Today IPv6 is 7 years old. While IPv6 was drafted in 1998 a global permanent deployment of IPv6 happened on 6 June 2012.
Unlike Google Play or the Raspberry Pi, which were launched in the same year, IPv6 adoption seems to be lagging behind with an increase of misinformation and organisations just ignoring the fact it even exists.
Currently IPv4 and IPv6 coexist in the Internet. Companies such as Sky completed there roll out of IPv6 way back in 2016 so if you still think the ‘internet doesn’t run on ipv6’ then you are very much mistaken.
IPv6 uses a 128-bit address, theoretically allowing 2128, or approximately 3.4×1038 addresses. The actual number is slightly smaller, as multiple ranges are reserved for special use or completely excluded from use. The total number of possible IPv6 addresses is more than 7.9×1028 times as many as IPv4, which uses 32-bit addresses and provides approximately 4.3 billion addresses.
Why do I need to worry about it?
IPv4 has fewer than 4.3 billion addresses available – which may seem a crazy amount but since the internet become more popular back in the 1980’s they knew the addresses would run out! The addition of millions of mobile devices over the last few years have not helped this at all. Sure enough IPv4 is now in the final stages of exhausting its unallocated address space, and yet still carries most Internet traffic.
Are you and your Business ready for IPV6?
Do you have IPv6 on your server? Does your monitoring solution monitor both IPv4 and IPv6?
Dogsbody Technology Server monitoring and management has included monitoring of IPv6 from its launch 6 years ago but we are still amazed at how many companies don’t support IPv6. We still have trouble finding suppliers that fully support it and there is now an ongoing race for people to make an operating system that is IPv6 only from the ground up.
Certainly. We try to set all servers up with IPv6 as standard.
https://www.dogsbody.com/wp-content/uploads/ipv6-amazon-blogpost.png330850Claire Christmashttps://www.dogsbody.com/wp-content/uploads/Dogsbody-site-logo-1.pngClaire Christmas2019-06-06 11:23:522019-06-06 11:23:52Happy World IPv6 Day 2019
This is the second part of a two part series on setting up IPv6 in Amazon Web Services (AWS). The first part discussed setting up IPv6 in your AWS VPC. This second part will discuss setting up IPv6 on your EC2 instances.
Why there are no new IPv4 jokes? Because it is exhausted!
Seeing as most of you have come from our other blog post we’ll jump straight in…
Step 1: Security Groups
Do one thing and do it well, a great philosophy we follow at Dogsbody Technology. AWS follow it strongly as well splitting their server hosting into many individual services. Security Groups are their firewall service, and since they are based on IP addresses they need updating for IPv6.
Open the EC2 management console, you can also find this by selecting the services menu at the top left and searching for “EC2”.
In the navigation bar, under the “Network & Security” tab, Select Security Groups.
Select a Security Group in your VPC
Select the “Inbound” tab and “Edit” the rules
There should be an IPv6 record mirroring your current IPv4 ones.
Remember ::/0 is the IPv6 equivalent of 0.0.0.0/0.
Now inbound IPv6 traffic is allowed into the server we need to allow traffic out.
Select the “Outbound” tab and “Edit” the rules
Create new IPv6 outbound rules just as you have IPv4.
With most of our servers we have no reason to block outbound traffic, we can trust our server, so this is as simple as follows:
Type, All traffic; Protocol, All; Port Range, 0 – 65535; Destination, ::/0; Description, Allow all IPv6 Traffic out.
Step 2: Assign the IP address
The final step in AWS is to assign your new IP address. This will be your new name in the IPv6 world.
Under the navigation bar select “Instances”
Select your instance
Right click and go to the “Networking” tab and select “Manage IP Addresses”
Assign a new IPv6 address
Step 3: Listen in the Operating System
Each Operating System has a slightly different network set up and will need a different configuration.
If you are unsure what Operating System you are running you can find out by reading this file:
cat /etc/*-release
I use vim below but you can use nano if you prefer we don’t mind. 🙂
Ubuntu 16 clients
Connect into the server on the command line over IPv4 as the admin user.
Find your Network Interface name
You can see all running network interfaces by running ifconfig, in most situations there should be two interfaces. lo is for local networking (where the traffic doesn’t leave the server) and there will be another which is what you are looking for.
You can also see your interfaces via the current configs: cat /etc/network/interfaces.d/50-cloud-init.cfg
My interface is eth0 but it will depend on your instance type what interface name you have.
Create a new configuration file for IPv6.
sudo vim /etc/network/interfaces.d/60-auto-ipv6.cfg
And add the following line to your file and save.
iface eth0 inet6 dhcp
If you are interested in what this line does, it binds to the interface (for me eth0) using the inet6 (IPv6) address family and uses DHCP (Dynamic Host Configuration Protocol) to get the servers IP address.
And last of all to load in this new config
sudo service networking restart
OR sudo ifdown eth0 && sudo ifup eth0 replacing “eth0” with your interface name.
Ubuntu 14 clients
You will need to reboot your Ubuntu 14 system to load in the new static IPv6 address.
Connect into the server on the command line over IPv4 as the admin user.
Find out your Network Interface name
You can see all running network interfaces by running ifconfig
My interface is eth0 but it will depend on your instance type what you have.
Edit the existing network interface file.
vim /etc/network/interface.d/eth0.cfg
And make sure it contains the below lines
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet dhcp
up dhclient -6 $IFACE
If you are interested in what these lines do, lines 1 and 2 set up a local loopback interface this guides traffic from the server to itself which sounds strange but is used often in networking.
Lines 3 and 4 starts networking on eth0 using DHCP (Dynamic Host Configuration Protocol) to get the servers IP address
Finally line 6 starts dhclient which handles DHCP with the -6 flag to get the IPv6 address.
Reboot the server. sudo reboot
RedHat Enterprise Linux 7.4 and CentOS 7.4 clients
Connect into the server on the command line over IPv4 as the admin user.
On version 7.4 networking is managed by cloud-init. This is a standard tool for configuring cloud servers (like EC2 instances).
Create a new config file in which we will enable ipv6 and add the below options.
RedHat Enterprise Linux 7.3 and CentOS 7.3 clients
Connect into the server on the command line over IPv4 as the admin user.
Edit the global network settings file
vim /etc/sysconfig/network
Update the following line to match this. This will enable IPv6 for your system.
NETWORKING_IPV6=yes
Edit the existing network interface file.
vim /etc/sysconfig/network-scripts/ifcfg-eth0
Enable IPv6 for the interface
IPV6INIT=yes
Enable IPv6 DHCP so the server can automatically get its new IPv6 address
DHCPV6C=yes
Disable the Network Manager daemon so it doesn’t clash with AWS network services
NM_CONTROLLED=no
sudo service network restart
Step 4: Run like you have never run before
You are set up, the complex bit is done. Now we are at the application layer.
Test that your IP address is set up by running: ifconfig
You could see a line that starts “inet6 addr” and ends with “Scope: Global” this is your IPv6 address (which you can confirm by looking at the instance in the EC2 control panel).
Test outbound connections work over IPv6: ping6 www.dogsbodytechnology.com
We always use a server side firewall (along side the security groups) for the fine grain control it gives us on the server. It is essential that this firewall is updated to allow IPv6 connections.
A very common tool for maintaining firewall rules is iptables. This has an IPv6 equivalent ip6tables.
Configure your web/app server software to listen to IPv6
Below are some example configuration lines so these common applications will start listening on IPv6.
Apache
Listen to IPv6 traffic on port 80 from the IP “2001:db8::” Listen [2001:db8::]:80
NGINX
To start listening to all incoming IPv6 traffic on port 80 listen [::]:80;
In fact there is a flag that disables IPv4 connections ipv6only=on
To start using your domain name (example.com) you need to create “AAAA” records with your DNS provider. This DNS record type is specifically for IPv6 traffic so that they can find your server.
Conclusion
Well done for getting this far, I am glad we have both done our bit to bring IPv6 into this world.
If you have any questions please put them in the comments or contact us and we will be happy to get back to you 🙂
https://www.dogsbody.com/wp-content/uploads/ipv6-amazon-blogpost.png330850Rob Hooperhttps://www.dogsbody.com/wp-content/uploads/Dogsbody-site-logo-1.pngRob Hooper2017-10-03 10:28:142017-10-03 10:28:14Setting up IPv6 on your EC2
This is the first part of a two part series on setting up IPv6 in Amazon Web Services (AWS). This first part discusses setting up IPv6 in your AWS VPC. The second part will discuss setting up IPv6 on your EC2 instances.
The IPv6 revolution is happening and you need to be a part of it, or you will be left behind running IPv4. Almost all major broadband service providers like BT and Sky provide IPv6 addresses by default. IPv6 and IPv4 are not compatible, and eventually IPv4 will be dropped altogether. Until that day dual stack set ups offer you the best of both worlds, readying you for the future.
Since last Christmas AWS have slowly been adding IPv6 support to more of their services and regions. However you need to actively opt in and set it up. These are my 6 steps to setting up IPv6 on AWS:
What is IPv6?
Internet Protocol version 6 (IPv6) is the most recent version of the Internet Protocol (IP), the communications protocol that provides an identification and location system for computers on networks and routes traffic across the Internet. IPv6 was developed […] to deal with the long-anticipated problem of IPv4 address exhaustion.
This guide assumes you have an existing AWS VPC set up and that you have full console access to your account.
Before you add IPv6 to your services it is worth making sure you can use it. Some older EC2 instances don’t yet support it. Check the docs for the table showing the EC2 generation and their IPv6 support status. You will need to re-size your EC2 instances to a supported instance type before you can fully set up IPv6.
Another catch is that some services including RDS do not support IPv6 yet, but do not fret as we are setting up a dual stack environment (supporting IPv4 and IPv6) and these services will continue working without issue over IPv4.
Step 2: Request an IPv6 range
Firstly we need to get an IPv6 range for your VPC. AWS give you a range of 4,722,366,482,869,645,213,696 different IPv6 IPs, to put this into perspective there are 4,294,967,296 total IPv4 IPs in the world! :-O
Back to the tutorial. Open the VPC management console, you can also find this by selecting the services menu at the top left and searching for “VPC”.
In the navigation bar, on the left, select “Your VPCs”.
Select the VPC you want to add IPv6 to.
Right click on the VPC and select “Edit CIDRs”.
Select Add IPv6 CIDR, it will then obtain a new IPv6 range for you and add it to your VPC.
Select “Close” to continue.
Step 3: Add IPv6 to your subnets
A subnet is a range of IP addresses. It makes routing traffic much simpler by pointing this range of IP’s in one direction rather than needing rules for each individual IP address. For example the IP address 203.0.113.76 is part of the 203.0.113.0/24 subnet range and routers on the internet will point all addresses in that range towards the owner of that range (Amazon for example). The /24 section indicates the size of the subnet, in this case it includes all IPs from 203.0.113.1 to 203.0.113.255.
This step adds the new IPv6 range to the subnets which your servers reside in.
In the navigation bar, select “Subnets”, this takes you to a page which lists all subnets in all of your VPCs. If you have multiple VPCs you will want to filter the subnet page by VPC, making it easier to see which subnets you need to add IPv6 to. (You can filter by VPC on every menu we will be looking at in this tutorial.)
Select a subnet in your VPC
Right click on it and select “Edit IPv6 CIDRs”
Select “Add IPv6 CIDR”
Press the tick icon that appears to the right of your new IPv6 range, this will associate it with the subnet.
Close the menu.
Repeat items 2 to 6 for each subnet in your VPC
Step 4: Speaking to the internet
At this point we have set up our VPC with IPv6 traffic coming in. This section is about talking out to the internet and that starts with routing. The first part of routing is an Internet Gateway, this is an AWS service which provides network address translation. Simply it is a device which guides network traffic in the right direction on its way into the internet.
You may already have an Internet Gateway, if you do great you can skip to step 5.
In the navigation bar, select “Internet Gateways”.
Click “Create Internet Gateway” at the top.
Give it a sensible name and press “Yes, Create” to save.
If you didn’t have an Internet Gateway before now, your servers would have only been able to speak to each other so be aware your servers can now talk to anyone on the Internet.
Step 5: Speaking to the IPv6 internet
The route table is telling all servers in your VPC this is the first hop on your journey, it passes internal traffic to your other servers, RDS instances, Elasticache instances etc and importantly it passes external traffic out to the Internet Gateway. That is what we are about to set up.
In the navigation bar, select “Route Tables”.
Select the route table attached to your VPC.
Click on the “Routes” tab and then “Edit” the existing table
Add in a rule for Destination “::/0” where the Target is your Internet Gateway.
When you click in the target field it will automatically show you all available Internet Gateways
If you have just created your first Internet Gateway you will also want to route IPv4 traffic out to the internet
“Add another route” with the Destination of 0.0.0.0/0 and a Target of your Internet Gateway.
Click save
::/0 means any IPv6 address, this is why it is at the bottom of your route table because it is catching all un-routed IPv6 traffic and passing it onto your AWS Internet Gateway.
Step 6: Network ACL
There is one final step at the network level, the Network Access Control List (ACL). It is one of many layers of security protecting your servers from attackers. The ACL lists both allowed and denied connections based in IP ranges, so we need to add IPv6. You may find that IPv6 has been configured on your ACL by AWS, in which case you can skip this step.
In the navigation bar, select “Network ACLs”, it is under the “Security” subheading.
Select your Network ACL; again you can filter by VPC if needed.
Select the “Inbound Rules” tab and “Edit” the rules
A little known fact about IPv6 is that it is prioritised over IPv4 traffic, if you have IPv6 set up people connecting in will prefer it over IPv4. This means your developers with their static IP addresses need their IPv6 address added as well as their IPv4 address. Just having their IPv4 record whitelisted will still leave them blocked.
With this in mind for each rule in your IPv4 inbound rules there should be one with an IPv6 “Source” field.
As mentioned above ::/0 matches all IPv6 records so you can use it to mirror the 0.0.0.0/0 sources.
Each rule needs a unique name, I iterated up by 1 as I went.
Select the “Outbound Rules” tab and “Edit” the rules
Set up new IPv6 rules mirroring IPv4, just as we did for the Inbound Rules.
You will need to do items 3 and 4 for each Network ACL in your VPC, if you have more than one.
Conclusion
Congratulations you are now IPv6 ready! and I hope you learnt something new about VPC’s, I certainly learnt a lot researching this post. Please leave any questions in the comments or contact us and see how we can help you. 🙂
Now the first part of our IPv6 journey is complete, join us next time where I will show you how to configure the server itself to support this new IPv6 environment.
https://www.dogsbody.com/wp-content/uploads/ipv6-amazon-blogpost.png330850Rob Hooperhttps://www.dogsbody.com/wp-content/uploads/Dogsbody-site-logo-1.pngRob Hooper2017-09-21 11:04:452017-09-21 11:04:45Setting up IPv6 in your AWS VPC
Today is IPv6 day. IPv6 day aims to evaluate and promote public IPv6 deployment as it was designed to eventually completely replace IPv4.
We embrace IPv6 technology at Dogsbody Technology and want to help promote it, so we thought we’d write a blog post telling you why we think it’s great.
But first, what is IPv6?
IPv6 was invented to address the issue of IPv4 exhaustion. It allows for a much larger number of IP (Internet Protocol) addresses, which is what computers use to identify and communicate with one another over the internet. Once all of these addresses are taken, no one new would be able to connect to the internet. There are around 3.7 billion public IPv4 addresses, which are now virtually exhausted due to the ever growing number of computers and people who are connected to the web. Compare this with roughly 340 undecillion, or 340 trillion, trillion, trillion that you get with IPv6.
With IPv6 every human on the planet could use billions of addresses a second and we’d still not run out.
An IPv6 address is written differently and so needs different DNS records. If you do a DNS query on www.dogsbodytechnology.com you will see two responses. A traditional A record that includes the IPv4 address and a new AAAA record that shows the IPv6 address:
www.dogsbodytechnology.com. 900 IN A 139.162.200.233
www.dogsbodytechnology.com. 900 IN AAAA 2a01:7e00::31:9003
IPv4 Addresses are in the format “ddd.ddd.ddd.ddd” where each “ddd” ranges from 0-255.
IPv6 addresses are in the format “hhhh:hhhh:hhhh:hhhh:hhhh:hhhh:hhhh:hhhh” where each “h” is the value 0-15 written in hexadecimal.
IPv6 addresses can also be shortened so that leading zeroes can be removed (like IPv4) and consecutive blocks of 0000 can be replaced by a double colon (::) e.g.
Makes address allocation and network management simpler.
Improved end-to-end connection, helping things such as file sharing and online gaming.
Disadvantages:
Makes addresses harder to remember for humans.
Can make it easier to track an individual’s use of the internet.
New hardware may need to be purchased.
It’s going to take a long time to transition fully.
Some of the above disadvantages are lessened and/or avoided with the use of a dual stack (running IPv4 and IPv6 side-by-side)
Regardless of the down sides, we’re big fans of IPv6, and all of our servers use it where possible.
There is even a chance that you’re using it right now to view this website. Contact Us if you want to make sure future visitors can access your site over IPv6.
https://www.dogsbody.com/wp-content/uploads/maxresdefault.jpg10801920Gary Rixonhttps://www.dogsbody.com/wp-content/uploads/Dogsbody-site-logo-1.pngGary Rixon2016-06-06 11:09:422016-06-06 11:09:42IPv6 Day 2016