Here’s an explanation of how to set up IPv6 – IPv4 translator on LTM devices.
Clients access to the IPv6 VIP (2000:aaaa:0:1::81 ) with IPv6 and the LTM device accesses to the IPv4 servers with LTM’s self IP ( IPv4 )
Client : 2000:aaaa:0:1:::100
|
vSwitch
|
| VIP : 2000:aaaa:0:1::81
|serlf IP: 1.1 : 2000:aaaa:0:1::1/64
LTM ----------------------------
|self IP: 1.2 : 192.168.0.1
|
vSwitch
|
Apache Server1 , Apache Server2
|
Server1(Scientific Linux 6) : 192.168.0.100
Server2 (Scientific Linux 6): 192.168.0.101
Client --- LTM : IPv6 network
LTM --- Server : IPv4 network
create a virtual server which translates to IPv4 from IPv6
create the virtual server called http-v6-v4
Local Traffic -> Virtual Servers -> Create
Specify IPv6 address as VIP
Choose the pool which has IPv4 address.
bigip.conf
virtual http-v6-v4 {
pool http-ipv4
destination 2000:aaaa:0:1::81.http
ip protocol tcp
persist cookie
profiles {
http {}
tcp {}
}
}
|
access to the IPv6 VIP from the client
VIP : 2000:aaaa:0:1::81
The capture data captured on the Client ( IPv6 – IPv6 VIP )
Client : 2000:aaaa:0:1::100
VIP : 2000:aaaa:0:1::81
# tshark -r abc.pcap
Running as user "root" and group "root". This could be dangerous.
1 0.000000 2000:aaaa:0:1::100 -> 2000:aaaa:0:1::81 TCP 51413 > http [SYN] Seq=0 Win=14400 Len=0 MSS=1440 TSV=64368313 TSER=0 WS=6
2 0.001143 2000:aaaa:0:1::81 -> 2000:aaaa:0:1::100 TCP http > 51413 [SYN, ACK] Seq=0 Ack=1 Win=4320 Len=0 MSS=1440 TSV=3928527043 TSER=64368313
3 0.001161 2000:aaaa:0:1::100 -> 2000:aaaa:0:1::81 TCP 51413 > http [ACK] Seq=1 Ack=1 Win=14400 Len=0 TSV=64368315 TSER=3928527043
4 0.001245 2000:aaaa:0:1::100 -> 2000:aaaa:0:1::81 HTTP GET / HTTP/1.1
5 0.004450 2000:aaaa:0:1::81 -> 2000:aaaa:0:1::100 HTTP HTTP/1.1 304 Not Modified
|
The capture date captured on the Server ( IPv4 – IPv4 )
LTM access to the real server with LTM self IP ( 192.168.0.1 )
Source: 192.168.0.1 (192.168.0.1) <- LTM self IP
Destination: 192.168.0.100 (192.168.0.100) <- Real Server IP
Transmission Control Protocol, Src Port: 51393 (51393), Dst Port: http (80), Seq
Hypertext Transfer Protocol
GET / HTTP/1.1\r\n
[Expert Info (Chat/Sequence): GET / HTTP/1.1\r\n]
[Message: GET / HTTP/1.1\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Method: GET
Request URI: /
Request Version: HTTP/1.1
Host: [2000:aaaa:0:1::81]\r\n
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.24) Gecko/20111108 Red Hat/3.6.24-3.el6_1 Firefox/3.6.24\r\n
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\n
Accept-Language: en-us,en;q=0.5\r\n
Accept-Encoding: gzip,deflate\r\n
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7\r\n
Keep-Alive: 115\r\n
Connection: keep-alive\r\n
Cookie: lbcookie=1677764800.20480.0000\r\n
If-Modified-Since: Mon, 05 Sep 2011 05:53:44 GMT\r\n
If-None-Match: "43e0c-6-4ac2b558203d3"\r\n
Cache-Control: max-age=0\r\n
\r\n
|
Insert Clients original IP into HTTP header
When the LTM accesses to IPv4 servers , LTM use its self IP ( IPv4 ) not clients IP ( IPv6 ).
So Apache can’t determine whether clients come from.
So inserting original client IP into HTTP header is very useful when you face problems or something.
Local Traffic -> Profiles -> Services -> HTTP -
create the profile ( http_client_IP )
check “Custom” button
enable “Insert X-Forward-For”
Local Traffic -> Virtual Servers -> Virtual Server List -> http-v6-v4
Choose “http_client_IP” as HTTP Profile and then click “Update”
The Capture data captured on the Apache
Internet Protocol, Src: 192.168.0.1 (192.168.0.1), Dst: 192.168.0.100 (192.168.0
.100)
Hypertext Transfer Protocol
GET / HTTP/1.1\r\n
Cookie: lbcookie=1677764800.20480.0000\r\n
If-Modified-Since: Mon, 05 Sep 2011 05:53:44 GMT\r\n
If-None-Match: "43e0c-6-4ac2b558203d3"\r\n
Cache-Control: max-age=0\r\n
X-Forwarded-For: 2000:aaaa:0:1::100\r\n <- client IP
\r\n
|
192.168.0.1 : LTM self IP
192.168.0.100 : server’s real IP
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.