Re: Anycast but for egress

[Bill Woodcock <woody () pch net>]

> On Jul 27, 2021, at 6:15 PM, Vimal <j.vimal () gmail com> wrote:
>
> AWS Global Accelerator gives anycast IPs that's good for ingress, but my original question was about having 
> predictable egress IPs.
>
> It looks like having a few EIPs/a contiguous network block is the way to go.

Yes.  Predictable and unchanging (but each unique per location) static IP addresses is what you’re looking for.

It would be a huge convenience to others if you could specify a single contiguous CIDR block for others to “permit” in 
their access control lists, but alas that would be very difficult as well…  Since BGP announcements generally need to 
be aggregated up to at least a /24 or a /48 (though people are less strict on the v6 side), each group of hosts 
numbered from the same block of that size would need to have internally contiguous convex routing, meaning that it 
would have to be interconnected by its own network (albeit that could be tunnels) and accept inbound traffic at any 
point on the surface of that network, backhauling it to the appropriate location.  So if you wanted to be able to 
identify a single CIDR block with eight locations in it, you’d either need to specify a /24 that was 97% wasted, and 
was fully internally interconnected (i.e. no efficiencies in localizing traffic), or you’d need to advertise eight 
/24s, which would aggregate up to a single /21, which was 99.6% wasted.

So, you can see why the combination of scarce IPv4 addresses, scarce BGP routing slots, and content routing tricks 
often don’t play well together.

                                -Bill

Attachment: signature.asc
Description: Message signed with OpenPGP