Saturday, November 26, 2022
HomeCloud ComputingLet Your IPv6-only Workloads Hook up with IPv4 Companies

Let Your IPv6-only Workloads Hook up with IPv4 Companies

Right now we’re asserting two new capabilities for Amazon Digital Personal Cloud (VPC) NAT gateway and Amazon Route 53, permitting your IPv6-only workloads to transparently talk with IPV4-only providers. Curious? Learn on; I’ve particulars for you.

A few of you might be operating very giant workloads involving tens of 1000’s of digital machines, containers, or micro-services. To take action, you configured these workloads to work within the IPv6 handle house. This avoids the issue of operating out of obtainable IPv4 addresses (a single VPC has a most theoretical measurement of 65,536 IPv4 addresses, in comparison with /56 ranges for IPv6, permitting for a most theoretical measurement of two^73 -1 IPv6 addresses), and it saves you from extra complications attributable to managing complicated IPv4-based networks (take into consideration non-overlapping subnets in between VPCs belonging to a number of AWS accounts, AWS Areas, or on-premises networks).

However can you actually run an IPv6 workload in isolation from the remainder of the IPv4 world? Most of you instructed us you will need to let such workloads proceed to speak with IPv4 providers, both to make calls to older APIs or simply as a transient design, if you are migrating a number of dependent workloads from IPv4 to IPv6. Not being able to name an IPv4 service from IPv6 hosts makes migrations slower and harder than it must be. It obliged a few of you to construct customized options which can be onerous to keep up.

For this reason we’re launching two new capabilities permitting your IPv6 workloads to transparently talk with IPv4 providers: NAT64 (learn “six to 4”) for the VPC NAT gateway and DNS64 (additionally “six to 4”) for the Amazon Route 53 resolver.

How Does It Work?
As illustrated by the next diagram, let’s think about I’ve an Amazon Elastic Compute Cloud (Amazon EC2) occasion with an IPv6-only handle that has to make an API name to an IPv4 service operating on one other EC2 occasion. Within the diagram, I selected to have the IPv4-only host in a separate VPC in the identical AWS account, however these capabilities work to hook up with any IPv4 service, whether or not in the identical VPC or in one other AWS account’s VPC, your on-premises community, and even on the general public web. My IPv6-only host solely is aware of the DNS title of the service.

NAT64 DNS64 beforeRight here is the sequence taking place when the IPv6-only host initiates a connection to the IPv4 service:

1. The IPV6 host makes a DNS name to resolve the service title to an IP handle. With out DNS64, Route 53 would have returned an IPv4 handle. The IPv6-only hosts wouldn’t have been ready to hook up with that IPv4 handle. However beginning as we speak, you’ll be able to activate DNS64 to your subnet. The DNS resolver first checks if the document accommodates an IPv6 handle (AAAA document). If it does, the IPv6 handle is returned. The IPv6 host can hook up with the service utilizing simply IPv6. When the document solely accommodates an IPv4 handle, the Route 53 resolver synthesizes an IPv6 handle by prepending the well-known 64:ff9b::/96 prefix to the IPv4 handle.

For instance, when the IPv4 service has the handle, Route 53 returns 64:ff9b::ffff:22cf:fa3e.

IPv6 (hexadecimal) : 64:ff9b::ffff: 22 cf fa 3e
IPv4 (decimal) : 34 207 250 62

64:ff9b::/96is a well known prefix outlined within the RFC 6052 proposed commonplace to the IETF. Studying the textual content of the usual is a good way to go to sleep quickly to study all the small print about IPv6 to IPv4 translation.

2. The IPv6 host initiates a connection to 64:ff9b::ffff:22cf:fa3e. You might configure subnet routing to ship all packets beginning with 64:ff9b::/96 to the NAT gateway. The NAT gateway acknowledges the IPv6 handle prefix, extracts the IPv4 handle from it, and initiates an IPv4 connection to the vacation spot. As normal, the supply IPv4 handle is the IPv4 handle of the NAT gateway itself.

3. When the packet response arrives, the NAT gateway repopulates the vacation spot host IPv6 handle and prepends the well-known prefix 64:ff9b::/96 to the supply IP handle of the response packet.

Now that you just perceive the way it works, how are you going to configure your VPC to benefit from these two new capabilities?

Get Began
To allow these two capabilities, I’ve to regulate two configurations: first, I flag the subnets that require DNS64 translation, and second, I add a path to the IPv6 subnet routing desk to ship a part of the IPv6 site visitors to the NAT gateway.

To allow DNS64, I’ve to make use of the brand new --enable-dns64 possibility to switch my current subnets. On this demo, I exploit the modify-subnet-attribute command. This can be a one-time operation. I can do it utilizing the VPC API, the AWS Command Line Interface (CLI), or the AWS Administration Console. Discover it is a subnet-level configuration that have to be turned on explicitly. By default, the prevailing habits is maintained.

aws ec2 modify-subnet-attribute --subnet-id subnet-123 --enable-dns64

I’ve so as to add a path to the subnet’s routing desk to permit VPC to ahead IPv6 packets prefixed by DNS64 to the NAT gateway. It tells it to route all packets with vacation spot 64:ff9b::/96 to the NAT gateway.

aws ec2 create-route --route-table-id rtb-123 –-destination-ipv6-cidr-block 64:ff9b::/96 –-nat-gateway-id nat-123

The next diagram illustrates these two easy configuration modifications.

NAT64 DNS64 afterWith these two easy modifications, my IPv6-only workloads within the subnet might now talk with IPv4 providers. The IPv4 service may reside in the identical VPC, in one other VPC, or wherever on the web.

You’ll be able to proceed to make use of your current NAT gateway, and no change is required on the gateway itself or on the routing desk connected to the NAT gateway subnet.

Pricing and Availability
These two new capabilities to the VPC NAT gateway and Route 53 can be found as we speak in all AWS Areas at no extra prices. Common NAT gateway costs might apply.

Go and construct your IPv6-only networks!

— seb



Please enter your comment!
Please enter your name here

Most Popular

Recent Comments