Elastic Load Balancing with AWS + Phoenix + ipv6/ipv4

Phoenix Forum Questions / Help
1

Hello guys,

I have a couple of question about the AWS Elastic Load Balancing (ipv4/ipv6) with a cluster of Phoenix.

My Conf:
elixir “~> 1.3.4”
phoenix “~> 1.2.1”
I do use an ASW Load Balancing + 2 servers running a Phoenix App. The App does have a little web site + API + web socket connection + cluster of nodes “link thanks, Chris”

The API is consuming by an iOS App and when you publish an app. Apple requires the service accept the protocol ipv6. So I modify the app config like this :

config :my_phoenix, MyPhoenix.Endpoint,
  ...
  https: [port: {:system, "PORT_SSL"},
          ip: {0, 0, 0, 0, 0, 0, 0, 0},
          ...,
...
  1. Question: ip: {0, 0, 0, 0, 0, 0, 0, 0} is correct to allow ipv6 and ipv4 in same time ?

After reading a lot how to set ipv6 on AWS link and also with Phoenix with Load balancer link.

And from the Plug.Conn docs:

peer - the actual TCP peer that connected, example: {{127, 0, 0, 1}, 12345}. Often this is not the actual IP and port of the client, but rather of a load-balancer or request-router.

remote_ip - the IP of the client, example: {151, 236, 219, 228}. This field is meant to be overwritten by plugs that understand e.g. the X-Forwarded-For header or HAProxy’s PROXY protocol. It defaults to peer’s IP.

  1. Question: I’m wondering if I should modify Plug.Conn to use the right IP or it will figure out by it self which IP is the right one peer or X-Forwarded-For?

Thanks

1 Like
2

AWS only uses IPv6 on the Internet-facing side of ELB. Your Phoenix Endpoint will still only be listening on IPv4, so there is no need to change your Endpoint’s configuration.

In order to make your site reachable through IPv6 you just need to make sure the hostname you give to users (including APNS) maps to your ELB’s dual stack FQDN, which in turn resolves to both A and AAAA records. That probably means updating your site’s existing CNAME, as described in the AWS doc you linked to.

If you want to use remote_ip you just need to find a Plug on Hex that will process the X-F-F header, and add it to your pipeline. Make sure to pick one with IPv6 support.

1 Like
3

fwiw apple doesn’t require ipv6 - serving your api on ipv4 is fine - but you need to use an uri and not an ip, so an ipv6 only connection can nat64 to it etc.

plenty of apps (including my own ones) run on heroku that is currently ipv4 only.

4

Yep, I agree with you when you use Heroku, there is no issue. because Heroku is taking care to open any connection with protocol ipv4 or ipv6. But when you are managing your own server or load balancer, you have to configure this part by your own.

5

heroku is ipv4 only, and does no ipv6 magic.

apple does not require ipv6 - that was all I was trying to correct :wink:

6

Sorry but Apple does need ipv6…
From Apple website for App Review network, link

The App Review network, like the networks deployed by service providers, does support IPv6-to-IPv6 connectivity. Thus, if your server supports IPv6, your app will talk to it directly, without going through the NAT64 translator.

7

apple and ios supports ipv6 yes, but is does not require it…

so ipv4 only is fine with apple (and app store review)… what you can’t do is hardcode ipv4 ips - and you must use an uri, so nat64 will work for ipv6-only clients…

anyways, your issue is solved, just wanted to correct the information, so nobody gets the wrong info - especially as dual stacking has it’s own load of issues - but that’s for another thread;-)

8

All my test are using the domain url (not ip).
So when I do use ipv4 everything works perfectly but when I do use protocol nat64 on my device, I CAN NOT connect to my load balancer? Just told me why? As you say it should work?

I will give you a tip when protocol ipv6 is activated on my LB everything works back like madgic and the app have been accepted by magic as well by Apple… :wink:

9

sounds like you have an AAAA dns record, which in an ipv4-only server config should not be there and will give you issues for ipv6 clients as you experienced, and such dns/domain misconfiguration will be rejected by apple as well.

again, apple and app store review does not require ipv6 on the server.