AWS Elastic IP architecture

Mark Andrews marka at isc.org
Thu Jun 4 22:28:38 UTC 2015


In message <CABidiTJH=+oKpF7OwU+2V4MELaigMTqe3ZdFr51jUKRTpHFdtA at mail.gmail.com>
, Philip Dorr writes:
> On Thu, Jun 4, 2015 at 12:16 PM, Christopher Morrow
> <morrowc.lists at gmail.com> wrote:
> > On Thu, Jun 4, 2015 at 5:11 AM, Owen DeLong <owen at delong.com> wrote:
> >> I=E2=80=99d argue that SSH is several thousand, not a few hundred. In an=
> y case, I suppose you can make the argument that only a few people are tryi=
> ng to access their home network resources remotely other than via some sort=
>  of proxy/rendezvous service. However, I would argue that such services exi=
> st solely to provide a workaround for the deficiencies in the network intro=
> duced by NAT. Get rid of the stupid NAT and you no longer need such service=
> s.
> >
> > This is an interesting argument/point, but if you remove the rendevous
> > service then how do you find the thing in your house? now the user has
> > to manage DNS, or the service in question has to manage a dns entry
> > for the customer, right?
> 
> You do not remove the locating service, what you remove is the remote
> proxy service.

And the DNS is the simplest location service.  Windows boxes and
Mac's can register themselves in the DNS today using standardised
protocols.  This really isn't a hard thing to do.  All you need is
a fully qualified hostname, addresses and update credentials
(username/password (TSIG) or a public key pair SIG(0)) and you can
update the addresses records using the DNS and UPDATE.  Windows
uses GSS-TSIG (Kerberos) to authenticate the UPDATE request.  In
theory it could also use plain TSIG and/or SIG(0).

What is hard is giving them a globally unique address today because
it doesn't exist for 99.9% of the devices connected in the world
due to the world having run out of IPv4 address about ~20 years
ago.  At the moment we are at ~1 address per household for IPv4.
We are heading into < 1 address per household for most of the
households in the world.

For a Mac you do System Preference -> Sharing -> Edit and Tick "Use
dynamic global hostname" add the hostname and TSIG credentials
(User/Password).  The Mac will save them.  The Mac will then update
the address records for itself as they change.

What has to happen is making this a regular part of setting up a
machine for the first time.  This requires other OS vendors adding
equivalent functionality to their OS's.

> For example with a webcam on IPv4, you would connect to website to
> download the video.  The camera would also connect to the website to
> upload the video.
> 
> On IPv6 the webcam would connect to the website to say that it is
> alive and what its IP is.  You would connect to the website and your
> computer would get the IP and directly connect to the webcam.  If
> there were multiple people connecting, you may even be able to use
> multicast.

-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org



More information about the NANOG mailing list