Looking at avoiding IPv4 charges on AWS

Amazon Web Services (AWS) is going to start charging for the use of IPv4.?At first glance the $0.005 does not seem too prohibitive. However, when you realize that comes out to $43.80 a year, which is near the cost of purchasing an IPv4 outright, it becomes a bit more burdensome.?Remember, this is not only the Elastic IPs you have attached to instances but also VPN Gateways (two per VPN), Global Accelerator, Public Facing ELBs, and NAT Gateways.?If you are curious about your use of Public IPs, you can use Amazon VPC IP Address Manager’s new tool Public IP Insights to review the use of Public IPs in any VPC.?That said, this can end up being costly for some organizations who only have about four months to decide on a course of action before 2024.?Here are a couple of ways you can reduce or eliminate the number of Public IPv4s in your #aws environment.

Switch to IPv6

The suggested solution for several years has been to move to IPv6.?With a far wider range of available IPv6 addresses, there is no issue for AWS to give out Public IPv6 addresses.?AWS has made it fairly simple to migrate over to their IPv6 ready solutions while having an available Dual Stack solution for the solutions not ready for IPv4 (except for Lambda which can support IPv6 Public Endpoints).?The real issue with IPv6 is only about 40% of the internet is IPv6 ready.?Even AWS has big gaps in IPv6 support.?In fact, for Dual Stack support, you are still going to have to use a NAT Gateway with an IPv4 address.?

BYOIP

If you are lucky enough to have a pool of Public IPs registered to you, you can #BYOIP into AWS.?In this case, you take over the responsibility of providing your own Public IPs.?There are some considerations, however, before you utilize this solution. ?To begin, you need to own Public IPs associated with ASN you control.?The most specific subnet you can bring in is /24.In other words, you need to have at least 256 continuous IP addresses to use BYOIP.?Also, you will need to adjust your Internet Routing because you will have to remove the advertisement for the IP ranges you have used in BYOIP (which will be advertised by Amazon on that point).?It would also be helpful to have a Direct Connect.?Finally, you will ?have to go through a bit of a process to register the IPs like seen below.

Use AWS ISV Partners to help mitigate the problem

If you aren’t ready for IPv6 and you don’t have the spare Class C, fear not.?There are different ways to reduce your need for Public IPv4 in your AWS Build with some re-architecture and the help of some ISV partners.?If you are looking to remove some of the costs of Global Accelerator, it can make sense to use a Megaport MCR or Equinix Partners ECX, especially if you are connecting to other SaaS services.?If you are using a ton of Public IPs for Security devices, it might be wise to consolidate into a Shared Service VPC using AWS Firewall Manager to manage your cloud firewalls, for instance.?You can also use tools like Alkira, Inc. (Alkira) or Prosimo.io (Prosimo) to reduce the necessity of NAT Gateways and Public IPv4s.?

In the end, Cloud Networking teams are going to have to review their use of #ipv4 .?It’s easy to end up with VPCs with 40 or 50 unnecessary Public IPs because they used to be free.?Thousands of dollars could be spent that would have been saved by a fresh look.?In cases like this, sometimes it is helpful to have outside experience, whether that be trusted colleagues or a good message board you can reference while planning.?Alternatively, you can work with solution architects from AWS or look to leverage outside consultants.?It is important to build a team of resources that you trust to execute your mission. If you are looking for guidance, please feel to reach out to us at? Oxford Global Resources