My last post talked about testing IPv4 / IPv6 web and proxy services using Qemu in GNS3. My next challenge was to understand the "easy" way to IPv6-enable an IPv4-only web site - configure your load balancer to do it.
The simple explanation for Server Load Balancing IPv6 to IPv4 (SLB64) is that it performs traditional server load balancing functions but additionally does address family translation from the requested IPv6 address to the real IPv4 address of the internal servers in the server farm.
I don't have a big name load balancer at my disposal nor does my laptop have the power needed to download a virtual image and spin up VMware connected to my GNS3 simulation. So I went looking for a linux software based alternative and found HAProxy. The site indicates IPv6 support came along in version 1.1 and of course there is a Tiny Core linux package available. That meant following the Qemu "installation" procedure I described in a previous post and doing the proper 'filetool' backup.
My lab looks like the following, including an Apache web server running on Qemu in GNS3 as described in the last post:
IPV6 = 2001:db8 192.168.100.254 192.168.100.1 10.100.100.17 IPV6:192:168::254 IPV6:192:168::1 HOST ------ R1 ------ Web Server 10.200.200.1 (Qemu) IPv6:AC8:C800::1 | | 10.200.200.17 IPV6:AC8:C800::254 HAProxy (Qemu)
The HAProxy package didn't come with a configuration or startup script, so I had to create them. First, the configuration file was pretty simple to create in /usr/local/etc/haproxy.conf:
global user tc group staff daemon defaults mode tcp retries 3 timeout connect 5000 timeout client 50000 timeout server 50000 listen ipv6proxy80 :::80 server ipv4server80 10.100.100.17:80
A little translation: the 'global' and 'default' headings just set some standard parameters for HAProxy operation. The 'listen' heading is where I tell HAProxy to listen for all incoming IPv6 traffic to TCP port 80 (TCP comes from the 'mode tcp' command in the 'defaults' section). HAProxy should then distribute matched traffic to the listed servers - in this case only 10.100.100.17 on port 80. Listening on IPv6 and distributing to an IPv4 server causes HAProxy to do the address family translation from IPv6 to IPv4. Note that you can make this configuration much more secure and/or selective, but this is perfect for my little test.
Next, the startup script in /etc/init.d/services/loadbal:
#!/bin/sh case "${1}" in start) /usr/local/sbin/haproxy -f /usr/local/etc/haproxy.conf -p /var/run/haproxy.pid -D ;; stop) pkill haproxy ;; status) pidof haproxy ;; *) exit 1 ;; esac
HAProxy is now started with "sudo /etc/init.d/services/loadbal start".
To test we need to remember that HAProxy is our load balancer and thus is advertising the "outside" (read: Internet) address of the web server. So on the HOST, I open a browser and point it to:
http://[2001:db8:AC8:C800::254]:80SUCCESS! I get the home page from the Apache web server complete with the link to the CGI script to print my environment variables as described in my last post. That certainly comes in handy to see where the web server thinks the connection is coming from as does a 'netstat -an' on the HAProxy Qemu linux console.
No comments :
Post a Comment