I know at least one company that, after complaining bitterly over the weekend, freed up more than 50% of their IPv4 addresses today after a quick audit and change.
Seeing something like that makes me think that AWS is completely justified in bumping the price on IPv4 addresses. People used IPv4 indiscriminately and didn't care because AWS ensured that their customers would always have enough addresses available.
Not exactly. Most of the AWS services you can't release the IPv4 addresses. You automagically get 3 IPv4 addresses assigned to you when you create a load-balancer, even if you want that load-balancer to be IPv6 only.
And their native support for IPv6 within their services are hit-and-miss at best.
I have started working for a startup recently. My main responsibility is to develop networking features for our cloud on bare metal. We started ipv6 by default but soon we discovered that the biggest issue is "not" the setup side. Ipv6 setup is actually quite straightforward, if you're starting from scratch. The biggest problem of ipv6 is that the ecosystem is not ready for it, at all. You cannot even use github without a proxy!
Hence, we had to start implementing ipv4 support immediately, because VMs for developers that only has ipv6 is almost useless.
Github is one of the most idiotic IPv4 exclusive services. Microsoft and Azure has all the knowledge and equipment to make IPv6 available to practically any site, but Github seems afraid to ask. They had IPv6 for a short while and turned it off later.
Luckily that does not seem to be an issue here. You only have to pay for a public IPv4 address, you still have a full IPv4 stack and are able to make outbound connections via NAT.
I recently tried to deploy GitLab from scratch on an IPv6-only network, and the initial experience was anything but smooth. I was met with an exception right in the console during the initial setup. GitLab attempted to obtain a Let's Encrypt certificate and immediately failed, as it doesn't listen to IPv6 addresses by default. A year ago, we (at work) faced similar issues when trying to deploy GlusterFS on an IPv6-only network, and it also failed. (I pushed for V6 only, my manager was not happy) It's evident that while IPv6 may be the future, the present ecosystem doesn't seem fully prepared to support it.
For years, I have wanted to use Docker with IPv6 only, and I am really thinking about learning Go so I can write my own IPv6-only driver.
Yeah, it's a real shit show when you get down to actually trying to utilize IPv6 in any scenario that needs legacy IPv4 access in a straight-forward way.
I'm somewhat happy in that I've moved away from being way down at the low-level ISP/network side of things, so I may be missing something, but I don't see how we are ever going to elegantly transition away from IPv4 addresses. Everything just seems hacky and fragile in terms of trying to run a "pure" IPv6 environment, and be connected to the rest of the Internet.
Back when I had Comcast (and thus native IPv6 at home), this was a great way to expose a web server at home without resorting to either weird port forwarding or setting up a proxy + SNI. Both of those work, but this is super clean.
Are there any plans for SSH tunneling without using cloudflared at the client side?
Also: supporting both a SSH and an HTTP tunnel on the same A record would be nice
I'm using Zero Trust Tunnel for some web apps I host in my home, but I'm trying to think if the older service (IPv4 to IPv6) you describe would be useful for anything, like ssh'ing into my home from an external VPS.
Would the earlier product be used for something like a router, which can't run the Tunnel service?
Does this end up being similar to say an haproxy doing domain based load balancing to an ipv6 endpoint(s)? I assume you have loads of customers on any single ipv4 IP ingress right?
It's unnecessary indeed to not use Ipv6 addresses, 2^128 addresses and the many many features it offers like unicast etc. Ipv6 makes a server as a middlemen for some applications (Ipv4 only) completely obsolete.
But a big problem is that there is still no Ipv6 auto configuration at all on a lot of devices (e.g. no default gateway or no global address configured). Especially android devices and from experience also on Windows. Linux depends on the distro. Changing routing settings on android devices from Ipv4 to Ipv6 does often not work or is not offered by the ISP strangely.
And there are other problems like routers having enabled incoming and outgoing Ipv6 connections by default, which is good, but having router advertisements blocked by default, which is bad. Since there is no way for the OS to get the prefix to construct global addresses automatically. Most users today have little to no knowledge about networking and computers in general. So auto configuration is a must.
That leads to Ipv6 only servers being not reachable and thus the buying of Ipv4 addresses makes a lot of sense at this point.
Building IPv6 autoconf into the protocol was a mistake. DHCPv6 is better.
The problem is that when you autoconf on a local network you usually want more than just a route and basic DNS. Trying to do it in the IP protocol is a bad idea since the IP protocol is intended to almost never change. It belongs in a protocol that's less tightly bound to the IP stack that can be more easily extended like DHCP.
DHCP can also integrate with things like local DNS, while this is much harder to do with IPv6 RA and SLAAC.
SLACC is something that sounded good on paper but doesn't adequately capture the entire problem domain.
IPv6 in general needs to just deprecate all the parts of the protocol that are anything but just making IP addresses larger. Everything else is "second system effect" cruft that tends to impede adoption by adding complexity or adding features in the wrong place in the stack.
As long as ISPs are unwilling to actually work on the problem on letting their customers use ipv6, applications/services will continue to be uninterested in exposing ipv6 for usage.
IPv4 addresses have always had a cost (sort of, though they've gone from pennies per IP to $60+ per). I get the feeling Amazon was happy to eat the cost to reduce friction in deploying EC2 instances but now they've hit maximum saturation and now they can just add another charge to the pile that 99.99% of users will never notice.
> I get the feeling Amazon was happy to eat the cost to reduce friction in deploying EC2 instances [...] and now they can just add another charge to the pile that 99.99% of users will never notice.
This always leaves me puzzled about the concept of "free markets." How can smaller entities compete when these massive conglomerates can perpetually introduce loss leaders or subsidize pricing in new sectors using profits from their existing businesses? This strategy effectively shields them and reduces competition.
My initial thought is that it should be illegal for companies to invest in sectors unrelated to where they generated their profits. However, I recognize this could lead to numerous unintended consequences.
I run quite a few small production aws accounts for clients and this is a big increase to their bill. If you use a lot of t4g.nano instances, the IPs are more than the machines. I think the large customers that are 99% of the revenue won't care, but the bottom 50% of customers will notice.
At AWS or in general? To my knowledge, existing assignments aren't incurring any annual fees (or if so, not more than IPv6).
There's just a secondary market for v4 these days, but that's also a one-time cost, as far as I know.
In other words, either AWS is charging a recurring fee for an asset they purchase at a one-time flat fee (which is great if you use a service for less than the year or so it takes to amortize, and not so much afterwards), or I missed a development in the IPv4 exhaustion saga.
It's pretty galling for AWS to ask their customers "to be a bit more frugal with your use of public IPv4 addresses and to think about accelerating your adoption of IPv6 as a modernization" when they themselves have been dragging their feet in IPv6 adoption, and in many cases are still blocking or at least making it unnecessarily difficult to use IPv6.
Well, ask yourself: if you're Amazon and you have the choice to spend money getting ipv6 working properly, or you can make money selling v4 addresses without any risk of customers jumping ship, what would you do?
A significant number of AWS Customers are "internal", and—believe it or not—the cost of resources does come up in design meetings at Amazon. This change might actually light a fire those teams to actually start supporting IPv6 properly.
Amazon really needs to put a ton of work into making v6 work for everyone on the server side or this is a very big price increase on the low end.
If they had a compelling case to do the devops work and then everythings fine, I wouldn't mind this at all. The reality is a ton of stuff is ipv4 only (cloudfront origins, albs require ipv4, etc etc).
They realistically need free NAT or free 6to4 as a transition plan.
This has been driving me crazy for years now. AWS still doesn’t have complete IPv6 support, in 2023. They are front and center to IPv4 exhaustion yet seem unconcerned.
Even Amazon can't make every single ISP in the world provide IPv6 connectivity, which would be required to actually deprecate IPv4 on the server side (or at least at the load balancer or other type of HTTP reverse proxy).
The last time I tried to set up IPv6 with my VPC, it was an absolute nightmare. Maybe I'm not devops-y enough, who knows. But all three of my earnest efforts to use IPv6 have gone pretty badly.
Has anyone successfully used AWS's IPv6 offerings to stand up a VPC/ECS/ALB/RDS using secure best practices without friction? What tutorials did you follow? I'm all ears.
With all that investment in addresses I'm surprised AWS is still the first cloud provider to charge for them. (As far as I know.) It will be interesting to see if other cloud providers will follow, and if the cloud providers compete over the price or just match AWS. It kind of feels like AWS charging for V4s will "give permission" to other providers to charge.
I'm also curious if the price will come down over time as addresses are yielded back. I guess it depends on if their goal is to recoup all the money they spent on addresses, or just to avoid running out.
Good. Should honestly charge more. The slow adoption of IPv6 is an embarrassment for everybody in tech. Tech talks of inclusivity yet looking behind the curtains that is not always the case.
Developing countries often do not have the money to buy/lease IPv4 public addresses so therefore they force their subscribers to IPv6. With most of the internet still on ipv4, this makes them inaccessible (ie, github) unless you are technically inclined.
Is any ISP actually providing users with no v4 access? I've never heard of this. It's always that they provide v6 and then some kind of CGNAT or bridging service so that v4 still works.
I looked up the cost of buying my own /24 block (which would be 256 addresses). From the auction houses I looked at, it appears that floats around $9,000-$10,000.
What the...
Good thing YouTubers aren't selling IP Addresses as investments. Yet.
The day they started forcing users to use VPCs on new EC2 instances it was pretty clear to me they’d really screwed up.
That was the point when they should have gone pure v6 for everyone except enterprise customers. And if you wanted to expose services over v4, they should have made you pay for a load balancer. That would have made it pretty easy to pass through the real cost, and would have gotten devs used to using v6 for management and internal connectivity.
I saw a comment saying ISPs should drop v4. I consult for one and they absolutely cannot. Too many customers still rely on stuff that doesn’t support v6. It’s become a major headache. Not only are they expensive, but you also have to be careful not to buy blocks that are on legacy blacklists.
IPv6 is still an afterthought for nearly every level of networked software development, and that will probably never change as long as IPv4 is a viable alternative. V6 is just... Annoying, compared to V4. Without a concerted industry wide effort to abandon V4, V6 won't take its place.
If this is what IPv4s cost, are small VPSes now uneconomical? For example, the current listed pricing for the smallest Lightsail instance, which includes an IPv4, is $42/year. [1]
I wish we would get an "IPv6 as it was meant to be" - v4 just with more octets. That's it. That's all we wanted. That's all we needed. If that was the IPv6 spec, we'd have already been using it for the past decade. We'd have avoided the #1 problem of v4, address scarcity, while retaining its superior user experience, and articles about expensive v4's wouldn't exist.
IPv6 is a travesty because its creators failed to consider the users. Nobody wants to deal with it. And that's why its adoption will eternally be "just around the corner!"
What exactly are the problems that you think would have been avoided? As far as I can tell, the stumbling block to v6 adoption is just the fact that v6-only and v4-only hosts can't communicate without help, and you would have that problem in any form of "v4 with more octets".
Sure, v6 made a few other changes, but why do you think those are the problem?
From what I can tell from the announcement the change will apply to a NAT gateway, so the cost of that will rise from 0.045 to 0.05, the same as having 10 IP addresses.
If they are really seeing high costs associated with IPs then I would like to see them reduce the price of the NAT gateway to the same as having 3 or 4 IP addresses or less, ideally free then they would probably see a lot bigger uptake.
Yeah, Jeff Bezos needs to squeeze few more dollars out for another rocket to space.
The question is whether IPv6 is really the way to go. Not speaking technically of course. End consumer does not really care about it and if you want to create (and sell) a product, you just cannot say "it will not work, get a better internet". So right now it means I have to work with IPv4 anyway and then it is a question of why even bother with dual-stack at all?
That means there is essentially no push from the masses and therefore no real reason for ISPs to even bother with pricing it and including into their processes.
IPv6 just failed to crack the chicken-and-egg problem. It did not offer anything substantial (or good enough) to the end user. Most of them will never care about not being able to get SIP calls working peer-to-peer as they will use WhatsApp or something like that (that works right now already).
[+] [-] mrweasel|2 years ago|reply
Seeing something like that makes me think that AWS is completely justified in bumping the price on IPv4 addresses. People used IPv4 indiscriminately and didn't care because AWS ensured that their customers would always have enough addresses available.
[+] [-] CyanLite2|2 years ago|reply
And their native support for IPv6 within their services are hit-and-miss at best.
[+] [-] furkansahin|2 years ago|reply
[+] [-] jeroenhd|2 years ago|reply
https://github.com/orgs/community/discussions/10539 is full of people voicing their grievances but I don't think Github is paying this issue any attention anymore.
Luckily almost all providers or IPv6-only networks also offer NAT64 or similar NAT mechanisms to make IPv4 addresses reachable.
[+] [-] GolDDranks|2 years ago|reply
[+] [-] crote|2 years ago|reply
Luckily that does not seem to be an issue here. You only have to pay for a public IPv4 address, you still have a full IPv4 stack and are able to make outbound connections via NAT.
[+] [-] Habgdnv|2 years ago|reply
[+] [-] brk|2 years ago|reply
I'm somewhat happy in that I've moved away from being way down at the low-level ISP/network side of things, so I may be missing something, but I don't see how we are ever going to elegantly transition away from IPv4 addresses. Everything just seems hacky and fragile in terms of trying to run a "pure" IPv6 environment, and be connected to the rest of the Internet.
[+] [-] hinata08|2 years ago|reply
Some of the ecosystem must be ready for it, and ipv6 support can be just another requirement to choose among solutions.
Also, you can have a reverse proxy and a cloud behind NAT64 to run servers on ipv4, but access them with ipv6.
[+] [-] throw0101b|2 years ago|reply
[+] [-] arianvanp|2 years ago|reply
[+] [-] eastdakota|2 years ago|reply
If you need more than web traffic, you can use our Tunnel service.
[+] [-] ejdyksen|2 years ago|reply
(Now I only have IPv4, so I just use Tunnel).
[+] [-] auguzanellato|2 years ago|reply
[+] [-] venusenvy47|2 years ago|reply
Would the earlier product be used for something like a router, which can't run the Tunnel service?
[+] [-] indigodaddy|2 years ago|reply
[+] [-] multicast|2 years ago|reply
But a big problem is that there is still no Ipv6 auto configuration at all on a lot of devices (e.g. no default gateway or no global address configured). Especially android devices and from experience also on Windows. Linux depends on the distro. Changing routing settings on android devices from Ipv4 to Ipv6 does often not work or is not offered by the ISP strangely.
And there are other problems like routers having enabled incoming and outgoing Ipv6 connections by default, which is good, but having router advertisements blocked by default, which is bad. Since there is no way for the OS to get the prefix to construct global addresses automatically. Most users today have little to no knowledge about networking and computers in general. So auto configuration is a must.
That leads to Ipv6 only servers being not reachable and thus the buying of Ipv4 addresses makes a lot of sense at this point.
[+] [-] api|2 years ago|reply
The problem is that when you autoconf on a local network you usually want more than just a route and basic DNS. Trying to do it in the IP protocol is a bad idea since the IP protocol is intended to almost never change. It belongs in a protocol that's less tightly bound to the IP stack that can be more easily extended like DHCP.
DHCP can also integrate with things like local DNS, while this is much harder to do with IPv6 RA and SLAAC.
SLACC is something that sounded good on paper but doesn't adequately capture the entire problem domain.
IPv6 in general needs to just deprecate all the parts of the protocol that are anything but just making IP addresses larger. Everything else is "second system effect" cruft that tends to impede adoption by adding complexity or adding features in the wrong place in the stack.
[+] [-] capableweb|2 years ago|reply
Some countries are doing better than others (https://www.google.com/intl/en/ipv6/statistics.html#tab=per-...), but still, ISPs are really dragging their feet...
[+] [-] callalex|2 years ago|reply
Not really, proxying also provides user privacy, and enables DDoS protection (this is especially an issue in the video game world).
[+] [-] shiftpgdn|2 years ago|reply
[+] [-] capableweb|2 years ago|reply
This always leaves me puzzled about the concept of "free markets." How can smaller entities compete when these massive conglomerates can perpetually introduce loss leaders or subsidize pricing in new sectors using profits from their existing businesses? This strategy effectively shields them and reduces competition.
My initial thought is that it should be illegal for companies to invest in sectors unrelated to where they generated their profits. However, I recognize this could lead to numerous unintended consequences.
So, what could be an alternative solution?
[+] [-] jwlake|2 years ago|reply
[+] [-] lxgr|2 years ago|reply
There's just a secondary market for v4 these days, but that's also a one-time cost, as far as I know.
In other words, either AWS is charging a recurring fee for an asset they purchase at a one-time flat fee (which is great if you use a service for less than the year or so it takes to amortize, and not so much afterwards), or I missed a development in the IPv4 exhaustion saga.
[+] [-] zokier|2 years ago|reply
[+] [-] BaseballPhysics|2 years ago|reply
[+] [-] messe|2 years ago|reply
[+] [-] jwlake|2 years ago|reply
If they had a compelling case to do the devops work and then everythings fine, I wouldn't mind this at all. The reality is a ton of stuff is ipv4 only (cloudfront origins, albs require ipv4, etc etc).
They realistically need free NAT or free 6to4 as a transition plan.
[+] [-] jandrese|2 years ago|reply
[+] [-] lxgr|2 years ago|reply
[+] [-] gemstones|2 years ago|reply
Has anyone successfully used AWS's IPv6 offerings to stand up a VPC/ECS/ALB/RDS using secure best practices without friction? What tutorials did you follow? I'm all ears.
[+] [-] coredog64|2 years ago|reply
For RDS, you have to set up your instance as dual stack explicitly even if you’re deploying it into an IPv6 subnet.
[+] [-] j16sdiz|2 years ago|reply
Guess they will improve soon as amazon start charging
[+] [-] jmclnx|2 years ago|reply
For example, when I do an ifconfig, I get 3 ip6 addresses but 1 ip4 address.
'?' indicates a unique value, 'x' means values match between the IP addresses. That alone indicates the complexity of ip6 on setting up the server.
inet6 ????::????:????:????:???? prefixlen 64 scopeid 0x20<link>
inet6 xxxx:xxx:xxxx:xxxx::???? prefixlen 128 scopeid 0x0<global>
inet6 xxxx:xxx:xxxx:xxxx:????:????:????:???? prefixlen 64 scopeid 0x0<global>
[+] [-] sairamkunala|2 years ago|reply
https://gist.github.com/atoonk/b749305012ae5b86bacba9b01160d...
AWS adds an extra 5.5M IPv4 addresses(https://github.com/seligman/aws-ip-ranges) - https://news.ycombinator.com/item?id=28177807
[+] [-] whiatp|2 years ago|reply
I'm also curious if the price will come down over time as addresses are yielded back. I guess it depends on if their goal is to recoup all the money they spent on addresses, or just to avoid running out.
[+] [-] xyst|2 years ago|reply
Developing countries often do not have the money to buy/lease IPv4 public addresses so therefore they force their subscribers to IPv6. With most of the internet still on ipv4, this makes them inaccessible (ie, github) unless you are technically inclined.
[+] [-] Gigachad|2 years ago|reply
[+] [-] throw0101b|2 years ago|reply
* Discussion 2 days ago: https://news.ycombinator.com/item?id=36910855
[+] [-] gjsman-1000|2 years ago|reply
What the...
Good thing YouTubers aren't selling IP Addresses as investments. Yet.
[+] [-] nrdgrrrl|2 years ago|reply
[deleted]
[+] [-] aranchelk|2 years ago|reply
That was the point when they should have gone pure v6 for everyone except enterprise customers. And if you wanted to expose services over v4, they should have made you pay for a load balancer. That would have made it pretty easy to pass through the real cost, and would have gotten devs used to using v6 for management and internal connectivity.
I saw a comment saying ISPs should drop v4. I consult for one and they absolutely cannot. Too many customers still rely on stuff that doesn’t support v6. It’s become a major headache. Not only are they expensive, but you also have to be careful not to buy blocks that are on legacy blacklists.
[+] [-] redox99|2 years ago|reply
For t4g.nano it's a 119% increase (from $3.04/month to $6.62/month)
[+] [-] throwawaaarrgh|2 years ago|reply
[+] [-] jefftk|2 years ago|reply
If this is what IPv4s cost, are small VPSes now uneconomical? For example, the current listed pricing for the smallest Lightsail instance, which includes an IPv4, is $42/year. [1]
[1] https://aws.amazon.com/lightsail/pricing/
[+] [-] WirelessGigabit|2 years ago|reply
But it also requires tools to make sure they properly prefer IPv6 over IPv4, otherwise you're paying extra because your customers run bad software.
For example WireGuard on iOS. To this day it prefers an A record over AAAA when resolving a domain. That costs money. And breaks on 464xlat.
[+] [-] VoodooJuJu|2 years ago|reply
IPv6 is a travesty because its creators failed to consider the users. Nobody wants to deal with it. And that's why its adoption will eternally be "just around the corner!"
[+] [-] wiml|2 years ago|reply
Sure, v6 made a few other changes, but why do you think those are the problem?
[+] [-] theginger|2 years ago|reply
[+] [-] _V_|2 years ago|reply
The question is whether IPv6 is really the way to go. Not speaking technically of course. End consumer does not really care about it and if you want to create (and sell) a product, you just cannot say "it will not work, get a better internet". So right now it means I have to work with IPv4 anyway and then it is a question of why even bother with dual-stack at all?
That means there is essentially no push from the masses and therefore no real reason for ISPs to even bother with pricing it and including into their processes.
IPv6 just failed to crack the chicken-and-egg problem. It did not offer anything substantial (or good enough) to the end user. Most of them will never care about not being able to get SIP calls working peer-to-peer as they will use WhatsApp or something like that (that works right now already).