Durch die Nutzung von AWS re:Post stimmt du den AWS re:Post Nutzungsbedingungen
AWS re:Postre:Post

EFS upport in IPv6-only VPC subnets

0

I'm experimenting with IPv6-only VPC subnets and EC2 instances but failed to connect them to EFS. Is this supported? If not, when is it expected to?

I tried to add an EFS Mount Target on the IPv6-only subnet to be certain and it failed with an error (sorry, didn't capture which one). Then I tried adding the mount target to a regular subnet that had automatic IPv6 assignment enabled; while that succeeded, no IPv6 address was assigned to the network interface. If I try to assign one manually by editing the network interface, I get the answer that I don't have permission to do that.

In general, it looks like most AWS services cannot be used from IPv6-only subnets. Does AWS have in general a dashboard we can consult on the enabling of IPv6 support for its services and command-line tools?

Themen
SpeicherVernetzung & Bereitstellung von InhaltenKalkulation
Tags
Amazon Elastic DateisystemAmazon VPCAmazon EC2
Sprache
English
Thiago
gefragt vor 2 Jahren670 Aufrufe
1 Antwort
2

As of this writing, you cannot create IPv6 mount targets for EFS file systems in an AWS VPC.

As a workaround, you can create a mount target in an IPv4 (or dual-stack) subnet in the same VPC, and use NAT64+DNS64 to perform IPv6-to-IPv4 translation in your subnet so that the instance can access the mount target. To do this, perform the following steps:

  1. Ensure DNS64 support is enabled for your IPv6-only subnet.
  2. If you don't have one already, create an IPv4 subnet in the same VPC. This subnet can be private.
  3. Create a NAT Gateway in your VPC, either in the subnet you created above, or in a different IPv4 subnet in the VPC. (You cannot put it in an IPv6-only subnet.) Many customers place their NAT Gateways in public subnets; the choice is yours.
  4. In the routing table associated with your IPv6-only subnet, add a route to the destination 64:ff9b::/96, using your NAT Gateway as the target. (The IPv6 prefix 64:ff9b is used for mapping IPv4 names to IPv6 addresses that can be accessed by your IPv6-only instance via the NAT Gateway.)
  5. Create a Security Group in your VPC. For the ingress rule, allow inbound traffic over the NFS port from the IPv4 subnet in which your NAT Gateway resides (e.g., 10.0.0.0/24).
  6. Add a mount target to your EFS filesystem. Specify one of the IPv4 subnets as the subnet. It cannot be an IPv6-only subnet. Specify the Security Group you created in the previous step.

Once those steps have been completed, you should be able to mount the filesystem from your IPv6-only EC2 instance. For example:

$ ip addr show eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9001 qdisc mq state UP group default qlen 1000
    link/ether 02:62:78:xx:xx:xx brd ff:ff:ff:ff:ff:ff
    inet 169.254.29.180/32 scope global dynamic eth0
       valid_lft 2356sec preferred_lft 2356sec
    inet6 2600:1f14:31b:xxxx:xxxx:xxxx:xxxx:xxxx/128 scope global dynamic 
       valid_lft 413sec preferred_lft 103sec
    inet6 fe80::62:78ff:xxxx:xxxx/64 scope link 
       valid_lft forever preferred_lft forever
$ sudo mount -t nfs -o nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2,noresvport fs-xxxxxxxxxxx.efs.us-west-2.amazonaws.com:/ /mnt
$ ls /mnt
...
$ $ mount | grep /mnt
fs-xxxxxxxxxxxxxxxxxxxx.efs.us-west-2.amazonaws.com:/ on /mnt type nfs4 (rw,relatime,vers=4.1,rsize=1048576,wsize=1048576,namlen=255,hard,noresvport,proto=tcp6,timeo=600,retrans=2,sec=sys,clientaddr=2600:1f14:31b:2b80:xxxx:xxxx:xxxx:xxxx,local_lock=none,addr=64:ff9b::a00:1d5)
AWS
EXPERTE
MichaelFischer
beantwortet vor 2 Jahren

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen

Relevanter Inhalt