IPAM ipv6 best practices
We have now setup ipam with ipv4 in our multi account structure with transitgw. I have been trying to read up on ipv6 & aws but it is a bit hard to understand what the best practice is. Are we supposed to use ipv6 ula setup in ipam and for the public subnets we use the given public ones by you OR are we suppose to use public ipv6 on all subnets including the private ones but only the ones in the public network via IGW is publicly available?
- Newest
- Most votes
- Most comments
With regards to IPv6 , please note that currently Amazon VPC does’t support ULA (Unique local address) CIDRs for IPv6. Because of this all the VPC’s must have a unique IPv6 CIDR. As a customer, you can start with either AWS assigned IPv6 VPC CIDR or you can bring your own IPv6 (BYOIPv6) as well. For customers that have large VPC footprint and would prefer to do IP route summarization then BYOIPv6 CIDR is the preferred approach.
You can Bring and provision your IPv6 CIDR in IPAM and then you can follow the steps that you would have followed for IPv4 (in terms of IP allocation rules etc). In case you opt for AWS supplied IPv6, then with IPAM, you can track/monitor the IP addresses.
Based on the above, as you mentioned in your question , you will use public routable IPv6 in all subnets including the private one but you will configure Routes only for the one’s in public subnet to route via IGW.
In case you want your instance in private subnet and with IPv6 to reach the internet then you would need to use Egress only Internet gateway (EIGW)
Please consider your use case and/or the traffic flow (like do you intend to route to internet for IPv6 traffic or within VPC) and then design accordingly..
This whitepaper on IPv6 on AWS can be a good read if you are thinking of IPv6 on AWS.
Relevant content
- asked 6 months ago
- asked 3 years ago
AWS OFFICIALUpdated a year ago- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 6 days ago
- AWS OFFICIALUpdated 2 years ago
