Rate of growth on IPv6 not fast enough?
Florian Weimer
fw at deneb.enyo.de
Mon Apr 19 10:54:24 UTC 2010
* Patrick W. Gilmore:
>> Reality is that as soon as SSL web servers and SSL-capable web
>> browsers have support for name-based virtual hosts, the number of
>> IPv4 addresses required will drop. Right now, you need 1 IP
>> address for 1 SSL site; SNI spec of SSL gets rid of that.
>
> Agreed.
>
> When do you expect Windows XP & earlier versions to be a small enough
> segment of the userbase that businesses will consider DoS'ing those
> customers? My guess is when the cost of additional v4 addresses is
> higher than the profit generated by those customers.
>
> Put another way: Not until it is too late.
I'm not so sure. Name-based virtual hosting for plain HTTP was
introduced when Windows NT 4.0 was still in wide use. It originally
came with Internet Explorer 2.0, which did not send the Host: header
in HTTP requests.
Anyway, I think the TLS thing is a bit of a red herring. It might be
a popular justification for IP space at the formal level, but
real-world requirements are a bit more nuanced. FTP and SSH/SFTP do
not support name-based virtual hosting, so if you're a web hoster and
structured things around "one IPv4 address per customer", then there
might be another obstacle to collapsing everything on a single IPv4
address. It's also difficult to attribute DoS attackers at sub-HTTP
layers to a customer if everything is on a single IPv4 address, making
mitigation a bit harder.
More information about the NANOG
mailing list