Enabling IPv6 on Amazon EC2

by Tiago Macedo

In preparation for the World IPv6 Launch Day we decided to make all portals powered by 3scale available over IPv6.

Luckily, Amazon Web Services - where we host most of our infrastructure - has enabled IPv6 support in their Elastic Load Balancers (unfortunately not available for all regions yet) which allowed us to overcome the limitation that EC2 instances are not available over IPv6.

Using these is quite straightforward: all you need to do is create a new Elastic Load Balancer, point it at your servers (using SSL if desired), copy the dualstack (both IPv4 and IPv6) DNS public name and add a new CNAME from your domain.

So far, so good:

The Zone Apex

The troubles arise when you have to deal with the Zone Apex, also called the root domain, in our case: 3scale.net. Due to restrictions imposed by the DNS RFC, a CNAME cannot co-exist with other DNS records and since for your root domain you’ll need at least SOA and NS records (and most likely MX) this approach will not work.

Amazon itself provides a solution for this problem but only if you’re using Route 53, their hosted DNS service. Using Route 53 you can map your Elastic Load Balancer to the Apex of your domain and they will reply with a valid A (IPv4) or AAAA (IPv6) record. However, if you’re using a different DNS provider you can’t use this.

A recommended solution would be to configure an HTTP redirect (which most DNS providers support) from your Apex to a domain containing the CNAME. For example, an HTTP redirect from 3scale.net to www.3scale.net. Unfortunately, while our DNS provider supports this, this service is only offered in IPv4.

In the end, we solved this problem using Rackspace where we host some of our infrastructure. Using their Cloud Load Balancers service, we created an IPv6 load balancer pointing back to our Amazon nodes, which simply does HTTP redirects to www.3scale.net and added the IP of that load balancer to our Apex as an AAAA record. The biggest advantage of Rackspace’s offering over Amazon’s is that their load balancers have a stable IP (instead of a CNAME) and they can load balance traffic between IPs instead of instances hosted by themselves (like Amazon does).

So if you hit 3scale.net from an IPv6 capable browser, this is what you’ll get:

Hopefully, vendor support will improve and by next year a bigger chunk of the internet traffic will be over IPv6.

Published: June 29 2012

  • category:
blog comments powered by Disqus