IETF Logo Mail Archive

Re: [v6ops] AWS ipv6-only features

otroan@employees.org Fri, 26 November 2021 10:23 UTC

Return-Path: <otroan@employees.org>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9805C3A0CAE for <v6ops@ietfa.amsl.com>; Fri, 26 Nov 2021 02:23:30 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dN2e4nSISYJ3 for <v6ops@ietfa.amsl.com>; Fri, 26 Nov 2021 02:23:26 -0800 (PST)
Received: from clarinet.employees.org (clarinet.employees.org [IPv6:2607:7c80:54:3::74]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5C04E3A0CA9 for <v6ops@ietf.org>; Fri, 26 Nov 2021 02:23:26 -0800 (PST)
Received: from astfgl.hanazo.no (ti0389q160-2489.bb.online.no [46.9.226.213]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by clarinet.employees.org (Postfix) with ESMTPSA id A63A14E11B60; Fri, 26 Nov 2021 10:23:25 +0000 (UTC)
Received: from smtpclient.apple (localhost [IPv6:::1]) by astfgl.hanazo.no (Postfix) with ESMTP id 3B4DE67343EE; Fri, 26 Nov 2021 11:23:22 +0100 (CET)
From: otroan@employees.org
Message-Id: <86FD1DDE-FEF5-4971-B42B-9BFFBBAB84B5@employees.org>
Content-Type: multipart/signed; boundary="Apple-Mail=_FD1E998F-E196-40FF-8549-9ED27E0A2F6A"; protocol="application/pgp-signature"; micalg="pgp-sha256"
Mime-Version: 1.0 (Mac OS X Mail 14.0 \(3654.120.0.1.13\))
Date: Fri, 26 Nov 2021 11:23:21 +0100
In-Reply-To: <CAO42Z2yrvuZHZma51nSKwYVXyE7e586UDN4BzA_Qf98ocwLC-A@mail.gmail.com>
Cc: Lorenzo Colitti <lorenzo=40google.com@dmarc.ietf.org>, IPv6 Ops WG <v6ops@ietf.org>
To: Mark Smith <markzzzsmith@gmail.com>
References: <CAD6AjGRAkpMDaAh31mVL=+Gcz5PHejUxxLazr4Xb=vVRHfaSpw@mail.gmail.com> <CAO42Z2z8u_DQMd9eNSQp_RhBinXk2KyH4pdbVLMEqOta-hoG1w@mail.gmail.com> <CADzU5g5odQ82FJ0TsdNxFB42OkgLZ+PWanLLrK1roLojAUS54A@mail.gmail.com> <CAO42Z2z+ZJ_pLwZmBjZ_HFsNXQ6jok-PMRTP23ZD2UMch61wtw@mail.gmail.com> <12900505-8861-cdb4-0895-09e4db18e2eb@gmail.com> <CAKD1Yr3jZwORdNsg=FzObaY+7DDGwZR=6EVmu1GjeUgibwTsvQ@mail.gmail.com> <16AC2071-32D3-4CFE-B6A4-337FBB7AC39C@employees.org> <CAO42Z2yrvuZHZma51nSKwYVXyE7e586UDN4BzA_Qf98ocwLC-A@mail.gmail.com>
X-Mailer: Apple Mail (2.3654.120.0.1.13)
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/IK7G7r_xoGFRrItFImNBzd_JbXE>
Subject: Re: [v6ops] AWS ipv6-only features
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 26 Nov 2021 10:23:31 -0000

Mark,

> > True, and I can't condone it, but as long as they don't leak it, the only
> > operator that can be damaged is AWS itself, so it's an own goal. In fact,
> > even if they do leak it, any competent ISP will drop it.
> >
> > The damage is not to operators, it is to application developers. Using fd00:ec2::/16 pretty much guarantees that there will be collisions within EC2 itself. If collisions can happen, that means that applications will need to learn to work with NAT66 or at least with NPTv6. That's pretty much the worst thing they could have done for IPv6 I think.
> 
> I agree that damage is bad. Unfortunately that cat is already out of the bag.
> IPv6 applications already need to work through NAT64.
> 
> And likely enterprises running on ULAs with NPTv6 gateways and "firewall in the cloud" style services which typically use NAT66/NPTv6 too.
> 
> 
> Here's an example I think of to demonstrate the point.
> 
> I've had the same mobile phone number since 1995, and anybody who knows it can still call me on it.
> 
> That's across multiple carriers due to number portability (and I'm quite aware of the scaling issue of doing that, however it seems to be working well enough).
> 
> Imagine not even knowing your own phone number. That's what NAT is doing. It makes things callers-only, even when being a receiver would be far better.

Absolutely. And my point wasn't to argue the qualitative properties of NAT.
I was making the point that NATs in various forms also are prevalent in IPv6 and that an application cannot assume end to end transparent addressing.
(Addresses are ephemeral and of course applications shouldn't use them as identifiers anyhow.)

O.

v2.23.0 | Report a Bug | By Email