Enabling IPv6 on AWS EC2: Setup and Troubleshooting
Dual-stack (IPv4+IPv6) often masks hidden IPv4 dependencies -- like fetching obscure Ubuntu PPAs or shipping logs to third-party services. Relying on IPv4 as a fallback hides problems until an outage occurs.
Dual-stack also doubles operational complexity: security groups, NACLs, WAF rules, and S3 policies must permit both IPv4 and IPv6. Going IPv6-only reduces complexity, improves security, and future-proofs infrastructure.
1. Why IPv6?
IPv4 exhaustion is real. New IPv4 addresses come at high cost or via NAT. IPv6 provides a vastly larger address space, eliminates the need for NAT in most cases, and is increasingly required by modern services and compliance standards.
2. Prerequisites
- AWS account with EC2 and networking permissions.
- An existing VPC (or willingness to create one).
- An Ubuntu EC2 instance.
3. Enable IPv6 in AWS Console
3.1 VPC Configuration
- Open VPC Dashboard > select the VPC.
- Actions > Edit CIDRs > Add an IPv6 CIDR block (Amazon-provided or BYOIP).
3.2 Subnet Configuration
- Select the subnet > Edit IPv6 CIDRs.
- Assign a /64 block from the VPC's IPv6 range.
- Enable "Auto-assign IPv6 address" for the subnet.
3.3 Route Table
- Add a route:
::/0pointing to the Internet Gateway (IGW).
4. Instance-Level Configuration
4.1 Assign IPv6 Address
- EC2 Console > Instance > Networking > Manage IP addresses > Assign new IPv6 address.
4.2 Verify Inside the Instance
ip -6 addr show
4.3 Check Kernel IPv6 Support
cat /proc/sys/net/ipv6/conf/all/disable_ipv6
Should output 0 (enabled).
4.4 Enable Router Advertisements
sysctl -w net.ipv6.conf.all.accept_ra=1
sysctl -w net.ipv6.conf.default.accept_ra=1
5. Configure Security for IPv6
5.1 Security Groups
- Inbound: ICMPv6 (ping), TCP 80/443
- Outbound: Allow
::/0
5.2 Network ACLs
- Inbound and outbound rules: allow all IPv6 (
::/0)
6. Troubleshooting IPv6 Issues
6.1 No IPv6 Address
Confirm the subnet has an IPv6 CIDR assigned and that auto-assignment is enabled.
6.2 Cannot Reach IPv6 Internet
ping6 2606:4700:4700::1111
If this fails, verify the route table has ::/0 pointing to the IGW, and check security group and NACL rules.
6.3 Kernel and RA Checks
cat /proc/sys/net/ipv6/conf/all/disable_ipv6
cat /proc/sys/net/ipv6/conf/eth0/accept_ra
Should output 0 and 1 respectively.
7. Testing IPv6 Functionality
7.1 Ping Test
ping6 -c 4 2606:4700:4700::1111
7.2 External IP Check
curl -6 https://ifconfig.co
7.3 Online Tools
- test-ipv6.com
- tools.keycdn.com/ipv6-ping
8. Final Recommendations
After enabling IPv6, we should monitor the environment, update security policies, and consider dual-stack only if needed for legacy support. For critical systems, professional DevOps services can ease management and ensure robust IPv6 operations.
Need help with this?
Our team handles this kind of work daily. Let us take care of your infrastructure.
Related Articles
The Ultimate Guide to Linux Server Management in 2025
A comprehensive guide to modern Linux server management covering automation, containerization, cloud integration, AI-driven operations, security best practices, and essential tooling for 2025.
Server & DevOpsFixing "421 Misdirected Request" for Plesk Sites on Ubuntu 22.04 After Apache Update
Resolve the 421 Misdirected Request error affecting all HTTPS sites on Plesk for Ubuntu 22.04 after an Apache update, caused by changed SNI requirements in the nginx-to-Apache proxy chain.
Server & DevOpsHow to Set Up GlusterFS on Ubuntu
A complete guide to setting up a distributed, replicated GlusterFS filesystem across multiple Ubuntu 22.04 nodes, including installation, volume creation, client mounting, maintenance, and troubleshooting.