[180309] in North American Network Operators' Group
Re: AWS Elastic IP architecture
daemon@ATHENA.MIT.EDU (Matthew Kaufman)
Sun May 31 14:29:54 2015
X-Original-To: nanog@nanog.org
In-Reply-To: <A5D8FF32-9152-410A-BECB-87393705DDB4@delong.com>
From: Matthew Kaufman <matthew@matthew.at>
Date: Sun, 31 May 2015 11:29:44 -0700
To: Owen DeLong <owen@delong.com>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
Since your network has IPv6, I fail to see the issue.
Nobody is anywhere near being able to go single-stack on IPv6, so AWS is jus=
t another network your customers will continue to reach over v4. So what?
Heck, if v6 support from a cloud hosting company is so important, I see a gr=
eat business opportunity in your future.
Matthew Kaufman
(Sent from my iPhone)
> On May 31, 2015, at 10:57 AM, Owen DeLong <owen@delong.com> wrote:
>=20
> Sigh=E2=80=A6
>=20
> IPv6 has huge utility.
>=20
> AWS=E2=80=99 implementation of IPv6 is brain-dead and mostly useless for m=
ost applications.
>=20
> I think if you will review my track record over the last 5+ years, you wil=
l plainly see that I am fully aware of the utility and need for IPv6.
>=20
> http://lmgtfy.com?q=3Dowen+delong+ipv6 <http://lmgtfy.com/?q=3Dowen+delong=
+ipv6>
>=20
> My network (AS1734) is fully dual-stacked, unlike AWS.
>=20
> If AWS is so convinced of the utility of IPv6, why do they continue to ref=
use to do a real implementation that provides IPv6 capabilities to users of t=
heir current architecture.
>=20
> Currently, on AWS, the only IPv6 is via ELB for classic EC2 hosts. You can=
not put a native IPv6 address on an AWS virtual server at all (EC2 or VPC). U=
nless your application is satisfied by running an IPv4-only web server which=
has an IPv6 VIP proxy in front of it with some extra headers added by the p=
roxy to help you parse out the actual source address of the connection, then=
your application cannot use IPv6 on AWS.
>=20
> As such, I stand by my statement that there is effectively no meaningful s=
upport for IPv6 in AWS, period.
>=20
> AWS may disagree and think that ELB for classic EC2 is somehow meaningful,=
but their lack of other support for any of their modern architectures and t=
he fact that they are in the process of phasing out classic EC2 makes me thi=
nk that=E2=80=99s a pretty hard case to make.
>=20
> Owen
>=20
>> On May 31, 2015, at 9:01 AM, Blair Trosper <blair.trosper@gmail.com> wrot=
e:
>>=20
>> Disagree, and so does AWS. IPv6 has a huge utility: being a universal, i=
nter-region management network (a network that unites traffic between region=
s on public and private netblocks). Plus, at least the CDN and ELBs should=
be dual-stack, since more and more ISPs are turning on IPv6.
>>=20
>> On Sun, May 31, 2015 at 8:40 AM, Owen DeLong <owen@delong.com <mailto:owe=
n@delong.com>> wrote:
>> I wasn=E2=80=99t being specific about VPC vs. Classic.
>>=20
>> The support for IPv6 in Classic is extremely limited and basically useles=
s for 99+% of applications.
>>=20
>> I would argue that there is, therefore, effectively no meaningful support=
for IPv6 in AWS, period.
>>=20
>> What you describe below seems to me that it would only make the situation=
I described worse, not better in the VPC world.
>>=20
>> Owen
>>=20
>>> On May 31, 2015, at 4:23 AM, Andras Toth <diosbejgli@gmail.com <mailto:d=
iosbejgli@gmail.com>> wrote:
>>>=20
>>> Congratulations for missing the point Matt, when I sent my email
>>> (which by the way went for moderation) there wasn't a discussion about
>>> Classic vs VPC yet. The discussion was "no ipv6 in AWS" which is not
>>> true as I mentioned in my previous email. I did not state it works
>>> everywhere, but it does work.
>>>=20
>>> In fact as Owen mentioned the following, I assumed he is talking about
>>> Classic because this statement is only true there. In VPC you can
>>> define your own IP subnets and it can overlap with other customers, so
>>> basically everyone can have their own 10.0.0.0/24 <http://10.0.0.0/24> f=
or example.
>>> "They are known to be running multiple copies of RFC-1918 in disparate
>>> localities already. In terms of scale, modulo the nightmare that must
>>> make of their management network and the fragility of what happens
>>> when company A in datacenter A wants to talk to company A in
>>> datacenter B and they both have the same 10-NET addresses"
>>>=20
>>> Andras
>>>=20
>>>=20
>>>> On Sun, May 31, 2015 at 7:18 PM, Matt Palmer <mpalmer@hezmatt.org <mail=
to:mpalmer@hezmatt.org>> wrote:
>>>>> On Sun, May 31, 2015 at 01:38:05AM +1000, Andras Toth wrote:
>>>>> Perhaps if that energy which was spent on raging, instead was spent on=
>>>>> a Google search, then all those words would've been unnecessary.
>>>>>=20
>>>>> Official documentation:
>>>>> http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/=
elb-internet-facing-load-balancers.html#internet-facing-ip-addresses <http:/=
/docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/elb-internet=
-facing-load-balancers.html#internet-facing-ip-addresses>
>>>>=20
>>>> Congratulations, you've managed to find exactly the same info as Owen
>>>> already covered:
>>>>=20
>>>> "Load balancers in a VPC support IPv4 addresses only."
>>>>=20
>>>> and
>>>>=20
>>>> "Load balancers in EC2-Classic support both IPv4 and IPv6 addresses."
>>>>=20
>>>> - Matt
>=20
