By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Outgoing connection from EC2 instance

0

Hi, my solution consists of the following AWS objects configured in the eu-west-2 region and in the order as follows:

  1. AWS WAF
  2. AWS Applications Load Balancer Internet Facing.
  3. Two EC2 instances c6gn.medium and configured as two nodes within AWS ALB.

The two EC2 instances have an Apache web server and 5 hosted sites; the 5 sites are reached from the outside via HTTPs so the given configuration is working.

In addition, we wanted to configure an Egress Only gateway, adopting IPv6 and configuring an IPv6 address to the two instances; these two instances need to make a connection to the outside querying an external API and receive results. The outbound connection to the Internet does not occur. Why do I have this problem? Does it depend on Apache Server installed in the EC2 instances?

Thanks in advance.

Regards, Davide

  • Davide Ciannamea
    2 months ago

    I perfomed this step:

    1. Check Egress Only Gateway Configuration: verified that the routing tables associated with your VPC are correctly configured to route IPv6 traffic through the EOG.
    2. Security Group Configuration: security groups associated with EC2 instances allow outbound IPv6 traffic and allow egress traffic on the required ports for the external API.
    3. Network ACLs: allow outbound IPv6 traffic.
    4. EC2 Instance Configuration: EC2 instances have IPv6 addresses.
    5. Apache Configuration: Apache server configurations are not explicitly blocking IPv6 traffic.
    6. Route Tables: verified correct routes for IPv6 traffic, directing it to the Egress Only Gateway.
    7. API Endpoint: external API supports IPv6
Topics
Networking & Content DeliveryCompute
Tags
Amazon VPCAmazon EC2Elastic Load BalancingIPv6
Language
English
Davide Ciannamea
asked 2 months ago1470 views
2 Answers
0

Examine the VPC subnet/s in which your two instances behind your ALB are configured, and note their IDs, then navigate to the VPC section of your AWS console, and find the routing table section.

From there identify which routing table/s is/are associated with the subnet/s in which your instances are located - and ensure that you have a default route (::/0) to the egress only gateway that is associated with your VPC.

If you still have difficulty making outbound v6 connections. - ensure that the security group associated with your instances allows outbound IPv6 traffic, and do the same for the network ACL associated with the subnet.

AWS
EXPERT
Max Clements
answered a month ago
0

Troubleshooting Outbound IPv6 Connections from EC2 to External APIs

If you're experiencing issues with outbound connections from your EC2 instances to external APIs using IPv6, follow this checklist:

1. Network Configuration: Security Groups: Verify that your EC2 instance's security groups permit outbound IPv6 traffic on required ports. Remember, default settings often block outbound IPv6. Network ACLs: Ensure that your subnet's Network Access Control Lists (NACLs) also allow the necessary outbound IPv6 traffic. Route Tables: Check that your subnet's route table includes a route to an egress-only internet gateway, with destination set to ::/0 (the IPv6 equivalent of 'all addresses')

2. Instance Configuration: IPv6 Address: Confirm that your EC2 instance has a valid IPv6 address assigned. Use ip -6 addr to view it. DNS Resolution: Ensure your instance can resolve domain names to IPv6 addresses. Use dig +short example.com AAAA to check. Apache Configuration: If Apache is involved, verify its configuration permits outbound connections. Incorrect settings might block external requests. Local Firewall: If a firewall is running on the instance, review its settings to ensure it's not blocking the outbound connections.

3. External API Compatibility: IPv6 Support: Not every API supports IPv6 connectivity. Make sure the external API you're trying to reach does support IPv6.

4. AWS Network Reachability Analyzer Use Network Reachability Analyzer: This AWS tool is specifically designed for network troubleshooting. Create a path between your EC2 instance (source) and the external API (destination) specifying the appropriate protocol and ports. Analyze the path to pinpoint where the connection is failing (e.g., security group, routing, etc.). See the AWS documentation for details: https://docs.aws.amazon.com/vpc/latest/reachability/ If the problem persists, consider:

Detailed Logging: Enable more detailed logging within your EC2 instance and/or your VPC (through VPC Flow Logs) to further analyze the issue.

PraveenMuppala_AWS
answered 18 days ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content