AWS 終於支援 IPv6，目前只在新的 Region - Ohio (us-east-2) 可以使用。

在 IPv6 in the Cloud: Virtual Private Cloud Deep Dive (NET307), Slideshare 有詳細說明。整理一些筆記。

相關概念

• 在建立 VPC 時多了 IPv6 CIDR ，可以選擇 Amazon provided IPv6 CIDR block
• 建立 Subnet 時可以設定 IPv6 CIDR，但是 mask 是固定 /64
• IPv6 都是 public IP address，所以 EC2 將沒有 public / private 之分。
  • 進出封包管控都透過 Security Groups and Network ACLs
  • 多了一種新 Gateway: Egress-Only Internet Gateway (EGW) - 允許 outbound，但是禁止 income packets. 有點像是 NAT Gateway。
• NAT64: NAT64 is an IPv6 transition mechanism that facilitates communication between IPv6 and IPv4 hosts by using a form of network address translation (NAT)

相關 AWS Services

• EC2 / ENI / ENA
• VPC / Route Table / Subnet / VPC Flow Logs
• Security Groups / Network ACLs
• ELB / ALB
• Route53
• S3
• CloudFront
• WAF
• Direct Connect (DX)

延伸閱讀

系列文章

• Study Notes - Virtual Private Cloud (VPC)
• Study Notes - VPC - Security Groups and Network ACLs
• Study Notes - VPC Peering and Private DNS using Route53
• Study Notes - VPC - Inter-Region VPC Peering
• Study Notes - VPC FAQ
• Plan and Design Multiple VPCs in Different Regions
• From One to Many - Evolving VPC Design
• Migrate to AWS NAT Gateway
• Unknown ENI Delete Action in CloudTrial
• Study Notes - VPC IPv6 Support

參考資料

• AWS re:Invent 2016: NEW LAUNCH IPv6 in the Cloud: Virtual Private Cloud Deep Dive (NET307), Slideshare
• New – IPv6 Support for EC2 Instances in Virtual Private Clouds
• Now Open – AWS US East (Ohio) Region