IPv6 Readiness Check

Sonatype Products Support IPv6

For organizations responding to call to actions to deploy the newer version of the Internet Protocol, IPv6, which is designed to eventually replace the IPv4 protocol, here are a few checks and tasks needed to continue normal operations with Sonatype products.

Check: IPv6-only VPCs still requires IPV4 CIDR
Ensure that you have assigned an IPv4 CIDR to your VPC within AWS, even if you are creating an IPv6-only environment. This is the only spot where IPv4 addresses will appear.

Task: Configure route tables for private subnets
Create route tables for private subnets in an IPv6 environment with specific routes for IPv6 and IPv4 instances. `0.0.0.0/0` pointing to the NAT gateway `64:ff9b::/96` pointing to the NAT gateway `::/0` pointing to the internet gateway (use an egress-only internet gateway if you don't want your instances to be accessible from outside.)

Task: Configure route tables for private subnets

Create route tables for private subnets in an IPv6 environment with specific routes for IPv6 and IPv4 instances.

0.0.0.0/0 pointing to the NAT gateway

64:ff9b::/96 pointing to the NAT gateway

::/0 pointing to the internet gateway (use an egress-only internet gateway if you don't want your instances to be accessible from outside.)

Task: Configure route tables for public subnets
Without DNS64, a DNS query for an IPv4-only service will yield an IPv4 destination address, preventing communication with IPv6-only service. Include a `0.0.0.0/0` route to the internet gateway.

Task: Configure route tables for public subnets

Without DNS64, a DNS query for an IPv4-only service will yield an IPv4 destination address, preventing communication with IPv6-only service.

Include a 0.0.0.0/0 route to the internet gateway.

Task: Enable DNS64 on IPv6-only subnets
Configure the route tables for public subnets to point to the CIDRs for IPv4 and IPv6. Learn more on DNS64.

Task: Enable DNS64 on IPv6-only subnets

Configure the route tables for public subnets to point to the CIDRs for IPv4 and IPv6.

Learn more on DNS64.

Check: Does the AWS service support IPv-6 only
Currently, Amazon S3 and Amazon RDS do not support IPv6-only. Private endpoints PIusing these services do not work with IPv6-only environments. For the latest updates on AWS services that support IPv6, go to AWS services that support IPv6.

Check: Does your Amazon Machine Image (AMI) support IPv6
Currently, all AMIs provided by AWS do not support IPv6. You may need to spin up your own AMI and customize it at the OS layer to support IPv6. At the time of writing this: Ubuntu images and RHEL9 images on AWS support IPv6 Rocky Linux AWS AMI and RHEL8 had issues

Check: Does your Amazon Machine Image (AMI) support IPv6

Currently, all AMIs provided by AWS do not support IPv6. You may need to spin up your own AMI and customize it at the OS layer to support IPv6.

At the time of writing this:

Ubuntu images and RHEL9 images on AWS support IPv6
Rocky Linux AWS AMI and RHEL8 had issues

Task: (For SAGE services) Connect with the private resource DNS
Connect with the private resource DNS name provided by AWS, and not the IPv6 address of the instance.

Task: Enable IPv6 connection for database
Configure your database server to permit IPv6 connections. For MySQL, set `bind_address=*` This will permit both IPv4 and IPv6 connections. Learn more about MySQL IPv6 configuration. For PostgreSQL, add `::` to the list of TCP/IP addresses to the listen_addresses connection string. Learn more about PostgreSQL IPv6 configuration.

Task: Enable IPv6 for Sonatype Nexus Repository
To enable IPv6, go to $installdir/bin/nexus.vmoptions and remove the following line: `-Djava.net.preferIPv4Stack=true` NOTE: This is not required for installations running Sonatype Nexus Repository 3.71.0 and higher.

Task: Enable IPv6 for Sonatype Nexus Repository

To enable IPv6, go to $installdir/bin/nexus.vmoptions and remove the following line:

-Djava.net.preferIPv4Stack=true

NOTE: This is not required for installations running Sonatype Nexus Repository 3.71.0 and higher.

Check: IP address format for IPv6
An IPv6 identifiable host is distinguished by enclosing the IP literal inside square brackets. To connect to Sonatype IQ Server/Sonatype Nexus Repository via a browser with an IPv6 address, enclose the IP address in square brackets. E.g. `http://[2600:1f55:755:2555:9555:554e:c55f:b9e1]:8443)`

Check: IP address format for IPv6

An IPv6 identifiable host is distinguished by enclosing the IP literal inside square brackets. To connect to Sonatype IQ Server/Sonatype Nexus Repository via a browser with an IPv6 address, enclose the IP address in square brackets. E.g.

http://[2600:1f55:755:2555:9555:554e:c55f:b9e1]:8443)

IPv6 Readiness Check

Sonatype Products Support IPv6

Search results