GCP IPv6 communication within a network?

sirkus7

11/29/22, 4:35 PM

I have a VPC setup with several hosts that need to communicate via IPv6 services. Each of these instances are configured with IPv6 and can successfully ping and connect to external hosts using IPv6. I have created a firewall rule to enable them to communicate with each other (hosts are tagged with "test"):

$ gcloud compute firewall-rules create target-all-ipv6 \
  --network=test-net-1 --priority=1000 \
  --direction=INGRESS --action=ALLOW \
  --rules=all \
  --source-ranges="fe80::/10" \
  --target-tags=test

However, with this setup I'm not able to ping or establish any IPv6 connections between these instances using the local f80 addresses.

Is it possible for two GCP instances on the same network to communicate via IPv6?

1 + 0

ipv6

google-cloud-platform

Score:2

Server

sirkus7

11/29/22, 7:07 PM

In digging more, I found my answer. It doesn't seem possible to connect between instances with IPv6 using link local (fe80::) addresses, but instances can communicate with their global addresses using IPv6.

The solution is to a firewall rule to allow IPv6 traffic from the global IPv6 prefix for the network, and use these global addresses to communicate.

For example:

$ gcloud compute firewall-rules create test-ipv6 \
  --network=test-net-1 --priority=1000 \
  --direction=INGRESS --action=ALLOW \
  --rules=tcp:443,icmp \
  --source-ranges="2600:1900:xxxx:xxxx:xxxx::/64" \
  --target-tags=test

0 + 0