nanog mailing list archives

Re: AWS Elastic IP architecture

From: Christopher Morrow <morrowc.lists () gmail com>
Date: Tue, 2 Jun 2015 00:52:45 -0400

On Tue, Jun 2, 2015 at 12:25 AM, Tony Hain <alh-ietf () tndh net> wrote:

-----Original Message-----
From: christopher.morrow () gmail com
[mailto:christopher.morrow () gmail com] On Behalf Of Christopher Morrow
Sent: Monday, June 01, 2015 5:10 PM
To: Tony Hain
Cc: Hugo Slabbert; Matt Palmer; nanog list
Subject: Re: AWS Elastic IP architecture

On Mon, Jun 1, 2015 at 7:20 PM, Tony Hain <alh-ietf () tndh net> wrote:

True, but it does represent a business decision to choose IPv6. The
relevant point here is that the "NEXT" facebook/twitter/snapchat/...
is likely being pushed by clueless investors into outsourcing their
infrastructure to AWS/Azure/Google-cloud.


;; ANSWER SECTION:
www.snapchat.com.       3433    IN      CNAME   ghs.google.com.
ghs.google.com.         21599   IN      CNAME   ghs.l.google.com.
ghs.l.google.com.       299     IN      A       64.233.176.121

snapchat seems to be doing just fine on 'google cloud services' though? oh:

;; ANSWER SECTION:
www.snapchat.com.       3388    IN      CNAME   ghs.google.com.
ghs.google.com.         21599   IN      CNAME   ghs.l.google.com.
ghs.l.google.com.       299     IN      AAAA    2607:f8b0:4002:c06::79

ha!


Try https://snapchat.com and see if you ever get an IPv6 connection... Yes an



;; QUESTION SECTION:
;snapchat.com.                  IN      AAAA


there is no AAAA for the bare domain... and the bare domain appears to
be served from amazon space (54.192.48.27)

~$ openssl s_client -connect snapchat.com:443
CONNECTED(00000003)
139892295607968:error:14077410:SSL
routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake
failure:s23_clnt.c:770:

aside from that .... no https listener. Your wang shots are not worth
encrypting I suppose?

application aware proxy can hack some services into appearing to work,
but they really fail the service customer because a site may appear to
be up over IPv6 until the user switches to https, then having to
switch to IPv4 end up appearing dead because IPv4 routing is having a
bad hair day.

Current thread:

Re: AWS Elastic IP architecture, (continued)
- - - Re: AWS Elastic IP architecture Matthew Kaufman (Jun 01)
    - Re: AWS Elastic IP architecture Ca By (Jun 01)
    - Re: AWS Elastic IP architecture Todd Underwood (Jun 01)
    - Re: AWS Elastic IP architecture Luan Nguyen (Jun 01)
    - Re: AWS Elastic IP architecture Matt Palmer (Jun 01)
    - Re: AWS Elastic IP architecture Hugo Slabbert (Jun 01)
    - RE: AWS Elastic IP architecture Tony Hain (Jun 01)
    - Re: RE: AWS Elastic IP architecture Hugo Slabbert (Jun 01)
    - Re: AWS Elastic IP architecture Christopher Morrow (Jun 01)
    - RE: AWS Elastic IP architecture Tony Hain (Jun 01)
    - Re: AWS Elastic IP architecture Christopher Morrow (Jun 01)
    - Re: AWS Elastic IP architecture Valdis . Kletnieks (Jun 03)
    - Re: AWS Elastic IP architecture Ca By (Jun 01)
    - Re: AWS Elastic IP architecture Christopher Morrow (Jun 01)
    - Re: AWS Elastic IP architecture Matthew Kaufman (Jun 01)
    - Re: AWS Elastic IP architecture Lee Howard (Jun 01)
    - Re: AWS Elastic IP architecture Matt Palmer (Jun 01)
    - Re: AWS Elastic IP architecture Owen DeLong (Jun 02)