From nanog-bounces@nanog.org Mon May 26 21:16:58 2008 Date: Tue, 27 May 2008 07:46:26 +0530 From: "Suresh Ramasubramanian" <ops.lists@gmail.com> To: "Colin Alston" <karnaugh@karnaugh.za.net> Subject: Re: amazonaws.com? Cc: nanog@merit.edu
On Tue, May 27, 2008 at 1:10 AM, Colin Alston <karnaugh@karnaugh.za.net> wrote:
On 26/05/2008 18:13 Suresh Ramasubramanian wrote:
I didnt actually, Bonomi did .. but going on ..
Mis-credit where mis-credit isn't due ... Twasn't me, either. <grin> I just commented that I couldn't think of a reason for a _compute_ cluster to need access to unlimited remote machines/ports. And that it could 'trivially' be made an _automatic_ part of the 'compute session' config -- to allow access to a laundry-list of ports/machines, and those ports/machines -only-. If Amazon were a 'good neighbor', they _would_ implement something like this. That they see no need to do _anything_ -- when _actual_ problems, which are directly attributable to their failure to do so, have been brought to their attention -- does argue in favor of wholesale firewalling of the EC2 address- space. If the address-space owner won't police it's own property, there is no reason for the rest of the world to spend the time/effort to _selectively_ police it for them. Amazon _might_ 'get a clue' if enough providers walled off the EC2 space, and they found difficulty selling cycles to people who couldn't access the machines to set up their compute applications.