Turning on IPv6

So, recently Apple put out an AppStore notice saying (if I understand it correctly) that all services must call endpoints (e.g. API endpoints) that support IPv6 only networking.

This means we have to figure out how to turn on IPv6 in AWS (primarily). This turns out to be fairly straight forward, but there’s a few tricks.

Firstly, we need to assign IP addresses to our instances (or ELB’s). In order to do this, we first need to assign IPv6 addresses to the VPC, then to the subnet, then make sure the routing rules are in the subnet range for ::/0 (the IPv6 version of 0.0.0.0/0) and finally ensure that the IPv6 security group rules are in place. Basically, the best AWS guide can be found here: https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpc-migrate-ipv6.html

But it still gets a few things wrong. Namely, if you want the instance to be publicly available, you shouldn’t add a rule to route through the Egress-Only Gateway, rather just have it go through the regular gateway.

Also, the config on the instance (for Ubuntu) you have to make it:

# The primary network interface
auto eth0
iface eth0 inet dhcp
iface eth0 inet6 dhcp

You can also manually trigger DHCPv6 with:

dhclient -6

Which will use DHCP to get both a IPv4 and IPv6 address. Once the addresses are assigned, you can see it in the output of “ip addr”:

ubuntu@ip-10-0-0-78:~$ ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9001 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 06:cf:f8:b1:c4:e9 brd ff:ff:ff:ff:ff:ff
    inet 10.0.0.78/24 brd 10.0.0.255 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 2600:1f18:21b3:2d01:c71e:7a45:a073:1e1d/128 scope global
       valid_lft forever preferred_lft forever
    inet6 fe80::4cf:f8ff:feb1:c4e9/64 scope link
       valid_lft forever preferred_lft forever

So, once the instances have IPv6 addresses, you need to make note of the address and then add DNS AAAA records for them. Once that’s done, you can test connectivity with the following commands:

curl -v -g -6 http://[2600:1f18:21b3:2d01:3d0:d960:f613:ee43]/

curl -v -g -6 https://blog.dukic.co.nz/

ping6 ipv6.google.com

route -6

traceroute6 blog.dukic.co.nz

Turning on IPv6 on DigitalOcean was a lot simpler, but involved setting up a static IPv6 IP and gateway.

Helpful links for IPv6:

 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.