APNIC Member Meeting Seoul, Korea, 3 March 2000
APNIC Open Address policy Meeting
Discussion Paper: Use of HTTP/1.1 and virtual web sites
Should it be mandatory to use name-based web hosting where technically feasible?
The use of web hosting by businesses and individual users has accelerated dramatically over the last few years. This growth has led to the emergence of a number of web hosting companies whose main activity is to supply 'virtual web' or 'virtual domain' services. Such services can now be provided in two different ways: through "name-based hosting" or through "IP-based hosting".
Where name-based hosting is used, the amount of address space used by a hosting service is negligible, as a single IP address is assigned to a physical server that can host hundreds of virtual domains. However, where IP-based hosting is used, a single /32 IP address is required for each virtual domain, and the total amount of address space used is therefore much greater.
The current rapid increase in the number of web hosting companies and virtual domain web sites has the potential to rapidly affect the rate at which the remaining pool of IP addresses are consumed unless name-based hosting is adopted more widely by hosting service providers. Address management policies can enforce this adoption by requiring specific justification for IP-based hosting, and APNIC is seeking community feedback on whether such a policy should now be introduced.
In order for name-based hosting services to work, clients must be able to support the "Host:" header in the HTTP request. This is standard in HTTP/1.1, however it has also been implemented very widely in HTTP/1.0 browsers for at least the past four or five years. IE3 upwards and Netscape 2.0 upwards support the "Host:" header, and are therefore able to understand name-based hosting. Correspondingly, clients which do not support this feature will also not support frames, tables, or web page backgrounds, and will therefore be almost useless for accessing many of today's websites.
For the month of February 2000, APNIC will log statistics on the web browser versions which visit the APNIC web site, as a means of indicating how many browsers currently in use will support name-based web hosting. This paper will be updated with these statistics as they are compiled.3. Current status
For anything greater than a /22, where IP-based hosting is deployed, the member must provide a complete list of virtual sites, including the URL and corresponding IP address. Alternatively, the member may register each /32 into the APNIC database. Most members prefer the first option.
Where name-based hosting is deployed, the policy requires that usage of the address space is declared through the usual infrastructure lines (detailing each subnet deployed along with the number of hosts) as required on the ISP address request form. Verification is done through a series of random pings to the web sites.
APNIC does not *require* that a member use name-based hosting, but it strongly encourages members to deploy virtual web services with name-based web hosting. APNIC recognises, however, that there are technical exceptions, which to date have been identified as:
[Note: APNIC would appreciate feedback on any other known technical exceptions.]
More recently, following feedback from the community, the RIPE NCC is considering promoting name based virtual hosting as a requirement where technically feasible.
The number of virtual web hosting companies is increasing. Most APNIC members use name-based hosting and rarely use more than a /22 for this purpose. One limitation to the implementation of name-based hosting is in the use of SSL client certificates. Increasingly, companies are using E-commerce as part of their business portfolio. This is only expected to increase in the future and could quite clearly have an impact on rates of address space consumption. Currently, the number of companies using IP-based hosting alone is very small.
It is also worth noting that the need to use IP-based hosting for E-commerce may change in the near future by upgrading to TLS within HTTP/1.1, as described at http://search.ietf.org/internet-drafts/draft-ietf-tls-http-upgrade-05.txt.
APNIC proposes to monitor both the growth in the number of web hosting companies that deploy IP-based virtual hosting, to monitor the amount of address space from requestors that is used in connection with SSL certificates, and to review the current policy periodically.
It is not proposed at this time to make name-based web hosting mandatory as it is not felt that the current scale of deployment of IP-based web hosting is such that it would impose a threat to the remaining pool of available IPv4 address space. However, there may be a need to refine the policy regarding acceptable use and to specifically monitor technical developments with respect to virtual hosting of both anonymous ftp login and SSL clients.