AWS VPC IPv6 config
Description
Amazon Virtual Private Cloud (Amazon VPC) allows to launch AWS resources into a virtual network. VPC is very flexible and allows different scenarios to be defined/implemented based on custom needs. It closely resembles a traditional network that is operated in classic data center, with the benefits of using the scalable infrastructure of AWS.
Lab Schema
![schema](https://www.radkowski.pro/wp-content/uploads/2019/10/schema.png)
Configs
1. Create VPC
Using AWS Console, select VPC service, next Your VPC and click "Create VPC"
![1-Create VPC](https://www.radkowski.pro/wp-content/uploads/2019/10/1.png)
2. VPC IP configuration
Enter VPC Name tag, IPv4 address pool and select "Amazon provided IPv6 CIDR". AWS will reserve ::/56 network for VPC which can be splitted into ::/64 and assigned to the subnets
![2 VPC IP config](https://www.radkowski.pro/wp-content/uploads/2019/10/2-1024x437.png)
3. Create subnets
Using AWS console (VPC service) create two subnets
![3 Create Subnet](https://www.radkowski.pro/wp-content/uploads/2019/10/3.png)
4. Create public_1 subnet
Create first subnet (public_1) based on following:
Name: public_1
VPC: VPC created in #1
IPv4:10.0.0.0/24
IPv6: Custom (enter two hexes to define ::/64 network)
![4 Subnet public_1](https://www.radkowski.pro/wp-content/uploads/2019/10/4.png)
5. Create public_2 subnet
Create first subnet (public_2) based on following:
Name: public_2
VPC: VPC created in #1
IPv4:10.0.1.0/24
IPv6: Custom (enter two hexes to define ::/64 network)
![5 Subnet public_2](https://www.radkowski.pro/wp-content/uploads/2019/10/5-1024x688.png)
6. Set auto-assign IP settings
Subnets created in previous steps are not public, yet. To finish configuration process, IPv4 and IPv6 address auto-assign must be enabled
![6 auto-assign IP](https://www.radkowski.pro/wp-content/uploads/2019/10/6.png)
7. Enable auto-assign for IPv4 and IPv6
For both subnets defined above, enable IPv4 and IPv6 auto-assign option
![7 Enable auto-assign](https://www.radkowski.pro/wp-content/uploads/2019/10/7-1024x417.png)
8. Subnet verification
Verify, if both subnets has been configured correctly (auto-assign option)
![8 Verify auto-assign for subnets](https://www.radkowski.pro/wp-content/uploads/2019/10/8-1024x264.png)
9. Create Internet Gateway
Using AWS Console -> VPC service, create Internet Gateway
![9 Inet gateway](https://www.radkowski.pro/wp-content/uploads/2019/10/9.png)
10. Configure Internet Gateway
Enter Name tag for IGW
![10 IGW - name tag](https://www.radkowski.pro/wp-content/uploads/2019/10/10.png)
11. Attach IGW to VPC (#1)
Use AWS Console to select "Attach to VPC" option for Internet Gateway
![11 select VPC to be attached](https://www.radkowski.pro/wp-content/uploads/2019/10/11.png)
12. Attach IGW to VPC (#2)
Select previously created VPC to be attached to IGW
![12 Select VPC to be attached](https://www.radkowski.pro/wp-content/uploads/2019/10/12-1024x352.png)
13. Verify Internet Gateway attachement
Using AWS Console verify, if IGW has been properly attached to VPC (it may take a while)
![13 Verify IGW attach](https://www.radkowski.pro/wp-content/uploads/2019/10/13.png)
14. Create Security Group
Using AWS Console -> VPC service, create security group
![14 Security Group](https://www.radkowski.pro/wp-content/uploads/2019/10/14.png)
15. Security group details
Enter security group details including:
- name
- description
- VPC
![15 Security Group data](https://www.radkowski.pro/wp-content/uploads/2019/10/15.png)
16. Define Security group inbound rules
Use Edit button to start editing inbound rules
![16 Inbound rules](https://www.radkowski.pro/wp-content/uploads/2019/10/16.png)
17. Edit Inbound rules
Using console, enter rules to define allowed traffic
![17 Secusrity Groups rules](https://www.radkowski.pro/wp-content/uploads/2019/10/17.png)
18. Verify security group rules
Using AWS console, verify Inbound Rules
![18 Verify Inbound rules](https://www.radkowski.pro/wp-content/uploads/2019/10/18.png)
19. Create route table
Using AWS console create route tables. In the example two route tables (one per each subnet) will be created
![19 Create route table](https://www.radkowski.pro/wp-content/uploads/2019/10/19.png)
20. Create route table for public_1 subnet
Using AWS console create route table for public_1 subnet
![20 Route Table for subnet_1](https://www.radkowski.pro/wp-content/uploads/2019/10/20-1024x360.png)
21. Create route table for public_2 subnet
Using AWS console create route table for public_2 subnet
![21 Route Table for subnet_2](https://www.radkowski.pro/wp-content/uploads/2019/10/21.png)
22. Edit subnet associations for public_1
By default, all subnets are assocciated with the main route table. It can be changed by editing non-default route subnet associations
![22 Subnet associations](https://www.radkowski.pro/wp-content/uploads/2019/10/22.png)
23. Select networks to be associated with public_1 route table
Different subnets can be associated with different route tables. In this example, pubic_1 will be associated with public_1_route_table
![23 Select subnets to be assiciated with route table](https://www.radkowski.pro/wp-content/uploads/2019/10/23-1024x583.png)
24. Select networks to be associated with public_2 route table
On following screen, pubic_2 will be associated with public_2_route_table
![24 Subnet associations](https://www.radkowski.pro/wp-content/uploads/2019/10/24.png)
25. Modify routes
Routes need to be added/modified, to allow communication with others (non-local) networks/subnets,
![25 Edit routes](https://www.radkowski.pro/wp-content/uploads/2019/10/25-1024x609.png)
26. Add default route for both IPv4 and IPv6
0.0.0.0/0 means anywhere for IPv4, the same can be defined as ::/0 for IPv6 traffic. Both routes need to be configured using previously created Internet Gateway as a target.
![26 Default routes](https://www.radkowski.pro/wp-content/uploads/2019/10/26.png)
27. Verify both routing tables
In both cases, default route for IPv4 and IPv6 should be passed via Internet Gateway
![27 Verify route tables](https://www.radkowski.pro/wp-content/uploads/2019/10/27.png)
Test Area
28. Deploy first test EC2 instance
Deploy first test machine in public_1 subnet. Both public IPv4 and IPv6 will be assigned (based on subnet setting)
![28 Deploy 1st test machine](https://www.radkowski.pro/wp-content/uploads/2019/10/28.png)
29. Deploy second test EC2 instance
Deploy first test machine in public_2 subnet. Both public IPv4 and IPv6 will be assigned (based on subnet setting)
![30 Deploy test EC2](https://www.radkowski.pro/wp-content/uploads/2019/10/30.png)
30. EC2 Security Groups
Assign to both created test EC2 instances, previously configured security groups
![29 Assign security groups](https://www.radkowski.pro/wp-content/uploads/2019/10/29-1024x408.png)
31. Verify IPv4 and IPv6 address
Verify, if both IPv4 and IPv6 has been properly assigned to each instance
![32 Verify IP](https://www.radkowski.pro/wp-content/uploads/2019/10/32.png)
32. Check IPv6 conectivity (inside VPC)
Execute ping6 command from first to second test EC2 instance
![Internal ping6](https://www.radkowski.pro/wp-content/uploads/2019/10/35-1024x555.png)
33. Check IPv6 conectivity (AWS -> Internet)
Execute ping6 command from first EC2 instance to external address (www.google.com)
![36 AWS to Internet ping](https://www.radkowski.pro/wp-content/uploads/2019/10/36-1024x555.png)
34. Check IPv6 conectivity (Internet -> AWS)
Execute ping6 command from external location to EC2 instance
![37 Internet 2 AWS ping](https://www.radkowski.pro/wp-content/uploads/2019/10/37-1024x574.png)