[180311] in North American Network Operators' Group
Re: AWS Elastic IP architecture
daemon@ATHENA.MIT.EDU (Owen DeLong)
Sun May 31 14:59:42 2015
X-Original-To: nanog@nanog.org
From: Owen DeLong <owen@delong.com>
In-Reply-To: <B7B85745-4CBB-4F8D-A60C-0C021E2B363B@matthew.at>
Date: Sun, 31 May 2015 11:57:16 -0700
To: Matthew Kaufman <matthew@matthew.at>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
> On May 31, 2015, at 11:29 AM, Matthew Kaufman <matthew@matthew.at> =
wrote:
>=20
> Since your network has IPv6, I fail to see the issue.
>=20
> Nobody is anywhere near being able to go single-stack on IPv6, so AWS =
is just another network your customers will continue to reach over v4. =
So what?
Sigh=E2=80=A6 The point is that all of the services and applications =
being built on and delivered over AWS are stuck in the IPv4 mud until =
such time as they can get IPv6 from AWS or move to a different cloud =
provider.
> Heck, if v6 support from a cloud hosting company is so important, I =
see a great business opportunity in your future.
There are already several cloud hosting companies that provide full =
dual-stack support. I already mentioned several of them earlier in the =
thread, so this is a rather silly conclusion to draw from the thread as =
a whole.
Remember where this all started=E2=80=A6 Someone asked if the internal =
Amazon structure was using LISP for encapsulation.
I made the semi-sarcastic comment that if they were using LISP, they =
probably wouldn=E2=80=99t have so much difficulty supporting IPv6, =
therefore they probably aren=E2=80=99t using LISP.
My statement was taken all sorts of other ways by various people.
Nonetheless, the bottom line remains the same:
AWS can=E2=80=99t do IPv6 outside of a very tiny limited space which =
provides a solution only for one particular application (pretending to =
provide IPv6 web services from an IPv4-only web server through a proxy).
People who are building applications and considering hosting their =
applications in the cloud should seriously consider whether this =
limitation in AWS matters to them. IMHO, forward-thinking application =
developers will eschew AWS in favor of clouds that have dual-stack =
support and build dual-stack capable applications.
YMMV.
Owen
>=20
> Matthew Kaufman
>=20
> (Sent from my iPhone)
>=20
>> On May 31, 2015, at 10:57 AM, Owen DeLong <owen@delong.com> wrote:
>>=20
>> Sigh=E2=80=A6
>>=20
>> IPv6 has huge utility.
>>=20
>> AWS=E2=80=99 implementation of IPv6 is brain-dead and mostly useless =
for most applications.
>>=20
>> I think if you will review my track record over the last 5+ years, =
you will plainly see that I am fully aware of the utility and need for =
IPv6.
>>=20
>> http://lmgtfy.com?q=3Dowen+delong+ipv6 =
<http://lmgtfy.com/?q=3Dowen+delong+ipv6>
>>=20
>> My network (AS1734) is fully dual-stacked, unlike AWS.
>>=20
>> If AWS is so convinced of the utility of IPv6, why do they continue =
to refuse to do a real implementation that provides IPv6 capabilities to =
users of their current architecture.
>>=20
>> Currently, on AWS, the only IPv6 is via ELB for classic EC2 hosts. =
You cannot put a native IPv6 address on an AWS virtual server at all =
(EC2 or VPC). Unless your application is satisfied by running an =
IPv4-only web server which has an IPv6 VIP proxy in front of it with =
some extra headers added by the proxy to help you parse out the actual =
source address of the connection, then your application cannot use IPv6 =
on AWS.
>>=20
>> As such, I stand by my statement that there is effectively no =
meaningful support for IPv6 in AWS, period.
>>=20
>> AWS may disagree and think that ELB for classic EC2 is somehow =
meaningful, but their lack of other support for any of their modern =
architectures and the fact that they are in the process of phasing out =
classic EC2 makes me think that=E2=80=99s a pretty hard case to make.
>>=20
>> Owen
>>=20
>>> On May 31, 2015, at 9:01 AM, Blair Trosper <blair.trosper@gmail.com> =
wrote:
>>>=20
>>> Disagree, and so does AWS. IPv6 has a huge utility: being a =
universal, inter-region management network (a network that unites =
traffic between regions on public and private netblocks). Plus, at =
least the CDN and ELBs should be dual-stack, since more and more ISPs =
are turning on IPv6.
>>>=20
>>> On Sun, May 31, 2015 at 8:40 AM, Owen DeLong <owen@delong.com =
<mailto:owen@delong.com>> wrote:
>>> I wasn=E2=80=99t being specific about VPC vs. Classic.
>>>=20
>>> The support for IPv6 in Classic is extremely limited and basically =
useless for 99+% of applications.
>>>=20
>>> I would argue that there is, therefore, effectively no meaningful =
support for IPv6 in AWS, period.
>>>=20
>>> What you describe below seems to me that it would only make the =
situation I described worse, not better in the VPC world.
>>>=20
>>> Owen
>>>=20
>>>> On May 31, 2015, at 4:23 AM, Andras Toth <diosbejgli@gmail.com =
<mailto:diosbejgli@gmail.com>> wrote:
>>>>=20
>>>> Congratulations for missing the point Matt, when I sent my email
>>>> (which by the way went for moderation) there wasn't a discussion =
about
>>>> Classic vs VPC yet. The discussion was "no ipv6 in AWS" which is =
not
>>>> true as I mentioned in my previous email. I did not state it works
>>>> everywhere, but it does work.
>>>>=20
>>>> In fact as Owen mentioned the following, I assumed he is talking =
about
>>>> Classic because this statement is only true there. In VPC you can
>>>> define your own IP subnets and it can overlap with other customers, =
so
>>>> basically everyone can have their own 10.0.0.0/24 =
<http://10.0.0.0/24> for example.
>>>> "They are known to be running multiple copies of RFC-1918 in =
disparate
>>>> localities already. In terms of scale, modulo the nightmare that =
must
>>>> make of their management network and the fragility of what happens
>>>> when company A in datacenter A wants to talk to company A in
>>>> datacenter B and they both have the same 10-NET addresses"
>>>>=20
>>>> Andras
>>>>=20
>>>>=20
>>>>> On Sun, May 31, 2015 at 7:18 PM, Matt Palmer <mpalmer@hezmatt.org =
<mailto:mpalmer@hezmatt.org>> wrote:
>>>>>> On Sun, May 31, 2015 at 01:38:05AM +1000, Andras Toth wrote:
>>>>>> Perhaps if that energy which was spent on raging, instead was =
spent on
>>>>>> a Google search, then all those words would've been unnecessary.
>>>>>>=20
>>>>>> Official documentation:
>>>>>> =
http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/elb-=
internet-facing-load-balancers.html#internet-facing-ip-addresses =
<http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/elb=
-internet-facing-load-balancers.html#internet-facing-ip-addresses>
>>>>>=20
>>>>> Congratulations, you've managed to find exactly the same info as =
Owen
>>>>> already covered:
>>>>>=20
>>>>> "Load balancers in a VPC support IPv4 addresses only."
>>>>>=20
>>>>> and
>>>>>=20
>>>>> "Load balancers in EC2-Classic support both IPv4 and IPv6 =
addresses."
>>>>>=20
>>>>> - Matt
>>=20