Polls

Is there an unsecured wireless network near you?
 
AWS claims 'monumental step forward' with optional IPv6-only networks
Thursday, 25 November 2021 05:04

HTTP/2 200 date: Thu, 25 Nov 2021 13:00:12 GMT content-type: text/html; charset=UTF-8 link: ; rel=preload; as=script;,/6f857afb6f499b25b53f7d911ac3c9d349b31776/javascript/_.js>; rel=preload; as=script;,/default/369f59baae84fa1030258d81be5d48ed69faeb00/scaffolding.css>; rel=preload; as=style;,/default/369f59baae84fa1030258d81be5d48ed69faeb00/design.css>; rel=preload; as=style;,/5e49edbd1875f214e0decae1e24b200066780fa8/style/fonts/arimo/arimo-700.latin.woff2>; rel=preload; as=font; crossorigin;,/5e49edbd1875f214e0decae1e24b200066780fa8/style/fonts/arimo/arimo-400.latin.woff2>; rel=preload; as=font; crossorigin; cache-control: max-age=0 expires: Thu, 25 Nov 2021 13:00:12 GMT vary: Accept-Encoding x-reg-bofh: pfy03us x-clacks-overhead: GNU Terry Pratchett, Lester Haines x-content-type-options: nosniff cf-cache-status: DYNAMIC expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" server: cloudflare cf-ray: 6b3b0effde28df81-MEL alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 AWS debuts optional IPv6-only networks • The Register

10 quintillion IP addresses per subnet but expect some pain


AWS customers can now create IPv6-only virtual private cloud (VPC) networks, with the company claiming it is a "monumental step forward" towards the enablement of IPv6 on its cloud.

Systems running dual network stacks (supporting both IPv4 and IPv6 addresses) are commonplace, but IPv6-only is less common. The new feature allows admins to create a IPv6-only subnet within a dual-stack VPC.

A limitation is that EC2 (Elastic Compute Cloud) instances launched into IP-v6 only subnets must be built on Nitro, a custom hypervisor and network card which has both performance and security advantages.

Each subnet has a /64 CIDR (Classless Inter-Domain Routing) range, offering "approximately 10 quintillion IP addresses for applications," according to AWS.

AWS claims 'monumental step forward' with optional IPv6-only networks

Creating an IPv6-only subnet on AWS

In a separate post, solutions architect Rohit Aswani and senior product manager Aditya Santhanam said that the capability is "ideal if you have workloads, such as serverless and container applications, that consume a large number of IP addresses."

AWS has enabled its local Instance Metadata Service (IMDS), Time Sync, and VPC DNS server to be accessed with IPv6 addresses. Currently some operations can only be done with the AWS API or CLI (Command-line interface) and not from the web-based console. The IMDS gives the ability to retrieve data about or to configure the EC2 VMs, so it is a critical part of the AWS infrastructure.

Making them a little bit easier to remember, the local addresses for the instance services all have the ULA (Unique Local IPv6 Unicast Address) prefix fd00:ec2. For example, the Time Sync service is at fd00:ec2::123.

IPv6-only interfaces can be exposed to the public internet, subject to security group rules in the normal way. An issue though is what happens if clients are on IPv4-only networks.

Aswani and Santhanam explained that "if the end user is located in a corporate network that doesn’t support IPv6 address space, you need to launch a dual-stack instance in a dual-stack subnet which the user can SSH into via public IPv4 address first. Then, from that dual-stack instance, the user can SSH into the IPv6-only instance."

The same logic would apply to other applications that need to be accessible via IPv4, but to call services in an IPv6-only subnet. The general approach would be IPv6 for the core, and IPv4 for public accessibility. A full walkthrough of setting up an IPv6-only subnet in an AWS VPC is here.

AWS is ahead of rivals Microsoft and Google in its IPv6-only enablement. Both Azure and GCP support dual-stack virtual networks but do not match what AWS now offers.

It may seem that an IPv6-only subnet is all pain and no gain for administrators. There are some potential benefits, though, one being a strategic one, in that it gives developers and hardware vendors an incentive to ensure applications work correctly in IPv6 and may therefore accelerate its adoption.

Another benefit is eliminating the risk of IP address conflicts, for example when a VPN connects two local networks both of which use the same local IPv4 address range. When will IPv4 become legacy and IPv6 the norm? That moment always seems to be five to 10 years away

Similar topics


Other stories you might like

Brit MPs are being encouraged to pay attention to the role software plays as they prepare a report on reproducibility in the science and technology industry, which adds around £36bn to the economy.

According to joint academics group the Software Sustainability Institute, about 69 per cent of research is produced with specialist software, which could be anything from short scripts to solve a specific problem, to complex spreadsheets analysing collected data, to the millions of lines of code behind the Large Hadron Collider and the Square Kilometre Array.

"With many studies, research published without the underlying software used to produce the results is unverifiable," the institute said in its submission to the Parliamentary Science and Technology Committee's Reproducibility and Research Integrity Inquiry.

Continue readingAutonomy accounts whistleblowers may testify at founder Mike Lynch's US criminal trial Recent legal wranglings sliced, diced, and dished up for your reading pleasure

As the US government targets Darktrace personnel as witnesses for Autonomy founder Mike Lynch's forthcoming criminal trial, it's also seeking extra evidence from internal Autonomy whistleblowers.

News broke last weekend that US prosecutors were demanding disclosure of documents, emails, and chat logs from infosec firm Darktrace's CEO, Poppy Gustafsson. Prosecutors want her, among others, to appear as a witness at the trial of Mike Lynch - an early investor in Darktrace - and ex-VP Stephen Chamberlain.

Lynch and Chamberlain are accused of fraudulently bulking up Autonomy's reported revenues, deceiving Hewlett Packard (as it was called in 2011) into buying Autonomy for $11bn. HP later wrote down the British software company's value by $8.8bn, crying fraud as it did so. Among other things, the US alleges Autonomy presented itself to the world as a "pure play" software company while generating a chunk of its profits from hardware sales that weren't revealed in its public accounts.

Continue readingESA's Solar Orbiter will swing past Earth this week – sure hope nobody created a big cloud of space junk up there Oh wait

Interview "At 12km/s we'd be a really effective [anti-satellite] weapon," Daniel Lakey, Solar Orbiter spacecraft operations engineer at ESA tells The Reg.

He was talking to us about ESA's Solar Orbiter, which is about to undertake a flyby of Earth, requiring a careful assessment of debris as it dips close to the orbit of the International Space Station (ISS) ahead of its main science mission. The flyby is due to take place on the 26 and 27 of November.

The amount of debris on orbit was helpfully increased last week by Russia's anti-satellite missile demonstration, much to the consternation of NASA and other space agencies.

Continue reading

A new British IoT product security law is racing through the House of Commons, with the government boasting it will outlaw default admin passwords and more.

The Product Security and Telecommunications Infrastructure (PSTI) Bill was introduced yesterday and is intended to drive up security standards in consumer tech gadgetry, ranging from IoT devices to phones, fondleslabs, smart TVs, and so on.

Digital infrastructure minister Julia Lopez MP said in a canned statement: "Our Bill will put a firewall around everyday tech from phones and thermostats to dishwashers, baby monitors and doorbells, and see huge fines for those who fall foul of tough new security standards."

Continue readingRobotaxis freed to charge across 60km2 of Beijing Baidu's Apollo tech exits testing phase, so punters must now pay the machine for a ride. Would you?

Poll Sixty square kilometres in Beijing's Economic and Technological Development Zone have been approved for commercial operation of Chinese web giant Baidu's autonomous taxi service.

The service, called Apollo Go, will have over 600 pick-up and drop-off points in both commercial and residential areas and will run from 07:00 to 22:00 every day.

"With the service's first-ever commercial deployment on open roads, Apollo Go marks a further step in its accelerating progress towards large-scale commercial operation," said Baidu in a canned statement.

Continue readingGoogle advises passwords are good, spear phishing is bad, and free clouds get attacked Ad giant's first stab at providing the 'world's premier security advisory' starts with the obvious

Google's Cybersecurity Action Team has released its first "threat horizon" report on the scary things it's found on the internet.

The advertising giant launched the Team in October 2021, when execs said its ambition was to become "the world's premier security advisory team" and dispense advice that will improve cyber resilience for all.

The Team's first report offers six nuggets of intelligence, and The Register believes none will surprise readers.

Continue readingGiant Japanese corporations to launch bank-backed digital currency Central bank and government to observe effort run by railways, telcos, industrial titans, and private banks

A group of over 70 Japanese organisations have decided to create their own blockchain-backed digital currency.

The Digital Currency Forum is the entity behind the currency, which has been provisionally dubbed DCJPY. The Forum's membership includes four private banks, telcos, railway operators, and industrial giants such as Mitsubishi. Japan's central bank, Financial Services Agency, and three relevant ministries all have observer status.

The group has published a white paper [PDF] that explains how users would "mint" DCJPY by transferring money from a bank account to a digital currency account stored on a platform built and operated by Forum members. DCJPY holders could transfer the digi-Yen to other participants in that platform, or "burn" the currency by transferring it to a bank account. Direct conversion of DCJPY to cash won't initially be possible. The minimum value of a DCJPY would be one Japanese Yen.

Continue readingHuawei's AppGallery riddled with malware-infected games Cynos.7 trojan found its way into 9.3 million downloads

Cybersecurity researchers at anti-virus software company Dr Web have discovered a treasure trove of malware-laced Android games on Huawei's AppGallery.

The trojan, Android.Cynos.7.origin, is a Cynos variant that collects user information. To date it has been installed over 9.3 million times.

The infected apps ask for permission to make and manage phone calls. Once permission is given, the data collection and transfer of information to a remote server begins.

Continue readingUS bans Chinese firms – including one linked to HPE’s China JV – for feeding tech to Beijing's military Other additions to Entity List are accused of helping Pakistan, North Korea make nukes, missiles

The US Dept of Commerce's Bureau of Industry and Security has added 27 companies to its list of entities prohibited from doing business with the USA on grounds they threaten national security – and one of the firms is associated with HPE’s Chinese joint venture H3C.

A preliminary announcement [PDF] of the bans lists a company named New H3C Semiconductor Technologies Co., Ltd on the grounds of its “support of the military modernization of the People’s Liberation Army.”

The addresses given by Uncle Sam for this semiconductor business matches those listed on the website of New H3C, the Chinese company formed as a joint venture between HPE and Tsinghua Unigroup to build networking products. H3C is still the exclusive provider of HPE servers, storage, and associated technical services in China.

Continue readingKremlin names the internet giants it will kidnap the Russian staff of if they don't play ball in future Nice employees you have, be a shame if something were to happen to them

The Russian communications regulator Roskomnadzor has told 13 foreign businesses, predominantly US tech firms, they must set up and/or maintain offices in Russia if they want to keep doing business in the country.

The list includes Google, Meta/Facebook, Twitter, TikTok, and Telegram, as first reported by Reuters. Zoom, Viber, Spotify, Likee, Discord, Pinterest, and Twitch are also included.

All must now set up offices in Russia by 2022 at the latest, if they haven't already got at least one. If they decline, the regulator can take "coercive measures," such as removing the foreign businesses from Russian web search results, banning them from advertising or collecting data in the nation, and imposing other restrictions.

Continue readingTheranos' Holmes admits she slapped Big Pharma logos on lab reports to boost her biz 'I wish I had done it differently' she tells jury in fraud trial

Theranos boss Elizabeth Holmes admitted in court this week she personally added Pfizer and Schering-Plough logos to her startup's presentations while trying to seal a deal with Walgreens.

Giving testimony on Tuesday during her fraud trial, the one-time chief exec damningly revealed it was her idea to place the pair of Big Pharma logos on Theranos reports and then send them to Walgreens executives.

Holmes is battling charges she defrauded, and conspired to defraud, investors out of hundreds of millions of dollars by grossly exaggerating the abilities of her company's technology.

Continue reading

HTTP/2 200 date: Thu, 25 Nov 2021 13:00:12 GMT content-type: text/html; charset=UTF-8 link: ; rel=preload; as=script;,/6f857afb6f499b25b53f7d911ac3c9d349b31776/javascript/_.js>; rel=preload; as=script;,/default/369f59baae84fa1030258d81be5d48ed69faeb00/scaffolding.css>; rel=preload; as=style;,/default/369f59baae84fa1030258d81be5d48ed69faeb00/design.css>; rel=preload; as=style;,/5e49edbd1875f214e0decae1e24b200066780fa8/style/fonts/arimo/arimo-700.latin.woff2>; rel=preload; as=font; crossorigin;,/5e49edbd1875f214e0decae1e24b200066780fa8/style/fonts/arimo/arimo-400.latin.woff2>; rel=preload; as=font; crossorigin; cache-control: max-age=0 expires: Thu, 25 Nov 2021 13:00:12 GMT vary: Accept-Encoding x-reg-bofh: pfy03us x-clacks-overhead: GNU Terry Pratchett, Lester Haines x-content-type-options: nosniff cf-cache-status: DYNAMIC expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" server: cloudflare cf-ray: 6b3b0effde28df81-MEL alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 AWS debuts optional IPv6-only networks • The Register

10 quintillion IP addresses per subnet but expect some pain


AWS customers can now create IPv6-only virtual private cloud (VPC) networks, with the company claiming it is a "monumental step forward" towards the enablement of IPv6 on its cloud.

Systems running dual network stacks (supporting both IPv4 and IPv6 addresses) are commonplace, but IPv6-only is less common. The new feature allows admins to create a IPv6-only subnet within a dual-stack VPC.

A limitation is that EC2 (Elastic Compute Cloud) instances launched into IP-v6 only subnets must be built on Nitro, a custom hypervisor and network card which has both performance and security advantages.

Each subnet has a /64 CIDR (Classless Inter-Domain Routing) range, offering "approximately 10 quintillion IP addresses for applications," according to AWS.

AWS claims 'monumental step forward' with optional IPv6-only networks

Creating an IPv6-only subnet on AWS

In a separate post, solutions architect Rohit Aswani and senior product manager Aditya Santhanam said that the capability is "ideal if you have workloads, such as serverless and container applications, that consume a large number of IP addresses."

AWS has enabled its local Instance Metadata Service (IMDS), Time Sync, and VPC DNS server to be accessed with IPv6 addresses. Currently some operations can only be done with the AWS API or CLI (Command-line interface) and not from the web-based console. The IMDS gives the ability to retrieve data about or to configure the EC2 VMs, so it is a critical part of the AWS infrastructure.

Making them a little bit easier to remember, the local addresses for the instance services all have the ULA (Unique Local IPv6 Unicast Address) prefix fd00:ec2. For example, the Time Sync service is at fd00:ec2::123.

IPv6-only interfaces can be exposed to the public internet, subject to security group rules in the normal way. An issue though is what happens if clients are on IPv4-only networks.

Aswani and Santhanam explained that "if the end user is located in a corporate network that doesn’t support IPv6 address space, you need to launch a dual-stack instance in a dual-stack subnet which the user can SSH into via public IPv4 address first. Then, from that dual-stack instance, the user can SSH into the IPv6-only instance."

The same logic would apply to other applications that need to be accessible via IPv4, but to call services in an IPv6-only subnet. The general approach would be IPv6 for the core, and IPv4 for public accessibility. A full walkthrough of setting up an IPv6-only subnet in an AWS VPC is here.

AWS is ahead of rivals Microsoft and Google in its IPv6-only enablement. Both Azure and GCP support dual-stack virtual networks but do not match what AWS now offers.

It may seem that an IPv6-only subnet is all pain and no gain for administrators. There are some potential benefits, though, one being a strategic one, in that it gives developers and hardware vendors an incentive to ensure applications work correctly in IPv6 and may therefore accelerate its adoption.

Another benefit is eliminating the risk of IP address conflicts, for example when a VPN connects two local networks both of which use the same local IPv4 address range. When will IPv4 become legacy and IPv6 the norm? That moment always seems to be five to 10 years away

Similar topics


Other stories you might like

Brit MPs are being encouraged to pay attention to the role software plays as they prepare a report on reproducibility in the science and technology industry, which adds around £36bn to the economy.

According to joint academics group the Software Sustainability Institute, about 69 per cent of research is produced with specialist software, which could be anything from short scripts to solve a specific problem, to complex spreadsheets analysing collected data, to the millions of lines of code behind the Large Hadron Collider and the Square Kilometre Array.

"With many studies, research published without the underlying software used to produce the results is unverifiable," the institute said in its submission to the Parliamentary Science and Technology Committee's Reproducibility and Research Integrity Inquiry.

Continue readingAutonomy accounts whistleblowers may testify at founder Mike Lynch's US criminal trial Recent legal wranglings sliced, diced, and dished up for your reading pleasure

As the US government targets Darktrace personnel as witnesses for Autonomy founder Mike Lynch's forthcoming criminal trial, it's also seeking extra evidence from internal Autonomy whistleblowers.

News broke last weekend that US prosecutors were demanding disclosure of documents, emails, and chat logs from infosec firm Darktrace's CEO, Poppy Gustafsson. Prosecutors want her, among others, to appear as a witness at the trial of Mike Lynch - an early investor in Darktrace - and ex-VP Stephen Chamberlain.

Lynch and Chamberlain are accused of fraudulently bulking up Autonomy's reported revenues, deceiving Hewlett Packard (as it was called in 2011) into buying Autonomy for $11bn. HP later wrote down the British software company's value by $8.8bn, crying fraud as it did so. Among other things, the US alleges Autonomy presented itself to the world as a "pure play" software company while generating a chunk of its profits from hardware sales that weren't revealed in its public accounts.

Continue readingESA's Solar Orbiter will swing past Earth this week – sure hope nobody created a big cloud of space junk up there Oh wait

Interview "At 12km/s we'd be a really effective [anti-satellite] weapon," Daniel Lakey, Solar Orbiter spacecraft operations engineer at ESA tells The Reg.

He was talking to us about ESA's Solar Orbiter, which is about to undertake a flyby of Earth, requiring a careful assessment of debris as it dips close to the orbit of the International Space Station (ISS) ahead of its main science mission. The flyby is due to take place on the 26 and 27 of November.

The amount of debris on orbit was helpfully increased last week by Russia's anti-satellite missile demonstration, much to the consternation of NASA and other space agencies.

Continue reading

A new British IoT product security law is racing through the House of Commons, with the government boasting it will outlaw default admin passwords and more.

The Product Security and Telecommunications Infrastructure (PSTI) Bill was introduced yesterday and is intended to drive up security standards in consumer tech gadgetry, ranging from IoT devices to phones, fondleslabs, smart TVs, and so on.

Digital infrastructure minister Julia Lopez MP said in a canned statement: "Our Bill will put a firewall around everyday tech from phones and thermostats to dishwashers, baby monitors and doorbells, and see huge fines for those who fall foul of tough new security standards."

Continue readingRobotaxis freed to charge across 60km2 of Beijing Baidu's Apollo tech exits testing phase, so punters must now pay the machine for a ride. Would you?

Poll Sixty square kilometres in Beijing's Economic and Technological Development Zone have been approved for commercial operation of Chinese web giant Baidu's autonomous taxi service.

The service, called Apollo Go, will have over 600 pick-up and drop-off points in both commercial and residential areas and will run from 07:00 to 22:00 every day.

"With the service's first-ever commercial deployment on open roads, Apollo Go marks a further step in its accelerating progress towards large-scale commercial operation," said Baidu in a canned statement.

Continue readingGoogle advises passwords are good, spear phishing is bad, and free clouds get attacked Ad giant's first stab at providing the 'world's premier security advisory' starts with the obvious

Google's Cybersecurity Action Team has released its first "threat horizon" report on the scary things it's found on the internet.

The advertising giant launched the Team in October 2021, when execs said its ambition was to become "the world's premier security advisory team" and dispense advice that will improve cyber resilience for all.

The Team's first report offers six nuggets of intelligence, and The Register believes none will surprise readers.

Continue readingGiant Japanese corporations to launch bank-backed digital currency Central bank and government to observe effort run by railways, telcos, industrial titans, and private banks

A group of over 70 Japanese organisations have decided to create their own blockchain-backed digital currency.

The Digital Currency Forum is the entity behind the currency, which has been provisionally dubbed DCJPY. The Forum's membership includes four private banks, telcos, railway operators, and industrial giants such as Mitsubishi. Japan's central bank, Financial Services Agency, and three relevant ministries all have observer status.

The group has published a white paper [PDF] that explains how users would "mint" DCJPY by transferring money from a bank account to a digital currency account stored on a platform built and operated by Forum members. DCJPY holders could transfer the digi-Yen to other participants in that platform, or "burn" the currency by transferring it to a bank account. Direct conversion of DCJPY to cash won't initially be possible. The minimum value of a DCJPY would be one Japanese Yen.

Continue readingHuawei's AppGallery riddled with malware-infected games Cynos.7 trojan found its way into 9.3 million downloads

Cybersecurity researchers at anti-virus software company Dr Web have discovered a treasure trove of malware-laced Android games on Huawei's AppGallery.

The trojan, Android.Cynos.7.origin, is a Cynos variant that collects user information. To date it has been installed over 9.3 million times.

The infected apps ask for permission to make and manage phone calls. Once permission is given, the data collection and transfer of information to a remote server begins.

Continue readingUS bans Chinese firms – including one linked to HPE’s China JV – for feeding tech to Beijing's military Other additions to Entity List are accused of helping Pakistan, North Korea make nukes, missiles

The US Dept of Commerce's Bureau of Industry and Security has added 27 companies to its list of entities prohibited from doing business with the USA on grounds they threaten national security – and one of the firms is associated with HPE’s Chinese joint venture H3C.

A preliminary announcement [PDF] of the bans lists a company named New H3C Semiconductor Technologies Co., Ltd on the grounds of its “support of the military modernization of the People’s Liberation Army.”

The addresses given by Uncle Sam for this semiconductor business matches those listed on the website of New H3C, the Chinese company formed as a joint venture between HPE and Tsinghua Unigroup to build networking products. H3C is still the exclusive provider of HPE servers, storage, and associated technical services in China.

Continue readingKremlin names the internet giants it will kidnap the Russian staff of if they don't play ball in future Nice employees you have, be a shame if something were to happen to them

The Russian communications regulator Roskomnadzor has told 13 foreign businesses, predominantly US tech firms, they must set up and/or maintain offices in Russia if they want to keep doing business in the country.

The list includes Google, Meta/Facebook, Twitter, TikTok, and Telegram, as first reported by Reuters. Zoom, Viber, Spotify, Likee, Discord, Pinterest, and Twitch are also included.

All must now set up offices in Russia by 2022 at the latest, if they haven't already got at least one. If they decline, the regulator can take "coercive measures," such as removing the foreign businesses from Russian web search results, banning them from advertising or collecting data in the nation, and imposing other restrictions.

Continue readingTheranos' Holmes admits she slapped Big Pharma logos on lab reports to boost her biz 'I wish I had done it differently' she tells jury in fraud trial

Theranos boss Elizabeth Holmes admitted in court this week she personally added Pfizer and Schering-Plough logos to her startup's presentations while trying to seal a deal with Walgreens.

Giving testimony on Tuesday during her fraud trial, the one-time chief exec damningly revealed it was her idea to place the pair of Big Pharma logos on Theranos reports and then send them to Walgreens executives.

Holmes is battling charges she defrauded, and conspired to defraud, investors out of hundreds of millions of dollars by grossly exaggerating the abilities of her company's technology.

Continue reading

Source: https://bit.ly/32rGK8t