What is the least expensive way to obtain 1,000s of public IP addresses?

Question

I'm needing to serve secure (https) pages for 1,000s of SSL certificates, and need a separate IP address for each SSL cert.

So, I'm looking for the most economic means of doing so.

Do you already have these certificates? Otherwise, I'd suggest going down the wildcard certificate + single IP address + subdomains route. — , Mar 24 '10 at 07:45
better hurry up before they run out of version IP addresses (IPv4)! — djangofan, Mar 29 '10 at 16:46

score 10 · Answer 1 · answered Mar 24 '10 at 12:37

10

Go to your local RIR (IANA, APNIC, RIPE etc) and ask for some provider independent ip space. The minimum allocation currently is a /22 (1024 ip addresses), this will be cheaper than getting it from an isp. I'd also suggest getting an AS number while you are at it.

answered Mar 24 '10 at 12:37

Haakon

1,325
7
11

3

+1, Absolutely correct. And if you don't know what the RIRs are, or what an AS is, you probably should hire someone else to be doing a project of this scope. – Chris S Mar 24 '10 at 12:45
Indeed, Loryn if you need a network engineer or two on retainer let me know ;) – Haakon Mar 24 '10 at 13:54

score 4 · Answer 2 · answered Mar 24 '10 at 10:15

Do you need IPv4 addresses?

It should be relatively straightforward to use IPv6 addresses and IPv6 security features as an alternative to SSL on IPv4. Is that an option for people/hosts using these 1000s of unique services? There are a number of potential issues at the client, ISP, gateway, and application, but IPv6 may provide the alternative to some if not all of the 1000s of standard IP addresses that you are going to spend a lot of time and money on.

Seriously. Can I interest you in IPv6??? – Matt Simmons Mar 24 '10 at 12:41 — Matt Simmons, Mar 24 '10 at 12:41

score 2 · Answer 3 · answered Mar 24 '10 at 12:44

So, overall, I've really got to agree with William's answer of "hey, what about IPv6?"....

Essentially, you're talking about at least a /22, and maybe bigger. When you say "least expensive", you really mean "wow, I'm going to hemorrhage money".

Please, describe what you're trying to do. There may be another, better, way that doesn't involve insanely large amounts of IP addresses.

score 1 · Answer 4 · answered Mar 27 '10 at 20:58

I'm the Loryn who asked the initial question. Although, seeing it was migrated here by someone else, I can't see how to edit the question.

TomTom has provided a partial solution for this question, for some of my customers.

Matt Simons asked for more information:

My company is developing a shared hosting infrastructure for commercial websites. We'll be serving thousands of transactional websites from a common infrastructure. For one class of customers, we've been intending to use wildcard certs to provide SSL. For another class of customers (those who provide their own SSL certs), we're trying to figure out the most cost effective means of providing SSL services using their own domain names.

score -2 · Answer 5 · answered Mar 24 '10 at 07:45

-2

Talk to various providers, check with them.

Sadly, I think your reason is invalid. There is technology out there that can handle multiple ssl over one ip.

ChecK:

http://blog.revolunet.com/index.php/reseau/administration/hosting-multiple-ssl-vhosts-on-a-single-ipportcertificate-with-apache2

So, basically - when your local registry reviews yoru request, it will most likely shoot it down. Waste of IP address space.

answered Mar 24 '10 at 07:45

TomTom

51,649
7
54
136

The topic of this article is `multiple SSL vhosts on a single IP/Port/Certificate` = many domains, 1 ssl cert. Each cert requires a separate IP address - that rule will remain. – Marcel Jackwerth Mar 24 '10 at 07:56
Does not change the fact that you better have a VERY strong business case for that. Like in VERY VERY strong. Read the RCF's about allocation. IP Address allocation today is very restrictive - so, tousands is possible giong to get you laughed out from the registry. – TomTom Mar 24 '10 at 08:00
Some registrars don't like giving wildcard certs. And that won't work anyway if subdomains aren't enough. SNI allows hosting several sites on one IP address, but some browsers on some operating systems (IE on XP, IIRC) don't work with it. – ptman Mar 24 '10 at 08:32
All no tvalid reasons to have many domains. Why? You get away with a ba dreason for a C network, not for THOUSANDS of IP addresses these days. – TomTom Mar 24 '10 at 08:36
1

Bogus. If you’re hosting a site for company A and they have a certificate in their name, and also a site for company B and they have a certificate in their name (let us say, for the sake of argument, that they have both opted for EV certs too), then you need two IPs. Period. Even the above-linked article makes *that* clear. There are only limited range of situations where you can put a bunch of commerce sites on a wildcard cert. Undermines the identity verification aspect of SSL, otherwise. – Mo. Apr 27 '10 at 07:31
Still, you wont get thousands if IP addresses wihtout STRONG business case. You will get 256, with a "come back later and proove you used them up". – TomTom Apr 27 '10 at 08:48

What is the least expensive way to obtain 1,000s of public IP addresses?

5 Answers5