[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

AWS Elastic IP architecture

Subject: AWS Elastic IP architecture
From: marka at isc.org (Mark Andrews)
Date: Fri, 05 Jun 2015 08:28:38 +1000
In-reply-to: Your message of "Thu, 04 Jun 2015 13:28:39 -0500." <CABidiTJH=+oKpF7OwU+2V4MELaigMTqe3ZdFr51jUKRTpHFdtA@mail.gmail.com>
References: <CAA5Ek4dprA7ET9FTFYdh0eOLG2y5khSqV6L2zAknSiPKCJaJJw@mail.gmail.com> <CAA5Ek4c-FRfqgysaenU0_JB9y-Y0_4ZGsX22g3NgcR18nTv89A@mail.gmail.com> <[email protected]> <D190F68B.52B0E%[email protected]> <[email protected]> <CAL9jLaYKwBt8XqjU9ikci1iXYeK-CkUpFx3dSiZtX=d7zKnm0Q@mail.gmail.com> <[email protected]> <CAL9jLabzwHRON-d=jhT+qKc=s-CcDzYSyzarW9auRfKZMm+Xzw@mail.gmail.com> <[email protected]> <CAL9jLaYXCdfViHbUPx-=rs4vSx5mFECpfuE8b7VQ+Au2hCXpMQ@mail.gmail.com> <[email protected]> <CAD6AjGQ6KKqU9-iYHXcXj_uPyLOeOtmhVnvBsw9Up8736WV6UA@mail.gmail.com> <CAL9jLaaQUP1UzoKag3Kuq8a5bMcB2q6Yg=B_=1fFWxRN6K-bNA@mail.gmail.com> <[email protected]> <[email protected]> <[email protected]> <[email protected]> <[email protected]> <233AFE07-72FB-4BF8-A8E9-BA9BCB54072C@delon g.com> <CAL9jLaYEBZfBJaY59n8=so6SyVRQYUtj5sGgK9TmCYtDMR0u0A@mail.gmail.com> <CABidiTJH=+oKpF7OwU+2V4MELaigMTqe3ZdFr51jUKRTpHFdtA@mail.gmail.com>

In message <CABidiTJH=+oKpF7OwU+2V4MELaigMTqe3ZdFr51jUKRTpHFdtA at mail.gmail.com>
, Philip Dorr writes:
> On Thu, Jun 4, 2015 at 12:16 PM, Christopher Morrow
> <morrowc.lists at gmail.com> wrote:
> > On Thu, Jun 4, 2015 at 5:11 AM, Owen DeLong <owen at delong.com> wrote:
> >> I=E2=80=99d argue that SSH is several thousand, not a few hundred. In an=
> y case, I suppose you can make the argument that only a few people are tryi=
> ng to access their home network resources remotely other than via some sort=
>  of proxy/rendezvous service. However, I would argue that such services exi=
> st solely to provide a workaround for the deficiencies in the network intro=
> duced by NAT. Get rid of the stupid NAT and you no longer need such service=
> s.
> >
> > This is an interesting argument/point, but if you remove the rendevous
> > service then how do you find the thing in your house? now the user has
> > to manage DNS, or the service in question has to manage a dns entry
> > for the customer, right?
> 
> You do not remove the locating service, what you remove is the remote
> proxy service.

And the DNS is the simplest location service.  Windows boxes and
Mac's can register themselves in the DNS today using standardised
protocols.  This really isn't a hard thing to do.  All you need is
a fully qualified hostname, addresses and update credentials
(username/password (TSIG) or a public key pair SIG(0)) and you can
update the addresses records using the DNS and UPDATE.  Windows
uses GSS-TSIG (Kerberos) to authenticate the UPDATE request.  In
theory it could also use plain TSIG and/or SIG(0).

What is hard is giving them a globally unique address today because
it doesn't exist for 99.9% of the devices connected in the world
due to the world having run out of IPv4 address about ~20 years
ago.  At the moment we are at ~1 address per household for IPv4.
We are heading into < 1 address per household for most of the
households in the world.

For a Mac you do System Preference -> Sharing -> Edit and Tick "Use
dynamic global hostname" add the hostname and TSIG credentials
(User/Password).  The Mac will save them.  The Mac will then update
the address records for itself as they change.

What has to happen is making this a regular part of setting up a
machine for the first time.  This requires other OS vendors adding
equivalent functionality to their OS's.

> For example with a webcam on IPv4, you would connect to website to
> download the video.  The camera would also connect to the website to
> upload the video.
> 
> On IPv6 the webcam would connect to the website to say that it is
> alive and what its IP is.  You would connect to the website and your
> computer would get the IP and directly connect to the webcam.  If
> there were multiple people connecting, you may even be able to use
> multicast.

-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org

References:
- AWS Elastic IP architecture
  - From: owen at delong.com (Owen DeLong)
- AWS Elastic IP architecture
  - From: morrowc.lists at gmail.com (Christopher Morrow)
- AWS Elastic IP architecture
  - From: owen at delong.com (Owen DeLong)
- AWS Elastic IP architecture
  - From: morrowc.lists at gmail.com (Christopher Morrow)
- AWS Elastic IP architecture
  - From: mpalmer at hezmatt.org (Matt Palmer)
- AWS Elastic IP architecture
  - From: morrowc.lists at gmail.com (Christopher Morrow)
- AWS Elastic IP architecture
  - From: marka at isc.org (Mark Andrews)
- AWS Elastic IP architecture
  - From: cb.list6 at gmail.com (Ca By)
- AWS Elastic IP architecture
  - From: morrowc.lists at gmail.com (Christopher Morrow)
- AWS Elastic IP architecture
  - From: marka at isc.org (Mark Andrews)
- AWS Elastic IP architecture
  - From: matthew at matthew.at (Matthew Kaufman)
- AWS Elastic IP architecture
  - From: matthew at matthew.at (Matthew Kaufman)
- AWS Elastic IP architecture
  - From: owen at delong.com (Owen DeLong)
- AWS Elastic IP architecture
  - From: matthew at matthew.at (Matthew Kaufman)
- AWS Elastic IP architecture
  - From: morrowc.lists at gmail.com (Christopher Morrow)
- AWS Elastic IP architecture
  - From: tagno25 at gmail.com (Philip Dorr)

Prev by Date: stacking pdu
Next by Date: stacking pdu
Previous by thread: AWS Elastic IP architecture
Next by thread: AWS Elastic IP architecture
Index(es):
- Date
- Thread