Networking & Content Delivery

Amazon CloudFront now supports IPv6 origins for end-to-end IPv6 delivery

IPv6 adoption continues to accelerate worldwide as organizations move beyond the limitations of IPv4 address space. At Amazon Web Services (AWS), we’ve long supported IPv6 from end users to our Amazon CloudFront network, helping end users reduce latency, improve performance, and reach on modern mobile networks. Now, we are excited to take it a step further. Starting today, CloudFront now supports IPv6 connectivity from edge to origin – enabling a truly end-to-end IPv6 delivery path. This enables end users to use CloudFront as an IPv6 and IPv4 dual-stack internet gateway for their web applications to provide content acceleration.

Why this matters?

IPv6 is the underlying transport protocol for most modern mobile networks and an increasing share of broadband traffic. Enabling IPv6 all the way to the origin allows you to maintain protocol consistency across the delivery chain, reduce operational overhead from dual-stack complexities, and gain more deterministic, observable, and performant traffic flows. For CloudFront end users, these advantages translate directly into faster page loads, more stable streaming, and a delivery architecture that continues to perform as IPv4 resources diminish.

IPv6 benefits for CloudFront-powered applications

CloudFront now supports origins over IPv6, thus you can enable end-to-end IPv6 connectivity – from the end user all the way to your origin server. This unlocks a range of technical and operational benefits over traditional IPv4-based delivery.

1. Eliminates NAT overhead and improves performance
IPv4 networks rely heavily on Network Address Translation (NAT), especially Carrier-Grade NAT used by ISPs and mobile operators. These NAT layers introduce connection setup delays, limit port availability, and can cause packet drops. IPv6 removes the need for NAT, allowing direct end-to-end connections between end users, CloudFront, and origins. The result is lower latency, faster page loads, and better user experience – particularly in mobile-first markets where IPv6 adoption is highest.

2. More efficient packet processing
IPv6 introduces a simplified, fixed-length header and Extension Headers for optional control information. This makes packet parsing and forwarding more efficient for routers, firewalls, load balancers, and CloudFront nodes. IPv6 reduces per-packet processing overhead and eliminates ambiguity during packet forwarding or inspection, especially in systems performing deep packet inspection or traffic shaping. Unlike IPv4, which allows in-path fragmentation by routers, IPv6 delegates fragmentation responsibility entirely to the source host. This architectural constraint improves transmission performance by reducing retransmissions and maintaining optimal segment sizing throughout the transport path. As a result, IPv6 enables more stable and performant TCP connections, particularly across long-haul or high-latency links between CloudFront and the origin. This is done by reducing retransmissions and maintaining optimal segment sizing throughout the transport path.

3. Predictable transmission and congestion control
IPv6 enforces end-to-end Path MTU Discovery (PMTUD), delegating fragmentation responsibility entirely to the source host. This architectural constraint improves transmission predictability and minimizes the risk of dropped or fragmented packets due to MTU mismatches. IPv6 improves TCP stability and throughput – especially over long-haul or high-latency paths between CloudFront and non-AWS origins. This is done by minimizing retransmissions and preserving optimal segment sizes end-to-end. For AWS origins, similar gains are achieved today through the AWS backbone network such as jumbo frame support. Enabling jumbo frames between the AWS edge location and the application endpoint in the AWS Region allows CloudFront to send and receive larger payload in each packet. Jumbo frame support cuts down the total time needed to transmit data between end users and your application.

4. Higher connection scalability
In IPv4, NAT reduces the number of available source ports per Origin IP address, which limits the number of concurrent connections that a CloudFront node can establish with the origin. This constraint could become problematic in high-traffic environments where thousands of simultaneous requests must be handled efficiently. This capability is particularly beneficial when using protocols such as HTTP/2, where multiplexing multiple streams over a single connection and reusing connections are essential for maximizing performance and minimizing latency.

Getting started

Starting today, you can configure origins associated with your CloudFront distribution to use IPv6. The new feature allows you to choose between IPv4 (default), IPv6, or dual stack (IPv4 and IPv6). For your existing origins, CloudFront continues to use IPv4. When using dual-stack, CloudFront will automatically choose between IPv4 and IPv6 IP addresses to ensure even distribution of traffic towards origin over both.

You can use the CloudFront console or CloudFront API to create or update CloudFront distribution to configure IPv6 connectivity to your origin. In this post, we walk you through creating an origin with IPv6 support and explore best practices for safely enabling IPv6 on existing origins. Before you begin, make sure that your origin supports IPv6 or dual-stack connectivity. This could be a custom origin or an AWS service with IPv6 support, such as Elastic Load Balancers, Amazon API Gateway, or AWS Lambda function URLs.

Creating a new CloudFront distribution with IPv6 origin

In the CloudFront console, choose the option to create a CloudFront distribution.

Step 1: Get started
Enter the distribution name and enter other optional parameters before choosing Next to go to Step 2.

Initialize your CloudFront distribution

Step 2: Specify origin
In Step 2, choose the origin type and enter origin information. To configure IPv6, choose customize origin settings in the Settings panel.

Configure your CloudFront origin

Choose IPv6 or Dualstack for the Origin IP Address type setting and choose Next.

Origin IP Address type setting

Step 3: Enable security
You can choose to enable AWS WAF to protect your application, and choose Next.
Attach AWS WAF to CloudFront distribution

Step 4: Review and create
Review and choose the Create distribution button to create a distribution.

Confirm CloudFront settings and deploy

Adding a new IPv6 origin to an existing CloudFront distribution
To add a new IPv6 origin to an existing CloudFront distribution, open the Distribution settings by choosing the distribution and choose the Origins tab to Create origin.

Attach IPv6 origin to CloudFront distribution

Expand Additional settings and choose IPv6 or the Dualstack option under the Origin IP Address type to enable IPv6 connectivity to your origin. When you create the origin, add or update behaviors to point to your new origin.

Expand additional settings

Enabling IPv6 for the existing origin 
You can use CloudFront continuous deployment to safely migrate changes to origin settings. CloudFront continuous deployment allows you to safely test the changes by using the deployment policy to route requests to the staging distribution, as well as validate and promote changes. For more details on this approach, refer to the CloudFront documentation.

Setting up Dualstack origin

Validation of IPv6 connection to origin
Use metrics or application logs to validate the IPv6 traffic at the origin. In this case we used Application Load Balancer (ALB) as the origin and used the IPv6 Requests metric to validate.

Monitor IPv6 origin traffic

Conclusion

As IPv6 adoption grows across mobile and global networks, enabling end-to-end IPv6—from end users to Amazon CloudFront to origin—unlocks performance and architectural advantages that IPv4 cannot match. It eliminates NAT overhead, improves routing and flow visibility, and streamlines packet processing through fixed headers and reliable Path MTU discovery. Although CloudFront optimizes for both IPv4 and IPv6, the benefits of IPv6 are most pronounced in the first and last miles of delivery. Embracing IPv6 end-to-end sets the foundation for scalable, high-performance, and future-ready content delivery.

Enabling IPv6 end-to-end on Amazon CloudFront is no longer optional – it’s a foundational step to unlock lower latency, greater resilience, and future-proof scalability. If you haven’t already, turn on IPv6 support in your CloudFront distribution today.

Sagar Desarda

Sagar Desarda is the Head of the Technical Account Manager (TAM) and Business Development (BD) organizations for Data, Analytics, and Gen AI ISVs. Sagar’s teams partner with customers to optimize their AWS architecture, ensure seamless operation of their business-critical applications, accelerate adoption, and drive go-to-market success across North America. Additionally, Sagar serves as the AMER leader for the Edge Networking Services Specialist team, where he drives new business growth, fosters technical engagements, and authors customer-facing publications.

 

Ravi Avula

Ravi is Senior Solutions Architect in AWS focusing on Enterprise Architecture. He has 20 years of experience in software engineering and held several leadership roles in software engineering and software architecture working in payments industry.