Published on

IPv6 in the Cloud: Head vs Heart

Authors
  • avatar
    Name
    Kris Gillespie
    Twitter
cloudwan

"4.2 billion IPs should be enough"

It wasn't enough

We've known for years and years that the IPv4 pool will dry up. Since the days of old, dusty RIPE meetings were spent waxing lyrical about the dwindling number of IPs. Sad graphs showing the very very very slow uptake of IPv6 and now here we are, depending on what you read, you might think the adoption rate is somewhere around 40-50%. There are numberous sources, for example you have this one from Google. Looks good right? Or you have this one from the Internet Society

IPv6 over time

However, I'm inclined to go along with this great article from Cloudflare where they come to the conclusion that realistically, the number is closer to around 13%.

So, how do our cloud providers stack up in allowing us to build and delivery IPv6 services?

AWS and Azure

AWS Rent Seeking via IPv4

Now obviously, this is in a way a good thing as it should finally put some finacial pressure on some companies to look hard and fast at their IPv6 plans. But on that, how much does AWS support you on this journey.

A very small list of IPv6 services

You'll read a lot when you search around that we are still in a transitory phase. Consider however that IPv6 has been around since the mid 90s, first in the linux/unix midrange system, then expanding to Windows in the XP days. So you would hope that a 1.7 trillion dollar company could push the needle further along.

ipv6-azure

Microsoft has, so far, a maybe a slightly better track record and actual implementation of IPv6 in Azure. Not perfect mind you. For example, one topic very close to my area of interest, Cloud WAN from AWS. The equivalent from Azure is Azure Virtual WAN (vWAN). Zero IPv6 support at the time of writing this. Compared to Cloud WAN, which has largely full, admittedly dual stack, support from IPv6, together with Transit Gateways.

Both providers lack IPv6 support in key areas like

  • Relational databases
  • nosql databases
  • Redis
  • serverless

Another common theme is the need for dual stack. IPv4 and IPv6. Take for example AWS Transit Gateways. You need IPv4 subnets otherwise you cannot create attachments. I assume as hyperplane is IPv4 only at this moment. Azure is just as guilty, requiring dual stack for most things.

So should I give up?

ipv6-azure

Well it depends. If you organisation is driven by short term value, then yes, most likely. However the true value in IPv6 is in safeguarding the internet for the future. Allowing for the inevitable march of expansion, including the explosion in IoT, it's only going to get more crowded. It's also about being forward thinking,

So, do we do it for the future? Do we do it for our bill at the end of the month? In the end, the cost is high both ways. If you're a startup, the opportunity cost of not focusing on value is extremely high. If you're an incumbent, well, you're probably so deep in the IPv4 mire that even considering a project like this is starts a nervous twitch.

I want to go ahead

Brave soul. Let's pick on AWS and let's say we use some of following, which have some form of IPv6 support

  • EC2
  • Load balancers - the load balancers themselves are dual stack, target groups can be IPv6 only
  • VPC
  • ECS (note, still dual stacked.)
  • Route53
  • S3

However you will roadblock when you want to use something like DynamoDB. Or any kind of database. You can sidestep this via the above method of private IPv6 endpoints for IPv4 accessible services, as seen in this AWS post. It's a bandaid and will likely make you reconsider the whole exercise. Plus, in the end, depending on your type of business, it might be irrelevant anyways. If you have any kind of public presence, your users/customers will likely hit you in bulk via IPv4, making the whole exercise pointless.

UPDATE

While researching this, I even just found this small annoucement about AWS Lambda, enabling further IPv6 support

Conclusion so far?

Honestly, unless you really want to push, be a pioneer, which sounds laughable after what, 28 or so years, it's still not worth it. You can make your life way way harder and you can definitely get some form of platform working but even now, the cloud providers just are not geared to properly support you on this journey. It would be for more idealistic reasons than actual sane commerical reasons.

It's a heart vs head argument

ipv6-azure

What's next

  • Possible more research into IPv6
  • What is the cost of abstraction in relation to networking
  • How to limit the blast radius
  • Multi Cloud

Be safe with the IPv6 horde!

ipv6-horde