Re: [v6ops] AWS ipv6-only features
Nick Buraglio <buraglio@es.net> Mon, 29 November 2021 18:34 UTC
Return-Path: <buraglio@es.net>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 39B1F3A0603 for <v6ops@ietfa.amsl.com>; Mon, 29 Nov 2021 10:34:07 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=es.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id W2qPVqfSbxjq for <v6ops@ietfa.amsl.com>; Mon, 29 Nov 2021 10:34:02 -0800 (PST)
Received: from mail-lf1-x134.google.com (mail-lf1-x134.google.com [IPv6:2a00:1450:4864:20::134]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D8B593A05E2 for <v6ops@ietf.org>; Mon, 29 Nov 2021 10:34:01 -0800 (PST)
Received: by mail-lf1-x134.google.com with SMTP id bi37so47063544lfb.5 for <v6ops@ietf.org>; Mon, 29 Nov 2021 10:34:01 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=es.net; s=esnet-google; h=mime-version:references:in-reply-to:reply-to:from:date:message-id :subject:to:cc; bh=iPR1n7V9ggXFwPu12r8fHaL5nULnmF9s/XRDzTnQ1KA=; b=de3G1L7MUp2SZpq/NJCJQIoAcIoYrW7oJV5J4j44+6QCRKOB/nl5s6jXgBcTm/o/7t SBUT9yaYfLqDJc7K9BJyDtdMVOQjBYNb8OF5FZY6XeRqT8a4ZDh3bkZbIAa/QCoVwmNk GszG4Xfp62GRBeCL1zRvS1a0Sok66n64RBVQo4Zkr8Zyaf8EmZx/tDRU/JjitGiniW/h jGJtZWup5qHn2JrPJQtqO87rkRuBWfdx5D3p8EyFsXqPXzVSBCKNFzGJt1j/EzFoID29 zcudmvDZUU+tlzZFUDV6+F1MIg+E4iDUpXHjvZjlicby0IMtaGKFJiG9kTlxPnydT8Jj je4Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:reply-to :from:date:message-id:subject:to:cc; bh=iPR1n7V9ggXFwPu12r8fHaL5nULnmF9s/XRDzTnQ1KA=; b=lHnXoiW/mRaC5P+UUKxCbnF/tz9bbLn5S3TPxrpGjl0eAo1FY5z0APwqQLp9y4/dqJ m+AFaAuNUrVERDL+8NRsC0TRmyz429M5srkBxV6axp4TkQfcaqEYEHe+1Jdd2AB/GDkO 9HpiqiQ457yf18P2j645VwRz+x+ZWjipywPrNfobgLTlPrqQyZH3YoWtwUry0umjTTsU zsISuDj47BxoIKfCv1SUVFvYuIqxPk1HMtEVN34excUhmnf59aKNXiHchQsQZRKkoFuj PQQyH3wMbibPr5rd1osIlw0XjujhJbFrTsiGZ2rbpmhGnNKXMkWCmEQ/NiIPgzPrOrIi TVJw==
X-Gm-Message-State: AOAM533DDg7at3Kf4Z3HLmshxaps6ZQ5KabAq0fkbstkl3TW7duwqZmc svxqAI/b7NJrLA4K89aq+AyheJR5Irjc1FHwh9IwAx3z05Th9KUjDFN+LU5g8mCHO659Sabf19B zXPU0XNSbQYltpdKZ+YhtGrrvkwpO9Gu8kjTsSwCH/tPKHL7XRdaHhuy/ckkzzw/VJ2gBI++5tu o=
X-Google-Smtp-Source: ABdhPJx8KMowKWAjcdZXsmA7hGXdzjKNh0ip682YPn+2AUuyeNWrgvFoAucoeWeAtZBG2mK12Buvf607OFS3esWxbb0=
X-Received: by 2002:a05:6512:2eb:: with SMTP id m11mr47328732lfq.326.1638210838528; Mon, 29 Nov 2021 10:33:58 -0800 (PST)
MIME-Version: 1.0
References: <CAD6AjGRAkpMDaAh31mVL=+Gcz5PHejUxxLazr4Xb=vVRHfaSpw@mail.gmail.com> <CAO42Z2z8u_DQMd9eNSQp_RhBinXk2KyH4pdbVLMEqOta-hoG1w@mail.gmail.com> <CADzU5g5odQ82FJ0TsdNxFB42OkgLZ+PWanLLrK1roLojAUS54A@mail.gmail.com> <CAO42Z2z+ZJ_pLwZmBjZ_HFsNXQ6jok-PMRTP23ZD2UMch61wtw@mail.gmail.com>
In-Reply-To: <CAO42Z2z+ZJ_pLwZmBjZ_HFsNXQ6jok-PMRTP23ZD2UMch61wtw@mail.gmail.com>
Reply-To: buraglio@es.net
From: Nick Buraglio <buraglio@es.net>
Date: Mon, 29 Nov 2021 12:33:46 -0600
Message-ID: <CAM5+tA9JhRWfZ2VLLQnT8Mg+Xng-+Rc-oQnX8Ma5DguL2uDO8w@mail.gmail.com>
To: Mark Smith <markzzzsmith@gmail.com>
Cc: Clark Gaylord <cgaylord@vt.edu>, IPv6 Ops WG <v6ops@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000019e37005d1f1aff8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/dSSaP9A4BKQvDmU35f_JeWWXW7M>
Subject: Re: [v6ops] AWS ipv6-only features
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 29 Nov 2021 18:34:07 -0000
Thank you for writing some information on ULA, it's an important part of IPv6 and not really discussed enough. Perhaps we should start another thread, but I'd like to hear more about when you see this behavior: *"ULAs are preferred over GUAs, so when a host is presented with both a ULA and GUA as possible ways to reach a destination, the host will select the ULA. Once the ULA destination address is chosen, the host will then choose its ULA as a source address to reach the ULA destination. This preference of ULA addressing over GUA addressing is the mechanism that provides internal network connectivity independence from concurrent external Internet connectivity."* In testing and in practice I have experienced that exactly the opposite of this is true in both day-to-day use and every single explicit test I have done where ULA and GUA are present on both sides with a variety of hardware platforms and operating systems. GUA is used in every scenario I test when the AAAA records are all matching (i.e. appropriately correct DNS). I'm happy to learn that I am incorrect, as it would make certain things easier, but nothing so far in my experience has shown the described behavior. Seemingly relevant to the discussion at hand, and definitely relevant to enterprises and providers actively using or considering ULA. nb On Thu, Nov 25, 2021 at 2:49 PM Mark Smith <markzzzsmith@gmail.com> wrote: > > > On Fri, 26 Nov 2021, 07:41 Clark Gaylord, <cgaylord@vt.edu> wrote: > >> Yeah AWS hold their cards close and don't seem to engage the community, >> but they do have decent IPv6 coverage across the services. Notwithstanding >> that the whole VPC concept has the whiff of ancient days about it; tonight >> we're gonna network like it's 1999! >> >> EC2 as part of the address is a great idea. I am so stealing that (can't >> believe I haven't thought of it.) >> > > It's a terrible idea. The "Unique" in ULA is on purpose. > > Getting IPv6 private addressing right > https://blog.apnic.net/2020/05/20/getting-ipv6-private-addressing-right/ > > >> >> On Thu, Nov 25, 2021, 15:09 Mark Smith <markzzzsmith@gmail.com> wrote: >> >>> >>> >>> On Thu, 25 Nov 2021, 23:51 Ca By, <cb.list6@gmail.com> wrote: >>> >>>> Fyi, aws has gone beyond perfunctory ipv6 support and has released a >>>> series of enhancements, with a focus on ipv6-only scenarios, including >>>> nat64 / dns64 >>>> >>>> >>>> https://aws.amazon.com/about-aws/whats-new/2021/11/aws-nat64-dns64-communication-ipv6-ipv4-services/ >>>> >>>> AWS has lapped Google and Azure in advanced network features, which is >>>> really surprising given the early muscle Google developed at IPv6 launch >>>> and a stronger need to differentiate … >>>> >>> >>> AWS failed to do ULAs properly. 'ec2' could be a random global ID, but >>> unlikely when their service is "EC2". >>> >>> Matters more here because they're exposing that to all of their tenants. >>> I think GUAs would have been better for these internal all tenant services. >>> >>> I've never seen AWS participate here in 20 years, unlike G and M. >>> >>> >>> _______________________________________________ >>>> v6ops mailing list >>>> v6ops@ietf.org >>>> https://www.ietf.org/mailman/listinfo/v6ops >>>> >>> _______________________________________________ >>> v6ops mailing list >>> v6ops@ietf.org >>> https://www.ietf.org/mailman/listinfo/v6ops >>> >> _______________________________________________ > v6ops mailing list > v6ops@ietf.org > https://www.ietf.org/mailman/listinfo/v6ops >
- [v6ops] AWS ipv6-only features Ca By
- Re: [v6ops] AWS ipv6-only features Mark Smith
- Re: [v6ops] AWS ipv6-only features Clark Gaylord
- Re: [v6ops] AWS ipv6-only features Mark Smith
- Re: [v6ops] AWS ipv6-only features Clark Gaylord
- Re: [v6ops] AWS ipv6-only features Mark Smith
- Re: [v6ops] AWS ipv6-only features Brian E Carpenter
- Re: [v6ops] AWS ipv6-only features Clark Gaylord
- Re: [v6ops] AWS ipv6-only features Lorenzo Colitti
- Re: [v6ops] AWS ipv6-only features otroan
- Re: [v6ops] AWS ipv6-only features Mark Smith
- Re: [v6ops] AWS ipv6-only features Vasilenko Eduard
- Re: [v6ops] AWS ipv6-only features Vasilenko Eduard
- Re: [v6ops] AWS ipv6-only features otroan
- Re: [v6ops] AWS ipv6-only features Pascal Thubert (pthubert)
- Re: [v6ops] AWS ipv6-only features Gert Doering
- Re: [v6ops] AWS ipv6-only features Chengli (Cheng Li)
- Re: [v6ops] AWS ipv6-only features Chengli (Cheng Li)
- Re: [v6ops] AWS ipv6-only features Lorenzo Colitti
- Re: [v6ops] AWS ipv6-only features Gert Doering
- Re: [v6ops] AWS ipv6-only features Mark Smith
- Re: [v6ops] AWS ipv6-only features Gert Doering
- Re: [v6ops] AWS ipv6-only features Vasilenko Eduard
- Re: [v6ops] AWS ipv6-only features Vasilenko Eduard
- Re: [v6ops] AWS ipv6-only features - videoconfere… Alexandre Petrescu
- Re: [v6ops] AWS ipv6-only features Eric Vyncke (evyncke)
- Re: [v6ops] AWS ipv6-only features sthaug
- Re: [v6ops] ipv6-only features Alexandre Petrescu
- Re: [v6ops] ipv6-only features Nick Buraglio
- Re: [v6ops] ipv6-only features Vasilenko Eduard
- Re: [v6ops] AWS ipv6-only features Owen DeLong
- Re: [v6ops] AWS ipv6-only features Nick Buraglio
- Re: [v6ops] AWS ipv6-only features Owen DeLong
- Re: [v6ops] AWS ipv6-only features Brian E Carpenter
- Re: [v6ops] AWS ipv6-only features Brian E Carpenter
- Re: [v6ops] AWS ipv6-only features Nick Buraglio
- Re: [v6ops] AWS ipv6-only features Owen DeLong
- Re: [v6ops] AWS ipv6-only features Owen DeLong
- Re: [v6ops] AWS ipv6-only features Brian E Carpenter
- Re: [v6ops] AWS ipv6-only features Nick Buraglio
- Re: [v6ops] AWS ipv6-only features Vasilenko Eduard
- Re: [v6ops] AWS ipv6-only features Philip Homburg
- Re: [v6ops] AWS ipv6-only features David Farmer
- Re: [v6ops] AWS ipv6-only features Nick Buraglio
- Re: [v6ops] AWS ipv6-only features Nick Buraglio
- Re: [v6ops] AWS ipv6-only features Owen DeLong
- Re: [v6ops] AWS ipv6-only features Brian E Carpenter
- Re: [v6ops] AWS ipv6-only features Owen DeLong
- Re: [v6ops] AWS ipv6-only features Philip Homburg
- Re: [v6ops] AWS ipv6-only features Nick Buraglio
- Re: [v6ops] AWS ipv6-only features Nick Buraglio