By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Issues with Migration from ipv4 to ipv6

0

As we know AWS is starting to charge for public IPv4 addresses, hence we were trying to move our workloads in public subnets to ipv6-only subnets. While doing this migration, we found a lot of challenges that need to be overcome. A few of them we found out are listed here:

  • SQS, Codedeploy does not work with ipv6 directly. We need to create VPC endpoints per AZ for it to connect to SQS/Codedeploy. This adds a cost of VPC endpoints.
  • Target groups do not support instances with only ipv6.
  • Application running inside EC2 with only ipv6 will not be able to connect to services on the internet using ipv4. A way-around is using DNS resolver+NAT gateway, but this would again increase the NAT cost.
  • Services/ Clients (with ipv4 support only) trying to access the EC2 for SSH/HTTP would fail. Ex: My ISP does not support ipv6, hence I would not be able to connect to the ipv6-only EC2.
  • SSM does not yet work on ipv6. Hence connecting via Session Manager or getting values from parameter stores did not work.
  • IMDS endpoint would change for ipv6, wherever we are using that in our application.
  • Could not find any doc on whether KMS works properly with ipv6 or not.

Do we have any way around to solve these challenges with best practices enabled? We are also thoughtful if the cost of migrating to ipv6 will actually be worth or not considering the cost of other services ex. NAT, VPC endpoint etc.

Topics
Networking & Content DeliveryServerlessApplication Integration
Tags
Amazon VPCAmazon Simple Queue ServiceNetworking & Content DeliveryElastic Load BalancingIPv6
Language
English
soumikdey
asked 3 months ago1790 views
3 Answers
1

Migrating from IPv4 to IPv6 indeed presents multiple challenges, especially in a complex cloud environment like AWS.

AWS has the following guides for migrating to IPv6, including detailed steps for updating VPCs, subnets, and EC2 instances, and best practices for designing and operating IPv6-based networks on the AWS cloud.

https://docs.aws.amazon.com/whitepapers/latest/ipv6-on-aws/IPv6-on-AWS.html

If this has resolved your issue or was helpful, accepting the answer would be greatly appreciated. Thank you!

profile picture
EXPERT
Mina Gobrial - OptimeCloud
answered 3 months ago
1

Hi,

This is the up-to-date list of of IPv6 status for AWS services: https://docs.aws.amazon.com/vpc/latest/userguide/aws-ipv6-support.html

Your point is a valid one: I suggest that you open to a ticket to express your willingness to switch to ipv6 but the non-support of it by the services of interest to you. They may find solutions for you.

Best,

Didier

profile pictureAWS
EXPERT
Didier_Durand
answered 3 months ago
0

I am currently migrating away from public IPv4 EC2 instances where I can too, due to the new charge. I've been dismayed that so many vital AWS services remain IPv4 only (given the stated, and laudable, aim of using the charge to push us all into embracing IPv6).

Currently a little annoyed after finding that the reason my cwagent stats were no longer updating after the switch was because Cloudwatch endpoints are IPv4 only. It is a similar story with CloudFront.

However (and the OP was doubtless aware of this, but just in case anyone is not sure) if your goal is not to be charged for instances using public IPv4 addresses then it is possible to use them as targets of an Application Load Balancer, as long as they have a private IPv4 address (which does not attract a charge). For this use-case it does not matter if they also have a public IPv6 address (mine do).

rePost-User-0621396
answered 2 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content