Hacker News new | past | comments | ask | show | jobs | submit login

The last time I tried to set up IPv6 with my VPC, it was an absolute nightmare. Maybe I'm not devops-y enough, who knows. But all three of my earnest efforts to use IPv6 have gone pretty badly.

Has anyone successfully used AWS's IPv6 offerings to stand up a VPC/ECS/ALB/RDS using secure best practices without friction? What tutorials did you follow? I'm all ears.




Not every service supports IPv6. Some big ones are APIGW and Lambda.

For RDS, you have to set up your instance as dual stack explicitly even if you’re deploying it into an IPv6 subnet.


whoa! really APIGW and lambda are not ipv6 compatible ?

i was planning to deploy an internal developer platform (think local PAAS) using lambdas behind an api gateway. no ipv6 there ?


TBH, not supporting IPv6 in this day and age is just unconscionable.


not when comparatively nobody uses it


All US mobile ISPs (which are 100% IPv6 and use NAT64 to access v4-only servers!) are “nobody” to you?

Many fixed-line ISPs also only provide v4 over DS-lite or similar, these days.


There's no incentive to use it when IPv4 is free. There are two main ways for network providers to move the needle, assuming that they actually offer IPv6 as an alternative:

(1) charge for IPv4

(2) move IPv4 behind CGNAT


Lambda does support private IPv4 networks though.


This explains a lot. I wanted to be a good citizen and use IPv6 exclusively internally and keep IPv4 at the edge, then I found I couldn’t create a database without a bunch of IPv4 settings I hadn’t configured.


The tools and tutorials are not optimized for ipv6 only workflow.

Guess they will improve soon as amazon start charging


I think so as well. When M1 Macs started pushing ARM chips out there were growing pains, but most of the ecosystem adapted fairly quickly.


Incentive are the opposite, surely. The harder it is to use v6, the more people will pay to stick to v4.


I think this is probably the main issue, too complex to set up on the server. But I agree with what AWS is doing.

For example, when I do an ifconfig, I get 3 ip6 addresses but 1 ip4 address.

'?' indicates a unique value, 'x' means values match between the IP addresses. That alone indicates the complexity of ip6 on setting up the server.

inet6 ????::????:????:????:???? prefixlen 64 scopeid 0x20<link>

inet6 xxxx:xxx:xxxx:xxxx::???? prefixlen 128 scopeid 0x0<global>

inet6 xxxx:xxx:xxxx:xxxx:????:????:????:???? prefixlen 64 scopeid 0x0<global>


My IPv4 server has 127.0.0.1/8, 10.64.78.37/32, 172.17.2.1/16, and a public IP hidden somewhere. The 172/12 networks I see are usually Docker doing Docker things but I'm still left dealing with three different IP addresses.

Not that it matters much, because they all just appeared on the right interfaces and started working.

You may need to know some basic things about IPv6 for your firewall ("fe* means local link") but the same is true for IPv4 ("10.* means local network"). I think they're equally difficult to manage, but I can understand how daunting it may look to someone whose been taught networking by outdated textbooks lacking IPv6 like so many other people.


Why is this even relevant in AWS?


I am showing why I think setting up an IP6 server is harder than IP4. With IP4 I get 1 IP address, IP6 I get 3


When do you deal with ip addresses at all in AWS?




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: