Here’s an explanation of how to set up IPv4/IPv6 virtual servers.
Client IPv4 <--> VIP IPv4 <--> Server IPv4
Client IPv6 <--> VIP IPv6 <--> Server IPv6
# b version | head -5
Kernel:
Linux 2.6.18-164.2.1.el5.1.0.f5app
Package:
BIG-IP Version 10.1.0 3341.1084
Final Edition
|
Client : 10.0.0.10 , 2000:aaaa:0:1:::100
|
vSwitch
|
| VIP : 10.0.0.100 , 2000:aaaa:0:1::80
|serlf IP: 1.1 : 10.0.0.1 , 2000:aaaa:0:1::1/64
LTM ----------------------------
|self IP: 1.2 : 192.168.0.1 , 2000:aaaa:0:a::1/64
|
vSwitch
|
Apache Server1 , Apache Server2
|
Server1(Scientific Linux 6) : 192.168.0.100 , 2000:aaaa:0:a::2/64
Server2 (Scientific Linux 6): 192.168.0.101 , 2000:aaaa:0:a::3/64
[ configure IPv6 addresses on LTM’s self IP ]
GUI -> Network -> Self IPs
- bigip_base.conf
vlan external {
tag 4094
interfaces 1.1
}
vlan internal {
tag 4093
interfaces 1.2
}
self 10.0.0.1 {
netmask 255.255.255.0
vlan external
allow default
}
self 192.168.0.1 {
netmask 255.255.255.0
vlan internal
allow default
}
self 2000:aaaa:0:1::1 {
netmask ffff:ffff:ffff:ffff::
vlan external
allow default
}
self 2000:aaaa:0:a::1 {
netmask ffff:ffff:ffff:ffff::
vlan internal
allow default
}
|
[ configure nodes and pools ]
Local Traffic -> Nodes
create four nodes ( s1-ipv4 , s1-ipv6 , s2-ipv4 , s2-ipv6 )
bigip.conf
node 192.168.0.100 {
screen s1-ipv4
}
node 192.168.0.101 {
screen s2-ipv4
}
node 2000:aaaa:0:a::2 {
screen s1-ipv6
}
node 2000:aaaa:0:a::3 {
screen s2-ipv6
}
|
create pools
Local Traffic -> Pools -> Create
This pool is for IPv4
This pool is for IPv6
bigip.conf
pool http-ipv4 {
monitor all http
members {
192.168.0.100:http {}
192.168.0.101:http {}
}
}
pool http-ipv6 {
monitor all http
members {
2000:aaaa:0:a::2.http {}
2000:aaaa:0:a::3.http {}
}
}
|
[ configure virtual servers ]
VIP : VIP : 10.0.0.100 , 2000:aaaa:0:1::80
Local Traffic -> Virtual Servers -> Create
This is for IPv4
Client : IPv4 --- VIP : IPv4 --- Server : IPv4
This is for IPV6
Client : IPv6 --- VIP : IPv6 --- Server : IPv6
bigip.conf
virtual http-ipv4 {
pool http-ipv4
destination 10.0.0.100:http
ip protocol tcp
persist cookie
profiles {
http {}
tcp {}
}
}
virtual http-ipv6 {
pool http-ipv6
destination 2000:aaaa:0:1::80.http
ip protocol tcp
persist cookie
profiles {
http {}
tcp {}
}
}
|
[ configure Server’s IP address (Scientific Linux 6) ]
Server1
[root@sl6-2 ~]# cat /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=sl6-2.localdomain
[root@sl6-2 ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE="eth0"
HWADDR="00:0C:29:zz:zz:zz"
NM_CONTROLLED="yes"
ONBOOT="yes"
PROTO="static"
IPADDR=192.168.0.100
NETMASK=255.255.255.0
GATEWAY=192.168.0.1
IPV6INIT=yes
IPV6ADDR=2000:aaaa:0:a::2
IPV6_DEFAULTGW=2000:aaaa:0:a::1
# ifconfig | grep inet
inet addr:192.168.0.100 Bcast:192.168.0.255 Mask:255.255.255.0
inet6 addr: 2000:aaaa:0:a::2/64 Scope:Global
inet6 addr: fe80::20c:29ff:fe5c:6a4b/64 Scope:Link
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
# route -n -A inet6
Kernel IPv6 routing table
Destination Next Hop Flags Metric Ref Use Iface
2000:aaaa:0:a::1/128 2000:aaaa:0:a::1 UC 0 2194 0 eth0
2000:aaaa:0:a::/64 :: U 256 1 0 eth0
fe80::/64 :: U 256 0 0 eth0
::/0 2000:aaaa:0:a::1 UG 1 0 0 eth0
::1/128 :: U 0 3 1 lo
2000:aaaa:0:a::2/128 :: U 0 839 1 lo
fe80::20c:29ff:fe5c:6a4b/128 :: U 0 138 1 lo
ff00::/8 :: U 256 0 0 eth0
|
Server2
# cat /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=sl6-3.localdomain
[root@sl6-3 ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE="eth0"
NM_CONTROLLED="yes"
ONBOOT="yes"
PROTO="static"
IPADDR=192.168.0.101
NETMASK=255.255.255.0
GATEWAY=192.168.0.1
IPV6INIT=yes
IPV6ADDR=2000:aaaa:0:a::3
IPV6_DEFAULTGW=2000:aaaa:0:a::1
# ifconfig | grep inet
inet addr:192.168.0.101 Bcast:192.168.0.255 Mask:255.255.255.0
inet6 addr: 2000:aaaa:0:a::3/64 Scope:Global
inet6 addr: fe80::20c:29ff:feab:bfad/64 Scope:Link
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
|
Flush iptables and ip6tables settings.
# ip6tables -F
# iptables –F
# ip6tables -L -n
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
# iptables -L -n
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
|
[ configure the Apache servers ]
Listen on IPv4 and IPv6.
Start httpd
# egrep -i ^listen /etc/httpd/conf/httpd.conf
Listen 80
# /etc/init.d/httpd start
|
[ check the health monitor status ]
logon to the LTM and issue bigtop to check the nodes status.
All nodes are UP status.
# bigtop
| bits since | bits in prior | current
| Jan 15 21:03:25 | 0 seconds | time
BIG-IP ACTIVE |---In----Out---Conn-|---In----Out---Conn-| 01:09:18
ltm1.localdomain 4.041M 4.135M 3425 0 0 0
VIRTUAL ip:port |---In----Out---Conn-|---In----Out---Conn-|-Nodes Up--
10.0.0.100:http 0 0 0 0 0 0 2
2000:aaaa:0:1::80.htt 0 0 0 0 0 0 2
NODE ip:port |---In----Out---Conn-|---In----Out---Conn-|--State----
192.168.0.101:http 0 0 0 0 0 0 UP
192.168.0.100:http 0 0 0 0 0 0 UP
2000:aaaa:0:a::2.http 0 0 0 0 0 0 UP
2000:aaaa:0:a::3.http 0 0 0 0 0 0 UP
|
Here’s an excerpt of the capture data captured on the Apache server.
IPv4
Apache : 192.168.0.100
LTM self IP : 192.168.0.1
# tshark -i eth0 port 80 | grep "192.168.0"
1.001369 192.168.0.1 -> 192.168.0.100 TCP 60275 > http [SYN] Seq=0 Win=5840 Len=0 MSS=1460 TSV=3856227756 TSER=0 WS=7
1.001398 192.168.0.100 -> 192.168.0.1 TCP http > 60275 [SYN, ACK] Seq=0 Ack=1 Win=5792 Len=0 MSS=1460 TSV=5291523 TSER=3856227756 WS=5
1.010638 192.168.0.1 -> 192.168.0.100 TCP 60275 > http [ACK] Seq=1 Ack=1 Win=5888 Len=0 TSV=3856227757 TSER=5291523
1.011670 192.168.0.1 -> 192.168.0.100 HTTP GET /
1.011701 192.168.0.100 -> 192.168.0.1 TCP http > 60275 [ACK] Seq=1 Ack=10 Win=5792 Len=0 TSV=5291533 TSER=3856227757
|
IPv6
Apache : 2000:aaaa:0:a::2
LTP self IP : 2000:aaaa:0:a::1
# tshark -i eth0 port 80 | grep "2000:"
2.001845 2000:aaaa:0:a::1 -> 2000:aaaa:0:a::2 TCP 40499 > http [SYN] Seq=0 Win=5760 Len=0 MSS=1440 TSV=3856274857 TSER=0 WS=7
2.001891 2000:aaaa:0:a::2 -> 2000:aaaa:0:a::1 TCP http > 40499 [SYN, ACK] Seq=0 Ack=1 Win=5712 Len=0 MSS=1440 TSV=5335492 TSER=3856274857 WS=5
2.010144 2000:aaaa:0:a::1 -> 2000:aaaa:0:a::2 TCP 40499 > http [ACK] Seq=1 Ack=1 Win=5760 Len=0 TSV=3856274858 TSER=5335492
2.011195 2000:aaaa:0:a::1 -> 2000:aaaa:0:a::2 HTTP GET /
2.011227 2000:aaaa:0:a::2 -> 2000:aaaa:0:a::1 TCP http > 40499 [ACK] Seq=1 Ack=10 Win=5728 Len=0 TSV=5335501 TSER=3856274858
2.011464 2000:aaaa:0:a::2 -> 2000:aaaa:0:a::1 HTTP Continuation or non-HTTP traffic
2.011579 2000:aaaa:0:a::2 -> 2000:aaaa:0:a::1 TCP http > 40499 [FIN, ACK] Seq=7 Ack=10 Win=5728 Len=0 TSV=5335501 TSER=3856274858
|
[ access to the VIP from the client ]
Client : 10.0.0.10 , 2000:aaaa:0:a:::100
VIP : 10.0.0.100 , 2000:aaaa:0:1::80
- access to the IPv4 VIP
- access to the IPv6 VIP
Please note that you need to specify the IPv6 IP address as http://[IPv6] in URL bar.
the capture data captured on the Client
Client : 10.0.0.10 , 2000:aaaa:0:a:::100
VIP : 10.0.0.100 , 2000:aaaa:0:1::80
# tshark -r aaa.pcap
1 0.000000 2000:aaaa:0:1::100 -> 2000:aaaa:0:1::80 TCP 56057 > http [SYN] Seq=0 Win=14400 Len=0 MSS=1440 TSV=702175 TSER=0 WS=6
2 0.001032 2000:aaaa:0:1::80 -> 2000:aaaa:0:1::100 TCP http > 56057 [SYN, ACK] Seq=0 Ack=1 Win=4320 Len=0 MSS=1440 TSV=3858489794 TSER=702175
3 0.001055 2000:aaaa:0:1::100 -> 2000:aaaa:0:1::80 TCP 56057 > http [ACK] Seq=1 Ack=1 Win=14400 Len=0 TSV=702177 TSER=3858489794
4 0.001157 2000:aaaa:0:1::100 -> 2000:aaaa:0:1::80 HTTP GET /favicon.ico HTTP/1.1
5 0.004364 2000:aaaa:0:1::80 -> 2000:aaaa:0:1::100 TCP [TCP segment of a reassembled PDU]
6 0.004378 2000:aaaa:0:1::100 -> 2000:aaaa:0:1::80 TCP 56057 > http [ACK] Seq=402 Ack=525 Win=15008 Len=0 TSV=702181 TSER=3858489798
7 0.004388 2000:aaaa:0:1::80 -> 2000:aaaa:0:1::100 HTTP HTTP/1.1 404 Not Found (text/html)
|
the capture data captured on the server
Client : 10.0.0.10 , 2000:aaaa:0:a:::100
Server 2000:aaaa:0:a::2
# tshark -r server.pcap | grep "2000:aaaa:0:1::100"
61 8.000757 2000:aaaa:0:1::100 -> 2000:aaaa:0:a::2 TCP 56061 > http [SYN] Seq=0 Win=4320 Len=0 MSS=1440 TSV=3858713253 TSER=0
62 8.000803 2000:aaaa:0:a::2 -> 2000:aaaa:0:1::100 TCP http > 56061 [SYN, ACK] Seq=0 Ack=1 Win=5712 Len=0 MSS=1440 TSV=7610537 TSER=3858713253
63 8.001872 2000:aaaa:0:1::100 -> 2000:aaaa:0:a::2 TCP 56061 > http [ACK] Seq=1 Ack=1 Win=4320 Len=0 TSV=3858713254 TSER=7610537
64 8.001902 2000:aaaa:0:1::100 -> 2000:aaaa:0:a::2 HTTP GET / HTTP/1.1
65 8.001925 2000:aaaa:0:a::2 -> 2000:aaaa:0:1::100 TCP http > 56061 [ACK] Seq=1 Ack=493 Win=6432 Len=0 TSV=7610538 TSER=3858713254
|
I configured cookie persistence.
check whether the LTM inserted cookie or not.
# tshark -r server.pcap -V | grep -i cookie
Cookie: lbcookie=vi2000aaaa0000000a0000000000000002.20480\r\n
Cookie: lbcookie=vi2000aaaa0000000a0000000000000002.20480\r\n
|
The LTM inserted cookie.
[ LTM configuration ]
[root@ltm1:Active] config #
[root@ltm1:Active] config # cat bigip.conf
datastor {
low water mark 80
high water mark 92
}
deduplication {}
shell write partition Common
monitor http_health_check {
defaults from http
recv "200 OK"
}
profile smtp smtp {
defaults from none
security enabled enable
}
profile persist cookie {
mode cookie
mirror disable
timeout immediate
cookie mode insert
cookie name "lbcookie"
cookie expiration immediate
cookie hash offset 0
cookie hash length 0
override connection limit disable
rule none
}
node 192.168.0.100 {
screen s1-ipv4
}
node 192.168.0.101 {
screen s2-ipv4
}
node 2000:aaaa:0:a::2 {
screen s1-ipv6
}
node 2000:aaaa:0:a::3 {
screen s2-ipv6
}
pool http-ipv4 {
monitor all http
members {
192.168.0.100:http {}
192.168.0.101:http {}
}
}
pool http-ipv6 {
monitor all http
members {
2000:aaaa:0:a::2.http {}
2000:aaaa:0:a::3.http {
session disable
}
}
}
virtual http-ipv4 {
pool http-ipv4
destination 10.0.0.100:http
ip protocol tcp
persist cookie
profiles {
http {}
tcp {}
}
}
virtual http-ipv6 {
pool http-ipv6
destination 2000:aaaa:0:1::80.http
ip protocol tcp
persist cookie
profiles {
http {}
tcp {}
}
}
[root@ltm1:Active] config #
[root@ltm1:Active] config #
[root@ltm1:Active] config # cat bigip_base.conf
mgmt 1.1.1.10 {
netmask 255.255.255.0
}
stp {
config name none
}
stp instance 0 {
interfaces {
1.1 {
external path cost 20000
internal path cost 20000
}
1.2 {
external path cost 20000
internal path cost 20000
}
}
vlans {
external
internal
}
}
self allow {
default {
tcp ssh
tcp domain
tcp snmp
tcp https
tcp f5-iquery
udp domain
udp snmp
udp efs
udp cap
udp f5-iquery
proto ospf
}
}
shell write partition Common
vlan external {
tag 4094
interfaces 1.1
}
vlan internal {
tag 4093
interfaces 1.2
}
self 10.0.0.1 {
netmask 255.255.255.0
vlan external
allow default
}
self 192.168.0.1 {
netmask 255.255.255.0
vlan internal
allow default
}
self 2000:aaaa:0:1::1 {
netmask ffff:ffff:ffff:ffff::
vlan external
allow default
}
self 2000:aaaa:0:a::1 {
netmask ffff:ffff:ffff:ffff::
vlan internal
allow default
}
statemirror {
addr 172.27.39.38
}
system {
gui setup disable
hostname "ltm1.localdomain"
}
[root@ltm1:Active] config #
|
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.