1 Answer
- Newest
- Most votes
- Most comments
0
I have not been able to verify this, but I believe the instance check will succeed.
Are you using an instance type that uses Nitro System? If you are using IPv6, it requires an instance type that supports Nitro System.
Relevant content
- asked 7 months ago
- asked 7 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 months ago
- AWS OFFICIALUpdated 10 months ago
- AWS OFFICIALUpdated 2 years ago
This instance has been consistently failing the instance check essentially since I created it.
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/monitoring-system-instance-status-check.html#instance-status-checks
From the link, "Amazon EC2 checks the health of the instance by sending an address resolution protocol (ARP) request to the network interface (NIC)."
It's an IPv6-only instance. There are no ARP packets seen nor would an IPv6 instance respond to ARP.
So the question is, is ARP the only instance check that's available?
I believe ICMPv6 is being used instead of ARP, but I cannot present any AWS documentation that clearly describes it.
For example, the following document refers to it as a neighbor discovery protocol but does not state that EC2 uses it. https://docs.aws.amazon.com/whitepapers/latest/ipv6-on-aws/brief-ipv6-overview.html
I'm sure you are fed up with my repeated references, but IPv6 is based on the Nitro System, so make sure you are using a supported instance type and OS.
https://docs.aws.amazon.com/ec2/latest/instancetypes/ec2-nitro-instances.html
https://docs.aws.amazon.com/vpc/latest/userguide/aws-ipv6-support.html
Not fed up at all, I appreciate the effort. When I stated in the question, "I have an IPv6 only instance which fails the instance check despite everything working just fine," I meant that the instance has full useful IPv6 connectivity -- the only complaint I have is a false alarm on the instance check. Yes, it's on a Nitro instance. The IPv6 neighbor discovery works; if I send neighbor solicitation packets, I get responses. But the EC2 infrastructure never seems to send me any neighbor solicitation packets to probe my instance's health, which is what I would expect.