LoginSignup
2
1

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?

More than 3 years have passed since last update.

@khayama(Kyouhei Hayama)inCloudflare Japan 株式会社

GCP で IPv6 を使う

Last updated at Posted at 2021-10-29

IPv6 がサポートされるリージョン

Regions that support IPv6

  • asia-east1 (Changhua County, Taiwan, APAC)
  • asia-south1 (Mumbai, India APAC)
  • europe-west2 (London, England, Europe)
  • us-west2 (Los Angeles, California, North America)

IPv6 が有効なサブネットを作成

Add a subnet and enable IPv6

export SUBNET='kyouhei-subnet-los'
export NETWORK='kyouhei-vpc'
export PRIMARY_IPv4_RANGE='10.168.0.0/20'
export REGION='us-west2'

gcloud compute networks subnets create $SUBNET \
    --network=$NETWORK \
    --range=$PRIMARY_IPv4_RANGE \
    --stack-type=IPV4_IPV6 \
    --ipv6-access-type=EXTERNAL \
    --region=$REGION
result.txt
Created [https://www.googleapis.com/compute/v1/projects/xxx/regions/us-west2/subnetworks/kyouhei-subnet-los].
NAME                REGION    NETWORK      RANGE          STACK_TYPE  IPV6_ACCESS_TYPE  IPV6_CIDR_RANGE  EXTERNAL_IPV6_CIDR_RANGE
kyouhei-subnet-los  us-west2  kyouhei-vpc  10.168.0.0/20  IPV4_IPV6   EXTERNAL                           2600:x:x:x:0:0:0:0/64

IPv6 が有効な VM を作成

Create a VM and enable IPv6

export INSTANCE_NAME='kyouhei-los-c'
export ZONE='us-west2-c'

gcloud compute instances create $INSTANCE_NAME \
  --ipv6-network-tier=PREMIUM \
  --subnet=$SUBNET \
  --stack-type=IPV4_IPV6 \
  --zone=$ZONE \
  --machine-type=e2-medium \
  --create-disk=image=projects/centos-cloud/global/images/centos-7-v20210916,size=20
result.txt
Created [https://www.googleapis.com/compute/v1/projects/xxx/zones/us-west2-c/instances/kyouhei-los-c].
NAME           ZONE        MACHINE_TYPE  PREEMPTIBLE  INTERNAL_IP  EXTERNAL_IP   STATUS
kyouhei-los-c  us-west2-c  e2-medium                  10.168.0.2   34.x.x.x  RUNNING

作成した VM の IPv6 アドレスを確認

export VM_IPv6=$(gcloud compute ssh $INSTANCE_NAME --zone=$ZONE --command 'curl -6 -s https://cloudflare.com/cdn-cgi/trace' | grep ip | awk -F'=' '{print $2}')
echo $VM_IPv6
result.txt
2600:x:x:x::

自回線の IPv6 アドレスを確認

export MYIPv6=$(curl -6 -s https://cloudflare.com/cdn-cgi/trace | grep ip | awk -F'=' '{print $2}')
echo $MYIPv6
result.txt
240d:x:x:x:x:x:x:x

ファイアウォールルールを追加

IP プロトコル番号 58 を指定し ICMP for IPv6 を許可します。

gcloud compute firewall-rules create allow-ingress-ping6 \
--direction=INGRESS --priority=1000 \
--network=$NETWORK --action=ALLOW \
--rules=58 --source-ranges=$MYIPv6/128
result.txt
Creating firewall...⠹Created [https://www.googleapis.com/compute/v1/projects/xxx/global/firewalls/allow-ingress-ping6].               
Creating firewall...done.                                                                                                                         
NAME                 NETWORK      DIRECTION  PRIORITY  ALLOW  DENY  DISABLED
allow-ingress-ping6  kyouhei-vpc  INGRESS    1000      58           False

その後、疎通が取れることが確認できます。

% ping6 $VM_IPv6 -c 4
PING6(56=40+8+8 bytes) 240d:x:x:x:x:x:x:x --> 2600:x:x:x::
16 bytes from 2600:x:x:x::, icmp_seq=0 hlim=58 time=103.676 ms
16 bytes from 2600:x:x:x::, icmp_seq=1 hlim=58 time=107.824 ms
16 bytes from 2600:x:x:x::, icmp_seq=2 hlim=58 time=109.467 ms
16 bytes from 2600:x:x:x::, icmp_seq=3 hlim=58 time=103.033 ms

--- 2600:x:x:x:: ping6 statistics ---
4 packets transmitted, 4 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 103.033/106.000/109.467/2.718 ms

参考:Cloudflare からの IPv6 通信を許可

export CF_IPv6=$(curl -s "https://api.cloudflare.com/client/v4/ips" | jq -r '.result.ipv6_cidrs | join(",")')
echo $CF_IPv6
result.txt
2400:cb00::/32,2606:4700::/32,2803:f800::/32,2405:b500::/32,2405:8100::/32,2a06:98c0::/29,2c0f:f248::/32

gcloud compute firewall-rules create allow-ingress-cfipv6 \
--direction=INGRESS --priority=1000 \
--network=$NETWORK --action=ALLOW \
--rules=tcp:80,tcp:443 --source-ranges=$CF_IPv6
result.txt
Creating firewall...⠹Created [https://www.googleapis.com/compute/v1/projects/xxx/global/firewalls/allow-ingress-cfipv6].              
Creating firewall...done.                                                                                                                         
NAME                  NETWORK      DIRECTION  PRIORITY  ALLOW           DENY  DISABLED
allow-ingress-cfipv6  kyouhei-vpc  INGRESS    1000      tcp:80,tcp:443        False
2
1
0

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
Sign upLogin
2
1

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?