Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
The Internet Cloud Network

AWS To Start Charging For Public IPv4 Addresses (theregister.com) 140

Long-time Slashdot reader nairnr shares a report from The Register: Cloud giant AWS will start charging customers for public IPv4 addresses from next year, claiming it is forced to do this because of the increasing scarcity of these and to encourage the use of IPv6 instead. It is now four years since we officially ran out of IPv4 ranges to allocate, and since then, those wanting a new public IPv4 address have had to rely on address ranges being recovered, either from from organizations that close down or those that return addresses they no longer require as they migrate to IPv6.

If Amazon's cloud division is to be believed, the difficulty in obtaining public IPv4 addresses has seen the cost of acquiring a single address rise by more than 300 percent over the past five years, and as we all know, the business is a little short of cash at the moment, so is having to pass these costs on to users. "This change reflects our own costs and is also intended to encourage you to be a bit more frugal with your use of public IPv4 addresses and to think about accelerating your adoption of IPv6 as a modernization and conservation measure,' writes AWS Chief Evangelist Jeff Barr, on the company news blog.

The update will come into effect on February 1, 2024, when AWS customers will see a charge of $0.005 (half a cent) per IP address per hour for all public IPv4 addresses. These charges will apparently apply whether the address is attached to a service or not, and like many AWS charges, appear inconsequential at first glance but can mount up over time if a customer is using many of them. These charges will apply to all AWS services including EC2, Relational Database Service (RDS) database instances, Elastic Kubernetes Service (EKS) nodes, and will apply across all AWS regions, the company said. However, customers will not be charged for IP addresses that they own and bring to AWS using Amazon's BYOIP feature. AWS offers a free tier for EC2, and this will include 750 hours of public IPv4 address usage per month for the first 12 months, starting from the same date the charges do.

This discussion has been archived. No new comments can be posted.

AWS To Start Charging For Public IPv4 Addresses

Comments Filter:
  • Lazy ISPs (Score:3, Insightful)

    by too2late ( 958532 ) on Monday July 31, 2023 @08:03PM (#63730040) Journal
    The problem with this is that there are ISPs out there (like mine) that still have not implemented IPv6. This move by AWS will effectively be punishing website owners over something they have no control over.
    • Re:Lazy ISPs (Score:5, Informative)

      by Rockoon ( 1252108 ) on Monday July 31, 2023 @08:05PM (#63730048)
      Website owners have control over who hosts their website.
    • by Ocker3 ( 1232550 )
      Just because it's hard doesn't mean that web hosting platforms shouldn't invest in the future. Sometimes external pressures are necessary to get everyone to invest at the same time, when some/most are holding back to avoid spending money (affecting prices) if it's not happening industry-wide.
      • Re:Lazy ISPs (Score:4, Informative)

        by Entrope ( 68843 ) on Tuesday August 01, 2023 @04:29AM (#63730760) Homepage

        The challenge isn't that it's hard, the challenge is that companies with IPv6-only services cannot be reached by IPv4-only customers. They would have to pay a reverse proxy service to be a front end for them.

        • Or they can run their own reverse proxy. Only your load balancers need v4, not the rest of your infrastructure.

          • So you're saying you need an IPv4 address?

            Problem: We have no IPv4 address.
            Dagger2 solution: Just install this other thing and give it an IPv4 address.
            Rest of internet: WTF man!

            • On your load balancers, yes. Not on the rest of your infrastructure.

              You can outsource it if you truly have no v4 whatsoever, but most hosting platforms still have some tucked away somewhere.

    • Everyone is lazy, so it's a good way to make some extra $$. IMO charging a lazy fee to keep using IPv4
    • The problem with this is that there are ISPs out there (like mine) that still have not implemented IPv6. This move by AWS will effectively be punishing website owners over something they have no control over.

      It forces EC2 users to think about whether their hosts actually need a public IPv4 address. Most services really only need a couple for their load-balancers and NAT gateways; every other host just lives happily in your VPC without a public address. I just checked my company's infrastructure, and in us-east-1, we have a grand total of 6 public IPv4 addresses, and this is for a very large deployment. Of course there are other regions, our on-prem addresses, and so on, but for even somewhat badly planned out A

    • True, indeed my own ISP is amongst them.

      However, AWS uses a lot of IPv4 addresses where it really doesn't need to. Pretty much all of their networking resources are IPv4 based, some have an IPv6 option, but actually, a lot still don't (or didn't last time I looked - maybe they've been busy and fixed them all?).

      A simple example, to setup an IPSEC VPN, you need an IPv4 address. That'll give you two tunnels, but they have to terminate on the same (remote) IPv4 address, so you'll want redundancy, so you'll need

      • It's always beein "for several more years", and it's not changing. This is not the first warning that IPv4 is obsolete. A lot of strategy out there seems to be to do nothing until you're obsolete and out of business.

        • I suspect the strategy is "let everyone else get going at it first, and then see what we need to do".

          From an ISPs point of view, there's (currently) very little benefit to IPv6 for the masses, and downsides that include a world of support calls and angry customers, not to mention the roll-out costs. The address scarcity problem probably isn't so acute for them as it is the likes of AWS either, so the pressure on them to do anything is really pretty low.

  • IPv4 needs to go bye-bye just like leaded gas and 55 MPH speed limit. Crying time is over. Get on it or get left behind.

    • by Barny ( 103770 )

      Car analogies are never good. IPv4 isn't actually killing anyone.

    • Re: (Score:3, Funny)

      by Fly Swatter ( 30498 )
      Yep we need to switch NOW to allow room for all the refrigerators, toasters, and vibrators to be able to message us for whatever reason while being directly exposed to the internet. /s
      • by Luke has no name ( 1423139 ) <fox.cyberfoxfire@com> on Monday July 31, 2023 @08:45PM (#63730110)

        IoT isn't just consumer electronics bullshit, it's sensors for infrastructure, cellphones (not bullshit) for a growing global population, and for the ability of every container and node on any network in the world to be globally routable *if they choose* which is really, really a good thing.

        NAT was a patch to a nearsighted decision.

        IPv6 is held back solely by shitty consumer router firmware and shitty ISPs. The tech is not hard to understand. Multicast and router advertisment and prefix delegation is not hard.

        • Global routability is a really really bad thing for security. Nothing should route into a private network without going through a proxy and firewall of some sort.
          • by bool2 ( 1782642 ) on Monday July 31, 2023 @10:41PM (#63730370) Homepage
            This isn't a problem unless you run ipv6 without a firewall. Add firewall. Incoming connections denied / dropped. Problem solved.
          • No it's not. Employ a firewall.
          • by hjf ( 703092 )

            Yes. what's your point? Are you somehow implying that IPv6 can't be firewalled?

          • IPv6 can be firewalled, but you must know that.

            You know how consumer routers have wizards to configure port forwarding? Imagine a world where NAT never existed. Those routers would have a default security policy of "no inbound connections" with a wizard for enabling inbound connections.

            Global routability is a good thing, because there are many valid reasons for an internet service to connect to my home network. If the next thought in your head is "well, configure NAT", it should be "Well, configure inbound

            • IPv6 can be firewalled, but you must know that.

              You know how consumer routers have wizards to configure port forwarding? Imagine a world where NAT never existed. Those routers would have a default security policy of "no inbound connections" with a wizard for enabling inbound connections.

              Global routability is a good thing, because there are many valid reasons for an internet service to connect to my home network. If the next thought in your head is "well, configure NAT", it should be "Well, configure inbound security policy".

              IPv6 MUST be feckin' firewalled. Jesus, its like the good old days all over again. Back in the 2000's I came across a publishing business where every single workstation they had was on a PUBLIC ipv4 address. Thats just how things used to be done.

              You must never, EVER, set up a LAN with ipv6 without taking proper firewall precautions, otherwise... jeeeez the fun that could be had.

          • Yes, so have a proxy and a firewall. That is, in your home, don't rely on mom and pop ISP to do it for you by relying upon NAT as a security mechanism that it was never designed to be.

            If you have only one device connected to your ISP then it can be Ipv6 trivially. If you've got a handful of devices connected to the ISP then get a halfway decent router and not an off-the-shelf one that's been sitting on the Walmart shelf for years. In the end it's not gobal routability per-se, but routing to your household

          • Global routeability != lack of firewall or proxy.

            The IPv6 with a stateful firewall provides 100% identical protection to NAT except without being fucking broken. 100% of consumer routers ship with a stateful firewall. 100% of OSes can be configured to have a stateful firewall.

        • IoT isn't just consumer electronics bullshit, it's sensors for infrastructure, cellphones (not bullshit) for a growing global population, and for the ability of every container and node on any network in the world to be globally routable *if they choose* which is really, really a good thing.

          NAT was a patch to a nearsighted decision.

          IPv6 is held back solely by shitty consumer router firmware and shitty ISPs. The tech is not hard to understand. Multicast and router advertisment and prefix delegation is not hard.

          Rediculous, you can do anything through NAT or DNAT!!!111

        • a while back, and thinking this sort of thing ought to be confined to private networks.

          Screw the Internet of Damn Things.
      • by Jeremi ( 14640 )

        Just because IPv6 makes it possible for every Thing on the Internet to have its own unique IP address, doesn't mean that IPv6 requires everything to be made publicly accessible.

    • I believe we should create a second internet with just the IPv4 space. The restriction is that no advertisement or commercial trade is permitted. All the IP blocks go to libraries, schools, universities, non-profits, and local governments. ISPs can keep half of the IPv4 space they currently have, for any customers that want to use some weird Internet for school or research. Make it a space that is uninteresting for Google and Amazon and the money will pour in to get IPv6 up and going.

      Because honestly, if yo

      • by HBI ( 10338492 )

        The inherent incompatibility with IPv4 was the main goal of the authors - they disliked the existing protocol and wanted to wholesale replace it for a variety of reasons. Most of those reasons are overtaken by events or defunct now - the world is not the world of the 1990s.

        If IPv6 was compatible inherently, like carving out the IPv4 space and defining how legacy systems could communicate with systems with only an IPv6 stack, it'd have already been adopted.

        Those proposing a middle ground are smart, but it w

        • That makes no sense whatsoever. They picked an approach that was very similar to v4 (many of the proposed alternatives worked very differently) and they put significant effort into making it work with v4. Between dual stack, Teredo, 6to4, 6rd, 6over4, ISATAP, 6in4/4in6, NAT64/DNS64, 464xlat, DS-lite, MAP-T/E, 4rd and LW4over6 (plus probably others I've forgotten) we've got plenty of options for backwards compatibility too.

          The main inherent incompatibility with v4 is that v4 doesn't support addresses longer

          • by HBI ( 10338492 )

            No it didn't. Show me how an IPv6 stack can communicate with v4 inherently. Check yourself.

            Also check up on how v4 and v6 do not work the same. There are very large differences. Here, i'll educate you, since you appear to have glossed over the entire subject.

            Note 6to4 - which works poorly - is NOT part of the protocol, it's a retrofitted add-on [ripe.net]
            The world in which IPv6 was a good design. [apenwarr.ca]
            IPv6 is a Total Nightmare [teknikaldomain.me]

            What you need most of all is humility.

            • $ ping -6 64:ff9b::8.8.8.8
              PING 64:ff9b::8.8.8.8(64:ff9b::808:808) 56 data bytes
              64 bytes from 64:ff9b::808:808: icmp_seq=1 ttl=113 time=8.59 ms

              A major point of my post was that "inherently" is impossible because of v4 (not because of v6, but purely because of v4's inability to handle longer addresses), but as you can see it's perfectly possible for them to communicate so it's clear they aren't incompatible. What more are you asking for?

              What you need most of all is humility.

              I like how I'm being lectured on humility by somebody who thinks they hav

            • Aaaaand crickets. See, this is why I took the attitude I did: because I've seen quite a few people say the same stuff you've been saying, and not one of them has been able to explain how to actually make the thing happen. If it was possible, somebody would have been able to describe how to do it by now.

              If it's possible to make the stacks "inherently" communicate, I honestly genuinely want to know how it could've been done. But all I ever get as answers when I ask are a) things that can't work, b) things tha

    • IPv4 needs to go bye-bye just like leaded gas and 55 MPH speed limit. Crying time is over. Get on it or get left behind.

      The 55mph speed limit was an urban myth. Surely...?

  • by MSG ( 12810 ) on Monday July 31, 2023 @08:28PM (#63730088)

    as we all know, the business is a little short of cash at the moment, so is having to pass these costs on to users

    No one is under an obligation to sell you services at a loss, friend.

    This sense of entitlement seems to be coming up a lot lately. Where does it come from?

    • Well, typically when prices are increased one expects to get more for their money than they got before. And the trend in tech, historically for decades now, has been for buyers to get more capacity and features for less money. Remember when $1500 would get you an Apple IIe? How much compute, memory, and storage would a $1500 desktop have now? Or remember when a T1 cost several hundred or, a few years before that, over a thousand dollars for all of a (now) pathetic 1.544 Mbps? Now, what you'd have paid

    • 3+ generations of people who have lived in perfect safety, obscene luxury, and instant gratification, and have never had to do more than exist and have it handed to them. Why shouldn't everything be free, what, you want me to work for it or pay for it? Why?

  • Buy all the IPv4 addresses that you can! They are not making any more of them.
    • They did that a couple of years ago, and I'm not talking about the mad rush on the rest of the RIR pools. IP addresses shot up in price in 2021 (hey, Covid), but have come down about a quarter from the peak about a year ago. They're now about $35-$45 per address, which is still twice as much as in 2020.
      • WARNING- your computer is broadcasting an IP address!!! Click here to download our security product that will protect your privacy.

  • Comment removed based on user account deletion
    • > It is still pretty affordable in comparison with other alternatives anyway.

      Not really - it's generally the most expensive general purpose cloud provider there is. Sure, Oracle charge more for most of their resources, but they're a long way short of "general purpose" (and they do deep discounts on a few resources). GCP is similarly priced to AWS, but I'd say for many it'll work out a bit cheaper. I'm not sure about Azure - I've heard so many horror stories I've mostly kept away from it.

      If you're feeling

  • So what (Score:5, Interesting)

    by null etc. ( 524767 ) on Tuesday August 01, 2023 @01:20AM (#63730554)

    Easy solution - host your AWS domains on IPV6, and use Cloudflare to serve those domains via IPV4.

    Somehow, Cloudflare has managed to not charge users for IPV4. I wonder why they're so much more capable than Amazon.

    • This is actually a great way to mitigate the issue. Once inside AWS, you can use IPv4 internal networks to your hearts content.

      As for Cloudflare, they don't need a "pool" of IPs just in case someone wants one. They can load up one IP with however many different customers they want and they're good to go, so their pool is relatively fixed (and each new customer is paying something towards the IP addresses they're using). AWS have to be able to give you an IP whenever you ask (and take it back when you give i

    • Re:So what (Score:5, Informative)

      by mysidia ( 191772 ) on Tuesday August 01, 2023 @09:20AM (#63731308)

      Somehow, Cloudflare has managed to not charge users for IPV4.

      Because you don't get a dedicated IP - they use Hostname-based virtual hosting. Meaning hundreds or thousands of websites will be on the same IP address, and they serve the HTTP requests out to the right server by looking at the Host header..

      • by MoHaG ( 1002926 )

        And SNI... (Which is critical for them to function with TLS)

        • by mysidia ( 191772 )

          They should use SNI because it increases flexibility, especially in providing for Dedicated Certificates [cloudflare.com].

          SNI isn't critical to share the same certificates between multiple hostnames.
          It will become even less necessary with the new HTTPS Binding [ietf.org] DNS Record type, Since the new RR type allows the Port number for HTTPS and HTTPS version such as HTTP/3 Http over Quic instead of TCP to be specified in the DNS record itself, as something other than 443 Unique to each website, and different port numbers can pre

        • by mysidia ( 191772 )

          I mean... SNI is useful, but not critical. the problem with SNI is it Breaks privacy, because the Server Name Indication is Unencrypted (With SNI: third parties sniffing your traffic can see the server name!). This is why HTTP/3 and/or shared certificates and randomized port numbers for HTTPS can be a better option.

  • by xack ( 5304745 ) on Tuesday August 01, 2023 @06:27AM (#63730894)
    Amazon is already having to acquire ip address using unethical means, and many ip address reserved for African networks are being hijacked by other companies as well. We need the top websites to publicly say you need IPv6 to access us by x date and make lazy isps accountable.

    Imagine if Google or Porn Sites went ipv6 only, ISPs tech support lines will be flooded. There is no technical reasons to stop IPv6 adoption, all the excuses have been debunked, it's pure speculation of ipv4 address prices and isps wanting to hire cheap labour and not update the firmware of their routers. Even Windows NT 4.0 from 1996 has an ipv6 stack.

    Look at the precedents. We phased out analog tvs, 1G, 2G and 3G phone networks, TLS 1.0, etc , we can phase out ipv4, we just need to actually take action.
  • The IPv6 purists focused on end-to-end security. This does not make organizations more secure. Quite the opposite. Organizations want to limit the access of systems they own. They want to see the DNS resolutions. They want to inspect content at firewalls. The IPv6 Security model interferes with these sound security practices. Employees have browsers, the IPv6 model means these browsers need to be replaced by app servers controlled by the company and accessed via a protocol like RDP.
    • What model are you talking about? v6 doesn't affect your ability to inspect DNS or content at firewalls.

      Things like TLS or DoT do, but those are being used on v4 too.

  • IPv6 would be much better if it used octal or decimal representations rather than hex. It's just too hard to parse or remember hex, making ipv6 addresses look like arbitrary encrypted text.

  • That's my question and I don't have a specific answer. It just seems crazy that IPv4 has all these problems with scarcity, NAT, CG-NAT, complex routing tables, etc. and there's a replacement that's been available for a LONG time now, and even has major adoption in certain market segments who are essentially forced to use it... and yet everyone still resists. I'm thinking maybe it's just, well, shit? IPv4+NAT is definitely shit but we make do, so we aren't scared of using bad solutions to real problems if it

    • Basically, it doesn't suck. It's mostly just human psychology.

      I actually think a lot of it comes down to the allistic tendency to refuse to do things that they think aren't perceived as "normal". Most people agree that we should be wearing masks to avoid disease, they will even agree that it would be a good idea for them to do it themselves, but they still won't. Most people will happy sit in a room that's filling with smoke without worrying about it so long as the other people in the room act like it's not

Keep up the good work! But please don't ask me to help.

Working...