Configure IPv6 on Azure Virtual Machine - NETSEC

Latest

Learning, Sharing, Creating

Cybersecurity Memo

Saturday, December 25, 2021

Configure IPv6 on Azure Virtual Machine

IPv6 for Azure Virtual Network was generally available worldwide starting from April 2020. During testing IPv6 I found it is quite confusing with Microsoft document, especially how to use Web Console to assign a native IPv6 address to VM. 

Assigning a native IPv6 address means not using Tunnel or Load Balancer to get your VM to use IPv6 address. This post is to list all steps to assign a native IPv6 address to a existing Win10 virtual machine. It is same process for other type OS or a new VM.



Diagram

The following diagram depicts a simple dual stack (IPv4/IPv6) deployment in Azure:

IPv6 network deployment diagram


There are some limitation when deploying IPv6 in Azure Load Balancer. Please check following document:

The following picture illustrates the IPv6 functionality for Azure Load Balancer.

Azure Load Balancer with IPv6


Virtual Network (address space and subnet)

There are quite a few resources relating to IPv6 configuration. Here we are starting from Resource Group to check those related resources. The networking model for Azure is All VMs are connecting through a network interface (vNIC) which is attached to virtual network (vNET). So all configuration for IPv6 will need to start from the shared Virtual Network (vNET), such as adding a IPv6 CIDR.

1 Go to Resource Group - Virtual Network



2 Create a new IPv6 address space

By default, your existing address space already has a IPv4 address space, 10.0.0.0/16. You can add additional address range to your this virtual network. As an example, I am using a Microsoft example Ipv6 space: ace:ceb:deca::/48 . You can generate your own local IPv6 segment using your mac address and time stamp in this website: RFC4193 IPv6 Generator



3 Configure your current subnet when the VM sites to use IPv6 subnet. 

ace:ceb:deca:deed::/64 is an example from Microsoft



Create a new network interface for existing VM

The existing VM's network interface is only for IPv4. There is no way we can allot an IPv6 to it using web console. In this case, we will create a new network interface to get a DualStack vNIC for your existing VM.

Search Network Interfaces and add a new one:



Most important one is to have a private ip address (IPv6) option checked. 



Create Public IP

1 Keep existing IPv4

a. shutdown VM and set your Public IPv4 as static
b. dis-attach it from vNIC
c. upgrade SKU to standard SKU
d. Create a new IPv6 with your saved public IPv4 address



2 Create a new IPv4 and IPv6 address (Both)





Associate IP to vNIC

In previous step, the ip addresses are ready. Now we can configure those ip addresses for our VNIC.



There are primary type ip and now is not associate with a public ip. We can associate one we created in previous step to it.


Same thing on secondary type ip, which is our IPV6 address, we will associate a public ip with it. 





Attach new vNIC to VM

We have new vNIC with new addresses, which we can attach it to our VM now. 
1 Stop VM

2 Go to VM's networking page

3 Attach network interface

3 Different SKU issue


4 Dissociate existing Public IP which is using Basic SKU 

5 Now you should be able to attach the new created vNIC into this VM
And detach the old IPv4 vNIC from this VM.


Test your ipv4 and ipv6 ip address using Edge browser to open whatismyip.com website to verify you addresses. 




No comments:

Post a Comment