how to control how many IPv6 addresses your Linux devices have at a maximum

small tips

just referred to http://www.cyberciti.biz/faq/redhat-centos-rhel-fedora-linux-add-multiple-ip-samenic/.
many thx !

How many IPv6 addresses Linux host gets is defined in the 
/proc/sys/net/ipv6/conf/all/max_addresses
or
/proc/sys/net/ipv6/conf/<eth number>/max_addresses

all interfaces

# cat /proc/sys/net/ipv6/conf/all/max_addresses 16

per NIC interface

# cat /proc/sys/net/ipv6/conf/eth0/max_addresses 16

So you can control how many IPv6 addresses your Linux system gets by editing this value.

# tail -1 /etc/sysctl.conf net.ipv6.conf.all.max_addresses=1

Solaris 10 : how to assign IPv4 and IPv6 addresses temporally with ifconfig

small tips

bash-3.2# uname –a SunOS unknown 5.10 Generic_147441-01 i86pc i386 i86pc

[ IPv4 ]

e1000g1 is an interface name.

# ifconfig e1000g1 plumb up # ifconfig e1000g1 192.168.0.1/24 up

[ IPv6 ]

e1000g1 is an interface name.
An IPv6 address seems to be added to an alias interface ( in this case , e1000g1:1 )

# ifconfig e1000g1 inet6 plumb up # ifconfig e1000g1 inet6 addif aaaa::bbbb/64 up Created new logical interface e1000g1:1 # ifconfig -a e1000g1:1: flags=2000841<UP,RUNNING,MULTICAST,IPv6> mtu 1500 index 3        inet6 aaaa::bbbb/64

Configure IPv4 ( client – LTM ) –IPv6 ( LTM – servers ) translation

Here’s an explanation of how to set up IPv4 – IPv6 translator on BIG-IP LTM.

Clients access to the IPv4 VIP with IPv4 and LTM accesses to the IPv6 servers with LTM’s self  IP (IPv6)

Client : 10.0.0.10  | vSwitch  |  | VIP : 10.0.0.120  |serlf IP: 10.0.0.1 LTM  ----------------------------  |self IP: 1.2 : 2000:aaaa:0:a:0:0:0:1  | vSwitch  | Apache Server1 , Apache Server2

Server1 : 2000:aaaa:0:a:0:0:0:2

Server2 : 2000:aaaa:0:a:0:0:0:3

Create a virtual server for Ipv4 – IPv6 translation

Local Traffic -> Virtual Servers -> Create

Specify an IPv4 as VIP

Specify IPv6 pool

Access to the IPv4 VIP from IPv4 client

a capture data between client and LTM ( IPv4 )

# tshark -r zzz.pcap | head -5 Running as user "root" and group "root". This could be dangerous.  1   0.000000    10.0.0.10 -> 10.0.0.120   TCP 57658 > http [SYN] Seq=0 Win=14600 Len=0 MSS=1460 TSV=123145 TSER=0 WS=6  2   0.001120   10.0.0.120 -> 10.0.0.10    TCP http > 57658 [SYN, ACK] Seq=0 Ack=1 Win=4380 Len=0 MSS=1460 TSV=4137570965 TSER=123145  3   0.001140    10.0.0.10 -> 10.0.0.120   TCP 57658 > http [ACK] Seq=1 Ack=1 Win=14600 Len=0 TSV=123146 TSER=4137570965  4   0.001210    10.0.0.10 -> 10.0.0.120   HTTP GET / HTTP/1.1

a cap data between LTM and server

34   2.600178 2000:aaaa:0:a::1 -> 2000:aaaa:0:a::3 HTTP GET /zzz HTTP/1.1 35   2.600198 2000:aaaa:0:a::3 -> 2000:aaaa:0:a::1 TCP http > 57669 [ACK] Seq=1 Ack=498 W in=6432 Len=0 TSV=260594613 TSER=4137747486 36   2.600586 2000:aaaa:0:a::3 -> 2000:aaaa:0:a::1 HTTP HTTP/1.1 404 Not Found  (text/htm l) 37   2.600651 2000:aaaa:0:a::3 -> 2000:aaaa:0:a::1 TCP http > 57669 [FIN, ACK] Seq=478 Ac k=498 Win=6432 Len=0 TSV=260594614 TSER=4137747486

session persistence method is cookie insert mode.

Let’s check whether LTM insert cookie into HTTP headers or not

# tshark -r zzz.pcap -V | grep -i cookie | head -3    Cookie: lbcookie=vi2000aaaa0000000a0000000000000003.20480\r\n    Cookie: lbcookie=vi2000aaaa0000000a0000000000000003.20480\r\n    Cookie: lbcookie=vi2000aaaa0000000a0000000000000003.20480\r\n

LTM inserted cookie into HTTP header.

Insert Clients original IP into HTTP header

When the LTM accesses to IPv6 servers , LTM use its self IP ( IPv6 ) not clients IP ( IPv4 ).

So Apache can’t determine whether clients come from.

So inserting original client IP into HTTP header is very useful when you face problems or something.

Local Traffic -> Profiles -> Services -> HTTP -

create the profile ( http_client_IP )

check “Custom” button

enable “Insert X-Forward-For”

Local Traffic -> Virtual Servers -> Virtual Server List -> http-v4-v6

Choose “http_client_IP” as HTTP Profile and then click “Update”

cap data

Source: 2000:aaaa:0:a::1 (2000:aaaa:0:a::1) <- LTM self IP    Destination: 2000:aaaa:0:a::3 (2000:aaaa:0:a::3) <- the server’s IP Hypertext Transfer Protocol    GET /zzz HTTP/1.1\r\n        [Expert Info (Chat/Sequence): GET /zzz HTTP/1.1\r\n]            [Message: GET /zzz HTTP/1.1\r\n]            [Severity level: Chat]            [Group: Sequence]        Request Method: GET        Request URI: /zzz        Request Version: HTTP/1.1    Host: 10.0.0.120\r\n    User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.24) Gecko/20111108 Red Ha t/3.6.24-3.el6_1 Firefox/3.6.24\r\n    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\n    Accept-Language: en-us,en;q=0.5\r\n    Accept-Encoding: gzip,deflate\r\n    Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7\r\n    Keep-Alive: 115\r\n    Connection: keep-alive\r\n    Cookie: lbcookie=vi2000aaaa0000000a0000000000000003.20480\r\n    Cache-Control: max-age=0\r\n    X-Forwarded-For: 10.0.0.10\r\n <- Client real IP    \r\n

Configure IPv6 ( client – LTM ) -IPv4 ( LTM – servers ) translation

Here’s an explanation of how to set up IPv6 – IPv4 translator on LTM devices.

Clients access to the IPv6 VIP (2000:aaaa:0:1::81 ) with IPv6 and the LTM device accesses to the IPv4 servers with LTM’s self IP ( IPv4 )

Client : 2000:aaaa:0:1:::100  | vSwitch  |  | VIP : 2000:aaaa:0:1::81  |serlf IP: 1.1 : 2000:aaaa:0:1::1/64 LTM  ----------------------------  |self IP: 1.2 : 192.168.0.1  | vSwitch  | Apache Server1 , Apache Server2

Server1(Scientific Linux 6) : 192.168.0.100

Server2 (Scientific Linux 6): 192.168.0.101

Client --- LTM : IPv6 network

LTM --- Server : IPv4 network

create a virtual server which translates to IPv4 from IPv6

create the virtual server called http-v6-v4

Local Traffic -> Virtual Servers -> Create

Specify IPv6 address as VIP

Choose the pool which has IPv4 address.

bigip.conf

virtual http-v6-v4 {   pool http-ipv4   destination 2000:aaaa:0:1::81.http   ip protocol tcp   persist cookie   profiles {      http {}      tcp {}   } }

access to the IPv6 VIP from the client

VIP : 2000:aaaa:0:1::81

The capture data captured on the Client ( IPv6 – IPv6 VIP )

Client : 2000:aaaa:0:1::100

VIP : 2000:aaaa:0:1::81

# tshark -r abc.pcap Running as user "root" and group "root". This could be dangerous.  1   0.000000 2000:aaaa:0:1::100 -> 2000:aaaa:0:1::81 TCP 51413 > http [SYN] Seq=0 Win=14400 Len=0 MSS=1440 TSV=64368313 TSER=0 WS=6  2   0.001143 2000:aaaa:0:1::81 -> 2000:aaaa:0:1::100 TCP http > 51413 [SYN, ACK] Seq=0 Ack=1 Win=4320 Len=0 MSS=1440 TSV=3928527043 TSER=64368313  3   0.001161 2000:aaaa:0:1::100 -> 2000:aaaa:0:1::81 TCP 51413 > http [ACK] Seq=1 Ack=1 Win=14400 Len=0 TSV=64368315 TSER=3928527043  4   0.001245 2000:aaaa:0:1::100 -> 2000:aaaa:0:1::81 HTTP GET / HTTP/1.1  5   0.004450 2000:aaaa:0:1::81 -> 2000:aaaa:0:1::100 HTTP HTTP/1.1 304 Not Modified

The capture date captured on the Server ( IPv4 – IPv4 )

LTM access to the real server with LTM self IP ( 192.168.0.1 )

Source: 192.168.0.1 (192.168.0.1) <- LTM self IP    Destination: 192.168.0.100 (192.168.0.100) <- Real Server IP Transmission Control Protocol, Src Port: 51393 (51393), Dst Port: http (80), Seq Hypertext Transfer Protocol    GET / HTTP/1.1\r\n        [Expert Info (Chat/Sequence): GET / HTTP/1.1\r\n]            [Message: GET / HTTP/1.1\r\n]            [Severity level: Chat]            [Group: Sequence]        Request Method: GET        Request URI: /        Request Version: HTTP/1.1    Host: [2000:aaaa:0:1::81]\r\n    User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.24) Gecko/20111108 Red Hat/3.6.24-3.el6_1 Firefox/3.6.24\r\n    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\n    Accept-Language: en-us,en;q=0.5\r\n    Accept-Encoding: gzip,deflate\r\n    Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7\r\n    Keep-Alive: 115\r\n    Connection: keep-alive\r\n    Cookie: lbcookie=1677764800.20480.0000\r\n    If-Modified-Since: Mon, 05 Sep 2011 05:53:44 GMT\r\n    If-None-Match: "43e0c-6-4ac2b558203d3"\r\n    Cache-Control: max-age=0\r\n    \r\n

Insert Clients original IP into HTTP header

When the LTM accesses to IPv4 servers , LTM use its self IP ( IPv4 ) not clients IP ( IPv6 ).

So Apache can’t determine whether clients come from.

So inserting original client IP into HTTP header is very useful when you face problems or something.

Local Traffic -> Profiles -> Services -> HTTP -

create the profile ( http_client_IP )

check “Custom” button

enable “Insert X-Forward-For”

Local Traffic -> Virtual Servers -> Virtual Server List -> http-v6-v4

Choose “http_client_IP” as HTTP Profile and then click “Update”

The Capture data captured on the Apache

Internet Protocol, Src: 192.168.0.1 (192.168.0.1), Dst: 192.168.0.100 (192.168.0 .100) Hypertext Transfer Protocol    GET / HTTP/1.1\r\n    Cookie: lbcookie=1677764800.20480.0000\r\n    If-Modified-Since: Mon, 05 Sep 2011 05:53:44 GMT\r\n    If-None-Match: "43e0c-6-4ac2b558203d3"\r\n    Cache-Control: max-age=0\r\n    X-Forwarded-For: 2000:aaaa:0:1::100\r\n　<- client IP    \r\n

192.168.0.1 : LTM self IP

192.168.0.100 : server’s real IP

BIG-IP : configure IPv4 , IPv6 dual stack virtual servers

Here’s an explanation of how to set up IPv4/IPv6 virtual servers.

Client IPv4 <--> VIP IPv4 <--> Server IPv4

Client IPv6 <--> VIP IPv6 <--> Server IPv6

# b version | head -5 Kernel: Linux 2.6.18-164.2.1.el5.1.0.f5app Package: BIG-IP Version 10.1.0 3341.1084 Final Edition

Client : 10.0.0.10 , 2000:aaaa:0:1:::100  | vSwitch  |  | VIP : 10.0.0.100 , 2000:aaaa:0:1::80  |serlf IP: 1.1 : 10.0.0.1 , 2000:aaaa:0:1::1/64 LTM  ----------------------------  |self IP: 1.2 : 192.168.0.1 , 2000:aaaa:0:a::1/64  | vSwitch  | Apache Server1 , Apache Server2

Server1(Scientific Linux 6) : 192.168.0.100 , 2000:aaaa:0:a::2/64

Server2 (Scientific Linux 6): 192.168.0.101 , 2000:aaaa:0:a::3/64

[ configure IPv6 addresses on LTM’s self IP ]

GUI -> Network -> Self IPs

- bigip_base.conf

vlan external {   tag 4094   interfaces 1.1 } vlan internal {   tag 4093   interfaces 1.2 } self 10.0.0.1 {   netmask 255.255.255.0   vlan external   allow default } self 192.168.0.1 {   netmask 255.255.255.0   vlan internal   allow default } self 2000:aaaa:0:1::1 {   netmask ffff:ffff:ffff:ffff::   vlan external   allow default } self 2000:aaaa:0:a::1 {   netmask ffff:ffff:ffff:ffff::   vlan internal   allow default }

[ configure nodes and pools ]

Local Traffic -> Nodes

create four nodes ( s1-ipv4 , s1-ipv6 , s2-ipv4 , s2-ipv6 )

bigip.conf

node 192.168.0.100 {   screen s1-ipv4 } node 192.168.0.101 {   screen s2-ipv4 } node 2000:aaaa:0:a::2 {   screen s1-ipv6 } node 2000:aaaa:0:a::3 {   screen s2-ipv6 }

create pools

Local Traffic -> Pools -> Create

This pool is for IPv4

This pool is for IPv6

bigip.conf

pool http-ipv4 {   monitor all http   members {      192.168.0.100:http {}      192.168.0.101:http {}   } } pool http-ipv6 {   monitor all http   members {      2000:aaaa:0:a::2.http {}      2000:aaaa:0:a::3.http {}   } }

[ configure virtual servers ]

VIP : VIP : 10.0.0.100 , 2000:aaaa:0:1::80

Local Traffic -> Virtual Servers -> Create

This is for IPv4

Client : IPv4 --- VIP : IPv4 --- Server : IPv4

This is for IPV6

Client : IPv6 --- VIP : IPv6 --- Server : IPv6

bigip.conf

virtual http-ipv4 {   pool http-ipv4   destination 10.0.0.100:http   ip protocol tcp   persist cookie   profiles {      http {}      tcp {}   } } virtual http-ipv6 {   pool http-ipv6   destination 2000:aaaa:0:1::80.http   ip protocol tcp   persist cookie   profiles {      http {}      tcp {}   } }

[ configure Server’s IP address (Scientific Linux 6) ]

Server1

[root@sl6-2 ~]# cat /etc/sysconfig/network NETWORKING=yes HOSTNAME=sl6-2.localdomain [root@sl6-2 ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0 DEVICE="eth0" HWADDR="00:0C:29:zz:zz:zz" NM_CONTROLLED="yes" ONBOOT="yes" PROTO="static" IPADDR=192.168.0.100 NETMASK=255.255.255.0 GATEWAY=192.168.0.1 IPV6INIT=yes IPV6ADDR=2000:aaaa:0:a::2 IPV6_DEFAULTGW=2000:aaaa:0:a::1 # ifconfig | grep inet          inet addr:192.168.0.100  Bcast:192.168.0.255  Mask:255.255.255.0          inet6 addr: 2000:aaaa:0:a::2/64 Scope:Global          inet6 addr: fe80::20c:29ff:fe5c:6a4b/64 Scope:Link          inet addr:127.0.0.1  Mask:255.0.0.0          inet6 addr: ::1/128 Scope:Host # route -n -A inet6 Kernel IPv6 routing table Destination                                 Next Hop                                Flags Metric Ref    Use Iface 2000:aaaa:0:a::1/128                        2000:aaaa:0:a::1                        UC    0      2194       0 eth0     2000:aaaa:0:a::/64                          ::                                      U     256    1        0 eth0     fe80::/64                                   ::                                      U     256    0        0 eth0     ::/0                                        2000:aaaa:0:a::1                        UG    1      0        0 eth0     ::1/128                                     ::                                      U     0      3        1 lo       2000:aaaa:0:a::2/128                        ::                                      U     0      839       1 lo       fe80::20c:29ff:fe5c:6a4b/128                ::                                      U     0      138       1 lo       ff00::/8                                    ::                                      U     256    0        0 eth0

Server2

# cat /etc/sysconfig/network NETWORKING=yes HOSTNAME=sl6-3.localdomain [root@sl6-3 ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0 DEVICE="eth0" NM_CONTROLLED="yes" ONBOOT="yes" PROTO="static" IPADDR=192.168.0.101 NETMASK=255.255.255.0 GATEWAY=192.168.0.1 IPV6INIT=yes IPV6ADDR=2000:aaaa:0:a::3 IPV6_DEFAULTGW=2000:aaaa:0:a::1 # ifconfig | grep inet          inet addr:192.168.0.101  Bcast:192.168.0.255  Mask:255.255.255.0          inet6 addr: 2000:aaaa:0:a::3/64 Scope:Global          inet6 addr: fe80::20c:29ff:feab:bfad/64 Scope:Link          inet addr:127.0.0.1  Mask:255.0.0.0          inet6 addr: ::1/128 Scope:Host

Flush iptables and ip6tables settings.

# ip6tables -F # iptables –F # ip6tables -L -n Chain INPUT (policy ACCEPT) target     prot opt source               destination          Chain FORWARD (policy ACCEPT) target     prot opt source               destination          Chain OUTPUT (policy ACCEPT) target     prot opt source               destination          # iptables -L -n Chain INPUT (policy ACCEPT) target     prot opt source               destination          Chain FORWARD (policy ACCEPT) target     prot opt source               destination          Chain OUTPUT (policy ACCEPT) target     prot opt source               destination

[ configure the Apache servers ]

Listen on IPv4 and IPv6.

Start httpd

# egrep -i ^listen /etc/httpd/conf/httpd.conf Listen 80 # /etc/init.d/httpd start

[ check the health monitor status ]

logon to the LTM and issue bigtop to check the nodes status.

All nodes are UP status.

# bigtop                      |  bits  since  |  bits  in prior    |  current                     |  Jan 15 21:03:25   |  0 seconds         |  time BIG-IP      ACTIVE   |---In----Out---Conn-|---In----Out---Conn-|  01:09:18 ltm1.localdomain      4.041M 4.135M   3425 0      0      0 VIRTUAL ip:port      |---In----Out---Conn-|---In----Out---Conn-|-Nodes Up-- 10.0.0.100:http            0  0 0 0      0      0      2 2000:aaaa:0:1::80.htt   0  0 0 0      0      0      2 NODE ip:port         |---In----Out---Conn-|---In----Out---Conn-|--State---- 192.168.0.101:http         0  0 0 0      0      0 UP 192.168.0.100:http         0  0 0 0      0      0 UP 2000:aaaa:0:a::2.http   0  0 0 0      0      0 UP 2000:aaaa:0:a::3.http   0  0 0 0      0      0 UP

Here’s an excerpt of the capture data captured on the Apache server.

IPv4

Apache : 192.168.0.100

LTM self IP : 192.168.0.1

# tshark -i eth0 port 80 | grep "192.168.0"  1.001369  192.168.0.1 -> 192.168.0.100 TCP 60275 > http [SYN] Seq=0 Win=5840 Len=0 MSS=1460 TSV=3856227756 TSER=0 WS=7  1.001398 192.168.0.100 -> 192.168.0.1  TCP http > 60275 [SYN, ACK] Seq=0 Ack=1 Win=5792 Len=0 MSS=1460 TSV=5291523 TSER=3856227756 WS=5  1.010638  192.168.0.1 -> 192.168.0.100 TCP 60275 > http [ACK] Seq=1 Ack=1 Win=5888 Len=0 TSV=3856227757 TSER=5291523  1.011670  192.168.0.1 -> 192.168.0.100 HTTP GET /  1.011701 192.168.0.100 -> 192.168.0.1  TCP http > 60275 [ACK] Seq=1 Ack=10 Win=5792 Len=0 TSV=5291533 TSER=3856227757

IPv6

Apache : 2000:aaaa:0:a::2

LTP self IP : 2000:aaaa:0:a::1

# tshark -i eth0 port 80 | grep "2000:"  2.001845 2000:aaaa:0:a::1 -> 2000:aaaa:0:a::2 TCP 40499 > http [SYN] Seq=0 Win=5760 Len=0 MSS=1440 TSV=3856274857 TSER=0 WS=7  2.001891 2000:aaaa:0:a::2 -> 2000:aaaa:0:a::1 TCP http > 40499 [SYN, ACK] Seq=0 Ack=1 Win=5712 Len=0 MSS=1440 TSV=5335492 TSER=3856274857 WS=5  2.010144 2000:aaaa:0:a::1 -> 2000:aaaa:0:a::2 TCP 40499 > http [ACK] Seq=1 Ack=1 Win=5760 Len=0 TSV=3856274858 TSER=5335492  2.011195 2000:aaaa:0:a::1 -> 2000:aaaa:0:a::2 HTTP GET /  2.011227 2000:aaaa:0:a::2 -> 2000:aaaa:0:a::1 TCP http > 40499 [ACK] Seq=1 Ack=10 Win=5728 Len=0 TSV=5335501 TSER=3856274858  2.011464 2000:aaaa:0:a::2 -> 2000:aaaa:0:a::1 HTTP Continuation or non-HTTP traffic  2.011579 2000:aaaa:0:a::2 -> 2000:aaaa:0:a::1 TCP http > 40499 [FIN, ACK] Seq=7 Ack=10 Win=5728 Len=0 TSV=5335501 TSER=3856274858

[ access to the VIP from the client ]

Client : 10.0.0.10 , 2000:aaaa:0:a:::100

VIP : 10.0.0.100 , 2000:aaaa:0:1::80

- access to the IPv4 VIP

- access to the IPv6 VIP

Please note that you need to specify the IPv6 IP address as  http://[IPv6] in URL bar.

the capture data captured on the Client

Client : 10.0.0.10 , 2000:aaaa:0:a:::100

VIP : 10.0.0.100 , 2000:aaaa:0:1::80

# tshark -r aaa.pcap  1   0.000000 2000:aaaa:0:1::100 -> 2000:aaaa:0:1::80 TCP 56057 > http [SYN] Seq=0 Win=14400 Len=0 MSS=1440 TSV=702175 TSER=0 WS=6  2   0.001032 2000:aaaa:0:1::80 -> 2000:aaaa:0:1::100 TCP http > 56057 [SYN, ACK] Seq=0 Ack=1 Win=4320 Len=0 MSS=1440 TSV=3858489794 TSER=702175  3   0.001055 2000:aaaa:0:1::100 -> 2000:aaaa:0:1::80 TCP 56057 > http [ACK] Seq=1 Ack=1 Win=14400 Len=0 TSV=702177 TSER=3858489794  4   0.001157 2000:aaaa:0:1::100 -> 2000:aaaa:0:1::80 HTTP GET /favicon.ico HTTP/1.1  5   0.004364 2000:aaaa:0:1::80 -> 2000:aaaa:0:1::100 TCP [TCP segment of a reassembled PDU]  6   0.004378 2000:aaaa:0:1::100 -> 2000:aaaa:0:1::80 TCP 56057 > http [ACK] Seq=402 Ack=525 Win=15008 Len=0 TSV=702181 TSER=3858489798  7   0.004388 2000:aaaa:0:1::80 -> 2000:aaaa:0:1::100 HTTP HTTP/1.1 404 Not Found  (text/html)

the capture data captured on the server

Client : 10.0.0.10 , 2000:aaaa:0:a:::100

Server 2000:aaaa:0:a::2

# tshark -r server.pcap | grep "2000:aaaa:0:1::100" 61   8.000757 2000:aaaa:0:1::100 -> 2000:aaaa:0:a::2 TCP 56061 > http [SYN] Seq=0 Win=4320 Len=0 MSS=1440 TSV=3858713253 TSER=0 62   8.000803 2000:aaaa:0:a::2 -> 2000:aaaa:0:1::100 TCP http > 56061 [SYN, ACK] Seq=0 Ack=1 Win=5712 Len=0 MSS=1440 TSV=7610537 TSER=3858713253 63   8.001872 2000:aaaa:0:1::100 -> 2000:aaaa:0:a::2 TCP 56061 > http [ACK] Seq=1 Ack=1 Win=4320 Len=0 TSV=3858713254 TSER=7610537 64   8.001902 2000:aaaa:0:1::100 -> 2000:aaaa:0:a::2 HTTP GET / HTTP/1.1 65   8.001925 2000:aaaa:0:a::2 -> 2000:aaaa:0:1::100 TCP http > 56061 [ACK] Seq=1 Ack=493 Win=6432 Len=0 TSV=7610538 TSER=3858713254

I configured cookie persistence.

check whether the LTM inserted cookie or not.

# tshark -r server.pcap -V | grep -i cookie    Cookie: lbcookie=vi2000aaaa0000000a0000000000000002.20480\r\n    Cookie: lbcookie=vi2000aaaa0000000a0000000000000002.20480\r\n

The LTM inserted cookie.

[ LTM configuration ]

[root@ltm1:Active] config # [root@ltm1:Active] config # cat bigip.conf datastor {   low water mark 80   high water mark 92 } deduplication {} shell write partition Common monitor http_health_check {   defaults from http   recv "200 OK" } profile smtp smtp {   defaults from none   security enabled enable } profile persist cookie {   mode cookie   mirror disable   timeout immediate   cookie mode insert   cookie name "lbcookie"   cookie expiration immediate   cookie hash offset 0   cookie hash length 0   override connection limit disable   rule none } node 192.168.0.100 {   screen s1-ipv4 } node 192.168.0.101 {   screen s2-ipv4 } node 2000:aaaa:0:a::2 {   screen s1-ipv6 } node 2000:aaaa:0:a::3 {   screen s2-ipv6 } pool http-ipv4 {   monitor all http   members {      192.168.0.100:http {}      192.168.0.101:http {}   } } pool http-ipv6 {   monitor all http   members {      2000:aaaa:0:a::2.http {}      2000:aaaa:0:a::3.http {         session disable      }   } } virtual http-ipv4 {   pool http-ipv4   destination 10.0.0.100:http   ip protocol tcp   persist cookie   profiles {      http {}      tcp {}   } } virtual http-ipv6 {   pool http-ipv6   destination 2000:aaaa:0:1::80.http   ip protocol tcp   persist cookie   profiles {      http {}      tcp {}   } } [root@ltm1:Active] config # [root@ltm1:Active] config # [root@ltm1:Active] config # cat bigip_base.conf mgmt 1.1.1.10 {   netmask 255.255.255.0 } stp {   config name none } stp instance 0 {   interfaces {      1.1 {         external path cost 20000         internal path cost 20000      }      1.2 {         external path cost 20000         internal path cost 20000      }   }   vlans {      external      internal   } } self allow {   default {      tcp ssh      tcp domain      tcp snmp      tcp https      tcp f5-iquery      udp domain      udp snmp      udp efs      udp cap      udp f5-iquery      proto ospf   } } shell write partition Common vlan external {   tag 4094   interfaces 1.1 } vlan internal {   tag 4093   interfaces 1.2 } self 10.0.0.1 {   netmask 255.255.255.0   vlan external   allow default } self 192.168.0.1 {   netmask 255.255.255.0   vlan internal   allow default } self 2000:aaaa:0:1::1 {   netmask ffff:ffff:ffff:ffff::   vlan external   allow default } self 2000:aaaa:0:a::1 {   netmask ffff:ffff:ffff:ffff::   vlan internal   allow default } statemirror {   addr 172.27.39.38 } system {   gui setup disable   hostname "ltm1.localdomain" } [root@ltm1:Active] config #