Fundamentals of IPv6
Start course

In this course, we will review some of the internet protocol version 4 features of Amazon VPCs. Then you will be presented with internet protocol version 6, its notation and how to enable it for use with Amazon Virtual Private Clouds and EC2 Instances.

Learning Objectives

Discuss IPv4, IPv6 and how to configure it to be supported by Amazon VPCs and EC2 Instances.

Intended Audience

This course is intended for architects and system operators looking to benefit by using IPv6 addressing with AWS resources. This course also covers some of the objectives for both the solutions architect professional and the AWS Networking Specialty certifications. 


To get the most out of this course you will need to meet the requirements for any of the AWS associate level certifications or the equivalent experience.  

This course expects that you are familiar with the fundamentals of networking using AWS including Amazon Virtual Private Clouds, Public Subnets, Private Subnets, and IPv4 as used in EC2 Instances.  


Fundamentals of IPv6. Let's take a look at the IPv6 address space. IPv6 addresses are 128 bits long. This space provides a total of approximately  3.4 x 10^38 unique IP addresses. That’s a fairly large number of unique addresses  and it seems to be sufficient for a while. As the number of devices  and users  of the Internet continues to grow, it would be difficult  to imagine running out of IP address space again. The following is a quick comparison of the size of both IP spaces, IPv4 vs IPv6. Notice the significant difference in magnitude. The total number of possible IPv6 addresses is very difficult to say. However, what it means is that it's sufficiently large to mitigate the issues of IP address sufficiency.

One detail to note from this size comparison is that network address translation is no longer needed because IPv6 provides more than enough addresses to last. IPv6 addresses are written using eight groups of four hexadecimal digits separated by colons. For example, an IPv6 address can be written as shown. Notice they are very long, long to pronounce, tedious to actually follow through digit by digit. The syntax for IPv6 allows for the abbreviation of preceding zeros as well as abbreviating consecutive zeros by using a double colon sign, colon, colon. For the address above that we mentioned earlier, we can see the following as a possible abbreviation. Notice on the second digit, hexadecimal number from left to right, there was an abbreviation.

On account that the digit was 012d, we can eliminate the leading zero. Also, the eight zeros following that expression can be abbreviated using a double colon to end up with the abbreviation as shown. However, if an address has multiple zero fields as addressed in this case where you have sequences of zeros in different parts, you can only abbreviate the left most sequence of zeros. So, the following address has shown fully expanded can be abbreviated as listed below. However, trying to abbreviate a second time will result in an illegal IPv6 address of the form as shown below. You cannot use the double colon abbreviation twice. That's the bottom line. You can only use it once on the leftmost set of consecutive zeros. So, the notation and possible abbreviations for IPv6 are important to keep in mind because they are used extensively.

Also, IPv6 has no notion of subnet mask like IP before users. Instead, a classless inter-domain routing or CIDR notation is used as explained earlier. For example, a CIDR with suffix of slash 56, such as the one shown, is automatically assigned by AWS and you can assign it when defining a VPC to support IPv6. You don't get to choose your own IPv6 CIDR when enabling your VPC for AWS to auto assign. However, you can bring and use an IPv6 CIDR block already owned by your business. When creating a subnet, you get to specify CIDR from the same space as the VPC with the suffix slash 64 as shown. In the CIDR, you get to specify the last two hexadecimal digits of the address, as pointed out in the syntax on your screen.

The IPv6 addresses are globally unique addresses or GUAs; that means that they are globally reachable. So, they have the form of slash 64 as shown on your screen. It is important to note that with AWS, you can, as an option, associate an IPv6  CIDR block to your VPC and your subnets. You can then assign IPv6 addresses as needed to EC2 instances. In an IPv6 enabled VPC, all IPv6 addresses are considered public addresses. By default, AWS VPCs and EC2 instances use IPv4 addressing. The IPv6  CIDR assignment will configure your VPC in dual stack mode. This is because IPv6 was not made backwards compatible with IPv4. In dual stack mode, your resources around IPv4 and IPv6 at the same time.

So, my IPv4 an IPv6 address equivalents are as follows: For AWS EC2 instances metadata, the following IP addresses are used. IPv4 uses IPv6 used Fd00:ec2::254. This makes the EC2 instance Linux metadata URL as shown: []. That last forward slash is important because it is a reminder that you're dealing with a structure. Which directory hierarchy you will be shown after invoking this URL, perhaps using a tool like cURL. The IPv6 equivalent is http://[fd00:ec2::254]/test/meta-data/. So, these are equivalent.

For an EC2 instance, Linux metadata in IPv4 and IPv6. Now, the loopback address, which we know in IPv4 is, is written in IPv6 as ::1/128. The old address is CIDR which we use in IPv4 as in IPv6 has an equivalent of ::/0. Finally, despite IPv4 VPC is providing for both private and public IP addresses, IPv6 VPCs only use public IPv6 addresses. There is no distinction between public and private addressing with IPv6 in Amazon VPCs. There is a way to define a close equivalent to private IPv6 addressing that is worth mentioning. The idea of unique local IPv6 unit cast addresses or ULA addresses are the IPv6 equivalent of version 4 private addresses and are defined using a request for comments 4193. You see the link, you can examine it.

The approach described is to append 40 bits randomly to the IPv6 prefix of FD00::/8. This will provision /48 block that is very likely to be unique. The unique local IPv6 address provides 40 bits of randomness under prefix and this translates to a trillion unique /48 prefixes. The random choosing of the prefix makes it very unlikely to choose the same prefix as someone else. Even if that happens, issues can mostly arise if the two companies want to merge their networks which is even more unlikely than choosing the same random 40 bit prefix. Using a random generator will be a good idea to make sure that this uniqueness actually takes place. With this arrangement for private IPv6 addresses, the only requirement is to configure the block of addresses not to be routed on the public Internet. For what it's probably going to be a transition period, sometimes there will be a need to use both IPv6 and IPv4 addresses. Let's focus on how IPv6 is implemented by AWS for VPCs and EC2 instances.


About the Author
Jorge Negrón
AWS Content Architect

Experienced in architecture and delivery of cloud-based solutions, the development, and delivery of technical training, defining requirements, use cases, and validating architectures for results. Excellent leadership, communication, and presentation skills with attention to details. Hands-on administration/development experience with the ability to mentor and train current & emerging technologies, (Cloud, ML, IoT, Microservices, Big Data & Analytics).