Free Preparation Discussions
MENU
Amazon ANS-C01 Exam - Topic 1 Question 64 Discussion
Topic #: 1
A company has multiple VPCs with subnets that use IPv4. Traffic from the VPCs to the internet uses a NAT gateway. The company wants to transition to IPv6.
A network engineer creates multiple IPv6-only subnets in an existing testing VPC. The network engineer deploys a new Amazon EC2 instance that has an IPv6 address into one of the subnets. During testing, the network engineer discovers that the new EC2 instance is not able to communicate with an IPv4-only service through the internet. The network engineer needs to enable the IPv6 EC2 instance to communicate with the IPv4-only service.
Which solution will meet this requirement?
Understanding the Issue: The IPv6-only EC2 instance cannot communicate with IPv4-only services because IPv6 and IPv4 are not directly compatible. To bridge this gap, DNS64 and NAT64 are used together. However, AWS NAT gateways do not natively support NAT64, but you can use DNS64 to translate IPv4 DNS records (A records) into IPv6-compatible addresses (AAAA records).
DNS64 for IPv6-Only Subnets: DNS64 is a service that synthesizes AAAA records for IPv4-only services. This allows IPv6-only clients to resolve IPv4 addresses as IPv6-compatible addresses, enabling communication through the NAT gateway.
NAT Gateway with Route Table Updates: The NAT gateway enables outbound communication from private subnets to the internet. Updating the route tables for IPv6-only subnets to send traffic through the NAT gateway ensures that the IPv6 EC2 instance can reach IPv4 services.
Currently there are no comments in this discussion, be the first to comment!