new launch ipv6 in the cloud: protocol and aws service overview

© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

Andrew Dickinson, Principal Software Development Engineer

Alan Halachmi, Sr. Manager, Solutions Architecture

December 2016

NET204

IPv6 in the CloudProtocol and AWS Service Overview

Agenda

• State of the IPv6 Internet

• IPv6 Fundamentals

• IPv6 at AWS

State of the IPv6 Internet


As of November 2016…

• Global Adoption: 13%

• US Adoption: 30%

0%

2%

4%

6%

8%

10%

12%

14%

No

v-0

8

Feb

-09

Ma

y-0

9

Aug-0

9

No

v-0

9

Feb

-10

Ma

y-1

0

Aug-1

0

No

v-1

0

Feb

-11

Ma

y-1

1

Aug-1

1

No

v-1

1

Feb

-12

Ma

y-1

2

Aug-1

2

No

v-1

2

Feb

-13

Ma

y-1

3

Aug-1

3

No

v-1

3

Feb

-14

Ma

y-1

4

Aug-1

4

No

v-1

4

Feb

-15

Ma

y-1

5

Aug-1

5

No

v-1

5

Feb

-16

Ma

y-1

6

Aug-1

6

No

v-1

6


Hotspots of IPv6 users:

• Comcast: 47%

• AT&T: 58%

• T-mobile: 72%

• British Sky Broadcasting: 73%

• Verizon: 78%

Data Source: http://www.worldipv6launch.org/measurements/


• Operating Systems and Software

IPv6 Fundamentals

IPv6 Fundamentals

• Bigger Addresses (128 bits)

IPv6 Similarities with IPv4

CIDR notation

TCP/UDP/ICMP

Differences from IPv4

• Addresses are written differently

• No NAT

• And Lots of other stuff:

• Private addressing is… “different”

• No router fragmentation

• DHCPv4 and DHCPv6 are similar only in name

• “NDP” instead of “ARP”

• Many more dynamic address choices

• …

Difference: IPv6 Addresses

New Format:

2001:db8:a:1ae::2

“::” = lots of zeros

Difference: No NAT in IPv6

• IPv6 - End-to-End Philosophy

• Security should rely on firewalls, not hiding

• Everything should be globally reachable

Aside: Why do we NAT IPv4?

We ran out of addresses

Pros:

• it hides my internal stuff

Cons:

• Address overlap conflicts

• Split horizon DNS

• Application breakage/trickery

Different: No NAT in IPv6

Why not NAT IPv6?

• We have plenty of address space

• “hiding” isn’t security

• It is privacy, however

• It solves SO many problems:

• No address overlaps

• No split horizon DNS

• No Application trickery

Different: No NAT in IPv6

… but my hosts are just out there… on the Internet… I feel

naked!

Do you feel more naked than having an EIP on your host?

POP QUIZ

IPv6 – POP QUIZ

Can an IPv4-only host directly access an IPv6-only host?

IPv4 only

IPv4

Internet

IPv6

Internet

DNS

www.amazon.com

IPv4 only

IPv4

Internet

IPv6

Internet

DNS

www.amazon.com

A? www.amazon.com

IPv4 only

IPv4

Internet

IPv6

Internet

DNS

www.amazon.com

www.amazon.com

54.239.17.6

Dual Stack

Why not both?

Dual Stack

IPv4 AddressIPv6 Address

IPv4 AddressIPv6 Address

IPv4-only user / Dual-Stack website

IPv4

Internet

IPv6

Internet

DNS

www.netflix.com


IPv4

Internet

IPv6

Internet

DNS

www.netflix.com

A? www.netflix.com


IPv4

Internet

IPv6

Internet

DNS

www.netflix.com

www.netflix.com

107.22.243.234

Dual Stack

IPv4

Internet

IPv6

Internet

DNS

www.netflix.com

Dual Stack

IPv4

Internet

IPv6

Internet

DNS

www.netflix.com

A? www.netflix.com

AAAA? www.netflix.com

Dual Stack

IPv4

Internet

IPv6

Internet

DNS

www.netflix.com

www.netflix.com

107.22.243.234

2406:da00::3210:c6c3

Dual Stack

IPv4

Internet

IPv6

Internet

DNS

www.netflix.com

?

www.netflix.com

107.22.243.234

2406:da00::3210:c6c3

Dual Stack

RFC-6724 (replaces RFC-3484)

Key Take-Away: Dual-stack clients pick IPv4 or IPv6

Dual Stack

IPv4

Internet

IPv6

Internet

DNS

www.netflix.com

www.netflix.com

107.22.243.234

2406:da00::3210:c6c3

IPv6 at AWS

AWS IoT

Amazon S3

S3 Transfer Acceleration

Amazon CloudFront

AWS WAF

Amazon Route 53

Amazon Virtual Private Cloud (VPC)

Thank you!

Remember to complete

your evaluations!

Related Sessions

new launch ipv6 in the cloud: protocol and aws service overview

Technology