[104757] in North American Network Operators' Group
Re: amazonaws.com?
daemon@ATHENA.MIT.EDU (Robert Bonomi)
Tue May 27 11:34:54 2008
Date: Tue, 27 May 2008 10:33:54 -0500 (CDT)
From: Robert Bonomi <bonomi@mail.r-bonomi.com>
To: nanog@merit.edu
Errors-To: nanog-bounces@nanog.org
> From nanog-bounces@nanog.org Mon May 26 21:16:58 2008
> Date: Tue, 27 May 2008 07:46:26 +0530
> From: "Suresh Ramasubramanian" <ops.lists@gmail.com>
> To: "Colin Alston" <karnaugh@karnaugh.za.net>
> Subject: Re: amazonaws.com?
> Cc: nanog@merit.edu
>
> On Tue, May 27, 2008 at 1:10 AM, Colin Alston <karnaugh@karnaugh.za.net> wrote:
> > On 26/05/2008 18:13 Suresh Ramasubramanian wrote:
> >>
>
> I didnt actually, Bonomi did .. but going on ..
Mis-credit where mis-credit isn't due ... Twasn't me, either. <grin>
I just commented that I couldn't think of a reason for a _compute_ cluster to
need access to unlimited remote machines/ports. And that it could 'trivially'
be made an _automatic_ part of the 'compute session' config -- to allow access
to a laundry-list of ports/machines, and those ports/machines -only-.
If Amazon were a 'good neighbor', they _would_ implement something like this.
That they see no need to do _anything_ -- when _actual_ problems, which are
directly attributable to their failure to do so, have been brought to their
attention -- does argue in favor of wholesale firewalling of the EC2 address-
space.
If the address-space owner won't police it's own property, there is no reason
for the rest of the world to spend the time/effort to _selectively_ police it
for them.
Amazon _might_ 'get a clue' if enough providers walled off the EC2 space, and
they found difficulty selling cycles to people who couldn't access the machines
to set up their compute applications.
