By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Bug Report: Incoming IPv6 traffic blocked after making changes to security group

0

I have a 't4g.small' EC2 instance running NGINX on 'Ubuntu-Jammy-22.04-arm64-server-20230919' (AMI ID: ami-03fd0aa14bd102718).

I have my VPC, subnet, route table, network ACL, security group, and internet gateway, all set up and working properly - my instance is reachable via HTTP/HTTPS/SSH over both IPv4 and IPv6. Life is good.

The problem arises whenever I make changes to my security group's inbound rules.

When removing SSH (port 22) access via IPv4 from my security group's inbound ruleset (only IPv6 allowed), everything still appears to work as expected. But the very next day, ALL incoming IPv6 traffic gets blocked, regardless of port (HTTP/HTTPS/SSH). IPv4 access still works.

During this downtime, the EC2 instance is able to 'ping6 ipv6.google.com' and get a response. If I spin up a new EC2 instance, it too exhibits the same IPv6 connectivity issue.

If I wait another day without making any changes to my security group, IPv6 becomes operational again - incoming IPv6 traffic is allowed.

I also see no difference in output between working / not working when running the linux commands:

ip -f inet6 address

ip -f inet6 route

Figured I'd report this odd behavior rather than ignore it.

Thank you for reading.

Topics
ComputeNetworking & Content Delivery
Tags
Amazon EC2Security GroupIPv6
Language
English
Pokey
asked 4 months ago181 views
3 Answers
1

This is a community forum, I highly recommend you open a Support Case. If issues are not reported and tracked, they cannot be fixed.

https://docs.aws.amazon.com/awssupport/latest/user/case-management.html

profile pictureAWS
EXPERT
iBehr
answered 4 months ago
  • Pokey
    4 months ago

    Alas, I only have a 'Basic Support plan', and am not able to open a support case. It is what it is.

0
Accepted Answer

UPDATE: This turned out to be a PEBCAK issue.

My Windows 10 PC keeps losing its IPv6 address assignment, preventing me from accessing any IPv6 resources. Disabling and re-enabling my network adapter resolved my issue.

Sorry for the trouble.

Pokey
answered 4 months ago
0

Hi,

Maybe it can help, Windows is working very strange, Windows 10 require to have Network set Private one, not Public one to keep IPv6 longer than standard RADVD timeout. I've spent many hours to sort it out.

Thanks,

profile picture
Marcin Gondek
answered 4 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content