[30833] in North American Network Operators' Group
Re: ARIN Policy on IP-based Web Hosting
daemon@ATHENA.MIT.EDU (Deepak Jain)
Thu Aug 31 16:09:06 2000
Date: Thu, 31 Aug 2000 15:59:16 -0400 (EDT)
From: Deepak Jain <deepak@ai.net>
To: "Alec H. Peterson" <ahp@hilander.com>
Cc: "John A. Tamplin" <jat@liveonthenet.com>, nanog@merit.edu
In-Reply-To: <39AE9C2B.A6984FAE@hilander.com>
Message-ID: <Pine.BSF.4.21.0008311553320.13603-100000@aries.ai.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Errors-To: owner-nanog-outgoing@merit.edu
This is not meant at anyone personally, its just something I noticed.
When we are deciding that IP savings, etc are worth it, why not make all
Cable/DSL/Dialup providers use NAT to map access logins to a small pool of
IPs too? The software to do that transparently is already available for a
very high percentage of applications. Heck, even upstreams could then NAT
their downstreams' pools of IPs. We could run the whole internet off a
single class C again.
This would of course be an inconvenience to some networks that use a lot
of applications that haven't been updated, but we're sure the savings are
worth the pain too.
---
I guess the point/concern I have is that the largest providers can now
pick up /13s because they use that many IPs in 3 months, but if you
subtract out the number of truly unique IPs even the largest network would
absolutely need, applying all available technology, the number might be as
low as a few hundred unique IPs.
Deepak Jain
AiNET
On Thu, 31 Aug 2000, Alec H. Peterson wrote:
>
> "John A. Tamplin" wrote:
> >
> > Well, if the policy is that you have to use name-based hosting everywhere
> > feasible and do something different for those customers that need
> > something different, that can be quite a hardship on existing setups.
> > For example, re-engineering all the tools to create and maintain vdom
> > services, changing existing customer setups, etc. It is certainly easier
> > to treat all hosting customers alike, rather than have completely
> > separate setups and then have to change a customer from one to the other
> > when they add or delete services (including downtime).
>
> That was also brought up at the meeting, however it was generally agreed
> that the address savings were worth the work.
>
> >
> > Another issue nobody has mentioned is security between virtual servers.
> > Under name-based hosting, they all run as the same user-id and thus to get
> > the same security you have with separate IP-based servers you have to put
> > all the access conrol checks in all the tools that can be used. This can be
> > hard if not impossible to do when you allow full shell access to the files
> > used by the server.
>
> Not if you chroot() the user into their file space. That may not be ideal,
> but there are ways to deal with it.
>
> Alec
>
> --
> Alec H. Peterson - ahp@hilander.com
> Staff Scientist
> CenterGate Research Group - http://www.centergate.com
> "Technology so advanced, even _we_ don't understand it!"
>
>
