Configure AWS CentOS instance to use IPv6
From Notes_Wiki
<yambe:breadcrumb self="Configure AWS CentOS instance to use IPv6">Amazon web services|Amazon web services</yambe:breadcrumb>
Configure AWS CentOS instance to use IPv6
Assuming IPv6 is not disabled using techniques described at CentOS 8.x Disabling IPv6 or IPv6 autoconf is not disabled using General IPv6 node configuration and commands, we can use following steps to get an AWS instance with working IPv6 networking:
- Login into AWS console
- Select appropriate region
- Go to VPC -> Subnets. Note appropriate details based on desired subnet / AZ such as:
- Subnet ID
- VPC
- IPv4 CIDR
- Availability Zone
- Route table
- Network ACL
- Enable IPv6 on VPC using:
- Go to VPC -> Your VPCs. Select correct VPC as per information noted above and select option "Edit CIDR"
- Click on "Add new IPv6 CIDR"
- Select "Amazon-provided IPv6 CIDR block". Validate correct region as per desired AZ is shown below. For example for ap-south-1b AZ region should be ap-south-1.
- Click "Select CIDR"
- Notice that an IPv6 /56 CIDR block is assigned to your account for given region
- Click close
- Enable IPv6 for subnet using:
- Go to VPC -> Subnets. Select correct Subnet and select option "Edit IPv6 CIDRs"
- Click "Add IPv6 CIDR"
- In textbox mention unused subnet prefix for a /64 subnet. Such as 01 in case of a new IPv6 CIDR not used elsewhere
- Click save
- After that on Subnets page validate IPv6 CIDR is shown in the subnet list against the subnet
- Enable IPv6 route in route table
- Go to VPC -> Route tables. Select appropriate route table and select option "Edit routes"
- Enable route for destination ::/0 via same Internet gateway as IPv4 0.0.0.0/0 route.
- Click save
- Validate that route table has active route for ::/0 IPv6 default route
- Go to appropriate network ACL and ensure that all IPv6 and IPv4 incoming and outgoing protocols / ports etc. are allowed
- Go to EC2 and try to launch instance with appropriate AMI and instance type.
- On Configure Instance details page ensure:
- Appropriate subnet is chosen for the new instance
- Both IPv4 and IPv6 auto-assign for this instance are enabled
- Configure other storage, security group, etc. settings as required. Ensure that at least one port eg SSH port 22 is allowed over IPv6 so that we can validate IPv6 connectivity also.
- Launch
- If launch fails due to subscription issue, copy the link shown and subscribe to the product. Retry the same launch again using "Retry failed tasks" link.
- If IPv4 elastic IP is desired than allocate IPv4 elastic IP and associate with VM
- Test connectivity to instance with required exceptions in security group over IPv4. Only after IPv4 connectivity is working, proceed further.
- Update IPv4 DNS records to the instance, if required
- SSH to VM as root and set correct hostname
- yum -y install vim
- vim /etc/hostname
- hostname <desired-fqdn>
- Again connect to VM and validate new hostname is appearing properly
- Edit '/etc/sysconfig/network' and ensure it has:
- NETWORKING_IPV6=yes
- IPV6_AUTOCONF=yes
- Edit '/etc/sysconfig/network-scripts/ifcfg-<interface-name>' and make sure it has IPv6 related lines as shown in below example:
- DHCPV6C=yes
- IPV6INIT=yes
- Create '/etc/sysctl.d/99-enable-ipv6-ra.conf' with following contents:
- net.ipv6.conf.all.accept_ra = 1
- net.ipv6.conf.default.accept_ra = 1
- If possible reboot the machine or else reload configuration using:
- sysctl -p /etc/sysctl.d/99-enable-ipv6-ra.conf
- systemctl restart network
- After this check IPv6 route using
- ip -6 route show
-
- A default route for IPv6 must be visible. If it is not visible check all previous steps properly.
- Validate outgoing IPv6 connectivity with:
- ping6 www.google.com
- Test incoming IPv6 connectivity to host using:
- ip addr show ## Note Ipv6 IP with global scope
- ping6 <IPv6-IP> ##From admin station. This will only work if IPv6 ICMP is enabled in security group
- ssh <user>@<ipv6-ip> ##From admin station. This will only work if incoming access to port 22 over IPv6 is enabled.
- If required update IPv6 (AAAA) DNS record for the host
Refer:
- https://www.cyberciti.biz/faq/rhel-redhat-fedora-centos-ipv6-network-configuration/
- https://www.golinuxcloud.com/how-to-configure-ipv6-address-in-linux-rhel-centos-7/
<yambe:breadcrumb self="Configure AWS CentOS instance to use IPv6">Amazon web services|Amazon web services</yambe:breadcrumb>