On Tue, Jun 2, 2015 at 12:25 AM, Tony Hain <alh-ietf@tndh.net> wrote:
-----Original Message----- From: christopher.morrow@gmail.com [mailto:christopher.morrow@gmail.com] On Behalf Of Christopher Morrow Sent: Monday, June 01, 2015 5:10 PM To: Tony Hain Cc: Hugo Slabbert; Matt Palmer; nanog list Subject: Re: AWS Elastic IP architecture
On Mon, Jun 1, 2015 at 7:20 PM, Tony Hain <alh-ietf@tndh.net> wrote:
True, but it does represent a business decision to choose IPv6. The relevant point here is that the "NEXT" facebook/twitter/snapchat/... is likely being pushed by clueless investors into outsourcing their infrastructure to AWS/Azure/Google-cloud.
;; ANSWER SECTION: www.snapchat.com. 3433 IN CNAME ghs.google.com. ghs.google.com. 21599 IN CNAME ghs.l.google.com. ghs.l.google.com. 299 IN A 64.233.176.121
snapchat seems to be doing just fine on 'google cloud services' though? oh:
;; ANSWER SECTION: www.snapchat.com. 3388 IN CNAME ghs.google.com. ghs.google.com. 21599 IN CNAME ghs.l.google.com. ghs.l.google.com. 299 IN AAAA 2607:f8b0:4002:c06::79
ha!
Try https://snapchat.com and see if you ever get an IPv6 connection... Yes an
;; QUESTION SECTION: ;snapchat.com. IN AAAA there is no AAAA for the bare domain... and the bare domain appears to be served from amazon space (54.192.48.27) ~$ openssl s_client -connect snapchat.com:443 CONNECTED(00000003) 139892295607968:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:s23_clnt.c:770: aside from that .... no https listener. Your wang shots are not worth encrypting I suppose? application aware proxy can hack some services into appearing to work, but they really fail the service customer because a site may appear to be up over IPv6 until the user switches to https, then having to switch to IPv4 end up appearing dead because IPv4 routing is having a bad hair day.