On Sun., Nov. 28, 2021, 17:13 William Herrin, <b...@herrin.us> wrote:
> On Sun, Nov 28, 2021 at 1:18 PM Karl Auer <ka...@biplane.com.au> wrote: > > On Sun, 2021-11-28 at 12:53 -0800, Michael Thomas wrote: > > > I was reading their howto yesterday and it seems they are only > > > allocating a /64? Why? > > > > That's a /64 *per subnet*... > > > > But the size of a VPC's IPv6 CIDR block does seem to be fixed at /56. > > Would have been nice to see /48 instead. > > Hi Karl, > > To what purpose? You can't alter the VPC routing of any of the IP > addresses (v4 or v6) assigned to an AWS VPC. If you try, for example, > to assign a /64 to an instance you get a funky error: "Route > destination doesn't match any subnet CIDR blocks." You can only assign > the block's IP addresses to subnets or not and then assign addresses > from the subnet to the instances. You can't have more than 256 subnets > in a VPC so why would you need more than a /56 of IPv6 addresses? > Agreed, those limits align and are reasonable. If you BYO, then you can bring up to 5 /48's per account, but only use one per region. The limit of a /56 per VPC remains, but you can create multiple VPCs per region and most companies use multiple accounts. There are some other limitations but some of these may change over time: - The most specific IPv6 address range that you can bring is /48 for CIDRs that are publicly advertised, and /56 for CIDRs that are not publicly advertised <https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-byoip.html#byoip-provision-non-public> . - You can bring each address range to one Region at a time. - You can bring a total of five IPv4 and IPv6 address ranges per Region to your AWS account. - You cannot share your IP address range with other accounts using AWS Resource Access Manager (AWS RAM). Regards, > Bill Herrin > > -- > William Herrin > b...@herrin.us > https://bill.herrin.us/ >
