nanog mailing list archives

IPv6 Server Load Balancing - DSR


From: Leland Vandervort <leland () taranta discpro org>
Date: Thu, 12 Aug 2010 14:32:25 +0200

Dear Colleagues, 

I've been scratching my head over this for the past couple of months and have come up with blanks, and several weeks of 
scouring various resources on the net have not yielded anything more fruitful.

I'm looking at server load balancing for IPv6 and specifically need DSR (direct server return).  Additionally, I need 
to support both TCP and UDP.

I have evaluated a number of different load balancing solutions purporting to support IPv6 with varying results (and 
costs)... 

a few examples:

F5 : according to marketing blurb supposedly supports IPv6 in NAT and DSR mode, both UDP and TCP.  Their documentation, 
however, has no mention of IPv6 capability.  Other disadvantage = cost... 

Brocade/Foundry:  Similar situation to F5

Zeus:  IPv6 in NAT only, and even more expensive than F5.

Exceliance Aloha:  IPv6 in NAT only, and ONLY in TCP (no UDP)

A few others also tested... including LVM/HAProxy  (same situation as Exceliance Aloha), and others... 



Finally in the end, only OpenSolaris ILB seems to put all the checks in the right boxes for my requirements.  But there 
is still a problem.

1.  IPv4 TCP and UDP work fine in NAT, Half-NAT, and DSR
2.  IPv6 I've managed to get working, complete with healthchecks, in TCP and UDP in NAT only although the documentation 
stipulates that DSR is also possible (but not HalfNAT for the moment).

The problem with #2:

Using the same server farm behind, but in dual-stack, and configuring ILB for TCP and UDP services using NAT, 
everything is fine.  If I configure it for DSR, immediately it fails (both with and without healthchecks).  Although 
from the ILB host itself, I can certainly do a manual heathcheck.. (e.g. telnet <server_real_ipv6_addr> 80  and do GET 
/  or HEAD / with no problems.  Using ARP poisoning from the shell I can also perform the healthcheck on the real 
server via telnet using the virtual ip.

The servers are configured normally for DSR.. with the virtual IP attached to a local dummy or loopback interface, and 
with IPv4 DSR works fine.

Nevertheless, I've been unable to get DSR working with ILB -- and have found absolutely nothing around the net with 
working examples of IPv6 SLB with DSR.  NAT mode works fine, but the real server loses visibility of the end user's IP 
as the requests come from the internal IP of the ILB host, and with a system that uses client IP address as part of the 
various criteria for session tracking, it creates a few problems... 

I am suspecting that the issue may be related to ND, as the behaviour is similar to the old story with doing DSR on 
real-servers using older linux distributions that do not by default disable proxy-ARP replies by the server for IP 
addresses on dummy or loopback interfaces, and of course the proxy ARP causes confusion to the load balancer and breaks 
the whole thing.  But the real servers are recent Debian distributions, and both ipv4 ARP and ipv6 ND is disabled on 
the dummy interfaces, as is proxy ARP.

Would anyone happen to have any useful pointers, tips, or other on how to resolve the issue?

Many thanks in advance.


Leland











Current thread: