Standard AWS EC2 virtual machine instances do not support nested-KVM, so do not use these.
You will need to use the x86_64 "bare metal" instance types, such as
c5n.metal. These are expensive, typically $93-$143 per day depending on
the geographic region, but massively powerful (e.g. 72 cores) and run the
emulation amazingly quickly. We have used them in live workshops
Being real servers, they take about 5 minutes to boot. EBS is supported for the instance storage.
Do not select the ARM/Graviton-based metal servers, such as
AWS has full support for IPv6. Enabling it allows students to access the platform over IPv6, which may work better than IPv4 in areas of the world which are heavily NAT'd. It also allows the lab VMs to make outbound IPv6 access, such as traceroute6.
Go to service "VPC" and select your VPC.
Select Actions > Edit CIDRs
Click on "Add new IPv6 CIDR"
Leave radio button "Amazon-provided IPv6 CIDR block" selected, and click "Select CIDR"
This will assign a /56 block of IPv6 space to your VPC.
Still in service "VPC", select "Subnets". Normally this will show three subnets, one for each availability zone in the region.
You now need to do the follow set of steps for each subnet in turn.
Check one subnet, and then select Actions > Edit IPv6 CIDRs
Click the button "Add IPv6 CIDR"
This will show your prefix with a box where you can enter two hex digits for the 8 bits of the prefix that you can set, between 00 and ff.
If this is the first subnet, enter 00 (if it's the second subnet, enter 01 etc). Click Save.
When you have completed all the subnets, it should look like this:
Configure routing table
Still in service "VPC", select "Routing tables"
You should have one routing table selected. Click "Edit routes", add a
new route to
::/0, and select your internet gateway (igw-XXXX) as the
target from the dropdown.
Click "Save routes"
If you have any existing EC2 instancs, you can add IPv6 addresses for them, even while they are running.
Go to service "EC2" and select "Instances"
Select one instance, then using the multi-level menu select Actions > Networking > Manage IP addresses
Under IPv6 addresses, click button "Assign new IP address"
An IPv6 address box will appear - leave it blank, commented "Auto-assign"
Click Save. You will get a confirmation box:
When you've done this for all instances, click the refresh button in the instance list, and you should see the addresses in the IPv6 column.
Modern instances, like Ubuntu, should automatically pick up the IPv6 address
when running, and will be visible using
ip -6 addr list
Configure security groups
The final step is to update security groups on instances so that inbound IPv6 access is permitted.
For each instance, find what security group it uses. Then navigate to "Security Groups" and select the appropriate group.
Examine "Inbound rules". If there is a rule that allows
0.0.0.0/0 but not
one that allows
::/0 then you will need to edit it.
Click "Edit inbound rules"
You can now either add a new rule, or add
::/0 to the existing rule(s)
Click "Save rules"
After completion it will look like this:
Check Outbound rules too, to ensure that outbound access to
::/0 (i.e. all
the IPv6 internet) is allowed.
Test from the outside that you can ping the instance on its IPv6 address, and connect on ports 80 and 443.
Finally you can add the main and wildcard AAAA records. If you currently have
lab.example.com. A .... *.p.lab.example.com. A ....
then you would also add:
lab.example.com. AAAA ....... *.p.lab.example.com. AAAA .......