SNI Reduces The Need For Unique IP Addresses

SNIIt’s no secret that IPv4 addresses are in short supply. The number of connected devices has exploded beyond anything the creators of the protocol imagined. IPv6 is not supported widely enough that we can do without IPv4 addresses, which means that web hosting companies have to be careful how many IP addresses they give out to clients.

SNI or Server Name Indication helps us to preserve the stock of IPv4 addresses for cases where they’re really needed.

If a hosting client wants to host lots of sites on the same server, there is no need for them to have multiple IP addresses; virtual domains have long taken care of that problem. Virtual domains allow a web server to host many sites at the same IP address, and send the right data to the web client.

However, if those sites use SSL/TLS certificates to offer secure HTTPS connections, it’s not quite so simple. The TLS handshake takes place before any HTTP headers are sent. That means the server has no idea which site is being requested while the HTTPS connection is being set up, and therefore which certificate it should send. That’s not so much of a problem if the sites are related and can use the same certificate, but in most hosting configurations, clients want a different certificate for each site.

Prior to SNI, a different certificate for each site inevitably required that each site also have a unique IP address. With the introduction of Server Name Indication, unique IPs are no longer required. If a web server and the web client (browser) support SNI, then the virtual domain can be sent as part of the SSL/TLS negotiation. With SNI the client is able to let the server know which site it is interested in receiving data from, and the server is able to send the certificate associated with that site.

SNI means that multiple SSL/TLS-protected sites can be hosted at the same IPv4 address, significantly reducing the need to use IPv4 addresses that could be put to better use.

In the early days of SNI, support wasn’t widespread among browsers. That’s no longer the case. All major browsers now support SNI. The chances of a user’s’ browser not supporting SNI are very small. The only browsers that don’t support SNI are obscure mobile browsers with a tiny user base, and browsers on legacy platforms like Windows XP with a vanishingly small number of users.

Many web hosting clients are under the impression that they still require a unique IP address for each site that uses a SSL/TLS certificate. Future Hosting supports Server Name Indication on its hosting platform, and most of our server hosting plans don’t need more than one IP address to host multiple sites with certificates. To make more efficient use of our stock of IPv4 addresses, we will not give clients multiple unique IPs unless they really need them. Because we support SNI, there’s no need to use unique IPs for SSL/TLS-encrypted sites.

Matthew Davis is a technical writer and Linux geek for Future Hosting.

Dedicated Server Special

Take advantage of our Double RAM offer on the E3-1230v2 4 x 3.30GHz+HT server! Only $134.95 per month. Managed and Unmanaged options available at checkout.