Rate of growth on IPv6 not fast enough?

Florian Weimer fw at deneb.enyo.de
Mon Apr 19 10:54:24 UTC 2010


* Patrick W. Gilmore:

>> Reality is that as soon as SSL web servers and SSL-capable web
>> browsers have support for name-based virtual hosts, the number of
>> IPv4 addresses required will drop.  Right now, you need 1 IP
>> address for 1 SSL site; SNI spec of SSL gets rid of that.
>
> Agreed.
>
> When do you expect Windows XP & earlier versions to be a small enough
> segment of the userbase that businesses will consider DoS'ing those
> customers?   My guess is when the cost of additional v4 addresses is
> higher than the profit generated by those customers.
>
> Put another way: Not until it is too late.

I'm not so sure.  Name-based virtual hosting for plain HTTP was
introduced when Windows NT 4.0 was still in wide use.  It originally
came with Internet Explorer 2.0, which did not send the Host: header
in HTTP requests.

Anyway, I think the TLS thing is a bit of a red herring.  It might be
a popular justification for IP space at the formal level, but
real-world requirements are a bit more nuanced.  FTP and SSH/SFTP do
not support name-based virtual hosting, so if you're a web hoster and
structured things around "one IPv4 address per customer", then there
might be another obstacle to collapsing everything on a single IPv4
address.  It's also difficult to attribute DoS attackers at sub-HTTP
layers to a customer if everything is on a single IPv4 address, making
mitigation a bit harder.




More information about the NANOG mailing list