> On Jul 27, 2021, at 6:15 PM, Vimal <j.vi...@gmail.com> wrote: > > AWS Global Accelerator gives anycast IPs that's good for ingress, but my > original question was about having predictable egress IPs. > > It looks like having a few EIPs/a contiguous network block is the way to go.
Yes. Predictable and unchanging (but each unique per location) static IP
addresses is what you’re looking for.
It would be a huge convenience to others if you could specify a single
contiguous CIDR block for others to “permit” in their access control lists, but
alas that would be very difficult as well… Since BGP announcements generally
need to be aggregated up to at least a /24 or a /48 (though people are less
strict on the v6 side), each group of hosts numbered from the same block of
that size would need to have internally contiguous convex routing, meaning that
it would have to be interconnected by its own network (albeit that could be
tunnels) and accept inbound traffic at any point on the surface of that
network, backhauling it to the appropriate location. So if you wanted to be
able to identify a single CIDR block with eight locations in it, you’d either
need to specify a /24 that was 97% wasted, and was fully internally
interconnected (i.e. no efficiencies in localizing traffic), or you’d need to
advertise eight /24s, which would aggregate up to a single /21, which was 99.6%
wasted.
So, you can see why the combination of scarce IPv4 addresses, scarce BGP
routing slots, and content routing tricks often don’t play well together.
-Bill
signature.asc
Description: Message signed with OpenPGP
