IETF Logo Mail Archive

Re: [v6ops] AWS ipv6-only features

Nick Buraglio <buraglio@es.net> Mon, 29 November 2021 18:34 UTC

Return-Path: <buraglio@es.net>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 39B1F3A0603 for <v6ops@ietfa.amsl.com>; Mon, 29 Nov 2021 10:34:07 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=es.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id W2qPVqfSbxjq for <v6ops@ietfa.amsl.com>; Mon, 29 Nov 2021 10:34:02 -0800 (PST)
Received: from mail-lf1-x134.google.com (mail-lf1-x134.google.com [IPv6:2a00:1450:4864:20::134]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D8B593A05E2 for <v6ops@ietf.org>; Mon, 29 Nov 2021 10:34:01 -0800 (PST)
Received: by mail-lf1-x134.google.com with SMTP id bi37so47063544lfb.5 for <v6ops@ietf.org>; Mon, 29 Nov 2021 10:34:01 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=es.net; s=esnet-google; h=mime-version:references:in-reply-to:reply-to:from:date:message-id :subject:to:cc; bh=iPR1n7V9ggXFwPu12r8fHaL5nULnmF9s/XRDzTnQ1KA=; b=de3G1L7MUp2SZpq/NJCJQIoAcIoYrW7oJV5J4j44+6QCRKOB/nl5s6jXgBcTm/o/7t SBUT9yaYfLqDJc7K9BJyDtdMVOQjBYNb8OF5FZY6XeRqT8a4ZDh3bkZbIAa/QCoVwmNk GszG4Xfp62GRBeCL1zRvS1a0Sok66n64RBVQo4Zkr8Zyaf8EmZx/tDRU/JjitGiniW/h jGJtZWup5qHn2JrPJQtqO87rkRuBWfdx5D3p8EyFsXqPXzVSBCKNFzGJt1j/EzFoID29 zcudmvDZUU+tlzZFUDV6+F1MIg+E4iDUpXHjvZjlicby0IMtaGKFJiG9kTlxPnydT8Jj je4Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:reply-to :from:date:message-id:subject:to:cc; bh=iPR1n7V9ggXFwPu12r8fHaL5nULnmF9s/XRDzTnQ1KA=; b=lHnXoiW/mRaC5P+UUKxCbnF/tz9bbLn5S3TPxrpGjl0eAo1FY5z0APwqQLp9y4/dqJ m+AFaAuNUrVERDL+8NRsC0TRmyz429M5srkBxV6axp4TkQfcaqEYEHe+1Jdd2AB/GDkO 9HpiqiQ457yf18P2j645VwRz+x+ZWjipywPrNfobgLTlPrqQyZH3YoWtwUry0umjTTsU zsISuDj47BxoIKfCv1SUVFvYuIqxPk1HMtEVN34excUhmnf59aKNXiHchQsQZRKkoFuj PQQyH3wMbibPr5rd1osIlw0XjujhJbFrTsiGZ2rbpmhGnNKXMkWCmEQ/NiIPgzPrOrIi TVJw==
X-Gm-Message-State: AOAM533DDg7at3Kf4Z3HLmshxaps6ZQ5KabAq0fkbstkl3TW7duwqZmc svxqAI/b7NJrLA4K89aq+AyheJR5Irjc1FHwh9IwAx3z05Th9KUjDFN+LU5g8mCHO659Sabf19B zXPU0XNSbQYltpdKZ+YhtGrrvkwpO9Gu8kjTsSwCH/tPKHL7XRdaHhuy/ckkzzw/VJ2gBI++5tu o=
X-Google-Smtp-Source: ABdhPJx8KMowKWAjcdZXsmA7hGXdzjKNh0ip682YPn+2AUuyeNWrgvFoAucoeWeAtZBG2mK12Buvf607OFS3esWxbb0=
X-Received: by 2002:a05:6512:2eb:: with SMTP id m11mr47328732lfq.326.1638210838528; Mon, 29 Nov 2021 10:33:58 -0800 (PST)
MIME-Version: 1.0
References: <CAD6AjGRAkpMDaAh31mVL=+Gcz5PHejUxxLazr4Xb=vVRHfaSpw@mail.gmail.com> <CAO42Z2z8u_DQMd9eNSQp_RhBinXk2KyH4pdbVLMEqOta-hoG1w@mail.gmail.com> <CADzU5g5odQ82FJ0TsdNxFB42OkgLZ+PWanLLrK1roLojAUS54A@mail.gmail.com> <CAO42Z2z+ZJ_pLwZmBjZ_HFsNXQ6jok-PMRTP23ZD2UMch61wtw@mail.gmail.com>
In-Reply-To: <CAO42Z2z+ZJ_pLwZmBjZ_HFsNXQ6jok-PMRTP23ZD2UMch61wtw@mail.gmail.com>
Reply-To: buraglio@es.net
From: Nick Buraglio <buraglio@es.net>
Date: Mon, 29 Nov 2021 12:33:46 -0600
Message-ID: <CAM5+tA9JhRWfZ2VLLQnT8Mg+Xng-+Rc-oQnX8Ma5DguL2uDO8w@mail.gmail.com>
To: Mark Smith <markzzzsmith@gmail.com>
Cc: Clark Gaylord <cgaylord@vt.edu>, IPv6 Ops WG <v6ops@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000019e37005d1f1aff8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/dSSaP9A4BKQvDmU35f_JeWWXW7M>
Subject: Re: [v6ops] AWS ipv6-only features
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 29 Nov 2021 18:34:07 -0000

Thank you for writing some information on ULA, it's an important part of
IPv6 and not really discussed enough. Perhaps we should start another
thread, but I'd like to hear more about when you see this behavior:

*"ULAs are preferred over GUAs, so when a host is presented with both a ULA
and GUA as possible ways to reach a destination, the host will select the
ULA. Once the ULA destination address is chosen, the host will then choose
its ULA as a source address to reach the ULA destination. This preference
of ULA addressing over GUA addressing is the mechanism that provides
internal network connectivity independence from concurrent external
Internet connectivity."*

In testing and in practice I have experienced that exactly the opposite of
this is true in both day-to-day use and every single explicit test I have
done where ULA and GUA are present on both sides with a variety of hardware
platforms and operating systems. GUA is used in every scenario I test when
the AAAA records are all matching (i.e. appropriately correct DNS). I'm
happy to learn that I am incorrect, as it would make certain things easier,
but nothing so far in my experience has shown the described behavior.
Seemingly relevant to the discussion at hand, and definitely relevant to
enterprises and providers actively using or considering ULA.

nb

On Thu, Nov 25, 2021 at 2:49 PM Mark Smith <markzzzsmith@gmail.com> wrote:

>
>
> On Fri, 26 Nov 2021, 07:41 Clark Gaylord, <cgaylord@vt.edu> wrote:
>
>> Yeah AWS hold their cards close and don't seem to engage the community,
>> but they do have decent IPv6 coverage across the services. Notwithstanding
>> that the whole VPC concept has the whiff of ancient days about it; tonight
>> we're gonna network like it's 1999!
>>
>> EC2 as part of the address is a great idea. I am so stealing that (can't
>> believe I haven't thought of it.)
>>
>
> It's a terrible idea. The "Unique" in ULA is on purpose.
>
> Getting IPv6 private addressing right
> https://blog.apnic.net/2020/05/20/getting-ipv6-private-addressing-right/
>
>
>>
>> On Thu, Nov 25, 2021, 15:09 Mark Smith <markzzzsmith@gmail.com> wrote:
>>
>>>
>>>
>>> On Thu, 25 Nov 2021, 23:51 Ca By, <cb.list6@gmail.com> wrote:
>>>
>>>> Fyi, aws has gone beyond perfunctory ipv6 support and has released a
>>>> series of enhancements, with a focus on ipv6-only scenarios, including
>>>> nat64 / dns64
>>>>
>>>>
>>>> https://aws.amazon.com/about-aws/whats-new/2021/11/aws-nat64-dns64-communication-ipv6-ipv4-services/
>>>>
>>>> AWS has lapped Google and Azure in advanced network features, which is
>>>> really surprising given the early muscle Google developed at IPv6 launch
>>>> and a stronger need to differentiate …
>>>>
>>>
>>> AWS failed to do ULAs properly. 'ec2' could be a random global ID, but
>>> unlikely when their service is "EC2".
>>>
>>> Matters more here because they're exposing that to all of their tenants.
>>> I think GUAs would have been better for these internal all tenant services.
>>>
>>> I've never seen AWS participate here in 20 years, unlike G and M.
>>>
>>>
>>> _______________________________________________
>>>> v6ops mailing list
>>>> v6ops@ietf.org
>>>> https://www.ietf.org/mailman/listinfo/v6ops
>>>>
>>> _______________________________________________
>>> v6ops mailing list
>>> v6ops@ietf.org
>>> https://www.ietf.org/mailman/listinfo/v6ops
>>>
>> _______________________________________________
> v6ops mailing list
> v6ops@ietf.org
> https://www.ietf.org/mailman/listinfo/v6ops
>

v2.23.0 | Report a Bug | By Email