Networking & Content Delivery
Announcing AWS Global Accelerator IPv6 support for Network Load Balancer (NLB) endpoints
AWS Global Accelerator now offers support for routing IPv6 traffic directly to dual-stack Network Load Balancer (NLB) endpoints. With this support, you can use dual-stack NLB endpoints behind dual-stack accelerators to achieve end-to-end IPv6 connectivity. In this post, we describe how you can set up a dual-stack accelerator with NLB endpoints, and review considerations for this new feature.
Global Accelerator is a networking service that improves your internet user performance and availability by sending traffic over the AWS global network infrastructure. With this launch, you can gain the benefits of using Global Accelerator with clients who use both IPv4 and IPv6 capabilities to communicate with your AWS applications on NLB endpoints.
Support for IPv6 traffic for NLB endpoints has benefits that address several challenges. First, IPv6 support allows you to route client IPv6 traffic through accelerators directly to dual-stack NLB endpoints. This eliminates the manual effort to manage an IPv6 to IPv4 translation layer before traffic reaches Global Accelerator, or the need to split IPv4 and IPv6 traffic between Global Accelerator and another application delivery mechanism.
Moreover, in scenarios with regulatory rules and government mandates, you can accommodate specific internet traffic natively over IPv6.
When you use a dual-stack accelerator, you receive two static IPv6 addresses, in addition to two static IPv4 addresses. You can use the IPv6 addresses to route IPv6 traffic to dual-stack NLB, Amazon Elastic Compute Cloud (Amazon EC2) instance, or Application Load Balancer (ALB) endpoints. Support for IPv6 traffic with dual-stack accelerators comes at no extra cost to customers.
Getting started
You can set up a dual-stack accelerator with NLB endpoints in one of two ways:
- Create a new accelerator
- Update an existing accelerator
Let’s look at step-by-step configuration examples for each of these methods.
Create a new dual-stack accelerator with an NLB endpoint
To create a new accelerator:
1. Open the Global Accelerator console home page.
2. Choose Create accelerator.
3. For Accelerator name, enter a name, for example: myNLB-IPV6accelerator
.
4. For Accelerator type, select Standard
.
5. For IP address type, select DUAL-STACK
.
6. Choose Next.
Figure 1: Global Accelerator dual-stack basic configuration
7. On the Add listeners page, do the following:
a. For Ports, enter 80
.
b. For Protocol, select TCP
.
c. Choose Next.
Figure 2: Configuration page for listeners
8. On the Add endpoint groups page, do the following:
a. For Region, select us-west-2
. Or, you can choose a different supported AWS Region.
b. Choose Next.
Figure 3: Configuration page for endpoint groups
9. On the Add endpoints page, do the following:
a. For Endpoint type, select Network Load Balancer
.
b. For Endpoint, select a dual-stack NLB that you want to add as an endpoint behind your accelerator.
c. To add another NLB as an endpoint, choose Add endpoint.
Note that you must configure a dual-stack NLB before you create a dual-stack accelerator. Global Accelerator only provides a list of the dual-stack resources currently available to add as endpoints, as shown in the following figure.
Figure 4: Configuration page for endpoints
10. Choose Create accelerator.
Global Accelerator returns you to the main Global Accelerator console page while your new accelerator is being created. You can see the status of each accelerator on this page. When the status is Deployed
, your accelerator is ready to use.
To see more details about an accelerator, select the accelerator name, for example, myNLB-IPV6accelerator
. The Accelerator details page provides more information about each accelerator. There are a few key differences between an IPv4 accelerator and a dual-stack accelerator, as shown in the following figure:
– A dual-stack accelerator has two static IPv4 addresses and two static IPv6 addresses
– The Fully Qualified Domain Name (FQDN) of the accelerator has both A and AAAA records
Figure 5: Accelerator details page in the console
Updating an existing accelerator to add NLB endpoints
If you already have an IPv4-only accelerator, then you can update it to dual-stack from the Global Accelerator console.
1. Open the Global Accelerator console home page.
2. Select an accelerator, and then choose Edit.
3. On the Edit accelerator page, for IP address type, choose DUAL-STACK
.
4. Choose Save changes.
Note that you can only update an accelerator to dual-stack if all endpoints behind the accelerator are dual-stack. Alternatively, you can use AWS CloudFormation or the AWS Command Line Interface (AWS CLI) to update an accelerator to dual-stack.
When you save your update, the Provisioning status for the accelerator, on the Accelerator details page, is In progress
. After the update is complete, global static IPv6 addresses for the accelerator are available. The accelerator’s global IP addresses are listed on the details page.
As mentioned earlier, you can only update an accelerator to dual-stack if all the endpoints behind the accelerator are dual-stack. The following table shows the endpoint type configurations that can and can’t be updated to dual-stack.
Endpoint type | Support for upgrade |
Dual-stack | Yes |
Mixed (Dual-stack + IPv4 only) | No |
IPv4 only | No |
Table 1: Endpoint type configurations that support an upgrade workflow for dual-stack accelerators.
End-to-end IPv6 connectivity
You can achieve end-to-end IPv6 connectivity by using Global Accelerator, NLBs, and target groups such as ALB and AWS Lambda functions with resources configured with IPv6 addresses.
However, if you are currently using a dual-stack NLB that has a target group with resources that have IPv4-only addresses, and you don’t want to enable IPv6 on those resources, then you have another option for end-to-end IPv6 connectivity. Instead of enabling IP6 for the target resources, you can run IPv6 to the NLB, and then perform NAT64 from the NLB to the targets.
Figure 6: IPv4 and IPv6 connectivity with IPv4-only targets
The preceding diagram shows, at a high level, how you can serve both IPv6 and IPv4 traffic without modifying the resources in your target group that are running IPv4-only addresses.
1. IPv4 traffic from client1 reaches Global Accelerator.
2. Global Accelerator routes IPv4 traffic to NLB.
3. NLB routes IPv4 traffic to IPv4 based EC2 instances in auto scaling group.
Similarly,
4. IPv6 traffic from client2 reaches Global Accelerator.
5. Global Accelerator routes IPv6 traffic to NLB.
6. Perform NAT64 on NLB.
7. NLB routes IPv4 traffic to same IPv4 based EC2 instances.
Conclusion
In this post, you learned about the benefits of IPv6 support for NLB endpoints behind accelerators in Global Accelerator, and also how to set them up, step-by-step, using the AWS Management Console. With this launch, you can now use Global Accelerator to route IPv6 traffic directly to dual-stack NLBs, ALBs, and EC2 instance endpoints. There is no additional cost for using dual-stack accelerators. You can get started and learn more about Global Accelerator by visiting the AWS Global Accelerator guide.