IETF Logo Mail Archive

Re: [v6ops] AWS ipv6-only features

otroan@employees.org Fri, 26 November 2021 09:02 UTC

Return-Path: <otroan@employees.org>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 243BF3A0C41 for <v6ops@ietfa.amsl.com>; Fri, 26 Nov 2021 01:02:47 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bm2QquQiU_IS for <v6ops@ietfa.amsl.com>; Fri, 26 Nov 2021 01:02:44 -0800 (PST)
Received: from clarinet.employees.org (clarinet.employees.org [198.137.202.74]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 30CCA3A0C3B for <v6ops@ietf.org>; Fri, 26 Nov 2021 01:02:44 -0800 (PST)
Received: from astfgl.hanazo.no (ti0389q160-2489.bb.online.no [46.9.226.213]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by clarinet.employees.org (Postfix) with ESMTPSA id 8F0AF4E11B60; Fri, 26 Nov 2021 09:02:43 +0000 (UTC)
Received: from smtpclient.apple (localhost [IPv6:::1]) by astfgl.hanazo.no (Postfix) with ESMTP id A692A67320EB; Fri, 26 Nov 2021 10:02:41 +0100 (CET)
From: otroan@employees.org
Message-Id: <16AC2071-32D3-4CFE-B6A4-337FBB7AC39C@employees.org>
Content-Type: multipart/signed; boundary="Apple-Mail=_EC999E82-10AC-4F05-A515-BB783B9039A0"; protocol="application/pgp-signature"; micalg="pgp-sha256"
Mime-Version: 1.0 (Mac OS X Mail 14.0 \(3654.120.0.1.13\))
Date: Fri, 26 Nov 2021 10:02:41 +0100
In-Reply-To: <CAKD1Yr3jZwORdNsg=FzObaY+7DDGwZR=6EVmu1GjeUgibwTsvQ@mail.gmail.com>
Cc: Brian E Carpenter <brian.e.carpenter@gmail.com>, IPv6 Ops WG <v6ops@ietf.org>
To: Lorenzo Colitti <lorenzo=40google.com@dmarc.ietf.org>
References: <CAD6AjGRAkpMDaAh31mVL=+Gcz5PHejUxxLazr4Xb=vVRHfaSpw@mail.gmail.com> <CAO42Z2z8u_DQMd9eNSQp_RhBinXk2KyH4pdbVLMEqOta-hoG1w@mail.gmail.com> <CADzU5g5odQ82FJ0TsdNxFB42OkgLZ+PWanLLrK1roLojAUS54A@mail.gmail.com> <CAO42Z2z+ZJ_pLwZmBjZ_HFsNXQ6jok-PMRTP23ZD2UMch61wtw@mail.gmail.com> <12900505-8861-cdb4-0895-09e4db18e2eb@gmail.com> <CAKD1Yr3jZwORdNsg=FzObaY+7DDGwZR=6EVmu1GjeUgibwTsvQ@mail.gmail.com>
X-Mailer: Apple Mail (2.3654.120.0.1.13)
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/Pq6R80gpokQAvLk9XgCxKH5_vXY>
Subject: Re: [v6ops] AWS ipv6-only features
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 26 Nov 2021 09:02:47 -0000

Lorenzo,

> True, and I can't condone it, but as long as they don't leak it, the only
> operator that can be damaged is AWS itself, so it's an own goal. In fact,
> even if they do leak it, any competent ISP will drop it.
> 
> The damage is not to operators, it is to application developers. Using fd00:ec2::/16 pretty much guarantees that there will be collisions within EC2 itself. If collisions can happen, that means that applications will need to learn to work with NAT66 or at least with NPTv6. That's pretty much the worst thing they could have done for IPv6 I think.

I agree that damage is bad. Unfortunately that cat is already out of the bag.
IPv6 applications already need to work through NAT64.

And likely enterprises running on ULAs with NPTv6 gateways and "firewall in the cloud" style services which typically use NAT66/NPTv6 too.

O.

v2.23.0 | Report a Bug | By Email