N E T 2 0 7 - R Understanding the basics of IPv6 networking on AWS

Shakeel Ahmad Solutions Architect Amazon Web Services

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Agenda

Why IPv6

Brief overview of the IPv6 protocol

IPv6 in Amazon VPC

IPv4 to IPv6 migration patterns

Hands-on with IPv6 on AWS © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. IPv4 exhaustion IPv4 vs IPv6 address size

IPv4: 32-bit / 4,294,967,296 addresses (~4.3 x 109)

11000000 00000000 00000010 00000001

IPv6: 128-bit / 340,282,366,920,938,463,463,374,607,431,768,211,456 addresses (~3.4 x 1038)

0010000000000001 0000110110111000 0000111011000010 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000001 © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. IPv4 vs IPv6 address types

IPv4: Address types

1. Unicast 2. Broadcast 3. Multicast

IPv6: Address types

1. Unicast 2. Multicast 3. Anycast IPv4 vs IPv6 address format

IPv4: Dotted Decimal Notation + CIDR

192.168.0.1/24 127.0.0.1

IPv6: Colon-Separated Hextet Notation + CIDR

2001:0db8:0ec2:0000:0000:0000:0000:0001/64 0000:0000:0000:0000:0000:0000:0000:0001

2001:db8:ec2:0:0:0:0:1/64 0:0:0:0:0:0:0:1

2001:db8:ec2::1/64 ::1 © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon VPC—dual-stack

VPC

Internet gateway IPv4: IPv6: Instance

Public Subnet Amazon VPC—private subnet? NAT?

VPC

Egress-only internet gateway

IPv4: IPv6: Instance X

Private subnet Amazon VPC—IPv6 routing and more . . .

VPC

Internet gateway IPv4: IPv6: Instance

VPC Public Subnet

Target Status Egress-only 2001:db8:ec2:/56 local Active internet gateway ::/0 IGW Active IPv4: IPv6: Instance X

Private subnet

Target Status 2001:db8:ec2:/56 local Active ::/0 EIGW Active Amazon VPC—NACLs, security groups . . . © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Migrating to IPv6

• Step 1: Associate an IPv6 CIDR block to your VPC & subnets • Step 2: Update your route tables • Step 3: Update your security group rules • Step 4: Change your instance type (if required) • Step 5: Assign IPv6 to your instances • Step 6: Configure IPv6 on your instances (if required) • Step 7: Turn on IPv6 on Application Load Balancer (dual stack) Dual-stack

IPv4 IPv6 Address Address Amazon VPC—migration patterns

ipv4 Availability Zone 1 Availability Zone 2

VPC Internet gateway

Application Load Balancer DNS name: nameme-xyz.us-east-1.elb.amazonaws.com IP address type: ipv4

Auto Scaling group Instance Instance Amazon VPC—migration patterns

ipv4 Availability Zone 1 Availability Zone 2

VPC Internet gateway

Application Load Balancer DNS Name: nameme-xyz.us-east-1.elb.amazonaws.com

IP address type: dual-stack

Auto Scaling group Instance Instance

172.31.0.100/20 172.31.16.100/20 Dual-stack user/dual-stack website

DNS www.ipv6.org

194.63.248.52 (A) 2a01:5b40:0:248::52 (AAAA)

IPv4 IPv6 internet internet

www.ipv6.org © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Details

• Use your own account (AWS credits available)

• Use either AWS Management Console or AWS CLI (or both)

• Ask questions as you go along

https://bit.ly/AWSIPv6Workshop Learn networking with AWS Training and Certification Resources created by the experts at AWS to help you build and validate networking skills

Free digital courses cover topics related to networking and content delivery, including Introduction to Amazon CloudFront and Introduction to Amazon VPC

Validate expertise with the AWS Certified Advanced Networking - Specialty exam

Visit aws.amazon.com/training/paths-specialty

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Thank you!

Shakeel Ahmad [email protected]

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.