- Newest
- Most votes
- Most comments
Examine the VPC subnet/s in which your two instances behind your ALB are configured, and note their IDs, then navigate to the VPC section of your AWS console, and find the routing table section.
From there identify which routing table/s is/are associated with the subnet/s in which your instances are located - and ensure that you have a default route (::/0) to the egress only gateway that is associated with your VPC.
If you still have difficulty making outbound v6 connections. - ensure that the security group associated with your instances allows outbound IPv6 traffic, and do the same for the network ACL associated with the subnet.
Troubleshooting Outbound IPv6 Connections from EC2 to External APIs
If you're experiencing issues with outbound connections from your EC2 instances to external APIs using IPv6, follow this checklist:
1. Network Configuration: Security Groups: Verify that your EC2 instance's security groups permit outbound IPv6 traffic on required ports. Remember, default settings often block outbound IPv6. Network ACLs: Ensure that your subnet's Network Access Control Lists (NACLs) also allow the necessary outbound IPv6 traffic. Route Tables: Check that your subnet's route table includes a route to an egress-only internet gateway, with destination set to ::/0 (the IPv6 equivalent of 'all addresses')
2. Instance Configuration: IPv6 Address: Confirm that your EC2 instance has a valid IPv6 address assigned. Use ip -6 addr to view it. DNS Resolution: Ensure your instance can resolve domain names to IPv6 addresses. Use dig +short example.com AAAA to check. Apache Configuration: If Apache is involved, verify its configuration permits outbound connections. Incorrect settings might block external requests. Local Firewall: If a firewall is running on the instance, review its settings to ensure it's not blocking the outbound connections.
3. External API Compatibility: IPv6 Support: Not every API supports IPv6 connectivity. Make sure the external API you're trying to reach does support IPv6.
4. AWS Network Reachability Analyzer Use Network Reachability Analyzer: This AWS tool is specifically designed for network troubleshooting. Create a path between your EC2 instance (source) and the external API (destination) specifying the appropriate protocol and ports. Analyze the path to pinpoint where the connection is failing (e.g., security group, routing, etc.). See the AWS documentation for details: https://docs.aws.amazon.com/vpc/latest/reachability/ If the problem persists, consider:
Detailed Logging: Enable more detailed logging within your EC2 instance and/or your VPC (through VPC Flow Logs) to further analyze the issue.
Relevant content
- asked 6 months ago
- Accepted Answerasked 2 years ago
- AWS OFFICIALUpdated 3 months ago
- How do I troubleshoot an increase in the TargetResponseTime metric for an Application Load Balancer?AWS OFFICIALUpdated 2 years ago
- How can I troubleshoot issues when I use the AWS Load Balancer Controller to create a load balancer?AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 19 days ago
I perfomed this step: