IPv6 Networking Stack on AWS
Why IPv6 ?
As many of you are aware, IPv4 addresses have become an increasingly scarce resource, with the cost of acquiring a single public IPv4 address soaring by more than 300% over the past 5 years. In light of this, starting February 1, 2024, there will be a charge of $0.005 per IP per hour for all public IPv4 addresses on AWS, regardless of whether they are associated with any service. This translates to approximately $3.6 per IP per hour or $43.2 per IP per month.
For more info read this
To future proof you networking architecture and avoid paying extra . I have created this walkthrough.
VPC Configuration
We don’t have the option to create a VPC exclusively for IPv6; thus, we have to specify an IPv4 CIDR block as well. When creating a subnet, we will opt out of the IPv4 subnet and create only an IPv6 CIDR. For different options regarding IPv6 block selection, this ensures that the IPv6 block you choose is unique to you, as all IPv6 addresses are public by default.
- AWS has automatically assigned IPv6 cidr for our vpc
Let now attach a internet gateway to our newly created vpc .
Now we have to add this with our vpc .
- Select the VPC we have just created . Then click on
Attach Internet Gateway
- Now click on subnet , to create subnets for our vpc .
- Click on create subnet and then select our newly created vpc
- We are only going to create ipv6 cidr since , ipv4 is going to charge us from feb 1 , 2024 onwards . So , select No IPv4 CIDR
- Click on IPv6 cidr block and select the default on provided by the aws .
- Change the subnet cidr to 64 and then change
00 to 01 , 02 , 03 , 04for each subnet.
Click on add new to create new subnet , we are going to create 3 more subnets , so follow the same instructions . But they will have the following CIDR block.
- Now we create a route table map subnet to internet gateway to make it public .
- Click on create route table
- Click on create Edit routes . This will essentially route all the traffic that is pointed to internet to internet gateway
- Create this rules
- Now click on create
subnet associations - Click on explict
subnet associationand then on add subnets - I am making subnet-01 and subnet-02 public
- After adding the explicit association the route table association will looks like this .
Resource map of VPC
PUBLIC SUBNETS :my-subnet-01 and my-subnet-02PRIVATE SUBNETS :my-subnet-03 and my-subnet-04
Optional
Creating egress only gateway to allow internet connectivity for instances launched in private subnet .
Create Egress Only gateway
- Click on egress only internet gateway
- In vpc select the vpc we have created and click on create.
- Now create a new route table
- Now create rules for public traffic for private subnet -> egress only gateway.
- Now associate private subnet with it
- Now instnaces launched in our private subnets can also access internet
Update Resource Map
- Keep in mind the like nat gateway , egress only gateway also charges money for data transfer
TESTING
Now lets test this stack by lauching EC2 instance in public subnet of this vpc
While i was performating this test on t2.micro instance I encoutered this error . So I have change the type of instance to c5.large , you can choose any class other than t .
View the configuration
Select our newly created public subnet and vpc
- I have create a new security group to allow traffic at port 80 .
- For testing public traffic , i am going to deploy nginx webserver in this instance using userdata script.
- Click on create Advance Configuration . Scoll down to user data script
# userdata script
apt update -y
apt install nginx
systemctl enable nginx
systemctl start nginx 
- Click on lauch instance
- Get the public ipv6 ip of the ec2 instance
- on browser you have to enclose you ip in brackets like this
[you ipv6 ip ]
