chore: direct ipv4 traffic via EIP instead of NatGW

Author: tomashley

ansible/files/gai.conf

@@ -0,0 +1,87 @@
+# Configuration for getaddrinfo(3).
+#
+# So far only configuration for the destination address sorting is needed.
+# RFC 3484 governs the sorting.  But the RFC also says that system
+# administrators should be able to overwrite the defaults.  This can be
+# achieved here.
+#
+# All lines have an initial identifier specifying the option followed by
+# up to two values.  Information specified in this file replaces the
+# default information.  Complete absence of data of one kind causes the
+# appropriate default information to be used.  The supported commands include:
+#
+# reload  <yes|no>
+#    If set to yes, each getaddrinfo(3) call will check whether this file
+#    changed and if necessary reload.  This option should not really be
+#    used.  There are possible runtime problems.  The default is no.
+#
+# label   <mask>   <value>
+#    Add another rule to the RFC 3484 label table.  See section 2.1 in
+#    RFC 3484.  The default is:
+#
+#label ::1/128       0
+#label ::/0          1
+#label 2002::/16     2
+#label ::/96         3
+#label ::ffff:0:0/96 4
+#label fec0::/10     5
+#label fc00::/7      6
+#label 2001:0::/32   7
+#
+#    This default differs from the tables given in RFC 3484 by handling
+#    (now obsolete) site-local IPv6 addresses and Unique Local Addresses.
+#    The reason for this difference is that these addresses are never
+#    NATed while IPv4 site-local addresses most probably are.  Given
+#    the precedence of IPv6 over IPv4 (see below) on machines having only
+#    site-local IPv4 and IPv6 addresses a lookup for a global address would
+#    see the IPv6 be preferred.  The result is a long delay because the
+#    site-local IPv6 addresses cannot be used while the IPv4 address is
+#    (at least for the foreseeable future) NATed.  We also treat Teredo
+#    tunnels special.
+#
+# precedence  <mask>   <value>
+#    Add another rule to the RFC 3484 precedence table.  See section 2.1
+#    and 10.3 in RFC 3484.  The default is:
+#
+#precedence  ::1/128       50
+#precedence  ::/0          40
+#precedence  2002::/16     30
+#precedence ::/96          20
+#precedence ::ffff:0:0/96  10
+#
+#    For sites which prefer IPv4 connections change the last line to
+#
+#precedence ::ffff:0:0/96  100
+#
+# Prefer IPv4 over IPv6
+precedence ::ffff:0:0/96  100
+precedence ::/0            50
+#
+#   The 'label' directive in gai.conf assigns a priority value to specific
+#   address ranges. Lower numbers are preferred over higher numbers.
+#   By assigning the label 2 to 2002::/16, we're giving 6to4 addresses a
+#   higher priority than regular IPv6 addresses (labeled 6) but a lower
+#   priority than IPv4 addresses (labeled 4).
+#   Label IPv4 addresses
+label ::ffff:0:0/96       4
+#   Label IPv6 addresses
+#   The prefix 2002::/16 refers to 6to4 addresses. 6to4 is a transitional 
+#   mechanism designed to transmit IPv6 packets over an IPv4 network,
+#   essentially allowing IPv6 connectivity via IPv4 infrastructure.
+#   6to4 is not used in AWS and is probably unnecessary
+label 2002::/16           2
+label ::/0                 6
+#
+#
+# scopev4  <mask>  <value>
+#    Add another rule to the RFC 6724 scope table for IPv4 addresses.
+#    By default the scope IDs described in section 3.2 in RFC 6724 are
+#    used.  Changing these defaults should hardly ever be necessary.
+#    The defaults are equivalent to:
+#
+# Decrease scope of private IPv4 to allow quicker IPv6 fallback
+scopev4 ::ffff:169.254.0.0/112  2
+scopev4 ::ffff:127.0.0.0/104    2
+# scopev4 ::ffff:10.0.0.0/104     2
+# scopev4 ::ffff:172.16.0.0/108   2
+# scopev4 ::ffff:192.168.0.0/112  2

ansible/tasks/internal/optimizations.yml

@@ -37,3 +37,12 @@
     - popularity-contest
     - ubuntu-advantage-tools
   when: debpkg_mode or stage2_nix
+
+- name: prefer IPv4 connection resolution
+  become: yes
+  copy:
+    src: "files/gai.conf"
+    dest: "/etc/gai.conf"
+    owner: root
+    group: root
+    mode: 0644