[180312] in North American Network Operators' Group
Re: AWS Elastic IP architecture
daemon@ATHENA.MIT.EDU (Owen DeLong)
Sun May 31 15:13:40 2015
X-Original-To: nanog@nanog.org
From: Owen DeLong <owen@delong.com>
In-Reply-To: <CAA5Ek4c-FRfqgysaenU0_JB9y-Y0_4ZGsX22g3NgcR18nTv89A@mail.gmail.com>
Date: Sun, 31 May 2015 12:11:43 -0700
To: Blair Trosper <blair.trosper@gmail.com>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
> On May 31, 2015, at 11:36 AM, Blair Trosper <blair.trosper@gmail.com> =
wrote:
>=20
> AWS built their network first...before IPv6 "popped", so you can =
appreciate the huge task
> they have of retrofitting all their products to support it.
Sure, and if they said =E2=80=9CWe have a plan, and it will take X =
amount of time=E2=80=9D, I would respect that.
If they said =E2=80=9CWe have a plan and we=E2=80=99re not sure how long =
it will take=E2=80=9D, I would continue to poke
them about sooner is better than later and having a target date helps =
people to plan.
=E2=80=9CWe don=E2=80=99t think IPv6 matters and we aren=E2=80=99t =
announcing any plans to get it implemented or any
date by which it will be available=E2=80=9D, on the other hand, being =
what they have actually repeatedly
said to me until very recently, not so much.
Now, they=E2=80=99re saying (essentially) =E2=80=9CWe think IPv6 might =
matter, but we aren=E2=80=99t announcing
any plans to get it implemented or any date by which it will be =
available=E2=80=9D . To me, this
is still a problematic situation for their customers.
Especially when you look at the impact it has on the rest of the =
internet.
Review Lee Howard=E2=80=99s Denver ION presentation about =
per-user-per-year costs of delivering IPv4
over the next several years and it rapidly becomes clear that the =
failure of Amazon to make dual
stack available is actually one of the major factors preventing eyeball =
carriers from being able to
make plans for IPv6 monastic on any reasonable timeframe and a major =
factor in their CGN
costs.
> I don't envy the task, but they have said publicly and privately that =
it's a priority. But it's
> also a massive undertaking, and you can't expect them to snap their =
fingers and turn it
> out over a weekend, man=E2=80=A6
They haven=E2=80=99t, really, exactly said that. They=E2=80=99ve sort of =
hinted that they might be working on it
in some places. They=E2=80=99ve sort-a-kind-a paid it some lip service. =
They haven=E2=80=99t announced plans,
dates, or any firm commitment in any form.
> The prize of being first cuts both ways when newer technologies at =
lower network levels
> start taking off and you don't have support built in to something =
proprietary.
I started talking to folks at Amazon about this issue more than 5 years =
ago. At the time, they
told me flat out that it was not a priority. I gave them half a decade =
to figure out it was a priority
and do something about it while remaining relatively quite about it =
publicly. At this point, things
have reached a point where the damage that occurs as a result of =
applications being deployed
on such a dead-end service and the limitations that service imposes on =
those applications can
no longer be tolerated.
> Would it be great if they had it faster? Obviously yes.
Agreed.
> Are they working on it as a priority? Yes.
Do you have any evidence to support this claim?
> Can they go any faster? Probably.
Isn=E2=80=99t that answer alone a sign that perhaps it isn=E2=80=99t so =
much of a priority to them?
> Are there other choices for cloud providers that are full dual stack =
if this really is a=20
> live or die issue for you? Yes.
This represents one of the most common fallacies in people=E2=80=99s =
thinking about IPv6.
Your failure to implement IPv6 doesn=E2=80=99t just impact you and your =
customers. Especially when you=E2=80=99re
something like AWS. It impacts the customers of your customers and their =
service providers, too.
If Amazon and Skype were IPv6 capable, you would actually find a =
relatively significant fraction of
traffic that is likely to get CGN=E2=80=99d today would be delivered =
over IPv6 instead. That=E2=80=99s a HUGE win
and a HUGE cost savings to lots of eyeball ISPs out there. None of them =
are likely AWS customers.
None of them are likely to be perceived by AWS as =E2=80=9Cdemand=E2=80=9D=
for IPv6, yet, they are in fact the
source of the majority of the demand.
> Access to dual-stack isn't a fundamental human right. If you don't =
like what AWS is doing,
> then use someone else who has dualstack.
Again, you are ignoring the larger consequences of their failure.
You can rest assured that I am not purchasing service from AWS due to =
their failed policies toward IPv6.
However, that doesn=E2=80=99t fully mitigate the impact to me from those =
bad decisions. So, in an effort to both further
mitigate those impacts and to help others avoid them, I have started =
vocally encouraging people to take a
serious look at AWS=E2=80=99 lack of IPv6 and consider alternatives when =
selecting a cloud hosting provider.
> I don't get the outrage...and it's so irrational, that you've caused =
me to actually *defend* AWS.
I hope I have explained the reasons for my position a bit better so that =
you no longer feel the need to do so.
I am not outraged by AWS=E2=80=99 actions. They are free to do what they =
wish. However, I want to make sure that
application developers are aware of the impact this has on their =
application, should they choose to deploy
it in AWS and I want to encourage current users of AWS to consider =
IPv6-capable alternatives for the good
of the internet.
Owen
>=20
> bt
>=20
>=20
> On Sun, May 31, 2015 at 1:29 PM, Matthew Kaufman <matthew@matthew.at =
<mailto:matthew@matthew.at>> wrote:
> Since your network has IPv6, I fail to see the issue.
>=20
> Nobody is anywhere near being able to go single-stack on IPv6, so AWS =
is just another network your customers will continue to reach over v4. =
So what?
>=20
> Heck, if v6 support from a cloud hosting company is so important, I =
see a great business opportunity in your future.
>=20
> Matthew Kaufman
>=20
> (Sent from my iPhone)
>=20
> > On May 31, 2015, at 10:57 AM, Owen DeLong <owen@delong.com =
<mailto:owen@delong.com>> wrote:
> >
> > Sigh=E2=80=A6
> >
> > IPv6 has huge utility.
> >
> > AWS=E2=80=99 implementation of IPv6 is brain-dead and mostly useless =
for most applications.
> >
> > I think if you will review my track record over the last 5+ years, =
you will plainly see that I am fully aware of the utility and need for =
IPv6.
> >
> > http://lmgtfy.com?q=3Dowen+delong+ipv6 =
<http://lmgtfy.com/?q=3Dowen+delong+ipv6> =
<http://lmgtfy.com/?q=3Dowen+delong+ipv6 =
<http://lmgtfy.com/?q=3Dowen+delong+ipv6>>
> >
> > My network (AS1734) is fully dual-stacked, unlike AWS.
> >
> > If AWS is so convinced of the utility of IPv6, why do they continue =
to refuse to do a real implementation that provides IPv6 capabilities to =
users of their current architecture.
> >
> > Currently, on AWS, the only IPv6 is via ELB for classic EC2 hosts. =
You cannot put a native IPv6 address on an AWS virtual server at all =
(EC2 or VPC). Unless your application is satisfied by running an =
IPv4-only web server which has an IPv6 VIP proxy in front of it with =
some extra headers added by the proxy to help you parse out the actual =
source address of the connection, then your application cannot use IPv6 =
on AWS.
> >
> > As such, I stand by my statement that there is effectively no =
meaningful support for IPv6 in AWS, period.
> >
> > AWS may disagree and think that ELB for classic EC2 is somehow =
meaningful, but their lack of other support for any of their modern =
architectures and the fact that they are in the process of phasing out =
classic EC2 makes me think that=E2=80=99s a pretty hard case to make.
> >
> > Owen
> >
> >> On May 31, 2015, at 9:01 AM, Blair Trosper <blair.trosper@gmail.com =
<mailto:blair.trosper@gmail.com>> wrote:
> >>
> >> Disagree, and so does AWS. IPv6 has a huge utility: being a =
universal, inter-region management network (a network that unites =
traffic between regions on public and private netblocks). Plus, at =
least the CDN and ELBs should be dual-stack, since more and more ISPs =
are turning on IPv6.
> >>
> >> On Sun, May 31, 2015 at 8:40 AM, Owen DeLong <owen@delong.com =
<mailto:owen@delong.com> <mailto:owen@delong.com =
<mailto:owen@delong.com>>> wrote:
> >> I wasn=E2=80=99t being specific about VPC vs. Classic.
> >>
> >> The support for IPv6 in Classic is extremely limited and basically =
useless for 99+% of applications.
> >>
> >> I would argue that there is, therefore, effectively no meaningful =
support for IPv6 in AWS, period.
> >>
> >> What you describe below seems to me that it would only make the =
situation I described worse, not better in the VPC world.
> >>
> >> Owen
> >>
> >>> On May 31, 2015, at 4:23 AM, Andras Toth <diosbejgli@gmail.com =
<mailto:diosbejgli@gmail.com> <mailto:diosbejgli@gmail.com =
<mailto:diosbejgli@gmail.com>>> wrote:
> >>>
> >>> Congratulations for missing the point Matt, when I sent my email
> >>> (which by the way went for moderation) there wasn't a discussion =
about
> >>> Classic vs VPC yet. The discussion was "no ipv6 in AWS" which is =
not
> >>> true as I mentioned in my previous email. I did not state it works
> >>> everywhere, but it does work.
> >>>
> >>> In fact as Owen mentioned the following, I assumed he is talking =
about
> >>> Classic because this statement is only true there. In VPC you can
> >>> define your own IP subnets and it can overlap with other =
customers, so
> >>> basically everyone can have their own 10.0.0.0/24 =
<http://10.0.0.0/24> <http://10.0.0.0/24 <http://10.0.0.0/24>> for =
example.
> >>> "They are known to be running multiple copies of RFC-1918 in =
disparate
> >>> localities already. In terms of scale, modulo the nightmare that =
must
> >>> make of their management network and the fragility of what happens
> >>> when company A in datacenter A wants to talk to company A in
> >>> datacenter B and they both have the same 10-NET addresses"
> >>>
> >>> Andras
> >>>
> >>>
> >>>> On Sun, May 31, 2015 at 7:18 PM, Matt Palmer <mpalmer@hezmatt.org =
<mailto:mpalmer@hezmatt.org> <mailto:mpalmer@hezmatt.org =
<mailto:mpalmer@hezmatt.org>>> wrote:
> >>>>> On Sun, May 31, 2015 at 01:38:05AM +1000, Andras Toth wrote:
> >>>>> Perhaps if that energy which was spent on raging, instead was =
spent on
> >>>>> a Google search, then all those words would've been unnecessary.
> >>>>>
> >>>>> Official documentation:
> >>>>> =
http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/elb-=
internet-facing-load-balancers.html#internet-facing-ip-addresses =
<http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/elb=
-internet-facing-load-balancers.html#internet-facing-ip-addresses> =
<http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/elb=
-internet-facing-load-balancers.html#internet-facing-ip-addresses =
<http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/elb=
-internet-facing-load-balancers.html#internet-facing-ip-addresses>>
> >>>>
> >>>> Congratulations, you've managed to find exactly the same info as =
Owen
> >>>> already covered:
> >>>>
> >>>> "Load balancers in a VPC support IPv4 addresses only."
> >>>>
> >>>> and
> >>>>
> >>>> "Load balancers in EC2-Classic support both IPv4 and IPv6 =
addresses."
> >>>>
> >>>> - Matt
> >
>=20
>=20
