It appears that ARIN wants to raise the IP addressing space
issue to the CxO level -- if it was interested in honesty,
ARIN would have required a notarized statement by the person
submitting the request. If ARIN really wants to get the
interest of CEOs, raise the price!
Raising the price won't help; there's already a huge amount
of wasted address space by web hosts selling IP addresses
to customers who need them solely for 'seo purposes' rather
than allocating them in return for a reasonable technical
justification. If ARIN raises the prices, it will hurt
hosts who allocate their space in a responsible manner and
those who don't will just charge more for the right to have
one of these seo-friendly exclusive IP's that webmasters so
righteously believe will make their sites #1 on google.
We regularly lose business thanks to something that goes a
little like this: "Can I get a block of 100 IP's for no
particular reason?", no, "My old host let me, I just had
to pay $100/month for it."
One of Google's seo spam team members actually blogged on
this topic after a nanog post I made about this a few years
back, and I still send it to people asking for IP's for seo
reasons and even then they don't believe me. If ARIN would
enforce a technically justified use of IPv4 space that does
not recognize "seo" as a valid reason, that would definitely
help, otherwise web hosts will keep selling IP space to
their customers at prices that let them keep buying more.
And since the policy allows it currently, the CEO signing off
on it will also be valid.
Raising the price won't help; there's already a huge amount
of wasted address space by web hosts selling IP addresses
to customers who need them solely for 'seo purposes' rather
It's a common request we see. We refuse it, and point them to the Google documentation that shows that unique IPs don't help or hurt their SEO standings.
reasons and even then they don't believe me. If ARIN would
enforce a technically justified use of IPv4 space that does
not recognize "seo" as a valid reason, that would definitely
help
I point to the wording where it says that we need to collect the technical justification for the additional IP addresses. Since virtual web hosting has no technical justification for IP space, I refuse it.
And since the policy allows it currently, the CEO signing off
on it will also be valid.
Depends on how you read the policy. I prefer my reading to yours
That said, if someone who likes writing these things will help me, I'll gladly create and advance a policy demanding a real, provable need for an IP beyond one per physical host.
Once upon a time, Jo Rhett <jrhett@netconsonance.com> said:
Since virtual web hosting has no technical justification for IP space, I refuse it.
SSL and FTP are techincal justifications for an IP per site.
Right. Also, monthly bandwidth monitoring/shaping/capping are more easily done using one ip per hosted domain, or ftp site, or whatever. Otherwise you are parsing logs or using 3rd party apache modules.
It's a convenience which would not be looked at twice, if it were on ipv6. All the more reason to move to ipv6.
Some "customers" have wised up and when providing IP justification, they don't mention SEO anymore. However, I've seen several requests in the past couple weeks from customers/prospective customers wanting /24's or larger subnets (or they're not buying/canceling service) where the justification provided was something ARIN would probably be ok with, but IMO was completely FoS. It's hard to tell sales "no" when the customer tells you exactly what they think you want to hear [for IP justification], but your gut tells you "this is BS".
BTW, I admit I've paid little attention to the legacy vs ARIN members arguments, as I'm not a legacy space holder and my time is largely occupied by more pressing [to me] matters...but why do legacy holders get a free ride? If we look at what happened with domain registration (at least for com|net|org), back in the old days, you sent off an email to hostmaster@internic.net and you got your domain registered. There were no fees. Then Network Solutions took over and domain name registrations cost money. Existing domains were not grandfathered in and either you started paying a yearly fee for your domains or you lost them. Why didn't the same thing happen when Internic/IANA stopped directly handing out IPs and the RIRs took over that function?
Then you have an obligation to investigate. It's in the NRPM
For our part, it becomes really easy. When someone submits a request for 200 physical hosts and their profile says they are paying for 40 amps of power... yeah, it's easy to know they are lying
It is a problem because some ISPs don't care and just give away IPs, so customers get annoyed with us when I ask for proper justification. Oh well
Then they come back with a request for IPs for SSL certificates, which is a
valid technical justification. BTDT. People will find a way to do the
stupid thing they want to do.
Oh, you lucky, lucky person. We've got a couple of customers at the day job
that constantly come back to us for more IP addresses for bandwidth
accounting purposes for their colo machine(s). Attempts at education are
like talking to a particularly stupid brick wall.
No they aren't. SSL will work just fine as a name-based virtual host with any modern webserver / browser. (Server Name Indication (SNI) [RFC3546, sec 3.1])
FTP? Who uses FTP these days? Certainly not consumers. Even Cisco pushes almost everything via a webserver. (they still have ftp servers, they just don't put much on them these days.)
That's why the infrastructure is "virtualized" and you monitor at or behind the firewall(s) and/or load balancer(s) -- where it *is* one IP per customer. Sure, it's easier (and cheaper) to be lazy and waste address space than setup a proper hosting network.
SSL and FTP are techincal justifications for an IP per site.
No they aren't. SSL will work just fine as a name-based virtual host
with any modern webserver / browser. (Server Name Indication (SNI)
[RFC3546, sec 3.1])
"I encourage my competitors to do this." You only have to get one noisy
curmudgeon who can't get to your customer's SSL website because IE 5.0 has
worked fine for them for years to make it a completely losing strategy to
try deploying this everywhere. Since you can't predict in advance which
sites are going to be accessed by said noisy curmudgeon, you don't bother
deploying it anywhere, to be on the safe side.
FTP? Who uses FTP these days? Certainly not consumers. Even Cisco
pushes almost everything via a webserver. (they still have ftp servers,
they just don't put much on them these days.)
A depressingly large number of people use FTP. Attempts to move them onto
something less insane are fruitless. Even when the tools support it (and
plenty of "web design" tools don't appear to do anything other than FTP),
"we've always done it that way and it works fine and if we have to change
something we'll move to another hosting company rather than click a
different button in our program".
Business imperatives trump technical considerations, once again. And, for
the record, we're moving toward IPv6, so we're *trying* to be part of the
solution, in our own small way.
Once upon a time, Ricky Beam <jfbeam@gmail.com> said:
>SSL and FTP are techincal justifications for an IP per site.
No they aren't. SSL will work just fine as a name-based virtual host with
any modern webserver / browser. (Server Name Indication (SNI) [RFC3546,
sec 3.1])
* Windows XP and Internet Explorer 6 or 7
* Konqueror/KDE in any version
* Apache with mod_ssl: there is a patch under review by httpd team
for inclusion in future releases, after 2.2.11. See doco at [1]
* Microsoft Internet Information Server IIS (As of 2007).
Seeing as WinXP/IE is still the most common combination, SNI is a long
time away from being useful.
well, pretty much anyone who has large datasets to move around.
that default 64k buffer in the openssl libs pretty much sucks
rocks for large data flows.
A depressingly large number of people use FTP. Attempts to move them onto
something less insane are fruitless. Even when the tools support it (and
plenty of "web design" tools don't appear to do anything other than FTP),
"we've always done it that way and it works fine and if we have to change
something we'll move to another hosting company rather than click a
different button in our program".
You are out of touch. FTP is used by nearly EVERY web hosting provider for updates of web sites. Anonymous FTP is not used.
These are not random, anonymous ftp connections. These are people who login with a username and password, and are therefore, identifiable; and even then, it's for access to manage their own site. A single IP address pointing to a single server (or farm of servers) will, and DOES, work just fine. I know, because I've done it for ~15 years.
When I ask "who", I'm asking about a paid for, external service -- just like web hosting. No one calls up 1-800-Host-My-Crap and asks for "an FTP server".
Bottom line... if your justification for a /19 is "FTP servers", you are fully justified in laughing at them as you hang up the phone.
yes. (although I was actually thinking http w/ SSL vs FTP w/o SSL)
a really good review of the options was presented at the DoE/JT meeting
at UNL last summer. Basically, tuned FTP w/ large window support is
still king for pushing large datasets around.
