 19527k (3.8%)
Mozilla/4.0 (compatible; MSIE 5.0; MSN 2.5; AOL 5.0; Windows
98; DigExt) 1282 (2.0%) 13459k (2.6%)
Mozilla/4.0 (compatible; MSIE 4.01; Windows 95) 1146 (1.8%)
6325k (1.2%)
Mozilla/4.0 (compatible; MSIE 4.01; Windows NT) 1009 (1.6%)
5864k (1.1%)
Mozilla/4.0 (compatible; MSIE 5.5; AOL 5.0; Windows 98) 870
(1.4%) 9029k (1.7%)
Mozilla/4.0 (compatible; MSIE 5.0; Windows 95; DigExt) 784
(1.2%) 4484k (0.9%)
Mozilla/4.0 (compatible; MSIE 4.01; AOL 4.0; Windows 98)
778 (1.2%) 7224k (1.4%)
Mozilla/4.0 (compatible; MSIE 5.0; Mac_PowerPC) 766 (1.2%)
1076k (0.2%)
Mozilla/4.0 (compatible; MSIE 5.0; AOL 5.0; Windows 98;
Compaq; DigExt) 630 (1.0%) 8262k (1.6%)
Mozilla/4.0 (compatible; MSIE 5.01; Windows 98) 618 (1.0%)
3459k (0.7%)
Mozilla/4.0 (compatible; MSIE 5.5; Windows 98) 586 (0.9%)
3224k (0.6%)
Mozilla/4.0 (compatible; MSIE 4.01; Windows 98) 548 (0.9%)
2893k (0.6%)
Mozilla/4.0 (compatible; MSIE 5.01; Windows NT) 534 (0.8%)
3060k (0.6%)
Mozilla/4.0 (compatible; MSIE 4.01; AOL 4.0; Windows 95)
486 (0.8%) 5205k (1.0%)
Sincerely,
Peter Schroebel
----- Original Message -----
Sent: Tuesday, September 12, 2000 1:02 PM
Subject: Re: guideline for name-based web hosting
justification
You're bending the truth here, quite a bit actually. The
HTTP 1.0 proto
may not support the Host: header, but browsers that are
using HTTP 1.0
may very well support he Host: header. Oh, i don't know, a
smallish
browser called Netscape, v 2.0 or better, comes to mind.
Grepping
through my access log for today I see over 65,000 1.0
requests. 98% of
those are to name-based virtual hosts (which is almost all
i run
anymore), and they all worked.
jon
Good to know. Finally someone takes the time to correct me
and not just
call me a whiner.
So, does anyone know a reliable source that keeps track of
stats on
browsers? If it isn't 50% that won't get to the web site,
is it
10%? 5%? .0001%?
Thanks.
Mury
GoldenGate Internet Services
Ted Pavlic
2000-09-15 13:24:17 UTC
Permalink
Unknown browsers might be spiders or other similar tools as well.

----- Original Message -----
From: "Mury" <***@goldengate.net>
To: "PSchroebel" <***@erols.com>
Cc: "Jon Rust" <***@vcnet.com>; "Alec H. Peterson"
<***@hilander.com>; "Matt Bailey" <***@journey.net>;
<arin-***@arin.net>; <***@arin.net>
Sent: Tuesday, September 12, 2000 3:17 PM
Subject: Re: guideline for name-based web hosting justification
Post by Mury
Was there no "Unknown" browsers? My logging and analysis tools have a
very high percentage that come back as "Unknown," which I'm inclined to
beleive are older browsers.
Mury
Tracking browsers....
Yes we did and we were amazed with the results.
In fact we still dont believe them....
Where is Netscape?...this is a sampling too!!
Mozilla/4.0 (compatible; MSIE 5.0; AOL 5.0; Windows 98;
DigExt) 16605 (26.2%) 176388k (34.0%)
Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 4.0) 4288
(6.8%) 8060k (1.6%)
Mozilla/4.0 (compatible; MSIE 5.0; AOL 5.0; Windows 95;
DigExt) 3675 (5.8%) 38714k (7.5%)
Mozilla/4.0 (compatible; MSIE 5.0; Windows NT; DigExt) 3477
(5.5%) 11312k (2.2%)
Mozilla/4.0 (compatible; MSIE 5.0; Windows 98; DigExt) 2500
(3.9%) 13682k (2.6%)
Mozilla/4.0 (compatible; MSIE 5.01; AOL 5.0; Windows 98)
2051 (3.2%) 21238k (4.1%)
Mozilla/4.0 (compatible; MSIE 5.0; AOL 4.0; Windows 98;
DigExt) 1906 (3.0%) 19527k (3.8%)
Mozilla/4.0 (compatible; MSIE 5.0; MSN 2.5; AOL 5.0; Windows
98; DigExt) 1282 (2.0%) 13459k (2.6%)
Mozilla/4.0 (compatible; MSIE 4.01; Windows 95) 1146 (1.8%)
6325k (1.2%)
Mozilla/4.0 (compatible; MSIE 4.01; Windows NT) 1009 (1.6%)
5864k (1.1%)
Mozilla/4.0 (compatible; MSIE 5.5; AOL 5.0; Windows 98) 870
(1.4%) 9029k (1.7%)
Mozilla/4.0 (compatible; MSIE 5.0; Windows 95; DigExt) 784
(1.2%) 4484k (0.9%)
Mozilla/4.0 (compatible; MSIE 4.01; AOL 4.0; Windows 98)
778 (1.2%) 7224k (1.4%)
Mozilla/4.0 (compatible; MSIE 5.0; Mac_PowerPC) 766 (1.2%)
1076k (0.2%)
Mozilla/4.0 (compatible; MSIE 5.0; AOL 5.0; Windows 98;
Compaq; DigExt) 630 (1.0%) 8262k (1.6%)
Mozilla/4.0 (compatible; MSIE 5.01; Windows 98) 618 (1.0%)
3459k (0.7%)
Mozilla/4.0 (compatible; MSIE 5.5; Windows 98) 586 (0.9%)
3224k (0.6%)
Mozilla/4.0 (compatible; MSIE 4.01; Windows 98) 548 (0.9%)
2893k (0.6%)
Mozilla/4.0 (compatible; MSIE 5.01; Windows NT) 534 (0.8%)
3060k (0.6%)
Mozilla/4.0 (compatible; MSIE 4.01; AOL 4.0; Windows 95)
486 (0.8%) 5205k (1.0%)
Sincerely,
Peter Schroebel
----- Original Message -----
Sent: Tuesday, September 12, 2000 1:02 PM
Subject: Re: guideline for name-based web hosting
justification
You're bending the truth here, quite a bit actually. The
HTTP 1.0 proto
may not support the Host: header, but browsers that are
using HTTP 1.0
may very well support he Host: header. Oh, i don't know, a
smallish
browser called Netscape, v 2.0 or better, comes to mind.
Grepping
through my access log for today I see over 65,000 1.0
requests. 98% of
those are to name-based virtual hosts (which is almost all
i run
anymore), and they all worked.
jon
Good to know. Finally someone takes the time to correct me
and not just
call me a whiner.
So, does anyone know a reliable source that keeps track of
stats on
browsers? If it isn't 50% that won't get to the web site,
is it
10%? 5%? .0001%?
Thanks.
Mury
GoldenGate Internet Services
Mury
2000-09-12 20:59:23 UTC
Permalink
Post by Alec H. Peterson
Post by Mury
1) Reclaiming unused IP space to hold us out a little longer
That's already being done, but there's a big problem. ARIN doesn't have
authority over the major offenders (legacy /8s and /16s). The AC has had
long, involved discussions about how is best to do this, and we're working
on it. For example, our first goal is to re-claim address space of
companies that have gone out of business. If you have some ideas on how we
can do this we'd _love_ to hear them.
I'm not sure where ARIN gets it's authority. Maybe the father of the
Internet wants to save his creation and support a law giving ARIN the
authority. Seriously, where does ARIN receive it's authority from? Why
hasn't it been given the authority to reclaim unused space from legacy
allocations?

Maybe ARIN would like to clearly publish a list of those offenders and
send them a nice letter asking them to comply with current allocation
policies. If they don't want to cooperate, I suppose we could call the
media and/or Null route their IPs until they want to play by the same
rules we all need to.
Post by Alec H. Peterson
Post by Mury
2) Push a plan to get better client server technology out there, and once
it is out there get people using it. As an rotten example, but feeling
one is needed, what if the top 10 most popular sites had a message pop up
that informed people if they were using an old browser and encouraged them
to upgrade.
Yuck!
I mean, it's an idea, but I see where you're going...
Actually from the recent contributions to the list it appears as though
the HTTP/1.0 issues are far less a problem than I first perceived. I
would however like to see some real statistics.
Post by Alec H. Peterson
Post by Mury
I'm not bitching just to bitch. I'm looking out for my ecommerce
customers. 90% of my revenue comes from businesses. If I don't watch out
for their bottom line, they sure the hell aren't going to look out for
mine. If I switch them to a name-based system, before the world is ready
for it and they lose hits do to software incompatibilites, or don't notice
that their traffic died, or they can't see how effective a commercial was
by using real-time accounting stats, or one of my customers gets DOSed and
I can't control the traffic at my core routers or at my upstream so I have
to take everyone down because they all share an IP, they are going to host
with someone who cheats the system and gets them an IP.
Those are legitimate gripes.
Can we come up with reasonable solutions to them?
Well, what is the realistic possibility of making that "policy" a
"guideline?" Give ISPs 6 months to essentially self-comply. If web
hosting IP usage drops a significant percentage, then we declare a
success.

If usage does not drop, have a policy ready with more details. What
exactly constitutes an exception? Obviously secure servers are an
exception, but what about bandwidth based accounting, or high bandwidth
sites (and if so, where is the line drawn?)

I realize I might be living in a dream world thinking most ISPs will
rapidly change if not forced to, but it's not an impossible task to
convince them either. It's actually easy to configure multiple sites to
one IP than to multiple IPs.

I really don't know. I'd personally rather spend my time and money trying
to get back massive chunks of unused IPs from those knowingly or
unknowingly abusing them, and wait for technologies to mature a little
more before cracking down on web hosting IPs.
Post by Alec H. Peterson
No, you aren't the only one, but at the same time, there were a huge number
of people at the last ARIN meeting who were in support of this policy,
however most of them have been silent through most of this (perhaps because
they feel they already made their feelings known at the last meeting).
And as far as being labled a trouble-maker, I know plenty of people who have
been far more vocal about ARIN policy than you and have had no problem
getting address space. Please don't spread the mis-conception that ARIN is
anything other than an objective organization. It isn't true and it makes
everyone's life much more difficult in getting support for the organization.
Oh, if I thought that were true, I wouldn't be writing this or previous
emails. I obviously don't think ARIN is going to treat my allocations
differently than the next person. I'm just guessing as to why others
emailed only me and not the group.
Post by Alec H. Peterson
Post by Mury
1) Address the HTTP/1.0 issues in an acceptable clean fashion
See other discussions; the issue of legacy browsers IMO is a red herring.
It exists, but it's really small.
Is sure seems that way. I'd still like to see *real* statistics.
Post by Alec H. Peterson
Post by Mury
2) Do real time web accounting. Remember we buy bandwidth by the Mbit, so
we need to sell it by the Mbit
Doing bandwidth (as opposed to bytes transfered per period of time) billing
is tough, although it sounds like more and more vendors are starting to sell
equipment that handles this.
Post by Mury
3) Provide controls against DOS attacks. No we don't host porn sites
But those are the money-makers! :-)
Seriously, I understand the DOS issue all too well, and it does need to be
addressed. Not sure how to at this point, except to say that this policy is
really targeted towards the bottom-of-the-line web hosting accounts. If you
have a customer who has a lot of traffic, pays you a lot of money and can't
afford to be off the air then it makes perfect sense to have him on a
dedicated IP (I think at least).
Well, that doesn't totally work. Because if someone on the main IP gets
attacked I have to shut all sites down on that IP, so it's not just a
matter of keeping my one big customer up, it's a matter of keeping 1000
sites up that only pay $50/month but adds up to $50,000.00/month in
total. When everyone has their own IP, you can simply Null route their IP
if trouble starts.

In all fairness, I only have to do this a handful of times per year, but
the times I have it has probably saved me hours if not days of down time.
There is no way to predict if www.photos.com, www.ilikeredmeat.com,
www.gotochurch.com is going to be the one that gets attacked.

This issue is not a massive one.
Post by Alec H. Peterson
Post by Mury
4) Provide secure server certificates
That qualifies as an exception.
Post by Mury
5) Provide database support from server to server. I'm not a programmer
any more so I don't know how big an issue it is, but my programmer told me
it would be a mess
Not sure exactly what you're trying to do with server to server DB support
(more to the point why it would be a problem).
If your backend hosting databases reside on different computers than your
hosting does, you probably are going to have issues with name based
hosting. However, I am far enough out of this arena personally to be able
to explain why.

Once again this is a relatively small issue, at least for us. Most of our
databases do reside on the hosting server.
Post by Alec H. Peterson
Post by Mury
Actually I think the policy would make a wonderful "Guideline". It
shouldn't affect IP allocation, but it should be encouraged at this time.
That's actually been proposed on another list, although I'm really not sure
if that would affect what people do. Anybody else have thoughts?
Post by Mury
As someone pointed out. Apparently HTTP/1.0 can support name based
hosting. I was unaware of this.
And if that truely is the case, I would like to see some numbers. I would
have guessed ARIN would know this before instituting a policy. Perhaps
they would like to share.
The numbers we got came from our members. I believe Gene had some extensive
data.
Gene, do you want to share that data with the list?
Post by Alec H. Peterson
Post by Mury
Alec, I understand your and ARIN's points. However if a "policy" is going
to be created and enforced I think we some of these issues need to be
better addressed and defined so legit ISPs don't have to wait over a
month to get new IP space and go through a process of defending web
hosting IP space.
Which is why we really need more participation. Fortunately this policy
change has brought more of it forward, but as I said above we need a better
way to tally opinions in a fair manner...
Someone sent me an email suggesting a poll on your web site using handles
as an ID so only members could vote, and they could only vote once.

As a side note, from the lack of participation in this list it appears
that either:

1) Not many ISPs are subscribed to this list
2) They aren't receiving the messages
3) They are too busy to care, or
4) I'm one of only about 10-20 people that feel strongly about this policy

Whatever the case is, I have a business to run, and I've said my
peace. I can't stick up for the rest of them.

For all the reasons I've stated I think this policy is both too undefined
in that it lacks the explanations of exceptions (currently it looks like
exceptions would be left up to the discretion of the individual staff
person working on the account), and that it is premature.

For the record, I tried to participate.

Mury
GoldenGate Internet Services
d***@netrail.net
2000-09-13 03:12:57 UTC
Permalink
Oh come on. ARIN has not actual legal authority of any kind. It operates
across national borders, and is subject to no laws regulating it's powers.
It's only true ability is to convince providers to route only those
addresses it assigns. Given this, it has all the authority it needs to
retrieve unused blocks.


Daniel Golding
Director of R&D "I'm not evil. I'm just drawn that way"
NetRail, Inc.
1-888-NetRail
Post by Mury
Post by Alec H. Peterson
Post by Mury
1) Reclaiming unused IP space to hold us out a little longer
That's already being done, but there's a big problem. ARIN doesn't have
authority over the major offenders (legacy /8s and /16s). The AC has had
long, involved discussions about how is best to do this, and we're working
on it. For example, our first goal is to re-claim address space of
companies that have gone out of business. If you have some ideas on how we
can do this we'd _love_ to hear them.
I'm not sure where ARIN gets it's authority. Maybe the father of the
Internet wants to save his creation and support a law giving ARIN the
authority. Seriously, where does ARIN receive it's authority from? Why
hasn't it been given the authority to reclaim unused space from legacy
allocations?
Maybe ARIN would like to clearly publish a list of those offenders and
send them a nice letter asking them to comply with current allocation
policies. If they don't want to cooperate, I suppose we could call the
media and/or Null route their IPs until they want to play by the same
rules we all need to.
Post by Alec H. Peterson
Post by Mury
2) Push a plan to get better client server technology out there, and once
it is out there get people using it. As an rotten example, but feeling
one is needed, what if the top 10 most popular sites had a message pop up
that informed people if they were using an old browser and encouraged them
to upgrade.
Yuck!
I mean, it's an idea, but I see where you're going...
Actually from the recent contributions to the list it appears as though
the HTTP/1.0 issues are far less a problem than I first perceived. I
would however like to see some real statistics.
Post by Alec H. Peterson
Post by Mury
I'm not bitching just to bitch. I'm looking out for my ecommerce
customers. 90% of my revenue comes from businesses. If I don't watch out
for their bottom line, they sure the hell aren't going to look out for
mine. If I switch them to a name-based system, before the world is ready
for it and they lose hits do to software incompatibilites, or don't notice
that their traffic died, or they can't see how effective a commercial was
by using real-time accounting stats, or one of my customers gets DOSed and
I can't control the traffic at my core routers or at my upstream so I have
to take everyone down because they all share an IP, they are going to host
with someone who cheats the system and gets them an IP.
Those are legitimate gripes.
Can we come up with reasonable solutions to them?
Well, what is the realistic possibility of making that "policy" a
"guideline?" Give ISPs 6 months to essentially self-comply. If web
hosting IP usage drops a significant percentage, then we declare a
success.
If usage does not drop, have a policy ready with more details. What
exactly constitutes an exception? Obviously secure servers are an
exception, but what about bandwidth based accounting, or high bandwidth
sites (and if so, where is the line drawn?)
I realize I might be living in a dream world thinking most ISPs will
rapidly change if not forced to, but it's not an impossible task to
convince them either. It's actually easy to configure multiple sites to
one IP than to multiple IPs.
I really don't know. I'd personally rather spend my time and money trying
to get back massive chunks of unused IPs from those knowingly or
unknowingly abusing them, and wait for technologies to mature a little
more before cracking down on web hosting IPs.
Post by Alec H. Peterson
No, you aren't the only one, but at the same time, there were a huge number
of people at the last ARIN meeting who were in support of this policy,
however most of them have been silent through most of this (perhaps because
they feel they already made their feelings known at the last meeting).
And as far as being labled a trouble-maker, I know plenty of people who have
been far more vocal about ARIN policy than you and have had no problem
getting address space. Please don't spread the mis-conception that ARIN is
anything other than an objective organization. It isn't true and it makes
everyone's life much more difficult in getting support for the organization.
Oh, if I thought that were true, I wouldn't be writing this or previous
emails. I obviously don't think ARIN is going to treat my allocations
differently than the next person. I'm just guessing as to why others
emailed only me and not the group.
Post by Alec H. Peterson
Post by Mury
1) Address the HTTP/1.0 issues in an acceptable clean fashion
See other discussions; the issue of legacy browsers IMO is a red herring.
It exists, but it's really small.
Is sure seems that way. I'd still like to see *real* statistics.
Post by Alec H. Peterson
Post by Mury
2) Do real time web accounting. Remember we buy bandwidth by the Mbit, so
we need to sell it by the Mbit
Doing bandwidth (as opposed to bytes transfered per period of time) billing
is tough, although it sounds like more and more vendors are starting to sell
equipment that handles this.
Post by Mury
3) Provide controls against DOS attacks. No we don't host porn sites
But those are the money-makers! :-)
Seriously, I understand the DOS issue all too well, and it does need to be
addressed. Not sure how to at this point, except to say that this policy is
really targeted towards the bottom-of-the-line web hosting accounts. If you
have a customer who has a lot of traffic, pays you a lot of money and can't
afford to be off the air then it makes perfect sense to have him on a
dedicated IP (I think at least).
Well, that doesn't totally work. Because if someone on the main IP gets
attacked I have to shut all sites down on that IP, so it's not just a
matter of keeping my one big customer up, it's a matter of keeping 1000
sites up that only pay $50/month but adds up to $50,000.00/month in
total. When everyone has their own IP, you can simply Null route their IP
if trouble starts.
In all fairness, I only have to do this a handful of times per year, but
the times I have it has probably saved me hours if not days of down time.
There is no way to predict if www.photos.com, www.ilikeredmeat.com,
www.gotochurch.com is going to be the one that gets attacked.
This issue is not a massive one.
Post by Alec H. Peterson
Post by Mury
4) Provide secure server certificates
That qualifies as an exception.
Post by Mury
5) Provide database support from server to server. I'm not a programmer
any more so I don't know how big an issue it is, but my programmer told me
it would be a mess
Not sure exactly what you're trying to do with server to server DB support
(more to the point why it would be a problem).
If your backend hosting databases reside on different computers than your
hosting does, you probably are going to have issues with name based
hosting. However, I am far enough out of this arena personally to be able
to explain why.
Once again this is a relatively small issue, at least for us. Most of our
databases do reside on the hosting server.
Post by Alec H. Peterson
Post by Mury
Actually I think the policy would make a wonderful "Guideline". It
shouldn't affect IP allocation, but it should be encouraged at this time.
That's actually been proposed on another list, although I'm really not sure
if that would affect what people do. Anybody else have thoughts?
Post by Mury
As someone pointed out. Apparently HTTP/1.0 can support name based
hosting. I was unaware of this.
And if that truely is the case, I would like to see some numbers. I would
have guessed ARIN would know this before instituting a policy. Perhaps
they would like to share.
The numbers we got came from our members. I believe Gene had some extensive
data.
Gene, do you want to share that data with the list?
Post by Alec H. Peterson
Post by Mury
Alec, I understand your and ARIN's points. However if a "policy" is going
to be created and enforced I think we some of these issues need to be
better addressed and defined so legit ISPs don't have to wait over a
month to get new IP space and go through a process of defending web
hosting IP space.
Which is why we really need more participation. Fortunately this policy
change has brought more of it forward, but as I said above we need a better
way to tally opinions in a fair manner...
Someone sent me an email suggesting a poll on your web site using handles
as an ID so only members could vote, and they could only vote once.
As a side note, from the lack of participation in this list it appears
1) Not many ISPs are subscribed to this list
2) They aren't receiving the messages
3) They are too busy to care, or
4) I'm one of only about 10-20 people that feel strongly about this policy
Whatever the case is, I have a business to run, and I've said my
peace. I can't stick up for the rest of them.
For all the reasons I've stated I think this policy is both too undefined
in that it lacks the explanations of exceptions (currently it looks like
exceptions would be left up to the discretion of the individual staff
person working on the account), and that it is premature.
For the record, I tried to participate.
Mury
GoldenGate Internet Services
Mury
2000-09-13 05:20:29 UTC
Permalink
That's what I was subtly getting at.
Post by d***@netrail.net
Oh come on. ARIN has not actual legal authority of any kind. It operates
across national borders, and is subject to no laws regulating it's powers.
It's only true ability is to convince providers to route only those
addresses it assigns. Given this, it has all the authority it needs to
retrieve unused blocks.
Daniel Golding
Director of R&D "I'm not evil. I'm just drawn that way"
NetRail, Inc.
1-888-NetRail
Post by Mury
Post by Alec H. Peterson
Post by Mury
1) Reclaiming unused IP space to hold us out a little longer
That's already being done, but there's a big problem. ARIN doesn't have
authority over the major offenders (legacy /8s and /16s). The AC has had
long, involved discussions about how is best to do this, and we're working
on it. For example, our first goal is to re-claim address space of
companies that have gone out of business. If you have some ideas on how we
can do this we'd _love_ to hear them.
I'm not sure where ARIN gets it's authority. Maybe the father of the
Internet wants to save his creation and support a law giving ARIN the
authority. Seriously, where does ARIN receive it's authority from? Why
hasn't it been given the authority to reclaim unused space from legacy
allocations?
Maybe ARIN would like to clearly publish a list of those offenders and
send them a nice letter asking them to comply with current allocation
policies. If they don't want to cooperate, I suppose we could call the
media and/or Null route their IPs until they want to play by the same
rules we all need to.
Post by Alec H. Peterson
Post by Mury
2) Push a plan to get better client server technology out there, and once
it is out there get people using it. As an rotten example, but feeling
one is needed, what if the top 10 most popular sites had a message pop up
that informed people if they were using an old browser and encouraged them
to upgrade.
Yuck!
I mean, it's an idea, but I see where you're going...
Actually from the recent contributions to the list it appears as though
the HTTP/1.0 issues are far less a problem than I first perceived. I
would however like to see some real statistics.
Post by Alec H. Peterson
Post by Mury
I'm not bitching just to bitch. I'm looking out for my ecommerce
customers. 90% of my revenue comes from businesses. If I don't watch out
for their bottom line, they sure the hell aren't going to look out for
mine. If I switch them to a name-based system, before the world is ready
for it and they lose hits do to software incompatibilites, or don't notice
that their traffic died, or they can't see how effective a commercial was
by using real-time accounting stats, or one of my customers gets DOSed and
I can't control the traffic at my core routers or at my upstream so I have
to take everyone down because they all share an IP, they are going to host
with someone who cheats the system and gets them an IP.
Those are legitimate gripes.
Can we come up with reasonable solutions to them?
Well, what is the realistic possibility of making that "policy" a
"guideline?" Give ISPs 6 months to essentially self-comply. If web
hosting IP usage drops a significant percentage, then we declare a
success.
If usage does not drop, have a policy ready with more details. What
exactly constitutes an exception? Obviously secure servers are an
exception, but what about bandwidth based accounting, or high bandwidth
sites (and if so, where is the line drawn?)
I realize I might be living in a dream world thinking most ISPs will
rapidly change if not forced to, but it's not an impossible task to
convince them either. It's actually easy to configure multiple sites to
one IP than to multiple IPs.
I really don't know. I'd personally rather spend my time and money trying
to get back massive chunks of unused IPs from those knowingly or
unknowingly abusing them, and wait for technologies to mature a little
more before cracking down on web hosting IPs.
Post by Alec H. Peterson
No, you aren't the only one, but at the same time, there were a huge number
of people at the last ARIN meeting who were in support of this policy,
however most of them have been silent through most of this (perhaps because
they feel they already made their feelings known at the last meeting).
And as far as being labled a trouble-maker, I know plenty of people who have
been far more vocal about ARIN policy than you and have had no problem
getting address space. Please don't spread the mis-conception that ARIN is
anything other than an objective organization. It isn't true and it makes
everyone's life much more difficult in getting support for the organization.
Oh, if I thought that were true, I wouldn't be writing this or previous
emails. I obviously don't think ARIN is going to treat my allocations
differently than the next person. I'm just guessing as to why others
emailed only me and not the group.
Post by Alec H. Peterson
Post by Mury
1) Address the HTTP/1.0 issues in an acceptable clean fashion
See other discussions; the issue of legacy browsers IMO is a red herring.
It exists, but it's really small.
Is sure seems that way. I'd still like to see *real* statistics.
Post by Alec H. Peterson
Post by Mury
2) Do real time web accounting. Remember we buy bandwidth by the Mbit, so
we need to sell it by the Mbit
Doing bandwidth (as opposed to bytes transfered per period of time) billing
is tough, although it sounds like more and more vendors are starting to sell
equipment that handles this.
Post by Mury
3) Provide controls against DOS attacks. No we don't host porn sites
But those are the money-makers! :-)
Seriously, I understand the DOS issue all too well, and it does need to be
addressed. Not sure how to at this point, except to say that this policy is
really targeted towards the bottom-of-the-line web hosting accounts. If you
have a customer who has a lot of traffic, pays you a lot of money and can't
afford to be off the air then it makes perfect sense to have him on a
dedicated IP (I think at least).
Well, that doesn't totally work. Because if someone on the main IP gets
attacked I have to shut all sites down on that IP, so it's not just a
matter of keeping my one big customer up, it's a matter of keeping 1000
sites up that only pay $50/month but adds up to $50,000.00/month in
total. When everyone has their own IP, you can simply Null route their IP
if trouble starts.
In all fairness, I only have to do this a handful of times per year, but
the times I have it has probably saved me hours if not days of down time.
There is no way to predict if www.photos.com, www.ilikeredmeat.com,
www.gotochurch.com is going to be the one that gets attacked.
This issue is not a massive one.
Post by Alec H. Peterson
Post by Mury
4) Provide secure server certificates
That qualifies as an exception.
Post by Mury
5) Provide database support from server to server. I'm not a programmer
any more so I don't know how big an issue it is, but my programmer told me
it would be a mess
Not sure exactly what you're trying to do with server to server DB support
(more to the point why it would be a problem).
If your backend hosting databases reside on different computers than your
hosting does, you probably are going to have issues with name based
hosting. However, I am far enough out of this arena personally to be able
to explain why.
Once again this is a relatively small issue, at least for us. Most of our
databases do reside on the hosting server.
Post by Alec H. Peterson
Post by Mury
Actually I think the policy would make a wonderful "Guideline". It
shouldn't affect IP allocation, but it should be encouraged at this time.
That's actually been proposed on another list, although I'm really not sure
if that would affect what people do. Anybody else have thoughts?
Post by Mury
As someone pointed out. Apparently HTTP/1.0 can support name based
hosting. I was unaware of this.
And if that truely is the case, I would like to see some numbers. I would
have guessed ARIN would know this before instituting a policy. Perhaps
they would like to share.
The numbers we got came from our members. I believe Gene had some extensive
data.
Gene, do you want to share that data with the list?
Post by Alec H. Peterson
Post by Mury
Alec, I understand your and ARIN's points. However if a "policy" is going
to be created and enforced I think we some of these issues need to be
better addressed and defined so legit ISPs don't have to wait over a
month to get new IP space and go through a process of defending web
hosting IP space.
Which is why we really need more participation. Fortunately this policy
change has brought more of it forward, but as I said above we need a better
way to tally opinions in a fair manner...
Someone sent me an email suggesting a poll on your web site using handles
as an ID so only members could vote, and they could only vote once.
As a side note, from the lack of participation in this list it appears
1) Not many ISPs are subscribed to this list
2) They aren't receiving the messages
3) They are too busy to care, or
4) I'm one of only about 10-20 people that feel strongly about this policy
Whatever the case is, I have a business to run, and I've said my
peace. I can't stick up for the rest of them.
For all the reasons I've stated I think this policy is both too undefined
in that it lacks the explanations of exceptions (currently it looks like
exceptions would be left up to the discretion of the individual staff
person working on the account), and that it is premature.
For the record, I tried to participate.
Mury
GoldenGate Internet Services
Shane Kerr
2000-09-13 08:59:40 UTC
Permalink
For those of us that do accounting via IP how do you expect us to us Name
Based Virtuals? Until there is a method for accounting all traffic to a
domain name without using IP I see this as totally unreasonable. We base all
of our security filters and traffic filters on a customers IP assigned to
them. We also have hardware that can not support name based virtuals and
thus has a NIC card for each site? Explain IN DETAIL the method used to
account for these in our requests.
How about parsing access logs?
Doesn't work if you are billing for bandwidth...
I hate to stick my neck out here, and I recognise that the technology
doesn't really exist, but creating an Apache mod to record the number
of bits sent to/from a given virtual domain should be straightforward.
Perhaps ARIN could fund the appropriate work at Apache for this (IIRC
ARIN has plenty of money for this kind of work right now). I can't
imagine it would cost in excess of $100k, and might help everybody
concerned.

It could even produce output that looks like MRTG. :)

Shane
Stacey D. Son
2000-09-13 13:44:12 UTC
Permalink
Post by Shane Kerr
I hate to stick my neck out here, and I recognise that the technology
doesn't really exist, but creating an Apache mod to record the number
of bits sent to/from a given virtual domain should be straightforward.
Perhaps ARIN could fund the appropriate work at Apache for this (IIRC
ARIN has plenty of money for this kind of work right now). I can't
imagine it would cost in excess of $100k, and might help everybody
concerned.
It could even produce output that looks like MRTG. :)
Shane
Please note that other protocols would need to be considered as well
(e.g. FTP, IMAP/POP, SMTP, streaming, chat, etc.). In short, HTTP is
only one of many protocols used by web hosters that require usage
accounting.

-stacey.
Shane Kerr
2000-09-13 14:02:46 UTC
Permalink
Post by Stacey D. Son
Post by Shane Kerr
I hate to stick my neck out here, and I recognise that the technology
doesn't really exist, but creating an Apache mod to record the number
of bits sent to/from a given virtual domain should be straightforward.
Perhaps ARIN could fund the appropriate work at Apache for this (IIRC
ARIN has plenty of money for this kind of work right now). I can't
imagine it would cost in excess of $100k, and might help everybody
concerned.
It could even produce output that looks like MRTG. :)
Please note that other protocols would need to be considered as well
(e.g. FTP, IMAP/POP, SMTP, streaming, chat, etc.). In short, HTTP is
only one of many protocols used by web hosters that require usage
accounting.
However, FTP, IMAP, and POP do not currently support virtual hosts
(there may be extensions to these, but I don't think there are any
standards).

Perhaps you are correct, however, and a more general approach would be
helpful. Something to consider when/if deciding scope and requirements.

Shane
Greg Rumple
2000-09-13 15:15:44 UTC
Permalink
Post by Shane Kerr
Post by Stacey D. Son
Post by Shane Kerr
I hate to stick my neck out here, and I recognise that the technology
doesn't really exist, but creating an Apache mod to record the number
of bits sent to/from a given virtual domain should be straightforward.
Perhaps ARIN could fund the appropriate work at Apache for this (IIRC
ARIN has plenty of money for this kind of work right now). I can't
imagine it would cost in excess of $100k, and might help everybody
concerned.
It could even produce output that looks like MRTG. :)
Please note that other protocols would need to be considered as well
(e.g. FTP, IMAP/POP, SMTP, streaming, chat, etc.). In short, HTTP is
only one of many protocols used by web hosters that require usage
accounting.
However, FTP, IMAP, and POP do not currently support virtual hosts
(there may be extensions to these, but I don't think there are any
standards).
Yup, and this is what will allow the BIGGER more established Web Hosters
such as Verio Web Hosting (ex-Hiway (yeah I worked there)) to continue
to gobble up space, and provide their users with IP based hosting. I
have no clue what Verio's policys are on that now (as I haven't been
there in two years), but a whole lot of the product offering was IP
based (POP, SMTP relay, FTP, SSL, RealPlayer, etc..), and there is no
immediate obvious answer on how to do this on a shared IP efficiently
(the POP and SMTP stuff could be worked out, but not FTP, nor SSL). Now
everyone realizes that not everyone requires SSL, but let's look at it
from a large provider's standpoint. If a customer reachs the point that
he needs SSL, and now you have to change his IP from a shared IP to a
non-shared IP (most likely different machines), there is a transition
time and cost involved (to do it smoothly), and this is why bigger
providers already give them a non-shared IP. It removes the cost and
transition time (as well as allows them to bundle all the value add
services that they do).

Just my $0.02 on the matter...

Greg
--
Greg Rumple
***@zaphon.llamas.net
Hyunseog Ryu
2000-09-13 14:38:46 UTC
Permalink
Hi, everybody

For this ARIN's policy, it's very vague procedure for ISP, and clear action
for ARIN.
It's not fair!
For ISP, we need to assign IP address to customer right now, and ARIN will
consider this justification at next IP allocation
for exception warranty that it can not be guaranteed.
In this case, I think ARIN need to make clear guideline for this.
What is acceptable justification for web hosting?
Thousand of webhosting to one IP address?
And ARIN need to make clear guideline for Web hosting IP assignment for
everybody to understand how it can be treated.
We don't want to jeopardize our futuer IP allocation because of vague
procedure for this.
It will consume more time for justification, and at last we need to accept
ARIN's unclear justification result because we need
IP address right away.
ARIN need to list acceptable exception list for this case, and give us
standard ratio that we can use for customer justification.
For example, 5 virtual domain for 1 IP address, or something like this.
If ARIN doesn't give us clear procedure or guideline for this, maybe people
will use some kind of tricky solution, and
we need to follow their movement because we don't want to loose our
business, and we need IP address for other customer.
Maybe people buy low end PC - like P75 or P100 - , put ethernet card in
those low-end PC, and run each web hosting in those
low-end PCs that they feel they need static IP address.
ARIN like slow-start procedure for IP allocation.
Why aren't they apply slow-start to this policy?
At least, this will be big movement of IP assignment and hosting service
provider.
I think ARIN need to give some kind of introductory period for this policy,
and need to apply some kind of loose procedure for this.
Something like this.
Apply 2 virtual hosting to 1 IP address for 6 month, and apply 4 virtual
hosting to 1 IP address.
In this case, hosting provider will have some room for applying virtual
hosting based name-based web hosting, and
they will have some time for testing new environment.
Nobody can change Internet environment suddenly.
At least we need some time to adjust this new concept to real world.
Basically I agree with basic idea of this new policy.
Just I don't like the way ARIN enforce this to ISP or real world.




Hyun





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Hyunseog Ryu / CCDA, MCSE
Network Engineer/Applications Engineering
Norlight Telecommunications, Inc.
The Guardians of Data
275 North Corporate Drive
Brookfield, WI 53045-5818
Tel. +1.262.792.7965
Fax. +1.262.792.7733
Mury
2000-09-13 19:01:21 UTC
Permalink
I think you didn't read my whole message...
You are in error.
Looks like he didn't communicate his message well, or you didn't take the
time to read it well.
So...we should create dynamic addressing for virtual hosting?
No, due to HTTP design that would be unworkable. Browsers would cache,
without using proper DNS caching semantics, ip addresses associated with
domain names wether or not that address is still 'in use' by the same
vhost.
And besides, it would be far too complex, meaning it would introduce
instability.
That's exactly his point, don't they use sarcasm in your part of the
world?

Since it looks like it has to be spelled out. He was making the point
that you can't compare requiring dialup providers to use dynamic IPs to
this policy of requiring hosting companies to do named based hosting. It
is not comparing apples to apples. Using dynamic IPs for dialup users had
very very little downside. It is a very legitimate, aggreable way to
conserve IP space. And most of us readily used dynamic IPs for our dialup
customers. Hell, I'm sure for most of us it was technologically possible
before we even started our businesses.

Named based hosting is not even close a being a similar situation.

It's just plain stupid to go around spouting that name based hosting is as
easy to accomplish (full scale) as it is to give a dialup user a dynamic
IP or have lots of your users use NAT.

Mury
GoldenGate Internet Services
Ted Pavlic
2000-09-14 04:27:29 UTC
Permalink
Post by Mury
Since it looks like it has to be spelled out. He was making the point
that you can't compare requiring dialup providers to use dynamic IPs to
this policy of requiring hosting companies to do named based hosting. It
is not comparing apples to apples. Using dynamic IPs for dialup users had
very very little downside. It is a very legitimate, aggreable way to
conserve IP space. And most of us readily used dynamic IPs for our dialup
customers. Hell, I'm sure for most of us it was technologically possible
before we even started our businesses.
Named based hosting is not even close a being a similar situation.
Just a note -- the technology needed to implement a completely name-based
web just does not exist yet.

The dynamic IP policy was implemented AFTER **ALL** of that technology
existed.

In ARIN's recent policy changes, they reference IETF drafts as possible
name-based solutions to web providers... Every IETF draft has this paragraph
in it:

Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference mate-
rial or to cite them other than as ``work in progress.''

It is just *NOT* appropriate to reference any technology mentioned in an
IETF draft.

The fact is the Internet just IS NOT ready for name-based hosting.

Another example of name-based RESISTANT technology which causes problems for
web hosting providers are the Microsoft FrontPage Server Extensions, a
necessity for some webhosting clients.

It is just clear that the proper research wasn't done before the policy
changes. These changes could have been proposed for some form of vote...

These sort of changes cause major factions to form on the Internet... things
become political.... It seems like ARIN has decided to regulate an interest
which is hardly as much of a threat to IP allocations as other interests as
if ARIN has been influenced by deep-pocket ISPs. That just isn't right.
Post by Mury
It's just plain stupid to go around spouting that name based hosting is as
easy to accomplish (full scale) as it is to give a dialup user a dynamic
IP or have lots of your users use NAT.
I really see no downside to using NAT. Some might argue that it will cause
problems with Internet gamers and such... but there are plenty of NAT
algorithms which allow for the NATting of various different gaming
protocols, just as there are plenty of NAT algorithms which allow for FTP to
be NATted without any trouble (both passive and port)... All of these
technologies *EXIST* currently, which is the big thing.

And if NAT isn't good enough for a couple of users, then have them get a
one-to-one NAT from their ISP specifically for them.

As someone pointed out in ARIN policy, @Home, one of the biggest cable
providers, has over 2.3 MILLION IP addresses. Verio, one of the biggest web
providers, has only about 500 THOUSAND IP addresses. Even if @Home were to
get rid of HALF of its IP addresses, that'd be a LOT more than Verio could
do if it got rid of all of its IP addresses.

I just don't think that non-webhosters have thought the whole thing through.

All the best --
Ted Pavlic
Systems Engineer
NetWalk Communications
CallTech Communications, LLC
CPT Communications, Inc.
***@netwalk.com
Mury
2000-09-13 20:04:42 UTC
Permalink
Post by Mury
It's just plain stupid to go around spouting that name based hosting is as
easy to accomplish (full scale) as it is to give a dialup user a dynamic
IP or have lots of your users use NAT.
I have to admit, that the metaphor does hold in my view if you are speaking
in terms of difficulty. The only difference in difficulty I see is in
introducing billing mechanisms that are obviously vacant in the case of
dial access systems.
What about all the other issues people have raised? QOS, black-holed IPs,
HTTP/1.0 (which seems to be minimal, but from more digging on my own it
could be as high as 5%), real-time web performance monitoring, SSL
(supposedly and exemption, but not stated any where, and from some posts,
not being taken seriously), databases that communicate by IP address
(don't ask me), etc.

BTW, billing mechanisms are not obviously vacant in dial access
systems. Dial access is loaded with different forms of monitoring and
billing.

Mury
Jan Bacher
2000-09-13 20:47:13 UTC
Permalink
Post by Mury
What about all the other issues people have raised? QOS, black-holed IPs,
HTTP/1.0 (which seems to be minimal, but from more digging on my own it
could be as high as 5%), real-time web performance monitoring, SSL
(supposedly and exemption, but not stated any where, and from some posts,
not being taken seriously), databases that communicate by IP address
(don't ask me), etc.
So, to cut to the chase:

1) IP Address space conservation was implemented wrt to virtual domains
without ensuring that appropriate solutions were available for the related
services.

and

2) ARIN members were not given sufficient time to apply the appropriate
solutions that would satisfy all concerns prior to the formal broadcast
notifying members that an existing policy would be enforced where it had
previously been allowed in the justification process.

That about sum it up?
Randy Bush
2000-09-14 05:01:13 UTC
Permalink
Post by Jan Bacher
1) IP Address space conservation was implemented wrt to virtual domains
without ensuring that appropriate solutions were available for the related
services.
and
2) ARIN members were not given sufficient time to apply the appropriate
solutions that would satisfy all concerns prior to the formal broadcast
notifying members that an existing policy would be enforced where it had
previously been allowed in the justification process.
That about sum it up?
no. you missed the part about lack of public (i.e. on mailing lists)
discussion well in advance, a la ripe or apnic.

randy
Mury
2000-09-13 21:57:50 UTC
Permalink
It sure seems like I'm talking to a brick wall, David. How much business
web hosting do you do?

Mury
Post by Mury
What about all the other issues people have raised? QOS, black-holed IPs,
HTTP/1.0 (which seems to be minimal, but from more digging on my own it
could be as high as 5%), real-time web performance monitoring, SSL
(supposedly and exemption, but not stated any where, and from some posts,
not being taken seriously), databases that communicate by IP address
(don't ask me), etc.
I said it was 'as difficult', not 'dial access is the same as hosting.'
I see nothing in your list that is not similarly present in dial access,
excepting that people have developed mechanisms to deal with them, or
have embraced alternatives.
Post by Mury
BTW, billing mechanisms are not obviously vacant in dial access
systems. Dial access is loaded with different forms of monitoring and
billing.
Generally, one does not bill dial access hosts by 95th percentile burst
activity.
Exceptions are so small in number that it is not useful for a body like
ARIN to be concerned about them.
So, their presence is still comparatively vacant to the needs of web
hosting, and makes transition more difficult.
--
David W. Hankins "If you don't do it right the first time,
Toolmaker you'll just have to do it again."
Blunt-Rocks and Scripts -- Jack T. Hankins
Mury
2000-09-14 02:30:21 UTC
Permalink
Wow, now it all makes sense.
Post by Mury
It sure seems like I'm talking to a brick wall, David. How much business
web hosting do you do?
I will not play your sophist games.
I would win, but it could be at the expense of the truth.
--
David W. Hankins "If you don't do it right the first time,
Toolmaker you'll just have to do it again."
Blunt-Rocks and Scripts -- Jack T. Hankins
J Bacher
2000-09-14 11:54:57 UTC
Permalink
Post by Randy Bush
Post by Jan Bacher
1) IP Address space conservation was implemented wrt to virtual domains
without ensuring that appropriate solutions were available for the related
services.
and
2) ARIN members were not given sufficient time to apply the appropriate
solutions that would satisfy all concerns prior to the formal broadcast
notifying members that an existing policy would be enforced where it had
previously been allowed in the justification process.
That about sum it up?
no. you missed the part about lack of public (i.e. on mailing lists)
discussion well in advance, a la ripe or apnic.
Insufficient time covers that point.
J Bacher
2000-09-14 13:33:58 UTC
Permalink
Post by J. Scott Marcus
This ppml mailing list (and our public policy meetings) are exactly the
right places to frankly and openly discuss issues like this. Moreover, we
specifically solicited opinions from the community on these actions. ARIN
_asked_ for this feedback.
Which segment of the community? I've not received any requests for
feedback on this policy in the last couple of years.
J Bacher
2000-09-14 14:41:03 UTC
Permalink
Post by J. Scott Marcus
Post by J Bacher
Post by J. Scott Marcus
This ppml mailing list (and our public policy meetings) are exactly the
right places to frankly and openly discuss issues like this. Moreover, we
specifically solicited opinions from the community on these actions. ARIN
_asked_ for this feedback.
Which segment of the community? I've not received any requests for
feedback on this policy in the last couple of years.
ARIN requested further discussion on this subject August 29, although the
connection to the far-ranging discussions that ensued may not be clear.
Alec H. Peterson
2000-09-14 15:05:26 UTC
Permalink
J Bacher wrote:
Jan Bacher
2000-09-14 15:29:51 UTC
Permalink
Hyunseog Ryu
2000-09-15 14:10:00 UTC
Permalink
Post by Ted Pavlic
Post by Kent Crispin
My tiny business caters almost exclusively to small businesses; in my
case all those services (with the exception of SSL), are part of the
standard package. In other words, people don't pay anything at all
extra for them. They pay $10/month to get it all. Frequently there
are
Post by Ted Pavlic
Post by Kent Crispin
services that are part of the package that they don't use, at least
not
Post by Ted Pavlic
Post by Kent Crispin
initially.
I think many providers have very similar packages; many offer FrontPage
Server Extension support to their users as well. FPSE requires more than
a
Post by Ted Pavlic
bit more extra work to get them to work with name-based hosts.
Post by Kent Crispin
A great many small ISPs offer essentially the same kind of a package
--
Post by Ted Pavlic
...
Post by Kent Crispin
own host on the internet.
This is true... And large ISPs require a great deal of automation as
well.
Post by Ted Pavlic
In order for a large ISP to manage virtual hosts that are combinations
of
Post by Ted Pavlic
name-based and IP-based causes a lot of extra stress.
I think this kind of policy need some introductory time for everybody.
Some ISP/ASP need to change their provisioning system to allow this happen.
Customer need some time to accept name-based web hosting without any
prejudice.
And Application developer need some time to develop name-based service
implementation
in their application.
Maybe ARIN consider this option.
1) Announce new policy to public.
2) Apply 2:1 ratio for Web hosting/IP address for 3 or 6 months after six
months from announcement.
3) Apply 4:1 ratio for Web hosting/IP address for 3 or 6 months after
applying 2)
4) During this period, ARIN make clear guideline for exceptional case for
IP Based hosting, and procedure
for justification query from ISP/ASP.

We need to think about this.
If hosting has some problem with customer because of IP address problem,
maybe some customer will consider low bandwidth dedicated connection for
web hosting from their site - So called
in-house web hosting.
In this case, we need to give at least 8 IP address (/29) to them.
It can bo good for ISP because they can make more money.
But how about IP address waste? Maybe this policy will lead ASP market to
difficult situation.
Especially for low/medium size hosting service provider in local area.
Post by Ted Pavlic
Now if all the technology was already in place, things would be a lot
easier.
Also note that even the largest ISPs aren't using close to one quarter
of
Post by Ted Pavlic
the IPs that the largest cable providers are. I really don't think it
was a
Post by Ted Pavlic
good idea to throw this on the ISPs first. It just seems like the big
problem has been overlooked.
Maybe we can push IPv6 deployment from Cable provider and application
developer like M$.
Post by Ted Pavlic
I have a problem with the policy regulating explicitly "webhosters." To
me,
Post by Ted Pavlic
the web is made up of a lot more than just HTTP. I think it would have
been
Post by Ted Pavlic
a better idea to regulate HTTP hosters... People who just provide simple
HTTP services could make the easy change and not worry much about it.
Regulating the entire web causes this great deal of argument about
exactly
Post by Ted Pavlic
what is an exception and what is not. It's ridiculous.
If ARIN want this happen really, they are supposed to be more seriously.
They need to give some time for hosting service provider to make the change
in their provisioning system, and give time for application developer to
make name-based hosting happen.
For webhoster, it one IP address is blocked by someone using filtering,
that will be big problem for them from business model.
We can not leave it down for 4 or 5 hours to contact with network engineer
of filtering organization.
you know what?
Actually some country did this kind of filtering by government.
The reason for this will be adult content or government political issue
like communist things.
In this case, government send the list of IP address to all oversea
connection Internet provider.
They have to block those IP address by regulation.
In this case, every web hosting from specific IP address can be blocked.
Don't consider this can be resolved by phone or letter.
Sometimes local organization decide to block specific IP address because of
content of Web.
For example, K-12 school for adult site and how to make bomb sites. ;>
In this case, other customers from same IP address is not happy with this.
They will leave to other web hosting provider or make their own connection.
Post by Ted Pavlic
To me a few things have to happen...
are
Post by Ted Pavlic
ridiculous -- they do not need that many IPs. Even if they were to give
back
Post by Ted Pavlic
HALF of those IPs, that'd be TWICE the amount of IPs Verio has TOTAL.
Are they consider IPv6?
Is there any technical problem with IPv6 deployment?
How about IPv6/IPv4 gateway?
ARIN need to push IPv6 deployment with various method.
ARIN really consider IPv6 as solution for IP address?
Post by Ted Pavlic
*) xDSL providers need to be looked at. Most of the DSL providers I know
of
Post by Ted Pavlic
are providing static IPs to each of their customers by default.
Maybe or maybe not.
xDSL is supposed to be always-on connection.
If this is a kind of dial-up connection type,
maybe DHCP with dynamic IP address will reduce the number of IP address
that
xDSL provider needs.
But if this is always-on connection, there is no difference from the number
of IP address that
is needed by xDSL provider.
It's only issue with security and management.
Post by Ted Pavlic
*) ARIN (and IANA) needs to improve their communication. I really think
that
Post by Ted Pavlic
only certain interests were represented in this decision... (i.e. cable
Internet providers)
I think big problem of this new policy is two.

1) Vague procedure/guideline, clear action

It's not a secret mission. If ARIN need to push this policy, clear
standard and justification procedure
has to be followed by policy.
It looks to me like this.
ARIN made a policy for hosting provider, and pass all issue with this
policy to ISP.
ISP doesn't know how to do this with hosting provider.
If ARIN think ISP do justification for hosting provider, they need to
let ISP know what is the standard guideline for this.

2) No consideration for real world.

If we make some IETF RFC draft, it will take a couple of year to
deliver this to real world.
And there is some choice from customer, also.
In this case, ARIN make this happen so quickly, and there is no time
for preparation from hosting provider - customer - ,
and application developer - vendor -.
This is not a lab environment.
There is a lot of different situation. Do we need to belive exception
warranty without any knowledge of guideline?
What happened if we don't get exception warranty that we assigned IP
address to hosting provider?
Does it affect to whole IP address allocation request that is for
whole customer?
Because of this trap - really -, we need to jeopardize the risk for
our business?



thanks.

Hyun

Loading...