new launch ipv6 in the cloud: protocol and aws service overview
TRANSCRIPT
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Andrew Dickinson, Principal Software Development Engineer
Alan Halachmi, Sr. Manager, Solutions Architecture
December 2016
NET204
IPv6 in the CloudProtocol and AWS Service Overview
State of the IPv6 Internet
As of November 2016…
• Global Adoption: 13%
• US Adoption: 30%
0%
2%
4%
6%
8%
10%
12%
14%
No
v-0
8
Feb
-09
Ma
y-0
9
Aug-0
9
No
v-0
9
Feb
-10
Ma
y-1
0
Aug-1
0
No
v-1
0
Feb
-11
Ma
y-1
1
Aug-1
1
No
v-1
1
Feb
-12
Ma
y-1
2
Aug-1
2
No
v-1
2
Feb
-13
Ma
y-1
3
Aug-1
3
No
v-1
3
Feb
-14
Ma
y-1
4
Aug-1
4
No
v-1
4
Feb
-15
Ma
y-1
5
Aug-1
5
No
v-1
5
Feb
-16
Ma
y-1
6
Aug-1
6
No
v-1
6
State of the IPv6 Internet
Hotspots of IPv6 users:
• Comcast: 47%
• AT&T: 58%
• T-mobile: 72%
• British Sky Broadcasting: 73%
• Verizon: 78%
Data Source: http://www.worldipv6launch.org/measurements/
Differences from IPv4
• Addresses are written differently
• No NAT
• And Lots of other stuff:
• Private addressing is… “different”
• No router fragmentation
• DHCPv4 and DHCPv6 are similar only in name
• “NDP” instead of “ARP”
• Many more dynamic address choices
• …
Difference: No NAT in IPv6
• IPv6 - End-to-End Philosophy
• Security should rely on firewalls, not hiding
• Everything should be globally reachable
Aside: Why do we NAT IPv4?
We ran out of addresses
Pros:
• it hides my internal stuff
Cons:
• Address overlap conflicts
• Split horizon DNS
• Application breakage/trickery
Different: No NAT in IPv6
Why not NAT IPv6?
• We have plenty of address space
• “hiding” isn’t security
• It is privacy, however
• It solves SO many problems:
• No address overlaps
• No split horizon DNS
• No Application trickery
Different: No NAT in IPv6
… but my hosts are just out there… on the Internet… I feel
naked!
Do you feel more naked than having an EIP on your host?
IPv4-only user / Dual-Stack website
IPv4
Internet
IPv6
Internet
DNS
www.netflix.com
A? www.netflix.com
IPv4-only user / Dual-Stack website
IPv4
Internet
IPv6
Internet
DNS
www.netflix.com
www.netflix.com
107.22.243.234
IPv4-only user / Dual-Stack website
IPv4
Internet
IPv6
Internet
DNS
www.netflix.com
www.netflix.com
107.22.243.234
Dual Stack
IPv4
Internet
IPv6
Internet
DNS
www.netflix.com
www.netflix.com
107.22.243.234
2406:da00::3210:c6c3
Dual Stack
IPv4
Internet
IPv6
Internet
DNS
www.netflix.com
?
www.netflix.com
107.22.243.234
2406:da00::3210:c6c3
Dual Stack
IPv4
Internet
IPv6
Internet
DNS
www.netflix.com
www.netflix.com
107.22.243.234
2406:da00::3210:c6c3