We've added three new features to EC2's Elastic Load Balancing feature:
- IPv6 Support - All Elastic Load Balancers in the US East (Northern Virginia) and EU (Ireland) regions now have publicly routable IPv6 addresses in addition to their existing IPv4 addresses.
- Zone Apex Support - You can now point the root or apex of your Route 53 hosted zone to your Elastic Load Balancer.
- EC2 Security Group Support - You can now configure an EC2 Security Group for your application instances such that they accept traffic only from an Elastic Load Balancer.
Here's the scoop:
IPv6 Support
You've probably read some panic-inducing articles about the fact that the Internet is running out of IP addresses! In order to support the continued growth in the number of devices connected to the Internet, it will soon become necessary to use a new version of the IP protocol, commonly known as IPv6. This version of the protocol raises the theoretical limit on the number of devices to an incredible 2128, and also lays the groundwork for other capabilities in the future.
The migration from IPv4 to IPv6 is now underway across the globe. This migration creates many technical and challenges for all concerned. We're providing this new support in order to allow you to test your systems on World IPv6 day (June 8, 2011).
IPv6 support is available in the US East (Northern Virginia) and EU (Ireland) regions to start.
If you currently use a CNAME to map your domain name to your Elastic Load Balancer, you can use one of two new domain names for your Elastic Load Balancer. The ipv6 DNS name will resolve to an AAAA record and can be used to test an IPv6 client. The dualstack name will return both A and AAAA records and can be used when some clients speak IPv4 and others speak IPv6.
If you use Route 53 to handle your DNS needs, you can create the appropriate alias records from your DNS name to the Elastic Load Balancer to support IPv4, IPv6, or both.
Your application can check the X-Forwarded-For header to see if it has been accessed by way of an IPv6 address.
Zone Apex Support
As described in my post on new Route 53 features, you can now map the root or apex of your hosted zone to your Elastic Load Balancer. You can now host a web site using an Elastic Load Balancer at http://example.com just as easily as you can have one at http://www.example.com .
EC2 Security Group Support
You can now configure EC2 instances sitting behind an Elastic Load Balancer to receive traffic only from the Load Balancer by using a special Security Group associated with the Elastic Load Balancer. To do this, you call the DescribeLoadBalancers API to get the name of the Security Group, and then include that group in the group list when you subsequently launch some EC2 instances. The name of the Security Group can also be obtained from the load balancer details pane in the AWS Management Console.
These features were motivated, in part, by requests from our customers. We love to get feedback. Please feel free to post yours to the appropriate AWS forum or as a comment to this post.
-- Jeff;
IPv6 support is cool to see. When will the instances themselves get an IPv6 address? We (http://blitz.io) use EC2 to deploy our load-generation engines across all available regions. While the engines are already IPv6 compatible and ready, we can't quite enable this yet. Any ETA on this? Would love to load test an IPv6-ready app before the World IPv6 day (hint, hint!). :)
Posted by: pcapr | May 24, 2011 at 08:09 PM
Can you get ipv6 addresses for EC2 machines as well? For elastic IPs?
Posted by: Josh | May 25, 2011 at 12:09 AM
Excellent news!
Posted by: Phellmon | May 25, 2011 at 01:28 AM
Released support for zone apex today - http://blog.ylastic.com/alias-resource-record-sets-with-route53
Posted by: Pchaganti | May 26, 2011 at 07:24 AM
Great!
But I'd like to ask if there are any plans to support IPv6 ELB in AP North East(Tokyo) ?
In Japan, NTT (a biggest telecom and network carrier company in Japan) has already announced they will starts full-scale IPv4/IPv6 dual stack service for consumer on this June. Over 10 major ISPs are ready to start the dual stack service on the NTT's IPv6 enabled network.
I believe many AP North East users wants IPv6 ELB.
Posted by: Takao | May 26, 2011 at 11:04 AM
Is expected IPv6 support for CloudFront?
Posted by: dodo | May 30, 2011 at 02:23 AM
Hi!
When we will see Elastic Load Balancing with VPC instances?
Posted by: Guna Santos | May 31, 2011 at 10:27 AM
Cool stuff, except it's practically impossible to set up...
I've spent hours trying to upload the right key files or the right key formats and it seems there are at least half a dozen posts on your forums of users trying to do the exact same thing without any success.
Maybe clear documentation on how we're supposed to set this up would help
Posted by: Zed | June 05, 2011 at 09:08 AM
FYI - I took advantage of the Load Balancer's security group to restrict port 80 access to instances in my AWS beanstalk environment. The security works great, but it breaks beanstalk's monitoring service, so beanstalk goes into a loop where it decides an instance is unhealthy after 10 pings fail ("Failed to retrieve status of instance ..." event), kills the instance, starts a new one, 10 pings fail, kill, start another, ...
https://forums.aws.amazon.com/thread.jspa?messageID=257311
Cheers,
Reuben
Posted by: Reuben | June 24, 2011 at 10:46 AM
Great News. Are there are any plans to support IPv6 ELB in APAC region?
Posted by: Shravan | August 23, 2011 at 12:08 AM
I'd like to hear some feedback on when IPv6 will be available for EC2 machines. This was brought up in May but there hasn't been a response.
Posted by: Mgifford | November 14, 2011 at 07:33 AM
Tried to add the Load balancer security group to the EC2 security policies using the Web interface - Didn't like the load balancer's security group - says it is invalid.
I assume that this can only be done through the api?
Would be nice to have it work through the web interface.
Posted by: Michael K | May 09, 2012 at 09:22 AM