Configure AWS CentOS instance to use IPv6

From Notes_Wiki
Revision as of 04:30, 18 April 2022 by Saurabh (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Home > Amazon web services > Configure AWS CentOS instance to use IPv6

Assuming IPv6 is not disabled using techniques described at CentOS 8.x Disabling IPv6 or IPv6 autoconf is not disabled using General IPv6 node configuration and commands, we can use following steps to get an AWS instance with working IPv6 networking:

  1. Login into AWS console
  2. Select appropriate region
  3. Go to VPC -> Subnets. Note appropriate details based on desired subnet / AZ such as:
    1. Subnet ID
    2. VPC
    3. IPv4 CIDR
    4. Availability Zone
    5. Route table
    6. Network ACL
  4. Enable IPv6 on VPC using:
    1. Go to VPC -> Your VPCs. Select correct VPC as per information noted above and select option "Edit CIDR"
    2. Click on "Add new IPv6 CIDR"
    3. Select "Amazon-provided IPv6 CIDR block". Validate correct region as per desired AZ is shown below. For example for ap-south-1b AZ region should be ap-south-1.
    4. Click "Select CIDR"
    5. Notice that an IPv6 /56 CIDR block is assigned to your account for given region
    6. Click close
  5. Enable IPv6 for subnet using:
    1. Go to VPC -> Subnets. Select correct Subnet and select option "Edit IPv6 CIDRs"
    2. Click "Add IPv6 CIDR"
    3. In textbox mention unused subnet prefix for a /64 subnet. Such as 01 in case of a new IPv6 CIDR not used elsewhere
    4. Click save
    5. After that on Subnets page validate IPv6 CIDR is shown in the subnet list against the subnet
  6. Enable IPv6 route in route table
    1. Go to VPC -> Route tables. Select appropriate route table and select option "Edit routes"
    2. Enable route for destination ::/0 via same Internet gateway as IPv4 0.0.0.0/0 route.
    3. Click save
    4. Validate that route table has active route for ::/0 IPv6 default route
  7. Go to appropriate network ACL and ensure that all IPv6 and IPv4 incoming and outgoing protocols / ports etc. are allowed
  8. Go to EC2 and try to launch instance with appropriate AMI and instance type.
  9. On Configure Instance details page ensure:
    1. Appropriate subnet is chosen for the new instance
    2. Both IPv4 and IPv6 auto-assign for this instance are enabled
    3. Configure other storage, security group, etc. settings as required. Ensure that at least one port eg SSH port 22 is allowed over IPv6 so that we can validate IPv6 connectivity also.
    4. Launch
      If launch fails due to subscription issue, copy the link shown and subscribe to the product. Retry the same launch again using "Retry failed tasks" link.
  10. If IPv4 elastic IP is desired than allocate IPv4 elastic IP and associate with VM
  11. Test connectivity to instance with required exceptions in security group over IPv4. Only after IPv4 connectivity is working, proceed further.
  12. Update IPv4 DNS records to the instance, if required
  13. SSH to VM as root and set correct hostname
    yum -y install vim
    vim /etc/hostname
    hostname <desired-fqdn>
  14. Again connect to VM and validate new hostname is appearing properly
  15. Edit '/etc/sysconfig/network' and ensure it has:
    NETWORKING_IPV6=yes
    IPV6_AUTOCONF=yes
  16. Edit '/etc/sysconfig/network-scripts/ifcfg-<interface-name>' and make sure it has IPv6 related lines as shown in below example:
    DHCPV6C=yes
    IPV6INIT=yes
  17. Create '/etc/sysctl.d/99-enable-ipv6-ra.conf' with following contents:
    net.ipv6.conf.all.accept_ra = 1
    net.ipv6.conf.default.accept_ra = 1
  18. If possible reboot the machine or else reload configuration using:
    sysctl -p /etc/sysctl.d/99-enable-ipv6-ra.conf
    systemctl restart network
  19. After this check IPv6 route using
    ip -6 route show
    A default route for IPv6 must be visible. If it is not visible check all previous steps properly.
  20. Validate outgoing IPv6 connectivity with:
    ping6 www.google.com
  21. Test incoming IPv6 connectivity to host using:
    ip addr show ## Note Ipv6 IP with global scope
    ping6 <IPv6-IP> ##From admin station. This will only work if IPv6 ICMP is enabled in security group
    ssh <user>@<ipv6-ip> ##From admin station. This will only work if incoming access to port 22 over IPv6 is enabled.
  22. If required update IPv6 (AAAA) DNS record for the host


Refer:


Home > Amazon web services > Configure AWS CentOS instance to use IPv6