14. IPv6 SLB (Server Load-Balancing) with dual stack NAT

The BalanceNG agent “bngagent” needs to be started on both target servers before as follows:

# bngagent -6 10000

This example has been implemented and tested on the TKLB (Thomas-Krenn Load Balancer) OEM hardware with automated OEM licensing.

The VRRP tracking as shown initiates a failover if the current VRRP master suffers by at least one of the following conditions:

  • The eth2 link drops (being the connection to the target servers)
  • The eth3 link drops (being the connection to the access network)
  • The gateway appears to be down.

The VRRP connection is implemented redundantly to avoid a “split brain” condition (dual mastership) in case of NIC failure. VRRP advertisements are sent (and received) on the networks connected to interfaces eth1 and eth3 (both being a simple crossover cable).

Testing is possible by directing a usual browser to this URL:

http://[2001:db8::2:4]:8080/

Additionally, this example includes the “nat” module in its module chain thus allowing IPv6 to IP46 and IPv4 to IPv4 NAT at the same time. IPv6 to IPv6 NAT enables network integrators to implement internally constant IPv6 networks which are represented on the outside differently according to the conditions on the customer site.

The IPv6 configuration is setup in /etc/network/interfaces on the Debian based target servers as follows:

IPv6 configuration in /etc/network/interfaces on Target 1

iface eth1 inet6 static
  address 2001:DB8:ffff::1:1
  netmask 48
  up ip -6 route add ::/0 via 2001:db8:ffff::2:3 dev eth1

IPv6 configuration in /etc/network/interfaces on Target 2

iface eth1 inet6 static
  address 2001:DB8:ffff::1:2
  netmask 48
  up ip -6 route add ::/0 via 2001:db8:ffff::2:3 dev eth1

The LB1 Configuration File

//        configuration ...
//        BalanceNG ...
hostname  LB1
modules   vrrp,arp,ping,hc,master,slb,nat,rt
set       {
          ipforwarding 1
          vrrppreempt 1
          vrrppreemptts 8
}         
interface 1 {
          name eth1
}         
interface 2 {
          name eth2
          trackval 10
}         
interface 3 {
          name eth3
          trackval 10
}         
register  interfaces 1,2,3
enable    interfaces 1,2,3
vrrp      {
          vrid 64
          priority 200
          network 1
          tracking enable
}         
network   1 {
          addr 172.17.2.0
          mask 255.255.255.0
          real 172.17.2.55
          virt 172.17.2.56
          mask6 48
          real6 2001:db8::2:1
          virt6 2001:db8::2:3
          nat outside
          interfaces 1,3
}         
network   2 {
          addr 10.11.12.0
          mask 255.255.255.0
          real 10.11.12.55
          virt 10.11.12.56
          mask6 48
          real6 2001:db8:ffff::2:1
          virt6 2001:db8:ffff::2:3
          nat inside
          interface 2
}         
register  networks 1,2
enable    networks 1,2
gateway   {
          ipaddr 172.17.2.1
          ipaddr6 2001:db8::2:10
          ping 3,10
          ping6 3,10
          trackval 10
}         
server    1 {
          ipaddr6 2001:db8::2:4
          port 8080
          protocol tcp
          sessionid src+port
          method session
          targets 1,2
}         
register  server 1
enable    server 1
target    1 {
          ipaddr6 2001:db8:ffff::1:1
          port 80
          protocol tcp
          ping6 3,10
          agent6 10000,3,10
          sessionid dst+port
}         
target    2 {
          ipaddr6 2001:db8:ffff::1:2
          port 80
          protocol tcp
          ping6 3,10
          agent6 10000,3,10
          sessionid dst+port
}         
register  targets 1,2
enable    targets 1,2
//        end of configuration

The LB2 Configuration File

//        configuration taken ...
//        BalanceNG ...
hostname  LB2
modules   vrrp,arp,ping,hc,master,slb,nat,rt
set       {
          ipforwarding 1
          vrrppreempt 1
          vrrppreemptts 8
}         
interface 1 {
          name eth1
}         
interface 2 {
          name eth2
          trackval 10
}         
interface 3 {
          name eth3
          trackval 10
}         
register  interfaces 1,2,3
enable    interfaces 1,2,3
vrrp      {
          vrid 64
          priority 200
          network 1
          tracking enable
}         
network   1 {
          addr 172.17.2.0
          mask 255.255.255.0
          real 172.17.2.57
          virt 172.17.2.56
          mask6 48
          real6 2001:db8::2:2
          virt6 2001:db8::2:3
          nat outside
          interfaces 1,3
}         
network   2 {
          addr 10.11.12.0
          mask 255.255.255.0
          real 10.11.12.57
          virt 10.11.12.56
          mask6 48
          real6 2001:db8:ffff::2:2
          virt6 2001:db8:ffff::2:3
          nat inside
          interface 2
}         
register  networks 1,2
enable    networks 1,2
gateway   {
          ipaddr 172.17.2.1
          ipaddr6 2001:db8::2:10
          ping 3,10
          ping6 3,10
          trackval 10
}         
server    1 {
          ipaddr6 2001:db8::2:4
          port 8080
          protocol tcp
          sessionid src+port
          method session
          targets 1,2
}         
register  server 1
enable    server 1
target    1 {
          ipaddr6 2001:db8:ffff::1:1
          port 80
          protocol tcp
          ping6 3,10
          agent6 10000,3,10
          sessionid dst+port
}         
target    2 {
          ipaddr6 2001:db8:ffff::1:2
          port 80
          protocol tcp
          ping6 3,10
          agent6 10000,3,10
          sessionid dst+port
}         
register  targets 1,2
enable    targets 1,2
//        end of configuration