Re: AWS and IPv6

2021-12-14 Thread Tom Hill
On 29/11/2021 02:23, William Herrin wrote: > This technique does in fact work for IPv6, allowing you to insert a > firewall at the edge. Interestingly though, it won't receive IPv6 > packets for an address that isn't attached to a running instance in > the interior subnet. That sounds remarkably

Re: AWS and IPv6

2021-11-28 Thread William Herrin
On Sun, Nov 28, 2021 at 4:13 PM William Herrin wrote: > Yeah, they don't even have a practical way to implement a firewall > instance for IPv6. Unless you want to mirror 1:many NAT for IPv6 like > you do IPv4. You just can't route an IPv6 block to an instance. And > with 1:many NAT you wouldn't

Re: AWS and IPv6

2021-11-28 Thread William Herrin
On Sun, Nov 28, 2021 at 3:52 PM Matt Palmer wrote: > Which is, fundamentally, half the problem with IPv6 in AWS. I'd have much > preferred that they'd added the ability to do actually-useful IPv6 routing > rather than IPv6-only subnets, which strikes me as more of a toy than > something

Re: AWS and IPv6

2021-11-28 Thread Michael Thomas
On 11/28/21 3:50 PM, Matt Palmer wrote: On Sun, Nov 28, 2021 at 02:10:40PM -0800, William Herrin wrote: On Sun, Nov 28, 2021 at 1:18 PM Karl Auer wrote: On Sun, 2021-11-28 at 12:53 -0800, Michael Thomas wrote: I was reading their howto yesterday and it seems they are only allocating a /64?

Re: AWS and IPv6

2021-11-28 Thread Matt Palmer
On Sun, Nov 28, 2021 at 02:10:40PM -0800, William Herrin wrote: > On Sun, Nov 28, 2021 at 1:18 PM Karl Auer wrote: > > On Sun, 2021-11-28 at 12:53 -0800, Michael Thomas wrote: > > > I was reading their howto yesterday and it seems they are only > > > allocating a /64? Why? > > > > That's a /64

Re: AWS and IPv6

2021-11-28 Thread Oliver O'Boyle
On Sun., Nov. 28, 2021, 17:13 William Herrin, wrote: > On Sun, Nov 28, 2021 at 1:18 PM Karl Auer wrote: > > On Sun, 2021-11-28 at 12:53 -0800, Michael Thomas wrote: > > > I was reading their howto yesterday and it seems they are only > > > allocating a /64? Why? > > > > That's a /64 *per

Re: AWS and IPv6

2021-11-28 Thread William Herrin
On Sun, Nov 28, 2021 at 1:18 PM Karl Auer wrote: > On Sun, 2021-11-28 at 12:53 -0800, Michael Thomas wrote: > > I was reading their howto yesterday and it seems they are only > > allocating a /64? Why? > > That's a /64 *per subnet*... > > But the size of a VPC's IPv6 CIDR block does seem to be

Re: AWS and IPv6

2021-11-28 Thread Michael Thomas
On 11/28/21 1:17 PM, Karl Auer wrote: On Sun, 2021-11-28 at 12:53 -0800, Michael Thomas wrote: I was reading their howto yesterday and it seems they are only allocating a /64? Why? That's a /64 *per subnet*... But the size of a VPC's IPv6 CIDR block does seem to be fixed at /56. Would have

Re: AWS and IPv6

2021-11-28 Thread Dave Bell
It's a /56 per VPC, and a /64 per subnet. Seems reasonable to me. https://docs.aws.amazon.com/vpc/latest/userguide/get-started-ipv6.html Dave On Sun, 28 Nov 2021 at 20:54, Michael Thomas wrote: > > On 11/27/21 2:44 PM, Fletcher Kittredge wrote: > > > The Register

Re: AWS and IPv6

2021-11-28 Thread Karl Auer
On Sun, 2021-11-28 at 12:53 -0800, Michael Thomas wrote: > I was reading their howto yesterday and it seems they are only > allocating a /64? Why? That's a /64 *per subnet*... But the size of a VPC's IPv6 CIDR block does seem to be fixed at /56. Would have been nice to see /48 instead.

Re: AWS and IPv6

2021-11-28 Thread Michael Thomas
On 11/27/21 2:44 PM, Fletcher Kittredge wrote: The Register says: AWS claims 'monumental step forward' with optional IPv6-only networks I was reading their howto yesterday and it