# What do you consider valid justification for IP space?



## MannDude (Jul 24, 2014)

Due to the IPv4 depletion, I know some companies are tightening their grips on their IP space and ensuring that only needs with proper technical justification are assigned IP addresses and will require proof, as well.

In the past, SSLs required their own dedicated IP however that is not the case anymore for a lot of environments, so I'm curious what you providers here consider 'proper' technical justification when issuing IP space to your customers. Do you require proof of how they'll be used?


----------



## tonyg (Jul 24, 2014)

I'm sure a lot of people are going to be taking notes on the responses.


----------



## dcdan (Jul 24, 2014)

I guess the main concern for providers is whether or not they can use this information to get new IP assignments from a RIR. Otherwise I (almost) don't see any other reason why a provider would even bother asking...

As far as I am aware, SSL is still a valid justification for ARIN (they may ask to supply a domain name for verification).


----------



## MannDude (Jul 24, 2014)

dcdan said:


> As far as I am aware, SSL is still a valid justification for ARIN (they may ask to supply a domain name for verification).


It probably is, I can't speak on behalf of the VPS world but I know in shared hosting environments, after cPanel 11.38 it was no longer a requirement that dedicated IPs had to be assigned to accounts with SSLs. ( http://docs.cpanel.net/twiki/bin/view/AllDocumentation/1138ReleaseNotes#Improved%20SSL%20Management%20System ) Whether or not company's like HostGator, GoDaddy, etc implement this and don't force you to buy a dedicated IP with the purchase of an SSL or not... I don't know. I stopped telling customers who wanted an SSL that they needed a dedicated IP a while ago when I discovered it wasn't really needed. Saves them $2/mo so they're happy and see no difference anyway.

Unsure of what OS versions offer SNI support out of the box, so in the VPS world it may be hit or miss.


----------



## BlackoutIsHere (Jul 24, 2014)

I have found asking for justification varies by situation. Somebody with 1-2 extra IPs isn't exactly a cause for an interrogation. However when somebody wants a large number or asks about them being on different subnets we will request a technical justification.  The one thing I can say is NOT a technical justification is "SEO"


----------



## D. Strout (Jul 24, 2014)

MannDude said:


> Unsure of what OS versions offer SNI support out of the box


IE on Windows XP and below doesn't support it. Get Chrome or Firefox on Windows XP and you're good to go though. Anything newer, Mac or Linux, and you can count on SNI. It was just IE that took a while longer (surprise surprise). As a webmaster if you're wanting to ensure SSL works in a shared environment (i.e. no dedicated IP), write some code that runs on the HTTP only version to see if the user is using I.E. on Windows XP. If so, link them to IE6 No More and the Windows XP EOL page, otherwise redirect to HTTPS.

Anyway, back on topic. Justification for a dedicated IP might come if for some reason you really need rDNS set, like for e-mail (legitimate or not). Or maybe you're just worried that someone who's sharing the same IP as you might soil it. One way or another, though, mail is always a suspicious reason to get more IPs (unless you're ColoCrossing).

Only other thing (and as far as I know the _only_ thing that *requires* a dedicated IP) is anonymous FTP. There's no SNI equivalent for FTP, so if you're doing anonymous FTP, you'll need a dedicated IP. But the real question is, why are you doing anonymous FTP? Do you _like_ taking security risks? I doubt your provider (you know, the one you're asking for the IP) likes it as much as you do.


----------



## dcdan (Jul 24, 2014)

MannDude said:


> It probably is, I can't speak on behalf of the VPS world but I know in shared hosting environments, after cPanel 11.38 it was no longer a requirement that dedicated IPs had to be assigned to accounts with SSLs. ( http://docs.cpanel.net/twiki/bin/view/AllDocumentation/1138ReleaseNotes#Improved%20SSL%20Management%20System ) Whether or not company's like HostGator, GoDaddy, etc implement this and don't force you to buy a dedicated IP with the purchase of an SSL or not... I don't know. I stopped telling customers who wanted an SSL that they needed a dedicated IP a while ago when I discovered it wasn't really needed. Saves them $2/mo so they're happy and see no difference anyway.
> 
> Unsure of what OS versions offer SNI support out of the box, so in the VPS world it may be hit or miss.


There are way too many cPanel servers still running Centos 5 where SNI is not an option... unless you're willing to build your own OpenSSL, which can be quite messy.


----------



## DomainBop (Jul 24, 2014)

_The VP of Operations of a pseudo data center operator asked me to post his reply to Manndude's justification question here because he's never been a VPSboard member (although he has been an avid reader of VPSB since Day 1)._

*Our IP justification Policy*

1. Give us the farking money and you can have an entire /24 on your VPS. Need more than one /24? No problem! Don't worry your pretty little head about justification we'll fake it for you because customer satisfaction is our #1 concern!

2. Anonymity a concern?  No problemo! You can have that entire /24 unswipped and as an added bonus we won't require you to provide us with any ID verification.  Your privacy is safe with us!

3. For an extra fee we'll give you a constantly rotating supply of IPs and we'll tell any blocklistNazi who asks that you've been terminated if they try to bully you and hurt your business.  They'll never know we rotated you to a new IP block!  (see answer #1 for our justification requirements.)


----------



## D. Strout (Jul 24, 2014)

@DomainBop Tell that fine fellow that he's got an excellent policy there - his concern for "customer satisfaction" shows true professionalism!


----------



## Coastercraze (Jul 25, 2014)

Well, it depends on what we're looking at. I'm not going to give you a /24 of IP space just because you say you're using it for SSLs. You'll have to prove it.

If you have a true need for the extra IP space and can show me how it'd work, then I most likely won't have a problem with it.


----------



## KuJoe (Jul 25, 2014)

Basically like @BlackoutIsHere said, if the justification is "SEO" then I just refund their payment. Other than that, it's on a case-by-case basis since not every situation is the same.


----------



## AMDbuilder (Jul 25, 2014)

I couldn't have said it better myself @BlackoutIsHere - every case is a little different, but SEO is never a valid reason.


----------



## sv01 (Jul 25, 2014)

I think SSL still valid for justification. If I've few ecommerce website I'd like each site has it's own dedicated IP and using different rDNS for each IP.


----------



## kcaj (Jul 25, 2014)

Some shared hosts issue a dedicated IP to each cPanel account without SSL certificates, what is the reasoning for this?


----------



## D. Strout (Jul 25, 2014)

1e10 said:


> Some shared hosts issue a dedicated IP to each cPanel account without SSL certificates, what is the reasoning for this?


I know @Francisco does this at BuyVM because if there's one IP, a DDoS on it will take down all the accounts sharing that IP. That's not so much the question here, though - we're talking about _additional_ dedicated IPs, especially on VPSes.


----------



## Francisco (Jul 25, 2014)

D. Strout said:


> I know @Francisco does this at BuyVM because if there's one IP, a DDoS on it will take down all the accounts sharing that IP. That's not so much the question here, though - we're talking about _additional_ dedicated IPs, especially on VPSes.


Right.

We used to do shared hosting back under Frantech before we ever did BuyVM and DDoS was a problem back then (granted we had a lot of gameservers).

We didn't want to see a repeat of that or being forced to offer DDOS filtering for free. DDOS filtering on shared hosting is a pain in the butt and gets very ugly if there's ever a leak. I'd rather just give the IP in the price and not deal with that headache.

Francisco


----------



## Neo (Jul 25, 2014)

I need more IP's for SSL, The Retirement Home still use Windows 2000 and XP so no SIN Support.

Otherwise i am getting bitch slapped because we dont offer SSL.

Thankz


----------



## drmike (Jul 25, 2014)

IP Justification, what are you, a bunch of legitimate providers or does ARIN justification have you quaking  ?


----------



## Abdussamad (Jul 26, 2014)

Something like 20% of users are still using XP so you can't use SNI yet.


----------



## dcdan (Jul 26, 2014)

Abdussamad said:


> Something like 20% of users are still using XP so you can't use SNI yet.


MSIE on WinXP does not support SNI, but this can be remedied by installing Firefox/Chrome/etc.


----------



## concerto49 (Jul 26, 2014)

dcdan said:


> MSIE on WinXP does not support SNI, but this can be remedied by installing Firefox/Chrome/etc.


Those are likely IE users too.


----------



## fisle (Jul 27, 2014)

Abdussamad said:


> Something like 20% of users are still using XP so you can't use SNI yet.



XP is EOL already, I see no reason to support it anymore. And even if there's XP users, they can always use different browsers.

I have been using SNI in production since early 2013 without any issues.


----------



## concerto49 (Jul 27, 2014)

fisle said:


> XP is EOL already, I see no reason to support it anymore. And even if there's XP users, they can always use different browsers.
> 
> 
> I have been using SNI in production since early 2013 without any issues.


Depends on country. China and some extent Australia are heavy IE / XP environment. It's about company policies and things hacked to work in IE only so they don't switch browsers.


----------



## datarealm (Jul 28, 2014)

MannDude said:


> Do you require proof of how they'll be used?



Your post makes this sound like this is a new thing. 

We've required proof since we added dedicated servers to our hosting portfolio in the late 90's...

As for what constitutes proof -- anything that cannot be technically accomplished without a unique IP address. Yes, SSL still generally falls under this category.

For those that claim SEO purposes we share with them direct quotes from Google employees that unique IP addresses do not affect rankings.  The most annoying folks to deal with are those whose "custom internal application requires a unique IP per client for security and confidentiality.  Most of these clients are in the financial industry so you can understand why security is so important". *sigh*

And somewhat hypocritically we are also a provider that does a unique IP per shared account.  Some of this dates back to when we started hosting, name based hosting simply did not exist.  After that it was required for a time with our load balanced setup.  By then an IP per domain had become deeply ingrained in our entire infrastructure, and as Francsico mentioned, it can be far easier to manage on a scale for abuse, shuffling things around, etc etc.


----------



## cspacews (Aug 2, 2014)

DomainBop said:


> _The VP of Operations of a pseudo data center operator asked me to post his reply to Manndude's justification question here because he's never been a VPSboard member (although he has been an avid reader of VPSB since Day 1)._
> 
> *Our IP justification Policy*
> 
> ...


Does this person own a /8 then he can accomodate all Spammers(these are people who need rotating IPs)


----------



## SGC-Hosting (Aug 8, 2014)

We generally address this on a per-user basis... if a new customer comes along and wants more than 5 IP addresses, we're not going to just hand it over to them... if it's a long time customer in good standing, we won't require too much information.  If the client already has several IP addresses that appear to be unused, we will have IP addresses available for them immediately when they run out.  We're not going to let a new customer hoard a /27 or larger too easily unless they're (for example) reselling web space and will understandably need them available.


----------



## CentralHosts (Aug 18, 2014)

We stopped allowing people to use SSL certs as a justification. We are needing to be more strict these days as IPs are running low.


----------



## mikeyur (Aug 18, 2014)

datarealm said:


> For those that claim SEO purposes we share with them direct quotes from Google employees that unique IP addresses do not affect rankings.


It will affect rankings if you're doing semi-shady shit (in Google's eyes, that is). If you're building a PBN or linking to your own stuff, having it on completely different blocks is fairly important. The best way to get different IPs for different sites is to use a variety of hosts.

But I agree overall, anyone claiming "SEO Purposes" for a new IP is probably too dumb to know what they're doing anyways. If I can load up bgp.he.net and see which blocks are assigned to which provider, you don't think Google is smart enough to figure that out? This is why "SEO Hosting" is a huge ripoff, yeah you've got 40 sites on different IPs, but all the blocks are owned by "SEO HOST INC".


----------



## Serveo (Aug 21, 2014)

cspacews said:


> Does this person own a /8 then he can accomodate all Spammers(these are people who need rotating IPs)


Just my cents .

As IPv4 is limited we provision per order basis. Though our IP reputation is preferred, so in case our abuse gets flooded we simply suspend on 2nd warning. Most cases the client is simply a spammer and doesn't respond.


----------



## iann_lfcvps (Aug 22, 2014)

As others have said we deal with this on a case by case basis. SSL is still valid in my eyes as there are a number of use cases where SNI isn't supported:

http://en.wikipedia.org/wiki/Server_Name_Indication#No_support

Although that is becoming less and less valid.


----------



## BrianHarrison (Aug 26, 2014)

Francisco said:


> I'd rather just give the IP in the price and not deal with that headache.
> 
> 
> Francisco


Did you offer most customers a dedicated IP free of charge? I hadn't heard of shared hosts doing that in an effort to mitigate the headache of DDoS attacks in shared hosting environments.


----------



## Francisco (Aug 26, 2014)

BrianHarrison said:


> Did you offer most customers a dedicated IP free of charge? I hadn't heard of shared hosts doing that in an effort to mitigate the headache of DDoS attacks in shared hosting environments.


All shared get a dedicated IP, no matter the plan.

If you have 1000 users on a single IP then it's pretty hard to figure out who the trouble maker is. We'd then be forced to offer DDOS filtering and then you get all super cheap customers that are upset that their $5/year hosting is slow because of heavy SYN rate limits, etc.

It's simply easier for us to just give each user their own IP and if they get smacked they aren't taking anyone else down. It works decently.

Francisco


----------



## Serveo (Aug 27, 2014)

Francisco said:


> All shared get a dedicated IP, no matter the plan.
> 
> 
> If you have 1000 users on a single IP then it's pretty hard to figure out who the trouble maker is. We'd then be forced to offer DDOS filtering and then you get all super cheap customers that are upset that their $5/year hosting is slow because of heavy SYN rate limits, etc.
> ...


How about your processes, hardware limits and bandwidth? If your shared user is getting a ddos its not only your IP that's effected (-;


----------



## Francisco (Aug 27, 2014)

Serveo said:


> How about your processes, hardware limits and bandwidth? If your shared user is getting a ddos its not only your IP that's effected (-;


Good thing we were the first VPS host in the industry to have an auto nullroute then 

EDIT - Grammar

Francisco


----------



## hostinghouston (Sep 3, 2014)

Yep, I'm also in agreement with @BlackoutIsHere. No No to SEO.


----------



## Jasson.Pass (Sep 9, 2014)

I've seen so many people want IPs from random spaces for SEO. I've been turning them down. SSL is no longer a valid requirement and neither is email.


----------



## drmike (Sep 9, 2014)

But I need IPs for my front ends for every e-device... and I want them on different subnets....  Privacy.. Oh wait proper SWIP should include personal end information.  Shh...


----------



## layerbyte_ben (Oct 4, 2014)

Any requests that use SEO as the justification or order's that the individual's refuse to provide the reason on why they need an IP address get refunded / denied. On our shared hosting platform we try to get clients to use SNI over issuing them a dedicated IP address.


We get the odd requests every few weeks to our sales department requesting to lease hundreds of IP's and to be SWIPED to their organization. These requests kindly get denied.


----------

