Annoying AWS Firewalls (short)
So, here's some of my experience and the problems with AWS.
As with anything, the more and more that thing is used it becomes easier to see the failings and cracks - some of them gaping. In AWS's case, there is quite a large issue with respect to their firewall system, in my opinion.
Many cloud server providers have a sub-net on each server created. This is usually used for updating servers, managing and resizing etc. Unfortunately this is where the issue lies, subnets can present problems with routing and connections. AWS provide no means of controlling this sub-net and the security groups don't touch the sub-net either.
The following are cases that i've found to hold true when using AWS.
- SIP/WebRTC routing + transcoding server. Routing packets to destination addresses can cause confusion and thus they just get trapped on the server.
- Deepstream - When logging in, below is the error that can occasionally be observed, i.e. not all the time,
WebSocket connection to 'wss://domain.co.uk/deepstream' failed: Error during WebSocket handshake: net::ERR_RESPONSE_HEADERS_TRUNCATED
This second issue can cause initial connection/login delays of 1-15 seconds and thus represent a critical issue when considering it's application; a real-time communications application.
I have contacted AWS about changing/removing the service net and this is something they will not do. Therefore, the critical messaging servers are now being moved. Rackspace has been identified as a potential solution to this annoying issue.
Update:
After testing deepstream on rackspace, even with the service net on I can confirm the issue described above is not present.