AWS Elastic IP architecture
owen at delong.com
Sun May 31 18:57:16 UTC 2015
> On May 31, 2015, at 11:29 AM, Matthew Kaufman <matthew at matthew.at> wrote:
> Since your network has IPv6, I fail to see the issue.
> Nobody is anywhere near being able to go single-stack on IPv6, so AWS is just another network your customers will continue to reach over v4. So what?
Sigh… The point is that all of the services and applications being built on and delivered over AWS are stuck in the IPv4 mud until such time as they can get IPv6 from AWS or move to a different cloud provider.
> Heck, if v6 support from a cloud hosting company is so important, I see a great business opportunity in your future.
There are already several cloud hosting companies that provide full dual-stack support. I already mentioned several of them earlier in the thread, so this is a rather silly conclusion to draw from the thread as a whole.
Remember where this all started… Someone asked if the internal Amazon structure was using LISP for encapsulation.
I made the semi-sarcastic comment that if they were using LISP, they probably wouldn’t have so much difficulty supporting IPv6, therefore they probably aren’t using LISP.
My statement was taken all sorts of other ways by various people.
Nonetheless, the bottom line remains the same:
AWS can’t do IPv6 outside of a very tiny limited space which provides a solution only for one particular application (pretending to provide IPv6 web services from an IPv4-only web server through a proxy).
People who are building applications and considering hosting their applications in the cloud should seriously consider whether this limitation in AWS matters to them. IMHO, forward-thinking application developers will eschew AWS in favor of clouds that have dual-stack support and build dual-stack capable applications.
> Matthew Kaufman
> (Sent from my iPhone)
>> On May 31, 2015, at 10:57 AM, Owen DeLong <owen at delong.com> wrote:
>> IPv6 has huge utility.
>> AWS’ implementation of IPv6 is brain-dead and mostly useless for most applications.
>> I think if you will review my track record over the last 5+ years, you will plainly see that I am fully aware of the utility and need for IPv6.
>> http://lmgtfy.com?q=owen+delong+ipv6 <http://lmgtfy.com/?q=owen+delong+ipv6>
>> My network (AS1734) is fully dual-stacked, unlike AWS.
>> If AWS is so convinced of the utility of IPv6, why do they continue to refuse to do a real implementation that provides IPv6 capabilities to users of their current architecture.
>> Currently, on AWS, the only IPv6 is via ELB for classic EC2 hosts. You cannot put a native IPv6 address on an AWS virtual server at all (EC2 or VPC). Unless your application is satisfied by running an IPv4-only web server which has an IPv6 VIP proxy in front of it with some extra headers added by the proxy to help you parse out the actual source address of the connection, then your application cannot use IPv6 on AWS.
>> As such, I stand by my statement that there is effectively no meaningful support for IPv6 in AWS, period.
>> AWS may disagree and think that ELB for classic EC2 is somehow meaningful, but their lack of other support for any of their modern architectures and the fact that they are in the process of phasing out classic EC2 makes me think that’s a pretty hard case to make.
>>> On May 31, 2015, at 9:01 AM, Blair Trosper <blair.trosper at gmail.com> wrote:
>>> Disagree, and so does AWS. IPv6 has a huge utility: being a universal, inter-region management network (a network that unites traffic between regions on public and private netblocks). Plus, at least the CDN and ELBs should be dual-stack, since more and more ISPs are turning on IPv6.
>>> On Sun, May 31, 2015 at 8:40 AM, Owen DeLong <owen at delong.com <mailto:owen at delong.com>> wrote:
>>> I wasn’t being specific about VPC vs. Classic.
>>> The support for IPv6 in Classic is extremely limited and basically useless for 99+% of applications.
>>> I would argue that there is, therefore, effectively no meaningful support for IPv6 in AWS, period.
>>> What you describe below seems to me that it would only make the situation I described worse, not better in the VPC world.
>>>> On May 31, 2015, at 4:23 AM, Andras Toth <diosbejgli at gmail.com <mailto:diosbejgli at gmail.com>> wrote:
>>>> Congratulations for missing the point Matt, when I sent my email
>>>> (which by the way went for moderation) there wasn't a discussion about
>>>> Classic vs VPC yet. The discussion was "no ipv6 in AWS" which is not
>>>> true as I mentioned in my previous email. I did not state it works
>>>> everywhere, but it does work.
>>>> In fact as Owen mentioned the following, I assumed he is talking about
>>>> Classic because this statement is only true there. In VPC you can
>>>> define your own IP subnets and it can overlap with other customers, so
>>>> basically everyone can have their own 10.0.0.0/24 <http://10.0.0.0/24> for example.
>>>> "They are known to be running multiple copies of RFC-1918 in disparate
>>>> localities already. In terms of scale, modulo the nightmare that must
>>>> make of their management network and the fragility of what happens
>>>> when company A in datacenter A wants to talk to company A in
>>>> datacenter B and they both have the same 10-NET addresses"
>>>>> On Sun, May 31, 2015 at 7:18 PM, Matt Palmer <mpalmer at hezmatt.org <mailto:mpalmer at hezmatt.org>> wrote:
>>>>>> On Sun, May 31, 2015 at 01:38:05AM +1000, Andras Toth wrote:
>>>>>> Perhaps if that energy which was spent on raging, instead was spent on
>>>>>> a Google search, then all those words would've been unnecessary.
>>>>>> Official documentation:
>>>>>> http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/elb-internet-facing-load-balancers.html#internet-facing-ip-addresses <http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/elb-internet-facing-load-balancers.html#internet-facing-ip-addresses>
>>>>> Congratulations, you've managed to find exactly the same info as Owen
>>>>> already covered:
>>>>> "Load balancers in a VPC support IPv4 addresses only."
>>>>> "Load balancers in EC2-Classic support both IPv4 and IPv6 addresses."
>>>>> - Matt
More information about the NANOG