AWS claims 'monumental step forward' with optional IPv6-only networks

10 quintillion IP addresses per subnet but expect some pain


AWS customers can now create IPv6-only virtual private cloud (VPC) networks, with the company claiming it is a "monumental step forward" towards the enablement of IPv6 on its cloud.

Systems running dual network stacks (supporting both IPv4 and IPv6 addresses) are commonplace, but IPv6-only is less common. The new feature allows admins to create a IPv6-only subnet within a dual-stack VPC.

A limitation is that EC2 (Elastic Compute Cloud) instances launched into IP-v6 only subnets must be built on Nitro, a custom hypervisor and network card which has both performance and security advantages.

Each subnet has a /64 CIDR (Classless Inter-Domain Routing) range, offering "approximately 10 quintillion IP addresses for applications," according to AWS.

Creating an IPv6-only subnet on AWS

Creating an IPv6-only subnet on AWS

In a separate post, solutions architect Rohit Aswani and senior product manager Aditya Santhanam said that the capability is "ideal if you have workloads, such as serverless and container applications, that consume a large number of IP addresses."

AWS has enabled its local Instance Metadata Service (IMDS), Time Sync, and VPC DNS server to be accessed with IPv6 addresses. Currently some operations can only be done with the AWS API or CLI (Command-line interface) and not from the web-based console. The IMDS gives the ability to retrieve data about or to configure the EC2 VMs, so it is a critical part of the AWS infrastructure.

Making them a little bit easier to remember, the local addresses for the instance services all have the ULA (Unique Local IPv6 Unicast Address) prefix fd00:ec2. For example, the Time Sync service is at fd00:ec2::123.

IPv6-only interfaces can be exposed to the public internet, subject to security group rules in the normal way. An issue though is what happens if clients are on IPv4-only networks.

Aswani and Santhanam explained that "if the end user is located in a corporate network that doesn’t support IPv6 address space, you need to launch a dual-stack instance in a dual-stack subnet which the user can SSH into via public IPv4 address first. Then, from that dual-stack instance, the user can SSH into the IPv6-only instance."

The same logic would apply to other applications that need to be accessible via IPv4, but to call services in an IPv6-only subnet. The general approach would be IPv6 for the core, and IPv4 for public accessibility. A full walkthrough of setting up an IPv6-only subnet in an AWS VPC is here.

AWS is ahead of rivals Microsoft and Google in its IPv6-only enablement. Both Azure and GCP support dual-stack virtual networks but do not match what AWS now offers.

It may seem that an IPv6-only subnet is all pain and no gain for administrators. There are some potential benefits, though, one being a strategic one, in that it gives developers and hardware vendors an incentive to ensure applications work correctly in IPv6 and may therefore accelerate its adoption.

Another benefit is eliminating the risk of IP address conflicts, for example when a VPN connects two local networks both of which use the same local IPv4 address range. When will IPv4 become legacy and IPv6 the norm? That moment always seems to be five to 10 years away

Similar topics


Other stories you might like

  • India reveals home-grown server that won't worry the leading edge

    And a National Blockchain Strategy that calls for gov to host BaaS

    India's government has revealed a home-grown server design that is unlikely to threaten the pacesetters of high tech, but (it hopes) will attract domestic buyers and manufacturers and help to kickstart the nation's hardware industry.

    The "Rudra" design is a two-socket server that can run Intel's Cascade Lake Xeons. The machines are offered in 1U or 2U form factors, each at half-width. A pair of GPUs can be equipped, as can DDR4 RAM.

    Cascade Lake emerged in 2019 and has since been superseded by the Ice Lake architecture launched in April 2021. Indian authorities know Rudra is off the pace, and said a new design capable of supporting four GPUs is already in the works with a reveal planned for June 2022.

    Continue reading
  • Prisons transcribe private phone calls with inmates using speech-to-text AI

    Plus: A drug designed by machine learning algorithms to treat liver disease reaches human clinical trials and more

    In brief Prisons around the US are installing AI speech-to-text models to automatically transcribe conversations with inmates during their phone calls.

    A series of contracts and emails from eight different states revealed how Verus, an AI application developed by LEO Technologies and based on a speech-to-text system offered by Amazon, was used to eavesdrop on prisoners’ phone calls.

    In a sales pitch, LEO’s CEO James Sexton told officials working for a jail in Cook County, Illinois, that one of its customers in Calhoun County, Alabama, uses the software to protect prisons from getting sued, according to an investigation by the Thomson Reuters Foundation.

    Continue reading
  • Battlefield 2042: Please don't be the death knell of the franchise, please don't be the death knell of the franchise

    Another terrible launch, but DICE is already working on improvements

    The RPG Greetings, traveller, and welcome back to The Register Plays Games, our monthly gaming column. Since the last edition on New World, we hit level cap and the "endgame". Around this time, item duping exploits became rife and every attempt Amazon Games made to fix it just broke something else. The post-level 60 "watermark" system for gear drops is also infuriating and tedious, but not something we were able to address in the column. So bear these things in mind if you were ever tempted. On that note, it's time to look at another newly released shit show – Battlefield 2042.

    I wanted to love Battlefield 2042, I really did. After the bum note of the first-person shooter (FPS) franchise's return to Second World War theatres with Battlefield V (2018), I stupidly assumed the next entry from EA-owned Swedish developer DICE would be a return to form. I was wrong.

    The multiplayer military FPS market is dominated by two forces: Activision's Call of Duty (COD) series and EA's Battlefield. Fans of each franchise are loyal to the point of zealotry with little crossover between player bases. Here's where I stand: COD jumped the shark with Modern Warfare 2 in 2009. It's flip-flopped from WW2 to present-day combat and back again, tried sci-fi, and even the Battle Royale trend with the free-to-play Call of Duty: Warzone (2020), which has been thoroughly ruined by hackers and developer inaction.

    Continue reading

Biting the hand that feeds IT © 1998–2021