Hacker News new | ask | show | jobs
by hosh 67 days ago
I am in the middle of building infrastructure in GCP. The workload is your typical stateless web + db workload.

As of now, there is no way to have a 100% internal ipv6. Many of the services, including CloudSQL or the connection between external and internal load balancers do not support ipv6, even when the external load balancer support ipv6 forwarding rules at the front end.

This means that careful internal ipv4 allocations still matter.
2 comments
dijit 67 days ago
I think its incredibly ironic actually. The place where IPs are burned through rapidly (internal) is forced to use v4. (and, potentially even a subset of it, RFC1918; likely conflicting with some large company or service if they decide to plumb it together later- or you burn publicly accessible IPs in the limited address space)

But the one interface that touches the internet can use v6: the one with a functionally infinite address space.

link
hosh 67 days ago
GCP encourages customers to use Class E (240.0.0.0/4) as internal IPs. That helps.

What I am building won’t exhaust that, but I hear some customers are blowing through even that.

PSC has a builtin NAT. That also helps stitch things together.

… or we can have ipv6.

link
kalleboo 67 days ago
I had the same issue a few months ago on AWS. All I want is a server (that pulls a container), a database, and a load balancer. It's all going behind CloudFront so there should be no need to pay for an IPv4 address for any internal machine. Couldn't do it. Since then I saw that there was some movement on IPv6 for RDS but IIRC there was still some other blocker.
link
vel0city 67 days ago
> so there should be no need to pay for an IPv4 address for any internal machine

At what level did you need to pay for IPv4 addresses in this stack? You should have been able to make this work with a private IPv4 space, have the ECS services be dual-stack and be on both the v6 network and the v4 network to talk to the database server, have the ALB be v6, and then have Cloudfront be v6. If you wanted, you could also just ignore v6 for the ECS services and have them just live in that same v4 subnet entirely.

I could be wrong (and please tell me what I'm missing) but you shouldn't have had to pay for IPv4 in this case. I do just wish RDS (and so much else) would just support IPv6 though, you shouldn't need to have a bunch of extra subnets just to talk to your database.

link