So, recently Apple put out an AppStore notice saying (if I understand it correctly) that all services must call endpoints (e.g. API endpoints) that support IPv6 only networking.
This means we have to figure out how to turn on IPv6 in AWS (primarily). This turns out to be fairly straight forward, but there’s a few tricks.
Firstly, we need to assign IP addresses to our instances (or ELB’s). In order to do this, we first need to assign IPv6 addresses to the VPC, then to the subnet, then make sure the routing rules are in the subnet range for ::/0 (the IPv6 version of 0.0.0.0/0) and finally ensure that the IPv6 security group rules are in place. Basically, the best AWS guide can be found here: https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpc-migrate-ipv6.html
But it still gets a few things wrong. Namely, if you want the instance to be publicly available, you shouldn’t add a rule to route through the Egress-Only Gateway, rather just have it go through the regular gateway.
Also, the config on the instance (for Ubuntu) you have to make it:
# The primary network interface auto eth0 iface eth0 inet dhcp iface eth0 inet6 dhcp
You can also manually trigger DHCPv6 with:
Which will use DHCP to get both a IPv4 and IPv6 address. Once the addresses are assigned, you can see it in the output of “ip addr”:
ubuntu@ip-10-0-0-78:~$ ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9001 qdisc pfifo_fast state UP group default qlen 1000 link/ether 06:cf:f8:b1:c4:e9 brd ff:ff:ff:ff:ff:ff inet 10.0.0.78/24 brd 10.0.0.255 scope global eth0 valid_lft forever preferred_lft forever inet6 2600:1f18:21b3:2d01:c71e:7a45:a073:1e1d/128 scope global valid_lft forever preferred_lft forever inet6 fe80::4cf:f8ff:feb1:c4e9/64 scope link valid_lft forever preferred_lft forever
So, once the instances have IPv6 addresses, you need to make note of the address and then add DNS AAAA records for them. Once that’s done, you can test connectivity with the following commands:
curl -v -g -6 http://[2600:1f18:21b3:2d01:3d0:d960:f613:ee43]/ curl -v -g -6 https://blog.dukic.co.nz/ ping6 ipv6.google.com route -6 traceroute6 blog.dukic.co.nz
Turning on IPv6 on DigitalOcean was a lot simpler, but involved setting up a static IPv6 IP and gateway.
Helpful links for IPv6: