lost and found ( for me ? )

BIG-IP : configure IPv4 , IPv6 dual stack virtual servers



Here’s an explanation of how to set up IPv4/IPv6 virtual servers.

Client IPv4 <--> VIP IPv4 <--> Server IPv4
Client IPv6 <--> VIP IPv6 <--> Server IPv6
# b version | head -5
Kernel:
Linux 2.6.18-164.2.1.el5.1.0.f5app
Package:
BIG-IP Version 10.1.0 3341.1084
Final Edition

Client : 10.0.0.10 , 2000:aaaa:0:1:::100
 |
vSwitch
 |
 | VIP : 10.0.0.100 , 2000:aaaa:0:1::80
 |serlf IP: 1.1 : 10.0.0.1 , 2000:aaaa:0:1::1/64
LTM  ----------------------------
 |self IP: 1.2 : 192.168.0.1 , 2000:aaaa:0:a::1/64
 |
vSwitch
 |
Apache Server1 , Apache Server2


Server1(Scientific Linux 6) : 192.168.0.100 , 2000:aaaa:0:a::2/64
Server2 (Scientific Linux 6): 192.168.0.101 , 2000:aaaa:0:a::3/64

[ configure IPv6 addresses on LTM’s self IP ]

GUI -> Network -> Self IPs

- bigip_base.conf
vlan external {
  tag 4094
  interfaces 1.1
}
vlan internal {
  tag 4093
  interfaces 1.2
}
self 10.0.0.1 {
  netmask 255.255.255.0
  vlan external
  allow default
}
self 192.168.0.1 {
  netmask 255.255.255.0
  vlan internal
  allow default
}
self 2000:aaaa:0:1::1 {
  netmask ffff:ffff:ffff:ffff::
  vlan external
  allow default
}
self 2000:aaaa:0:a::1 {
  netmask ffff:ffff:ffff:ffff::
  vlan internal
  allow default
}


[ configure nodes and pools ]

Local Traffic -> Nodes

create four nodes ( s1-ipv4 , s1-ipv6 , s2-ipv4 , s2-ipv6 )

bigip.conf
node 192.168.0.100 {
  screen s1-ipv4
}
node 192.168.0.101 {
  screen s2-ipv4
}
node 2000:aaaa:0:a::2 {
  screen s1-ipv6
}
node 2000:aaaa:0:a::3 {
  screen s2-ipv6
}


create pools

Local Traffic -> Pools -> Create

This pool is for IPv4

This pool is for IPv6

bigip.conf
pool http-ipv4 {
  monitor all http
  members {
     192.168.0.100:http {}
     192.168.0.101:http {}
  }
}
pool http-ipv6 {
  monitor all http
  members {
     2000:aaaa:0:a::2.http {}
     2000:aaaa:0:a::3.http {}
  }
}


[ configure virtual servers ]

VIP : VIP : 10.0.0.100 , 2000:aaaa:0:1::80

Local Traffic -> Virtual Servers -> Create

This is for IPv4
Client : IPv4 --- VIP : IPv4 --- Server : IPv4


This is for IPV6
Client : IPv6 --- VIP : IPv6 --- Server : IPv6

bigip.conf
virtual http-ipv4 {
  pool http-ipv4
  destination 10.0.0.100:http
  ip protocol tcp
  persist cookie
  profiles {
     http {}
     tcp {}
  }
}
virtual http-ipv6 {
  pool http-ipv6
  destination 2000:aaaa:0:1::80.http
  ip protocol tcp
  persist cookie
  profiles {
     http {}
     tcp {}
  }
}


[ configure Server’s IP address (Scientific Linux 6) ]

Server1
[root@sl6-2 ~]# cat /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=sl6-2.localdomain

[root@sl6-2 ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE="eth0"
HWADDR="00:0C:29:zz:zz:zz"
NM_CONTROLLED="yes"
ONBOOT="yes"
PROTO="static"
IPADDR=192.168.0.100
NETMASK=255.255.255.0
GATEWAY=192.168.0.1
IPV6INIT=yes
IPV6ADDR=2000:aaaa:0:a::2
IPV6_DEFAULTGW=2000:aaaa:0:a::1

# ifconfig | grep inet
         inet addr:192.168.0.100  Bcast:192.168.0.255  Mask:255.255.255.0
         inet6 addr: 2000:aaaa:0:a::2/64 Scope:Global
         inet6 addr: fe80::20c:29ff:fe5c:6a4b/64 Scope:Link
         inet addr:127.0.0.1  Mask:255.0.0.0
         inet6 addr: ::1/128 Scope:Host

# route -n -A inet6
Kernel IPv6 routing table
Destination                                 Next Hop                                Flags Metric Ref    Use Iface
2000:aaaa:0:a::1/128                        2000:aaaa:0:a::1                        UC    0      2194       0 eth0    
2000:aaaa:0:a::/64                          ::                                      U     256    1        0 eth0    
fe80::/64                                   ::                                      U     256    0        0 eth0    
::/0                                        2000:aaaa:0:a::1                        UG    1      0        0 eth0    
::1/128                                     ::                                      U     0      3        1 lo      
2000:aaaa:0:a::2/128                        ::                                      U     0      839       1 lo      
fe80::20c:29ff:fe5c:6a4b/128                ::                                      U     0      138       1 lo      
ff00::/8                                    ::                                      U     256    0        0 eth0    


Server2
# cat /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=sl6-3.localdomain
[root@sl6-3 ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE="eth0"
NM_CONTROLLED="yes"
ONBOOT="yes"
PROTO="static"
IPADDR=192.168.0.101
NETMASK=255.255.255.0
GATEWAY=192.168.0.1
IPV6INIT=yes
IPV6ADDR=2000:aaaa:0:a::3
IPV6_DEFAULTGW=2000:aaaa:0:a::1

# ifconfig | grep inet
         inet addr:192.168.0.101  Bcast:192.168.0.255  Mask:255.255.255.0
         inet6 addr: 2000:aaaa:0:a::3/64 Scope:Global
         inet6 addr: fe80::20c:29ff:feab:bfad/64 Scope:Link
         inet addr:127.0.0.1  Mask:255.0.0.0
         inet6 addr: ::1/128 Scope:Host


Flush iptables and ip6tables settings.
# ip6tables -F
# iptables –F

# ip6tables -L -n
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

# iptables -L -n
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         


[ configure the Apache servers ]

Listen on IPv4 and IPv6.
Start httpd
# egrep -i ^listen /etc/httpd/conf/httpd.conf
Listen 80

# /etc/init.d/httpd start


[ check the health monitor status ]

logon to the LTM and issue bigtop to check the nodes status.
All nodes are UP status.
# bigtop  
                   |  bits  since  |  bits  in prior    |  current
                    |  Jan 15 21:03:25   |  0 seconds         |  time
BIG-IP      ACTIVE   |---In----Out---Conn-|---In----Out---Conn-|  01:09:18
ltm1.localdomain      4.041M 4.135M   3425 0      0      0

VIRTUAL ip:port      |---In----Out---Conn-|---In----Out---Conn-|-Nodes Up--
10.0.0.100:http            0  0 0 0      0      0      2
2000:aaaa:0:1::80.htt   0  0 0 0      0      0      2

NODE ip:port         |---In----Out---Conn-|---In----Out---Conn-|--State----
192.168.0.101:http         0  0 0 0      0      0 UP
192.168.0.100:http         0  0 0 0      0      0 UP
2000:aaaa:0:a::2.http   0  0 0 0      0      0 UP
2000:aaaa:0:a::3.http   0  0 0 0      0      0 UP


Here’s an excerpt of the capture data captured on the Apache server.

IPv4
Apache : 192.168.0.100
LTM self IP : 192.168.0.1
# tshark -i eth0 port 80 | grep "192.168.0"
 1.001369  192.168.0.1 -> 192.168.0.100 TCP 60275 > http [SYN] Seq=0 Win=5840 Len=0 MSS=1460 TSV=3856227756 TSER=0 WS=7
 1.001398 192.168.0.100 -> 192.168.0.1  TCP http > 60275 [SYN, ACK] Seq=0 Ack=1 Win=5792 Len=0 MSS=1460 TSV=5291523 TSER=3856227756 WS=5
 1.010638  192.168.0.1 -> 192.168.0.100 TCP 60275 > http [ACK] Seq=1 Ack=1 Win=5888 Len=0 TSV=3856227757 TSER=5291523
 1.011670  192.168.0.1 -> 192.168.0.100 HTTP GET /
 1.011701 192.168.0.100 -> 192.168.0.1  TCP http > 60275 [ACK] Seq=1 Ack=10 Win=5792 Len=0 TSV=5291533 TSER=3856227757


IPv6
Apache : 2000:aaaa:0:a::2
LTP self IP : 2000:aaaa:0:a::1
# tshark -i eth0 port 80 | grep "2000:"
 2.001845 2000:aaaa:0:a::1 -> 2000:aaaa:0:a::2 TCP 40499 > http [SYN] Seq=0 Win=5760 Len=0 MSS=1440 TSV=3856274857 TSER=0 WS=7
 2.001891 2000:aaaa:0:a::2 -> 2000:aaaa:0:a::1 TCP http > 40499 [SYN, ACK] Seq=0 Ack=1 Win=5712 Len=0 MSS=1440 TSV=5335492 TSER=3856274857 WS=5
 2.010144 2000:aaaa:0:a::1 -> 2000:aaaa:0:a::2 TCP 40499 > http [ACK] Seq=1 Ack=1 Win=5760 Len=0 TSV=3856274858 TSER=5335492
 2.011195 2000:aaaa:0:a::1 -> 2000:aaaa:0:a::2 HTTP GET /
 2.011227 2000:aaaa:0:a::2 -> 2000:aaaa:0:a::1 TCP http > 40499 [ACK] Seq=1 Ack=10 Win=5728 Len=0 TSV=5335501 TSER=3856274858
 2.011464 2000:aaaa:0:a::2 -> 2000:aaaa:0:a::1 HTTP Continuation or non-HTTP traffic
 2.011579 2000:aaaa:0:a::2 -> 2000:aaaa:0:a::1 TCP http > 40499 [FIN, ACK] Seq=7 Ack=10 Win=5728 Len=0 TSV=5335501 TSER=3856274858


[ access to the VIP from the client ]

Client : 10.0.0.10 , 2000:aaaa:0:a:::100
VIP : 10.0.0.100 , 2000:aaaa:0:1::80

- access to the IPv4 VIP

- access to the IPv6 VIP

Please note that you need to specify the IPv6 IP address as  http://[IPv6] in URL bar.


the capture data captured on the Client

Client : 10.0.0.10 , 2000:aaaa:0:a:::100
VIP : 10.0.0.100 , 2000:aaaa:0:1::80
# tshark -r aaa.pcap
 1   0.000000 2000:aaaa:0:1::100 -> 2000:aaaa:0:1::80 TCP 56057 > http [SYN] Seq=0 Win=14400 Len=0 MSS=1440 TSV=702175 TSER=0 WS=6
 2   0.001032 2000:aaaa:0:1::80 -> 2000:aaaa:0:1::100 TCP http > 56057 [SYN, ACK] Seq=0 Ack=1 Win=4320 Len=0 MSS=1440 TSV=3858489794 TSER=702175
 3   0.001055 2000:aaaa:0:1::100 -> 2000:aaaa:0:1::80 TCP 56057 > http [ACK] Seq=1 Ack=1 Win=14400 Len=0 TSV=702177 TSER=3858489794
 4   0.001157 2000:aaaa:0:1::100 -> 2000:aaaa:0:1::80 HTTP GET /favicon.ico HTTP/1.1
 5   0.004364 2000:aaaa:0:1::80 -> 2000:aaaa:0:1::100 TCP [TCP segment of a reassembled PDU]
 6   0.004378 2000:aaaa:0:1::100 -> 2000:aaaa:0:1::80 TCP 56057 > http [ACK] Seq=402 Ack=525 Win=15008 Len=0 TSV=702181 TSER=3858489798
 7   0.004388 2000:aaaa:0:1::80 -> 2000:aaaa:0:1::100 HTTP HTTP/1.1 404 Not Found  (text/html)


the capture data captured on the server

Client : 10.0.0.10 , 2000:aaaa:0:a:::100
Server 2000:aaaa:0:a::2
# tshark -r server.pcap | grep "2000:aaaa:0:1::100"
61   8.000757 2000:aaaa:0:1::100 -> 2000:aaaa:0:a::2 TCP 56061 > http [SYN] Seq=0 Win=4320 Len=0 MSS=1440 TSV=3858713253 TSER=0
62   8.000803 2000:aaaa:0:a::2 -> 2000:aaaa:0:1::100 TCP http > 56061 [SYN, ACK] Seq=0 Ack=1 Win=5712 Len=0 MSS=1440 TSV=7610537 TSER=3858713253
63   8.001872 2000:aaaa:0:1::100 -> 2000:aaaa:0:a::2 TCP 56061 > http [ACK] Seq=1 Ack=1 Win=4320 Len=0 TSV=3858713254 TSER=7610537
64   8.001902 2000:aaaa:0:1::100 -> 2000:aaaa:0:a::2 HTTP GET / HTTP/1.1
65   8.001925 2000:aaaa:0:a::2 -> 2000:aaaa:0:1::100 TCP http > 56061 [ACK] Seq=1 Ack=493 Win=6432 Len=0 TSV=7610538 TSER=3858713254


I configured cookie persistence.
check whether the LTM inserted cookie or not.
# tshark -r server.pcap -V | grep -i cookie
   Cookie: lbcookie=vi2000aaaa0000000a0000000000000002.20480\r\n
   Cookie: lbcookie=vi2000aaaa0000000a0000000000000002.20480\r\n


The LTM inserted cookie.

[ LTM configuration ]

[root@ltm1:Active] config #
[root@ltm1:Active] config # cat bigip.conf
datastor {
  low water mark 80
  high water mark 92
}
deduplication {}
shell write partition Common
monitor http_health_check {
  defaults from http
  recv "200 OK"
}
profile smtp smtp {
  defaults from none
  security enabled enable
}
profile persist cookie {
  mode cookie
  mirror disable
  timeout immediate
  cookie mode insert
  cookie name "lbcookie"
  cookie expiration immediate
  cookie hash offset 0
  cookie hash length 0
  override connection limit disable
  rule none
}
node 192.168.0.100 {
  screen s1-ipv4
}
node 192.168.0.101 {
  screen s2-ipv4
}
node 2000:aaaa:0:a::2 {
  screen s1-ipv6
}
node 2000:aaaa:0:a::3 {
  screen s2-ipv6
}
pool http-ipv4 {
  monitor all http
  members {
     192.168.0.100:http {}
     192.168.0.101:http {}
  }
}
pool http-ipv6 {
  monitor all http
  members {
     2000:aaaa:0:a::2.http {}
     2000:aaaa:0:a::3.http {
        session disable
     }
  }
}
virtual http-ipv4 {
  pool http-ipv4
  destination 10.0.0.100:http
  ip protocol tcp
  persist cookie
  profiles {
     http {}
     tcp {}
  }
}
virtual http-ipv6 {
  pool http-ipv6
  destination 2000:aaaa:0:1::80.http
  ip protocol tcp
  persist cookie
  profiles {
     http {}
     tcp {}
  }
}
[root@ltm1:Active] config #
[root@ltm1:Active] config #
[root@ltm1:Active] config # cat bigip_base.conf
mgmt 1.1.1.10 {
  netmask 255.255.255.0
}
stp {
  config name none
}
stp instance 0 {
  interfaces {
     1.1 {
        external path cost 20000
        internal path cost 20000
     }
     1.2 {
        external path cost 20000
        internal path cost 20000
     }
  }
  vlans {
     external
     internal
  }
}
self allow {
  default {
     tcp ssh
     tcp domain
     tcp snmp
     tcp https
     tcp f5-iquery
     udp domain
     udp snmp
     udp efs
     udp cap
     udp f5-iquery
     proto ospf
  }
}
shell write partition Common
vlan external {
  tag 4094
  interfaces 1.1
}
vlan internal {
  tag 4093
  interfaces 1.2
}
self 10.0.0.1 {
  netmask 255.255.255.0
  vlan external
  allow default
}
self 192.168.0.1 {
  netmask 255.255.255.0
  vlan internal
  allow default
}
self 2000:aaaa:0:1::1 {
  netmask ffff:ffff:ffff:ffff::
  vlan external
  allow default
}
self 2000:aaaa:0:a::1 {
  netmask ffff:ffff:ffff:ffff::
  vlan internal
  allow default
}
statemirror {
  addr 172.27.39.38
}
system {
  gui setup disable
  hostname "ltm1.localdomain"
}
[root@ltm1:Active] config #

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.