AWS To Start Charging For Public IPv4 Addresses (theregister.com) 140
Long-time Slashdot reader nairnr shares a report from The Register: Cloud giant AWS will start charging customers for public IPv4 addresses from next year, claiming it is forced to do this because of the increasing scarcity of these and to encourage the use of IPv6 instead. It is now four years since we officially ran out of IPv4 ranges to allocate, and since then, those wanting a new public IPv4 address have had to rely on address ranges being recovered, either from from organizations that close down or those that return addresses they no longer require as they migrate to IPv6.
If Amazon's cloud division is to be believed, the difficulty in obtaining public IPv4 addresses has seen the cost of acquiring a single address rise by more than 300 percent over the past five years, and as we all know, the business is a little short of cash at the moment, so is having to pass these costs on to users. "This change reflects our own costs and is also intended to encourage you to be a bit more frugal with your use of public IPv4 addresses and to think about accelerating your adoption of IPv6 as a modernization and conservation measure,' writes AWS Chief Evangelist Jeff Barr, on the company news blog.
The update will come into effect on February 1, 2024, when AWS customers will see a charge of $0.005 (half a cent) per IP address per hour for all public IPv4 addresses. These charges will apparently apply whether the address is attached to a service or not, and like many AWS charges, appear inconsequential at first glance but can mount up over time if a customer is using many of them. These charges will apply to all AWS services including EC2, Relational Database Service (RDS) database instances, Elastic Kubernetes Service (EKS) nodes, and will apply across all AWS regions, the company said. However, customers will not be charged for IP addresses that they own and bring to AWS using Amazon's BYOIP feature. AWS offers a free tier for EC2, and this will include 750 hours of public IPv4 address usage per month for the first 12 months, starting from the same date the charges do.
If Amazon's cloud division is to be believed, the difficulty in obtaining public IPv4 addresses has seen the cost of acquiring a single address rise by more than 300 percent over the past five years, and as we all know, the business is a little short of cash at the moment, so is having to pass these costs on to users. "This change reflects our own costs and is also intended to encourage you to be a bit more frugal with your use of public IPv4 addresses and to think about accelerating your adoption of IPv6 as a modernization and conservation measure,' writes AWS Chief Evangelist Jeff Barr, on the company news blog.
The update will come into effect on February 1, 2024, when AWS customers will see a charge of $0.005 (half a cent) per IP address per hour for all public IPv4 addresses. These charges will apparently apply whether the address is attached to a service or not, and like many AWS charges, appear inconsequential at first glance but can mount up over time if a customer is using many of them. These charges will apply to all AWS services including EC2, Relational Database Service (RDS) database instances, Elastic Kubernetes Service (EKS) nodes, and will apply across all AWS regions, the company said. However, customers will not be charged for IP addresses that they own and bring to AWS using Amazon's BYOIP feature. AWS offers a free tier for EC2, and this will include 750 hours of public IPv4 address usage per month for the first 12 months, starting from the same date the charges do.
Lazy ISPs (Score:3, Insightful)
Re:Lazy ISPs (Score:5, Informative)
Re: (Score:2)
This is not the case you are looking for.
If you have "thousands of servers" you are not on AWS by "accident". If you have thousands of servers with public IPv4 there are other options.
There are also a lot between "a simple static page" and thousands of servers. For scale, thousands of servers are approx 0.1% of AWS (in terms of physical servers). Or 2%+ of a single AWS DC. There aren't many operations at that scale that don't have a department for looking into these very specific OPEX/CAPEX issues every oth
Re: (Score:2)
Even if you have a relatively straightforward web site, on a single server, backed by a relational database, with some Mongo or REDIS and perhaps an email server, it's still quite a chore to move to a different host.
Re: Lazy ISPs (Score:2)
Is it though? Install DB, Redis, web server to new machine. Shutdown old machine. Tarball relevant paths in /var and transfer them. Bring up new machine services. Flip DNS.
Depending on the data size this should take less than an hour of work and far less downtime.
Re: (Score:2)
You are assuming a hosted VM with everything in one place. Today's best practice is to use managed services for better security and infrastructure management. With managed services, you have to set up and configure each service, connect them all to each other, enable the appropriate security restrictions, and configure the routing between them.
Re: Lazy ISPs (Score:2)
GP said on a single server. Managed services should be even easier.
Unless you're talking about vendor lock-in. If you lock yourself to a single vendor that's what you get. Do better. Learn from your mistakes.
Re: (Score:2)
Managed services are by definition locked in, there is no such thing as managed services without it.
Re: Lazy ISPs (Score:2)
That's simply not true. Lots of server software can be purchased as a service through dedicated vendors. For example Redis, MariaDB, and Mongo.
Look, if you're going to make the decision to lock yourself in, you only have yourself to blame. Do better.
Re: (Score:2)
That's all fine. So you've purchased Redis under a SaaS license. Now, you want your web app to actually access that Redis resource. The way you tell your application WHERE to locate that Redis resource, is different from one cloud provider to another. And the way you enable security to allow your web app to actually access that cache, also differs from one platform to another.
Finally, provisioning those services is non-trivial. There are a hundred configuration parameters that must be individually specified
Re: Lazy ISPs (Score:2)
What?
When I connect to GitHub from AWS, it's the same as connecting to GitHub from Azure.
What are you talking about?
Re: (Score:2)
Yes, but in both cases the service provider is the same, GitHub.
A better analogy is GitHub vs. Bitbucket. Sure, you can use the same client for each. But if you want to set up permissions, or teams, or branch merge restrictions, or other types of web hooks, or if you want to add automation to the repository, you would have to implement all those things differently for GitHub vs. BitBucket. Your work on one, does not carry over to the other.
Re: Lazy ISPs (Score:2)
Right. So you locked yourself to a single vendor for no reason. Don't do that. You don't have to use Amazon ElastiCache or Amazon RDS just because you use AWS. Use a managed provider that isn't trying to lock you in to an ecosystem.
Re: (Score:2)
And what provider would that be, exactly? They ALL want to lock you in.
Re: Lazy ISPs (Score:2)
Aiven is an example that provides Redis and MariaDB as a service. I'm sure it would be trivial to find something similar for Mongo.
Re: (Score:2)
And if you configure security to allow your hosted app to access Redis or MariaDB, or configure scaling, or database size, or whatever, can I just push my configuration to another cloud provider when I want to move away from Alven? No, of course not, I'd have to reconfigure everything on the new cloud provider.
Re: (Score:2)
You just change a connection string. It's not rocket science.
Re: (Score:2)
Before you can use a "new" connection string, you have to actually make your new connection string exist. This involves configuring certain critical security parameters:
- Which users will be allowed to use the new connection string? (And you have to separately configure those users.)
- What specific permissions will each user have?
- Which hosts will be whitelisted?
- Which applications will be whitelisted?
And then there are more mundane parameters to set up, that will affect the cost you pay for your service:
Re: Lazy ISPs (Score:2)
Learn how to do your job and stop making excuses.
Re: (Score:2)
Managed services.
With the major cloud providers, with managed services, you get built-in DR, including hosting in three different data centers, of which one is in a different geographic region from the others. You get real-time database backup and point-in-time restores. You get long-term backup storage, redundant internet and power supplies.
Of course, these all contribute to the difficulty of moving to another cloud provider, once you make the decision to do so.
Re: (Score:2)
This is not the case you are looking for.
If you have "thousands of servers" you are not on AWS by "accident". If you have thousands of servers with public IPv4 there are other options.
/quote>
Obviously NAT and DNAT are the answer. /8 address blocks.
Theres nothing you can't do with DNAT.
The whole Internets could probably get away with just one or two
This whole argument is rediculous.
Re: (Score:2)
Re:Lazy ISPs (Score:4, Informative)
The challenge isn't that it's hard, the challenge is that companies with IPv6-only services cannot be reached by IPv4-only customers. They would have to pay a reverse proxy service to be a front end for them.
Re: (Score:2)
Or they can run their own reverse proxy. Only your load balancers need v4, not the rest of your infrastructure.
Re: (Score:2)
So you're saying you need an IPv4 address?
Problem: We have no IPv4 address.
Dagger2 solution: Just install this other thing and give it an IPv4 address.
Rest of internet: WTF man!
Re: (Score:2)
On your load balancers, yes. Not on the rest of your infrastructure.
You can outsource it if you truly have no v4 whatsoever, but most hosting platforms still have some tucked away somewhere.
Re: Lazy ISPs (Score:3)
Re: (Score:2)
The problem with this is that there are ISPs out there (like mine) that still have not implemented IPv6. This move by AWS will effectively be punishing website owners over something they have no control over.
It forces EC2 users to think about whether their hosts actually need a public IPv4 address. Most services really only need a couple for their load-balancers and NAT gateways; every other host just lives happily in your VPC without a public address. I just checked my company's infrastructure, and in us-east-1, we have a grand total of 6 public IPv4 addresses, and this is for a very large deployment. Of course there are other regions, our on-prem addresses, and so on, but for even somewhat badly planned out A
Re: (Score:3)
True, indeed my own ISP is amongst them.
However, AWS uses a lot of IPv4 addresses where it really doesn't need to. Pretty much all of their networking resources are IPv4 based, some have an IPv6 option, but actually, a lot still don't (or didn't last time I looked - maybe they've been busy and fixed them all?).
A simple example, to setup an IPSEC VPN, you need an IPv4 address. That'll give you two tunnels, but they have to terminate on the same (remote) IPv4 address, so you'll want redundancy, so you'll need
Re: (Score:2)
It's always beein "for several more years", and it's not changing. This is not the first warning that IPv4 is obsolete. A lot of strategy out there seems to be to do nothing until you're obsolete and out of business.
Re: (Score:3)
I suspect the strategy is "let everyone else get going at it first, and then see what we need to do".
From an ISPs point of view, there's (currently) very little benefit to IPv6 for the masses, and downsides that include a world of support calls and angry customers, not to mention the roll-out costs. The address scarcity problem probably isn't so acute for them as it is the likes of AWS either, so the pressure on them to do anything is really pretty low.
Re: (Score:1)
Re: Dumb lack of networking knowledge fag (Score:2)
Website? What's that? And why are my apps not loading???? /s
Re: (Score:2)
You DO realize that http/https is only part of the internet, and networking in general, RIGHT? Jesus, get a new ISP or get off my internet. Fuckin' embarrasing.
you can just tunnel all those other ridiculous protocols through HTTP.
Re: (Score:2)
So?
It's been over 2 decades now. All ISPs have replaced every single CPE multiple times by now. DOCSIS -> DOCSIS 3, ADSL to ADSL2 to VDSL, all of the upgrades to FTTH... In ALL of those cases, the CPEs already supported IPv6. There is no lack of vendor support for IPv6.
RADIUS has had support for it for decades as well, it's just as easy as handing out an IPv4 address.
There is no e
Re: (Score:2)
> Lazy ISPs
Consider support cost change. You would need consumer level router with IPv6 support and have individual network ranges allocated to every customer/router.
I'm in a 3rd world country and have native ipv6 on my home network through my ISP router.
What? Is the USA and EU too lazy to upgrade?
Re: (Score:2)
My ISP in Australia rolled out IPv6 to their customers. After they got Cisco to fix the bugs and add required features that were available for IPv4 but not IPv6 to their ASR9k BNG's, which took a couple of years, they were ready to start offering IPv6 to their customers as a opt in beta trial. Then biggest issue they hit was most consumer routers are still using a really old version of wide-dhcpv6 that has a bug in it that was first addressed in 2009. This bug in effect floods their DHCP servers with reques
Kill It With Fire! (Score:1)
IPv4 needs to go bye-bye just like leaded gas and 55 MPH speed limit. Crying time is over. Get on it or get left behind.
Re: (Score:3)
Car analogies are never good. IPv4 isn't actually killing anyone.
Re: (Score:3, Funny)
Re: Kill It With Fire! (Score:5, Insightful)
IoT isn't just consumer electronics bullshit, it's sensors for infrastructure, cellphones (not bullshit) for a growing global population, and for the ability of every container and node on any network in the world to be globally routable *if they choose* which is really, really a good thing.
NAT was a patch to a nearsighted decision.
IPv6 is held back solely by shitty consumer router firmware and shitty ISPs. The tech is not hard to understand. Multicast and router advertisment and prefix delegation is not hard.
Re: Kill It With Fire! (Score:1, Insightful)
Re: Kill It With Fire! (Score:5, Informative)
Re: Kill It With Fire! (Score:2)
Re: Kill It With Fire! (Score:2)
Re: (Score:2)
Yes. what's your point? Are you somehow implying that IPv6 can't be firewalled?
Re: (Score:2)
IPv6 can be firewalled, but you must know that.
You know how consumer routers have wizards to configure port forwarding? Imagine a world where NAT never existed. Those routers would have a default security policy of "no inbound connections" with a wizard for enabling inbound connections.
Global routability is a good thing, because there are many valid reasons for an internet service to connect to my home network. If the next thought in your head is "well, configure NAT", it should be "Well, configure inbound
Re: (Score:2)
IPv6 can be firewalled, but you must know that.
You know how consumer routers have wizards to configure port forwarding? Imagine a world where NAT never existed. Those routers would have a default security policy of "no inbound connections" with a wizard for enabling inbound connections.
Global routability is a good thing, because there are many valid reasons for an internet service to connect to my home network. If the next thought in your head is "well, configure NAT", it should be "Well, configure inbound security policy".
IPv6 MUST be feckin' firewalled. Jesus, its like the good old days all over again. Back in the 2000's I came across a publishing business where every single workstation they had was on a PUBLIC ipv4 address. Thats just how things used to be done.
You must never, EVER, set up a LAN with ipv6 without taking proper firewall precautions, otherwise... jeeeez the fun that could be had.
Re: (Score:2)
Yes, so have a proxy and a firewall. That is, in your home, don't rely on mom and pop ISP to do it for you by relying upon NAT as a security mechanism that it was never designed to be.
If you have only one device connected to your ISP then it can be Ipv6 trivially. If you've got a handful of devices connected to the ISP then get a halfway decent router and not an off-the-shelf one that's been sitting on the Walmart shelf for years. In the end it's not gobal routability per-se, but routing to your household
Re: (Score:2)
Global routeability != lack of firewall or proxy.
The IPv6 with a stateful firewall provides 100% identical protection to NAT except without being fucking broken. 100% of consumer routers ship with a stateful firewall. 100% of OSes can be configured to have a stateful firewall.
Re: (Score:2)
IoT isn't just consumer electronics bullshit, it's sensors for infrastructure, cellphones (not bullshit) for a growing global population, and for the ability of every container and node on any network in the world to be globally routable *if they choose* which is really, really a good thing.
NAT was a patch to a nearsighted decision.
IPv6 is held back solely by shitty consumer router firmware and shitty ISPs. The tech is not hard to understand. Multicast and router advertisment and prefix delegation is not hard.
Rediculous, you can do anything through NAT or DNAT!!!111
Remembering that pipeline that got ransomwared... (Score:2)
Screw the Internet of Damn Things.
Re: (Score:2)
SLAAC doesn't have any support for DNS at all.
You posted as an AC, but this single bit shows you are just trolling.
Why can I configure in my Cisco router
Router(config)#interface gigabitEthernet 0
Router(config-if)#ipv6 nd ra dns server 2606:4700:4700::1111 2606:4700:4700::1001
And yay, DNS goes to Cloudflare.
Relevant spec came out in... 2007: https://datatracker.ietf.org/d... [ietf.org]
This pretty much tells me you are just trolling.
Posting from behind an FTTH connection where I can get my IPv6 /56 via DHCPv6 prefix del
Re: (Score:3)
Yes, the spec may support it, and Cloudfare may provide it, but the real question is does the vast majority of idiot consumer hardware implement it? With it configured and enabled by default? If the answer to either of those questions is no, then it may as well not exist.
Re: (Score:2)
Seriously, every major service that people use via mobile phone (Facebook, instagram, Google) goes over IPv6. Mobile network providers hand out IPv6 addresses to their customers. So every grandma posting their latest macaroni&cheese picture via their phone is already using IPv6.
It's *not* hard.
Re: (Score:2)
99% of people use whatever their ISP sets as default as their CPE.
Again, what's your problem? Are you scared of not being able to memorize the "ugly ipv6 addresses"?
Re: (Score:2)
Idiot consumer hardware can't even do IPv4 properly most of the time. They're generally cheap ass hardware with even cheaper firmware and it's mass produced. But stick a Linux replacement on them and suddenly they can much more than the stock firmware, are IPv6 ready along with better security and an easier to use GUI.
The only hard bit of the Linux replacements (Tomato, dd-wrt, etc) is in figuring out how to get it installed in the first place. Which wouldn't be an issue if the crappy consumer routers we
Re: (Score:2)
Idiot consumer hardware can't even do IPv4 properly most of the time. They're generally cheap ass hardware with even cheaper firmware and it's mass produced. But stick a Linux replacement on them and suddenly they can much more than the stock firmware, are IPv6 ready along with better security and an easier to use GUI.
The only hard bit of the Linux replacements (Tomato, dd-wrt, etc) is in figuring out how to get it installed in the first place. Which wouldn't be an issue if the crappy consumer routers weren't so crappy, and you wouldn't need the improved firmware either if they implemented a better router in the first place.
My 3rd world, consumer grade ISP router brings native ipv6 into my home. And its https web interface uses cyphers that are way way out of date and it isn't getting updates. Yet still it has ipv6. Theres no need for funky Linux based router setups.
Re: (Score:2)
Been doing IPv6 based devices at work for almost 15 years. Most of that time there's an IPv4 tunnel at the last hop, the only IPv4 thing in the mix at all. Most of the reluctance to get that last bit on IPv6 is because it's confusing to the customers (or the IT side of the customers) and thus a harder sell; but a lot of reluctance is inertia from product managers because that's the way it's always been done so why change it. Sometimes the expert who understands the IPv4 and tunnels and ipsec and network
Re: (Score:2)
Been doing IPv6 based devices at work for almost 15 years. Most of that time there's an IPv4 tunnel at the last hop, the only IPv4 thing in the mix at all. Most of the reluctance to get that last bit on IPv6 is because it's confusing to the customers (or the IT side of the customers) and thus a harder sell; but a lot of reluctance is inertia from product managers because that's the way it's always been done so why change it. Sometimes the expert who understands the IPv4 and tunnels and ipsec and network set up isn't an expert in IPv6.
The cellular modem and ethernet and fiber can to IPv6 so why not use it? Because someone out there says "Hoom, hoom, let's not be hasty!"
I can sort of understand not knowing the new ways, because to be honest I've forgotten how to do IPv4.
Remember, NAT was invented for one purpose - to deal with a shortage of IPv4 address, even if many people are using for different purposes and pretend that it's the only solution that works.
Honestly, you only need NAT. There's nothing you can't do with NAT. The entire Internet could probably get away with one, two at the outside /8's
Re: (Score:2)
You can't "just" change the version header and increase the address space. v4 is built in to everything and it doesn't accommodate bigger address spaces at all, so any attempt to make the addresses longer necessarily breaks almost everything. All of that stuff needs updating.
It's not like they went back to the drawing board though. There were proposals that did that, but in the end they picked v6 which is designed to work basically the same as v4 but with longer addresses. About the only things that are act
Re: (Score:2)
Yes it breaks things, but we've have 20+ years to fix those things. Does the internet need to collapse before we migrate? It's all about inertia.
On the other hand, tons of devices are now IPv6 or well under way to migrating to IPv6 - all mobile phones everywhere in the world, most IoT (at least industrial and commercial), sensors, utilities, infrastructures, etc. At the same time a ton of home computing is shrinking and being replaced by mobile phones or tablets. All of that frees up a ton of v4 addresse
Re: (Score:2)
Just because IPv6 makes it possible for every Thing on the Internet to have its own unique IP address, doesn't mean that IPv6 requires everything to be made publicly accessible.
A modest proposal (Score:2)
I believe we should create a second internet with just the IPv4 space. The restriction is that no advertisement or commercial trade is permitted. All the IP blocks go to libraries, schools, universities, non-profits, and local governments. ISPs can keep half of the IPv4 space they currently have, for any customers that want to use some weird Internet for school or research. Make it a space that is uninteresting for Google and Amazon and the money will pour in to get IPv6 up and going.
Because honestly, if yo
Re: (Score:2)
The inherent incompatibility with IPv4 was the main goal of the authors - they disliked the existing protocol and wanted to wholesale replace it for a variety of reasons. Most of those reasons are overtaken by events or defunct now - the world is not the world of the 1990s.
If IPv6 was compatible inherently, like carving out the IPv4 space and defining how legacy systems could communicate with systems with only an IPv6 stack, it'd have already been adopted.
Those proposing a middle ground are smart, but it w
Re: (Score:2)
That makes no sense whatsoever. They picked an approach that was very similar to v4 (many of the proposed alternatives worked very differently) and they put significant effort into making it work with v4. Between dual stack, Teredo, 6to4, 6rd, 6over4, ISATAP, 6in4/4in6, NAT64/DNS64, 464xlat, DS-lite, MAP-T/E, 4rd and LW4over6 (plus probably others I've forgotten) we've got plenty of options for backwards compatibility too.
The main inherent incompatibility with v4 is that v4 doesn't support addresses longer
Re: (Score:2)
No it didn't. Show me how an IPv6 stack can communicate with v4 inherently. Check yourself.
Also check up on how v4 and v6 do not work the same. There are very large differences. Here, i'll educate you, since you appear to have glossed over the entire subject.
Note 6to4 - which works poorly - is NOT part of the protocol, it's a retrofitted add-on [ripe.net]
The world in which IPv6 was a good design. [apenwarr.ca]
IPv6 is a Total Nightmare [teknikaldomain.me]
What you need most of all is humility.
Re: (Score:2)
$ ping -6 64:ff9b::8.8.8.8
PING 64:ff9b::8.8.8.8(64:ff9b::808:808) 56 data bytes
64 bytes from 64:ff9b::808:808: icmp_seq=1 ttl=113 time=8.59 ms
A major point of my post was that "inherently" is impossible because of v4 (not because of v6, but purely because of v4's inability to handle longer addresses), but as you can see it's perfectly possible for them to communicate so it's clear they aren't incompatible. What more are you asking for?
What you need most of all is humility.
I like how I'm being lectured on humility by somebody who thinks they hav
Re: (Score:2)
Aaaaand crickets. See, this is why I took the attitude I did: because I've seen quite a few people say the same stuff you've been saying, and not one of them has been able to explain how to actually make the thing happen. If it was possible, somebody would have been able to describe how to do it by now.
If it's possible to make the stacks "inherently" communicate, I honestly genuinely want to know how it could've been done. But all I ever get as answers when I ask are a) things that can't work, b) things tha
Re: (Score:2)
IPv4 needs to go bye-bye just like leaded gas and 55 MPH speed limit. Crying time is over. Get on it or get left behind.
The 55mph speed limit was an urban myth. Surely...?
Re: (Score:2)
what's with the entitlement? (Score:5, Insightful)
as we all know, the business is a little short of cash at the moment, so is having to pass these costs on to users
No one is under an obligation to sell you services at a loss, friend.
This sense of entitlement seems to be coming up a lot lately. Where does it come from?
Re: (Score:2)
Well, typically when prices are increased one expects to get more for their money than they got before. And the trend in tech, historically for decades now, has been for buyers to get more capacity and features for less money. Remember when $1500 would get you an Apple IIe? How much compute, memory, and storage would a $1500 desktop have now? Or remember when a T1 cost several hundred or, a few years before that, over a thousand dollars for all of a (now) pathetic 1.544 Mbps? Now, what you'd have paid
Re: (Score:2)
3+ generations of people who have lived in perfect safety, obscene luxury, and instant gratification, and have never had to do more than exist and have it handed to them. Why shouldn't everything be free, what, you want me to work for it or pay for it? Why?
Re: (Score:2)
Buy Now! (Score:2)
Re: (Score:2)
Re: (Score:3)
WARNING- your computer is broadcasting an IP address!!! Click here to download our security product that will protect your privacy.
azure and google have been doing it for years (Score:2)
title
Re: (Score:2)
Re: (Score:2)
> It is still pretty affordable in comparison with other alternatives anyway.
Not really - it's generally the most expensive general purpose cloud provider there is. Sure, Oracle charge more for most of their resources, but they're a long way short of "general purpose" (and they do deep discounts on a few resources). GCP is similarly priced to AWS, but I'd say for many it'll work out a bit cheaper. I'm not sure about Azure - I've heard so many horror stories I've mostly kept away from it.
If you're feeling
Re: (Score:2)
Re: (Score:2)
So what (Score:5, Interesting)
Easy solution - host your AWS domains on IPV6, and use Cloudflare to serve those domains via IPV4.
Somehow, Cloudflare has managed to not charge users for IPV4. I wonder why they're so much more capable than Amazon.
Re: (Score:2)
This is actually a great way to mitigate the issue. Once inside AWS, you can use IPv4 internal networks to your hearts content.
As for Cloudflare, they don't need a "pool" of IPs just in case someone wants one. They can load up one IP with however many different customers they want and they're good to go, so their pool is relatively fixed (and each new customer is paying something towards the IP addresses they're using). AWS have to be able to give you an IP whenever you ask (and take it back when you give i
Re:So what (Score:5, Informative)
Somehow, Cloudflare has managed to not charge users for IPV4.
Because you don't get a dedicated IP - they use Hostname-based virtual hosting. Meaning hundreds or thousands of websites will be on the same IP address, and they serve the HTTP requests out to the right server by looking at the Host header..
Re: (Score:2)
And SNI... (Which is critical for them to function with TLS)
Re: (Score:2)
They should use SNI because it increases flexibility, especially in providing for Dedicated Certificates [cloudflare.com].
SNI isn't critical to share the same certificates between multiple hostnames.
It will become even less necessary with the new HTTPS Binding [ietf.org] DNS Record type, Since the new RR type allows the Port number for HTTPS and HTTPS version such as HTTP/3 Http over Quic instead of TCP to be specified in the DNS record itself, as something other than 443 Unique to each website, and different port numbers can pre
Re: (Score:2)
I mean... SNI is useful, but not critical. the problem with SNI is it Breaks privacy, because the Server Name Indication is Unencrypted (With SNI: third parties sniffing your traffic can see the server name!). This is why HTTP/3 and/or shared certificates and randomized port numbers for HTTPS can be a better option.
We need a public phase out. (Score:4, Insightful)
Imagine if Google or Porn Sites went ipv6 only, ISPs tech support lines will be flooded. There is no technical reasons to stop IPv6 adoption, all the excuses have been debunked, it's pure speculation of ipv4 address prices and isps wanting to hire cheap labour and not update the firmware of their routers. Even Windows NT 4.0 from 1996 has an ipv6 stack.
Look at the precedents. We phased out analog tvs, 1G, 2G and 3G phone networks, TLS 1.0, etc , we can phase out ipv4, we just need to actually take action.
The Great Disconnect (Score:2)
Re: (Score:2)
What model are you talking about? v6 doesn't affect your ability to inspect DNS or content at firewalls.
Things like TLS or DoT do, but those are being used on v4 too.
why i hate ipv6 (Score:2)
IPv6 would be much better if it used octal or decimal representations rather than hex. It's just too hard to parse or remember hex, making ipv6 addresses look like arbitrary encrypted text.
What makes IPv6 suck? (Score:2)
That's my question and I don't have a specific answer. It just seems crazy that IPv4 has all these problems with scarcity, NAT, CG-NAT, complex routing tables, etc. and there's a replacement that's been available for a LONG time now, and even has major adoption in certain market segments who are essentially forced to use it... and yet everyone still resists. I'm thinking maybe it's just, well, shit? IPv4+NAT is definitely shit but we make do, so we aren't scared of using bad solutions to real problems if it
Re: (Score:2)
Basically, it doesn't suck. It's mostly just human psychology.
I actually think a lot of it comes down to the allistic tendency to refuse to do things that they think aren't perceived as "normal". Most people agree that we should be wearing masks to avoid disease, they will even agree that it would be a good idea for them to do it themselves, but they still won't. Most people will happy sit in a room that's filling with smoke without worrying about it so long as the other people in the room act like it's not
Re: (Score:2)
Re: (Score:2)
NAT all the way down is only a problem if you're trying to host a service, which most people don't even want to do
NAT is also a killer for many Peer to Peer applications, such as Online gaming with a Nintendo Switch. It can also break the ability to receive calls IP-based Telephone service that requires listening on a UDP port.
There are many things NAT breaks; Although web browsing and typical smartphone apps will be fine.
Re: (Score:2)
Nonsense. We solved that problem in the early 2000s.
You're absolutely wrong here. Go look up NAT types.
If you don't have a direct port forward for the right ports on a dedicated IPv4 address, either permanently or UPnP on your router to establish the same (Nat Type A), Then when you go to host a game, for example in Mario Kart, other players will not be able to connect if their NAT type is just as bad as yours.
You can't play older games like Starcraft either, once you have a Double NAT scenario,
Re: (Score:2)
Re: (Score:2)
Public IPv4 address != Elastic IP address
TFA links to Jeff Barr's blog post [amazon.com] with a very clear table. Resources in a default VPC get a public IPv4 automatically and AWS currently doesn't charge for it, mostly because it's not persistent and you lose it if the resource isn't active. An Elastic IP has always come with a charge ($0.005/hr) because you get to keep it, even if you aren't actively using it. Going forward, both public IPv4 and Elastic IPs will be charged @ $0.005/hr.
Now the question is, when will A