Introducing AWS Global Accelerator IPv6

We are excited to announce the availability of Internet Protocol Version 6 (IPv6) support for AWS Global Accelerator. IPv6 is a version of the Internet Protocol that uses a larger address space (128 bits). Moreover, it allows more IP addresses than its predecessor IPv4 (32 bits). IPv6 support lets you meet the requirements for IPv6 adoption that is set by governments, as well as remove the need for IPv6 to IPv4 translation software. Starting today, you can use Global Accelerator to serve end-users connecting via both IPv4 and IPv6. Furthermore, this can be done while taking advantage of the availability, performance, and security benefits of Global Accelerator.

Global Accelerator is a networking service that improves your internet user performance and availability by using the AWS global network infrastructure. Global Accelerator’s automatic routing optimizations help keep your packet loss, jitter, and latency consistently low. Today, standard accelerators automatically route traffic to a healthy endpoint that is nearest to your user. This works for various use cases, such as A/B testing, blue-green deployments, API acceleration, and live video ingest.

Until today, Global Accelerator provided two static anycast IPv4 addresses for each accelerator. Customers could only serve IPv4 traffic through Global Accelerator to their application endpoints running in AWS Regions. The depletion of IPv4 addresses meant that IPv6 adoption among Internet networks has been increasing consistently over the last few years. This is especially true among mobile networks. Our customers want to improve the network performance for users connecting over these IPv6 networks. There are three major reasons to move to IPv6:

• You’re limited in scaling your public facing applications servers due to the limited availability of IPv4 IP addresses.
• You want to support your IPv6 users from mobile networks, as well as provide them with improved network performance without having to manage IPv6 to IPv4 translation.
• You must comply with regulatory compliance, such as the Federal Acquisition Requirement in the US, to run specific internet traffic over IPv6.

Starting today, you can route your IPv6 traffic through Global Accelerator to your Application Load Balancer endpoints running in AWS Regions. Global Accelerator now supports two types of accelerators – Dual-stack and IPv4-only. A Dual-stack accelerator means you’re provided with a pair of IPv4 and IPv6 global static anycast IP addresses that can serve both IPv4 and IPv6 traffic. No additional fees exist for using Dual-stack accelerators. The accelerator pricing remains the same as before. In this post, you will learn how to begin creating a Dual-stack Global Accelerator to route traffic to your applications in AWS Regions.

Getting started

There are two approaches to getting started with Global Accelerator using the dual stack configuration:

• Creating a new Global Accelerator instance and setting up the Dual-stack accelerator.
• Updating an existing standard IPv4 accelerator to dual stack accelerator to start receiving IPv6 traffic.

Creating a new Global Accelerator

As of today, when configuring a new standard accelerator, you can now choose a type in the IP address type. When choosing Dual-stack. to create new Dual-stack Global Accelerator:

1. On the Enter name page
   1. Navigate to AWS Global Accelerator Console
   2. Choose Create accelerator
   3. For Accelerator name, enter MyDualStackAccelerator
   4. For Accelerator type, leave Standard selected
   5. For IP address type, from the drop-down, choose Dual-stack
   6. Choose Next
      Figure 1: Global Accelerator Dual-stack configuration
2. On the Add listeners page
   1. For Ports, enter 80
   2. For Protocol, from the drop-down, choose TCP
   3. Choose Next
      
3. On the Add endpoint groups page
   1. For Region, from the drop-down, choose us-west-2. Optionally, you can choose another supported region.
   2. Choose Next
4. On the Add endpoints page
   1. Choose Create accelerator

Back on the main Global Accelerator Console page, you can now see your new accelerator. To see more details about your new accelerator, select the accelerator name myFirstDualStack. On the details page, you will notice few differences between an IPv4 only and a Dual-stack Global Accelerator, as shown in the following figure.

Figure 2: Dual-stack Global Accelerator configuration overview

• For Static IP address set, you can now see two IPv4 and also two IPv6 addresses.
• For DNS name, you have an IPv4 only DNS, as you do with IPv4 Global Accelerator.
• For Dual-stack DNS name, you now have a DNS name that returns IPv4 and IPv6 addresses, depending on the DNS lookup query.

Having two DNS names, one for IPv4 only and the other for Dual-stack, lets you control when you start shifting to IPv6 traffic, if you don’t want to immediately send traffic to your IPv6 endpoints via DNS. To test out the Dual-stack DNS, use the Linux nslookup program to query Internet domain name servers for your Global Accelerator. Open your Linux/Unix terminal, and then run the following CLI command:

$ nslookup <your Dual-stack DNS name>

In this case, you made an IPv4 DNS query request. You should see two IPv4 addresses in the response. Now, let’s make an IPv6 DNS query request. Run the following CLI command:

$ nslookup -query=AAAA <your Dual-stack DNS name>

$ curl -v -4 <YOUR-GLOBAL-ACCELERATOR-DUAL-STACK-DNS>

* Rebuilt URL to: <YOUR-GLOBAL-ACCELERATOR-DUAL-STACK-DNS>/
*   Trying 192.0.2.10...
* TCP_NODELAY set
* Connected to <YOUR-GLOBAL-ACCELERATOR-DUAL-STACK-DNS> (192.0.2.10) port 80 (#0)> GET / HTTP/1.1
> Host: <YOUR-GLOBAL-ACCELERATOR-DUAL-STACK-DNS> User-Agent: curl/7.58.0
> Accept: */*
>< HTTP/1.1 200 OK
< Server: awselb/2.0
< Date: Thu, 13 Jan 2022 23:14:48 GMT
< Content-Type: text/html
< Content-Length: 18< Connection: keep-alive
<* Connection #0 to host <YOUR-GLOBAL-ACCELERATOR-DUAL-STACK-DNS> left intact
Hello from Lambda!

In your response, notice the following lines:

• Trying followed by an IP address is the IP address that the DNS request was revolved to, and it was the IP address used to make the HTTP request
• Hello from Lambda!, is the response from Lambda indicating a successful request

Let’s do the same test, but this time we’ll make the HTTP request using the IPv6 address. To do this, instead of the -4 option, you will replace it with the following:

• -6, This option tells cURL to resolve names to IPv6 addresses only, and not try IPv4.

In your session window, using Systems Manager, issue the following cURL command to make the request using IPv6 address:

$ curl -v -6 <YOUR-GLOBAL-ACCELERATOR-DUAL-STACK-DNS>

This time, observe that the Trying line in the request has an IPv6 address which was used to make the HTTP request. Moreover, you should see it has a response from the Lambda, which confirms a successful request using an IPv6 address.

Using Amazon CloudWatch with Global Accelerator Dual-stack

Global Accelerator Dual-stack now lets you access Amazon CloudWatch metrics with a global IP dimension, which signals the IP address type (IPv4 or IPv6). That means that all of the metrics available for IPv4 address are now separately available for the IPv6 address. For example, the following figure shows a graph using the NewFlowCount metric, which explicitly shows the IPv4 and IPv6 request volume.

Figure 4: CloudWatch IPv4 and IPv6 metrics from Dual-stack Global Accelerator

Each request volume is shown separately for each IP – two for the IPv4 and two for IPv6 addresses. To learn more about how to use CloudWatch with Global Accelerator, see Using Amazon CloudWatch with AWS Global Accelerator.

Clean up

To avoid incurring future charges, make sure to delete the CloudFormation stack that you created once you’re done testing. For more details on how to delete a CloudFormation stack, see Deleting a stack on the AWS CloudFormation console.

Conclusion

In this post, you learned about common use cases and the advantages of using IPv6 protocol, as well as the general availability of IPv6 support in AWS Global Accelerator. Then, you learned how to get started and create a new Dual-stack Global Accelerator, in addition to how to modify an existing IPv4 only to Dual-stack. Lastly, you deployed an environment with an end-to-end IPv6 support where Dual-stack Global Accelerator forwarded a request to the ELB over IPv4 and IPv6 protocols. You tested and validated the functionality by making an HTTP request using the cURL tool and passing options to make sure that cURL resolved the Global Accelerator’s Dual-stack DNS name to IPv4 and IPv6, for each of the test cases.

About the authors