cancel
Showing results for 
Search instead for 
Did you mean: 

Amazon EC2 gets full IPv6 support

Highlighted
Dabbler
Posts: 15
Thanks: 4
Registered: ‎12-12-2013

Amazon EC2 gets full IPv6 support

Nothing to do with Plusnet, but I thought IPv6 people might be interested.

Amazon EC2 now has full IPv6 support. Every VM can have its own (public) IPv6 address in addition to its (private, maybe NAT'd) IPv4 address.

https://aws.amazon.com/blogs/aws/new-ipv6-support-for-ec2-instances-in-virtual-private-clouds/

http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/get-started-ipv6.html

http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpc-migrate-ipv6.html

The announcement, from 1st December 2016, said this was initially only in US East (Ohio) region; but I've just tested it in eu-west-1 (Ireland) and it's fully up and running there.

To try it:

* Select your VPC, select "Add IPv6 CIDR". This assigns you a /56.

* Go to each of your VPC subnets. Select "Add IPv6 CIDR". Lets you choose a /64 out of that /56. Don't forget to click the tick icon or it won't be saved.

* Add a ::/0 route in your VPC Route Table pointing to your existing Internet Gateway.

* Add inbound IPv6 rules to your security groups as required. (Outbound is allowed by default; you'll see a new outbound rule for ::/0)

* If you are running older instance types, you need to upgrade them to a current instance type which supports IPv6

http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-types.html#instance-networking-storage

* Assign an IPv6 address to the instance itself: select the instance, then Networking > Manage IP Addresses

* Configure your OS to pick up an IPv6 address via DHCPv6, e.g. for Ubuntu 16.04:

iface ens3 inet6 dhcp

and then restart interface (or "dhclient -6 ens3")

* Make sure your OS is picking up router advertisements to get a default gateway

Normally this happens automatically. But if for some reason your VM has IP forwarding enabled (e.g. it's acting as a NAT gateway), then by default it doesn't accept RAs. So you have to enable this by setting accept_ra to 2 - this is a boolean with three values 🙂

iface ens3 inet6 dhcp
accept_ra 2

# or: sysctl net.ipv6.conf.ens3.accept_ra=2

Et voila!

root@ip-172-31-0-238:~# ping6 -c3 2001:4860:4860::8888
PING 2001:4860:4860::8888(2001:4860:4860::8888) 56 data bytes
64 bytes from 2001:4860:4860::8888: icmp_seq=1 ttl=51 time=1.04 ms
64 bytes from 2001:4860:4860::8888: icmp_seq=2 ttl=51 time=1.03 ms
64 bytes from 2001:4860:4860::8888: icmp_seq=3 ttl=51 time=1.12 ms

--- 2001:4860:4860::8888 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2002ms
rtt min/avg/max/mdev = 1.037/1.070/1.127/0.055 ms

They seem to have made a very sound job of implementing this properly.