lost and found ( for me ? )

Configure IPv4 ( client – LTM ) –IPv6 ( LTM – servers ) translation

Here’s an explanation of how to set up IPv4 – IPv6 translator on BIG-IP LTM.

Clients access to the IPv4 VIP with IPv4 and LTM accesses to the IPv6 servers with LTM’s self  IP (IPv6)
Client :
 | VIP :
 |serlf IP:
LTM  ----------------------------
 |self IP: 1.2 : 2000:aaaa:0:a:0:0:0:1
Apache Server1 , Apache Server2

Server1 : 2000:aaaa:0:a:0:0:0:2
Server2 : 2000:aaaa:0:a:0:0:0:3

Create a virtual server for Ipv4 – IPv6 translation
Local Traffic -> Virtual Servers -> Create
Specify an IPv4 as VIP

Specify IPv6 pool

Access to the IPv4 VIP from IPv4 client
a capture data between client and LTM ( IPv4 )
# tshark -r zzz.pcap | head -5
Running as user "root" and group "root". This could be dangerous.
 1   0.000000 ->   TCP 57658 > http [SYN] Seq=0 Win=14600 Len=0 MSS=1460 TSV=123145 TSER=0 WS=6
 2   0.001120 ->    TCP http > 57658 [SYN, ACK] Seq=0 Ack=1 Win=4380 Len=0 MSS=1460 TSV=4137570965 TSER=123145
 3   0.001140 ->   TCP 57658 > http [ACK] Seq=1 Ack=1 Win=14600 Len=0 TSV=123146 TSER=4137570965
 4   0.001210 ->   HTTP GET / HTTP/1.1

a cap data between LTM and server
34   2.600178 2000:aaaa:0:a::1 -> 2000:aaaa:0:a::3 HTTP GET /zzz HTTP/1.1
35   2.600198 2000:aaaa:0:a::3 -> 2000:aaaa:0:a::1 TCP http > 57669 [ACK] Seq=1 Ack=498 W
in=6432 Len=0 TSV=260594613 TSER=4137747486
36   2.600586 2000:aaaa:0:a::3 -> 2000:aaaa:0:a::1 HTTP HTTP/1.1 404 Not Found  (text/htm
37   2.600651 2000:aaaa:0:a::3 -> 2000:aaaa:0:a::1 TCP http > 57669 [FIN, ACK] Seq=478 Ac
k=498 Win=6432 Len=0 TSV=260594614 TSER=4137747486

session persistence method is cookie insert mode.
Let’s check whether LTM insert cookie into HTTP headers or not
# tshark -r zzz.pcap -V | grep -i cookie | head -3
   Cookie: lbcookie=vi2000aaaa0000000a0000000000000003.20480\r\n
   Cookie: lbcookie=vi2000aaaa0000000a0000000000000003.20480\r\n
   Cookie: lbcookie=vi2000aaaa0000000a0000000000000003.20480\r\n

LTM inserted cookie into HTTP header.

Insert Clients original IP into HTTP header

When the LTM accesses to IPv6 servers , LTM use its self IP ( IPv6 ) not clients IP ( IPv4 ).
So Apache can’t determine whether clients come from.
So inserting original client IP into HTTP header is very useful when you face problems or something.

Local Traffic -> Profiles -> Services -> HTTP -

create the profile ( http_client_IP )
check “Custom” button

enable “Insert X-Forward-For”

Local Traffic -> Virtual Servers -> Virtual Server List -> http-v4-v6

Choose “http_client_IP” as HTTP Profile and then click “Update”

cap data
   Source: 2000:aaaa:0:a::1 (2000:aaaa:0:a::1) <- LTM self IP
   Destination: 2000:aaaa:0:a::3 (2000:aaaa:0:a::3) <- the server’s IP

Hypertext Transfer Protocol
   GET /zzz HTTP/1.1\r\n
       [Expert Info (Chat/Sequence): GET /zzz HTTP/1.1\r\n]
           [Message: GET /zzz HTTP/1.1\r\n]
           [Severity level: Chat]
           [Group: Sequence]
       Request Method: GET
       Request URI: /zzz
       Request Version: HTTP/1.1
   User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv: Gecko/20111108 Red Ha
t/3.6.24-3.el6_1 Firefox/3.6.24\r\n
   Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\n
   Accept-Language: en-us,en;q=0.5\r\n
   Accept-Encoding: gzip,deflate\r\n
   Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7\r\n
   Keep-Alive: 115\r\n
   Connection: keep-alive\r\n
   Cookie: lbcookie=vi2000aaaa0000000a0000000000000003.20480\r\n
   Cache-Control: max-age=0\r\n
   X-Forwarded-For:\r\n <- Client real IP

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.