Re: AWS and IPv6

["Oliver O'Boyle" <oliver.oboyle () gmail com>]

On Sun., Nov. 28, 2021, 17:13 William Herrin, <bill () herrin us> wrote:

> On Sun, Nov 28, 2021 at 1:18 PM Karl Auer <kauer () biplane com au> wrote:
> > On Sun, 2021-11-28 at 12:53 -0800, Michael Thomas wrote:
> > > I was reading their howto yesterday and it seems they are only
> > > allocating a /64? Why?
> >
> > That's a /64 *per subnet*...
> >
> > But the size of a VPC's IPv6 CIDR block does seem to be fixed at /56.
> > Would have been nice to see /48 instead.
>
> Hi Karl,
>
> To what purpose? You can't alter the VPC routing of any of the IP
> addresses (v4 or v6) assigned to an AWS VPC. If you try, for example,
> to assign a /64 to an instance you get a funky error: "Route
> destination doesn't match any subnet CIDR blocks." You can only assign
> the block's IP addresses to subnets or not and then assign addresses
> from the subnet to the instances. You can't have more than 256 subnets
> in a VPC so why would you need more than a /56 of IPv6 addresses?

Agreed, those limits align and are reasonable. If you BYO, then you can
bring up to 5 /48's per account, but only use one per region. The limit of
a /56 per VPC remains, but you can create multiple VPCs per region and most
companies use multiple accounts. There are some other limitations but some
of these may change over time:


   -

   The most specific IPv6 address range that you can bring is /48 for CIDRs
   that are publicly advertised, and /56 for CIDRs that are not publicly
   advertised
   <https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-byoip.html#byoip-provision-non-public>
   .
   -

   You can bring each address range to one Region at a time.
   -

   You can bring a total of five IPv4 and IPv6 address ranges per Region to
   your AWS account.
   -

   You cannot share your IP address range with other accounts using AWS
   Resource Access Manager (AWS RAM).


Regards,
> Bill Herrin
>
> --
> William Herrin
> bill () herrin us
> https://bill.herrin.us/



>