ICMPv6 and Google Cloud Compute Firewalls

For my work PC with Ubuntu Linux 22.04 LTS I use only IPv6 with my own NAT64 gateway which I run on RockPro64  to access resources without support for IPv6.

Today I spent morning to enable native IPv6 for Google Cloud account we use for testing.

Sadly I faced quite nasty issue during my attempt to create Firewall rule to allow ICMP for IPv6 traffic.

My first attempt failed as I used ICMP as protocol name and that was obviously wrong:

"Invalid value for field 'resource.allowed[0].IPProtocol': 'ICMP'. IPv6 is not compatible with the ICMP protocol. Use the ICMPv6 protocol instead"

That's clearly reasonable error message and I immediately tried ICMPv6 and sadly had no luck with it:

Invalid value for field 'resource.allowed[0].IPProtocol': 'ICMPv6'. Must be one of ["ah", "all", "esp", "icmp", "ipip", "sctp", "tcp", "udp"] or an IP protocol number between 0 and 255.

That good thing that we know that ICMPv6 has number which is 58 and we can use it instead. This time my trick worked just fine:

Finally I can see ICMPv6 traffic flowing without any issues.

Would be great if Google Engineers find time to fix it as it may be quite serious obstacle for their customers.

Apparently I'm not the first affected by this issue as it was reported few days ago in Kubernetes project.

Subscribe to Pavel's blog about underlying Internet technologies

Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.