Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

EFS upport in IPv6-only VPC subnets

0

I'm experimenting with IPv6-only VPC subnets and EC2 instances but failed to connect them to EFS. Is this supported? If not, when is it expected to?

I tried to add an EFS Mount Target on the IPv6-only subnet to be certain and it failed with an error (sorry, didn't capture which one). Then I tried adding the mount target to a regular subnet that had automatic IPv6 assignment enabled; while that succeeded, no IPv6 address was assigned to the network interface. If I try to assign one manually by editing the network interface, I get the answer that I don't have permission to do that.

In general, it looks like most AWS services cannot be used from IPv6-only subnets. Does AWS have in general a dashboard we can consult on the enabling of IPv6 support for its services and command-line tools?

Topics
ComputeStorageNetworking & Content Delivery
Tags
Amazon EC2Amazon VPCAmazon Elastic File System
Language
English
asked 4 years ago1.6K views
2 Answers
2

As of this writing, you cannot create IPv6 mount targets for EFS file systems in an AWS VPC.

As a workaround, you can create a mount target in an IPv4 (or dual-stack) subnet in the same VPC, and use NAT64+DNS64 to perform IPv6-to-IPv4 translation in your subnet so that the instance can access the mount target. To do this, perform the following steps:

  1. Ensure DNS64 support is enabled for your IPv6-only subnet.
  2. If you don't have one already, create an IPv4 subnet in the same VPC. This subnet can be private.
  3. Create a NAT Gateway in your VPC, either in the subnet you created above, or in a different IPv4 subnet in the VPC. (You cannot put it in an IPv6-only subnet.) Many customers place their NAT Gateways in public subnets; the choice is yours.
  4. In the routing table associated with your IPv6-only subnet, add a route to the destination 64:ff9b::/96, using your NAT Gateway as the target. (The IPv6 prefix 64:ff9b is used for mapping IPv4 names to IPv6 addresses that can be accessed by your IPv6-only instance via the NAT Gateway.)
  5. Create a Security Group in your VPC. For the ingress rule, allow inbound traffic over the NFS port from the IPv4 subnet in which your NAT Gateway resides (e.g., 10.0.0.0/24).
  6. Add a mount target to your EFS filesystem. Specify one of the IPv4 subnets as the subnet. It cannot be an IPv6-only subnet. Specify the Security Group you created in the previous step.

Once those steps have been completed, you should be able to mount the filesystem from your IPv6-only EC2 instance. For example:

$ ip addr show eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9001 qdisc mq state UP group default qlen 1000
    link/ether 02:62:78:xx:xx:xx brd ff:ff:ff:ff:ff:ff
    inet 169.254.29.180/32 scope global dynamic eth0
       valid_lft 2356sec preferred_lft 2356sec
    inet6 2600:1f14:31b:xxxx:xxxx:xxxx:xxxx:xxxx/128 scope global dynamic 
       valid_lft 413sec preferred_lft 103sec
    inet6 fe80::62:78ff:xxxx:xxxx/64 scope link 
       valid_lft forever preferred_lft forever
$ sudo mount -t nfs -o nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2,noresvport fs-xxxxxxxxxxx.efs.us-west-2.amazonaws.com:/ /mnt
$ ls /mnt
...
$ $ mount | grep /mnt
fs-xxxxxxxxxxxxxxxxxxxx.efs.us-west-2.amazonaws.com:/ on /mnt type nfs4 (rw,relatime,vers=4.1,rsize=1048576,wsize=1048576,namlen=255,hard,noresvport,proto=tcp6,timeo=600,retrans=2,sec=sys,clientaddr=2600:1f14:31b:2b80:xxxx:xxxx:xxxx:xxxx,local_lock=none,addr=64:ff9b::a00:1d5)
AWS
EXPERT
answered 4 years ago
0

Dual stack and IPv6 only mount targets are now support. However existing mount targets need to deleted and then created when connected to supporting subnets to have this, resulting in downtime.

answered 9 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content