On Jul 27, 2021, at 6:15 PM, Vimal <j.vimal@gmail.com> wrote:
AWS Global Accelerator gives anycast IPs that's good for ingress, but my original question was about having predictable egress IPs.
It looks like having a few EIPs/a contiguous network block is the way to go.
Yes. Predictable and unchanging (but each unique per location) static IP addresses is what you’re looking for. It would be a huge convenience to others if you could specify a single contiguous CIDR block for others to “permit” in their access control lists, but alas that would be very difficult as well… Since BGP announcements generally need to be aggregated up to at least a /24 or a /48 (though people are less strict on the v6 side), each group of hosts numbered from the same block of that size would need to have internally contiguous convex routing, meaning that it would have to be interconnected by its own network (albeit that could be tunnels) and accept inbound traffic at any point on the surface of that network, backhauling it to the appropriate location. So if you wanted to be able to identify a single CIDR block with eight locations in it, you’d either need to specify a /24 that was 97% wasted, and was fully internally interconnected (i.e. no efficiencies in localizing traffic), or you’d need to advertise eight /24s, which would aggregate up to a single /21, which was 99.6% wasted. So, you can see why the combination of scarce IPv4 addresses, scarce BGP routing slots, and content routing tricks often don’t play well together. -Bill