[180307] in North American Network Operators' Group
Re: AWS Elastic IP architecture
daemon@ATHENA.MIT.EDU (Owen DeLong)
Sun May 31 13:59:17 2015
X-Original-To: nanog@nanog.org
From: Owen DeLong <owen@delong.com>
In-Reply-To: <CAA5Ek4dprA7ET9FTFYdh0eOLG2y5khSqV6L2zAknSiPKCJaJJw@mail.gmail.com>
Date: Sun, 31 May 2015 10:57:41 -0700
To: Blair Trosper <blair.trosper@gmail.com>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
Sigh=E2=80=A6
IPv6 has huge utility.
AWS=E2=80=99 implementation of IPv6 is brain-dead and mostly useless for =
most applications.
I think if you will review my track record over the last 5+ years, you =
will plainly see that I am fully aware of the utility and need for IPv6.
http://lmgtfy.com?q=3Dowen+delong+ipv6 =
<http://lmgtfy.com/?q=3Dowen+delong+ipv6>
My network (AS1734) is fully dual-stacked, unlike AWS.
If AWS is so convinced of the utility of IPv6, why do they continue to =
refuse to do a real implementation that provides IPv6 capabilities to =
users of their current architecture.
Currently, on AWS, the only IPv6 is via ELB for classic EC2 hosts. You =
cannot put a native IPv6 address on an AWS virtual server at all (EC2 or =
VPC). Unless your application is satisfied by running an IPv4-only web =
server which has an IPv6 VIP proxy in front of it with some extra =
headers added by the proxy to help you parse out the actual source =
address of the connection, then your application cannot use IPv6 on AWS.
As such, I stand by my statement that there is effectively no meaningful =
support for IPv6 in AWS, period.
AWS may disagree and think that ELB for classic EC2 is somehow =
meaningful, but their lack of other support for any of their modern =
architectures and the fact that they are in the process of phasing out =
classic EC2 makes me think that=E2=80=99s a pretty hard case to make.
Owen
> On May 31, 2015, at 9:01 AM, Blair Trosper <blair.trosper@gmail.com> =
wrote:
>=20
> Disagree, and so does AWS. IPv6 has a huge utility: being a =
universal, inter-region management network (a network that unites =
traffic between regions on public and private netblocks). Plus, at =
least the CDN and ELBs should be dual-stack, since more and more ISPs =
are turning on IPv6.
>=20
> On Sun, May 31, 2015 at 8:40 AM, Owen DeLong <owen@delong.com =
<mailto:owen@delong.com>> wrote:
> I wasn=E2=80=99t being specific about VPC vs. Classic.
>=20
> The support for IPv6 in Classic is extremely limited and basically =
useless for 99+% of applications.
>=20
> I would argue that there is, therefore, effectively no meaningful =
support for IPv6 in AWS, period.
>=20
> What you describe below seems to me that it would only make the =
situation I described worse, not better in the VPC world.
>=20
> Owen
>=20
> > On May 31, 2015, at 4:23 AM, Andras Toth <diosbejgli@gmail.com =
<mailto:diosbejgli@gmail.com>> wrote:
> >
> > Congratulations for missing the point Matt, when I sent my email
> > (which by the way went for moderation) there wasn't a discussion =
about
> > Classic vs VPC yet. The discussion was "no ipv6 in AWS" which is not
> > true as I mentioned in my previous email. I did not state it works
> > everywhere, but it does work.
> >
> > In fact as Owen mentioned the following, I assumed he is talking =
about
> > Classic because this statement is only true there. In VPC you can
> > define your own IP subnets and it can overlap with other customers, =
so
> > basically everyone can have their own 10.0.0.0/24 =
<http://10.0.0.0/24> for example.
> > "They are known to be running multiple copies of RFC-1918 in =
disparate
> > localities already. In terms of scale, modulo the nightmare that =
must
> > make of their management network and the fragility of what happens
> > when company A in datacenter A wants to talk to company A in
> > datacenter B and they both have the same 10-NET addresses"
> >
> > Andras
> >
> >
> > On Sun, May 31, 2015 at 7:18 PM, Matt Palmer <mpalmer@hezmatt.org =
<mailto:mpalmer@hezmatt.org>> wrote:
> >> On Sun, May 31, 2015 at 01:38:05AM +1000, Andras Toth wrote:
> >>> Perhaps if that energy which was spent on raging, instead was =
spent on
> >>> a Google search, then all those words would've been unnecessary.
> >>>
> >>> Official documentation:
> >>> =
http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/elb-=
internet-facing-load-balancers.html#internet-facing-ip-addresses =
<http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/elb=
-internet-facing-load-balancers.html#internet-facing-ip-addresses>
> >>
> >> Congratulations, you've managed to find exactly the same info as =
Owen
> >> already covered:
> >>
> >> "Load balancers in a VPC support IPv4 addresses only."
> >>
> >> and
> >>
> >> "Load balancers in EC2-Classic support both IPv4 and IPv6 =
addresses."
> >>
> >> - Matt
> >>
>=20
>=20
