Summary of Egress-Only Internet Gateways

Egress-only internet gateways are designed specifically for IPv6 traffic management in Amazon Virtual Private Clouds (VPCs). They function similarly to NAT gateways, which are used for IPv4, by enabling outbound internet traffic from instances within a VPC without allowing inbound internet traffic to those instances.

Key Points

• Purpose: Allows instances in a VPC to initiate outbound connections to the internet over IPv6 while blocking inbound connections from the internet.
• Comparison with NAT Gateway: NAT gateways serve a similar function for IPv4 traffic. In contrast, egress-only internet gateways are used for IPv6 traffic.
• Configuration Requirement: Route tables within the VPC must be updated to direct IPv6 traffic through the egress-only internet gateway.

Example Scenario

• Public Subnet: An EC2 instance in a public subnet can communicate with the internet over IPv6 through an internet gateway, allowing both inbound and outbound connections.
• Private Subnet with Egress-Only Internet Gateway: An EC2 instance in a private subnet, without direct access to an internet gateway, uses an egress-only internet gateway for outbound IPv6 traffic. This setup prevents the internet from initiating inbound connections to the instance.

IPv6 Routing Diagram Explanation

• VPC Configuration: A VPC with both public and private subnets, each supporting IPv4 and IPv6.
• Routing for Public Subnet:
  • Local route for intra-VPC (IPv4 and IPv6) traffic.
  • Default routes (0.0.0.0/0 for IPv4 and ::/0 for IPv6) through an internet gateway for outbound internet access.
• Routing for Private Subnet:
  • Local route remains the same.
  • IPv4 outbound traffic is routed through a NAT gateway to the internet gateway.
  • IPv6 outbound traffic is routed through an egress-only internet gateway.

Route Table Configuration

• Public Subnet Route Table: Includes local routes and default routes for both IPv4 and IPv6 through the internet gateway.
• Private Subnet Route Table: Includes local routes, a default IPv4 route through the NAT gateway, and a default IPv6 route through the egress-only internet gateway.

Understanding the distinction between an internet gateway, a NAT gateway, and an egress-only internet gateway is crucial for effectively managing IPv4 and IPv6 traffic within an AWS VPC.