- Neueste
- Die meisten Stimmen
- Die meisten Kommentare
OK. I did some tests and here are the results.
I decided to use my Windows 2012 Server instance and found out that IPv6 actually works on that instance. Then I looked at the default route on that Windows machine (which was missing in my Ubuntu instance):
\> route print
[…]
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 172.31.16.1 172.31.xx.xx 10
[…]
IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
12 266 ::/0 fe80::be:a9ff:fede:cc05
Since both of my instances are on the same subnet, I decided that the same gateway IPv6 address may work at my Ubuntu instance also, so I entered the following commands:
$ route -A inet6 add default gw fe80::be:a9ff:fede:cc05 eth0
$ route -A inet6 | grep eth0
2600:xx:xx:xx::1:1/128 :: U 256 0 0 eth0
fe80::/64 :: U 256 0 0 eth0
::/0 fe80::be:a9ff:fede:cc05 UG 1 0 0 eth0
ff00::/8 :: U 256 2 0 eth0
$ ip -6 route show
2600:xx:xx:xx::1:1 dev eth0 proto kernel metric 256
fe80::/64 dev eth0 proto kernel metric 256
default via fe80::be:a9ff:fede:cc05 dev eth0 metric 1
And now everything works: I can reach IPv6 Internet hosts from my instance and my instance can be reached from IPv6 Internet clients. I just put a test CGI script on my IPv6 enabled test site:
http://www.kadifeli.name.tr/cgi/sysinfo.pl
You can see your client and my server IPv6 address towards the end of the script output (REMOTE_ADDR and SERVER_ADDR).
--
DominikN,
I think your problem is that you are using “Egress Only Internet Gateway.” I deleted my Egress Only Internet Gateway and I am currently using just my old “Internet Gateway”. No need for “NAT Internet Gateway” also.
My Route Tables’ Routes are like this:
Destination Target Status Propagated
172.31.0.0/16 local Active No
2600:xx:xx:xx::/56 local Active No
0.0.0.0/0 igw-xxxx Active No
::/0 igw-xxxx Active No
(Note: Same gateway for IPv4 and IPv6!)
Network ACLs ALLOW inbound and outbound traffic for “::/0”
Security Groups for the instances allow “ALL Traffic” for destination “::/0” (Outbound Rules). Inbound Rules are permissive on Protocol / Port / Source bases, like:
HTTP (80) TCP (6) 80 ::/0
HTTPS (443) TCP (6) 443 ::/0
All ICMP - IPv6 IPv6-ICMP (58) ALL ::/0
Last words:
I am still confused on why the default IPv6 route is not automatically added in my Ubuntu 14.04.5 LTS instance when eth0 goes up and I have to add it manually…
Currently, I am one step behind of you. I have done everything given in the VPC documentation, but my t2-micro Ubuntu (14.04.5 LTS) instance can only access the IPV6 address (2600:xx:xx:xx::1:1) assigned to it:
$ ping6 2600:xx:xx:xx::1:1
...
( pings OK.. )
or
$ nc -v 2600:xx:xx:xx::1:1 22
Connection to 2600:xx:xx:xx::1:1 22 port \[tcp/ssh] succeeded!
SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.8
...
However, the instance cannot access any other IPV6. For example:
$ ping6 2607:f8b0:400a:800::200e
connect: Network is unreachable
or
$ nc -v 2607:f8b0:400a:800::200e 80
nc: connect to 2607:f8b0:400a:800::200e port 80 (tcp) failed: Network is unreachable
What am I missing?
Hi fedkad,
do you have (a) an Egress Only Internet Gateway set up in your VPC, (b) configured it as gateway for ::/0 in the route table and (c) any possible Network ACLs and Security Groups permit for incoming and outgoing IPv6 traffic?
Within your instance, could you check that an IPv6 default route is set as per the "default via … proto ra" line below:
dominik@ip-172-aa-bb-cc:~$ ip -6 route show
2001:db8:dead:beef::/64 dev tun0 proto kernel metric 256 pref medium
2a05:d018:n:n::23 dev eth0 proto kernel metric 256 pref medium
fe80::/64 dev eth0 proto kernel metric 256 mtu 9001 pref medium
default via fe80::b8:4aff:feb2:ce81 dev eth0 proto ra metric 1024 expires 1796sec hoplimit 64 pref medium
Best regards
Dominik
Hi DominikN,
Although my answers to your 3 questions are yes, I do not have a default IPv6 route in my instance. Only these:
$ ip -6 route show
2600:xx:xx:xx::1:1 dev eth0 proto kernel metric 256 mtu 9001
fe80::/64 dev eth0 proto kernel metric 256 mtu 9001
I did "ifdown eth0; ifup eth0" or even I rebooted my instance with nothing changing.
Note: IPv4 is functioning normally:
$ ip route show
default via 172.31.16.1 dev eth0
172.31.16.0/20 dev eth0 proto kernel scope link src 172.31.xx.xx
I am on us-west-2.
QUESTIONS:
- Is still IPv6 on EC2 instances experimental?
- My instance, the VPC, and all related resources (interfaces, subnets, etc.) were created in mid 2015 and have "short" ids. May the problem be related to this?
Hi fedkad,
thanks for the eye-opening referral to using an igw instead of an eigw. No idea where I took the impression from that I had to use an eigw, but it works like a charm now.
Best regards
Dominik
PS: Out of curiosity, I'll try to look into the 14.04 issue with IPv6 later, using the Oregon Region, too.
I am glad I helped you.
PS: Out of curiosity, I'll try to look into the 14.04 issue with IPv6 later, using the Oregon Region, too.
I will appreciate that.
Regards.
Hi fedkad,
I think for 14.04 you will need to configure the /etc/network/interfaces.d/xxx.cfg to explicitly accept ra's:
ubuntu@ip-172-31-xx-yy:~$ cat /etc/network/interfaces.d/eth0.cfg
auto eth0
iface eth0 inet dhcp
iface eth0 inet6 dhcp
accept_ra 1
ubuntu@ip-172-31-xx-yy:~$ ip -6 ro sh
2600:1f14:nn:nn:6d74:6b1b:24f9:65de dev eth0 proto kernel metric 256
fe80::/64 dev eth0 proto kernel metric 256 mtu 9001
default via fe80::483:68ff:fe99:80bd dev eth0 proto ra metric 1024 expires 1797sec hoplimit 64
ubuntu@ip-172-31-xx-yy:~$ ping6 -c1 -n www.iana.org
PING www.iana.org(2620:0:2d0:200::8) 56 data bytes
64 bytes from 2620:0:2d0:200::8: icmp_seq=1 ttl=45 time=28.0 ms
According to the interfaces(5) manpage, the default behaviour on 14.04 is to not accept RAs.
On 16.04, the default behaviour changed to accept RAs and to enable IPv6 forwarding.
Hope that helps
Dominik
Yes. That is exactly what I was looking for. Problem is fixed now. Thank you!
Relevanter Inhalt
- AWS OFFICIALAktualisiert vor 2 Jahren
- AWS OFFICIALAktualisiert vor 2 Jahren
- AWS OFFICIALAktualisiert vor einem Jahr