LVS
lvs-users
Google
 
Web LinuxVirtualServer.org

Re: [lvs-users] IPv6 loadbalancer and source addr selection

To: lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Subject: Re: [lvs-users] IPv6 loadbalancer and source addr selection
From: Anders Henke <anders.henke@xxxxxxxx>
Date: Thu, 9 Jan 2014 11:25:58 +0100
On 08.01.2014, Michael Schwartzkopff wrote:
> I want to set up a IPv6 load balancer in direct routing mode. So I configure a
> IPv6 address an my loadbalancer and the same IPv6 addr on the lo interface of
> the real servers.
>
> No to the problem:
> Since the IPv6 is the last IPv6 address configured on the interface in that
> subnet the loadbalancer uses this IPv6 addr to communicate with the real
> server. The real server answers to the IPv6 addr on the lo interface and to
> communication is possible.
>
> So no connection from the loadbalancer to the real server is possible.
>
> I found a solution via the ip -6 addlabel (see RFC 6724). No I am wondering if
> the is a more simle solution. Any hints? Thanks.

There are multiple ways to achieve this.

You noted the adress label, but according to RFC 3484, there are other ways 
with even higher preferences to influence the source address selection.


First of all, you may mark the services IP addresses as being deprecated:

/sbin/ip address change 2001:db8::1/64 dev eth0 preferred_lft 0

This IP address will be avoided in the default address selection, but still 
serve incoming requests. Intention of this "deprecated" flag is to still permit 
incoming traffic on dynamically allocated IPv6 addresses, who have been 
replaced by a different dynamically allocated IPv6 address. If you're running 
keepalived, simply upgrade to 1.2.9 and higher - these releases do 
automatically set the VRRP VIP address to be "deprecated" by default.

Secondary, you may also try to mark the host's IPv6 address as being a home 
address:

/sbin/ip address change 2001:db8::1/64 dev eth0 home

The intention of "home adress" is to properly support mobile IPv6; in mobile 
IPv6, your host receives an IPv6 address for its current network, but may also 
receive traffic via a tunneling setup from a tunneling endpoint on your home 
network via the "home address". According to RFC 3484, this setting should 
prefer your IP address when choosing an outgoing connection.

And not necessarily last: if your painpoint is only to implement checks from 
your realserver, you may also ask your checking utilities to bind to a specific 
(the hosts) IPv6 address when initiating outgoing connections. The default 
address selection only kicks in if the source address is undefined and to be 
determined by the system. In keepalived, this is is done via the "bindto" 
option in the check configuration. 
I personally try to avoid this, as most manual debugging ("telnet realserver 
80" ...) will still fall back to the default address selection and so give 
different results than the automated checks. However, there are cases where 
such specific binds may be important.




Best,
Anders
-- 
1&1 Internet AG              Expert Systems Architect (IT Operations)

Amtsgericht Montabaur HRB 6484
Vorstand: Ralph Dommermuth, Frank Einhellinger, Robert Hoffmann, 
Andreas Hofmann, Markus Huhn, Hans-Henning Kettler, Uwe Lamnek, 
Jan Oetjen, Christian Würst
Aufsichtsratsvorsitzender: Michael Scheeren

_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/

LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://lists.graemef.net/mailman/listinfo/lvs-users

<Prev in Thread] Current Thread [Next in Thread>