server load balancing with ipv6 - dawning · pdf fileus government networks are already...

Server Load Balancing with IPv6

IPv6 Primer

© 2010 Brocade Communications Systems, Inc.

All Rights Reserved. 3

IPv6 Fundamentals Why IPv6?

IPv6 is emerging to become the preferred Layer 3 protocol used on

the Internet

US government networks are already migrating from IPv4 to IPv6

IPv6 has unique traits which require a different approach to ADX

Layer 4-7 operations

Many of Brocade’s IP switching and routing platforms already offer

support for IPv6



IPv6 Fundamentals IPv6 Overview

IPv4s 32-bit address is unable to satisfy current networking needs:

– Volume of networking users

– Geographical needs

– Emerging applications

NAT provides temporary workaround for exhaustion of public IPv4

addresses

The IPv6 128-bit address allows for

340,282,366,920,938,000,000,000,000,000,000,000,000

addresses!

– IPv4 only allows for 4.3 billion



IPv6 Fundamentals Address Format

Uses new 128-bit address format

Composed of 8 fields of 16-bit hexadecimal values, separated by

colons (:)

Example IPv6 Address:

– 2001:0000:130F:0000:0000:00C0:876A:12EB



IPv6 Fundamentals Address Representation

An IPv6 address is 128 bits (eight 16-bit fields) in length and is represented in the colon hexadecimal notation. For example: – 2001:0000:130F:0000:0000:00C0:876A:12EB

Leading zeros in each 16-bit field are optional. The above address can be represented as: – 2001:0:130F:0:0:C0:876A:12EB

The double colon ( :: ) can represent 1 or more consecutive 16-bit fields of zero’s Examples: – 2001:0:130F::C0:876A:12EB

– 0:0:0:0:0:0:0:1 (loopback address) may be represented as ::1 ‏

– 0:0:0:0:0:0:0:0 (unspecified address) may be represented as ::

– 2001:0.0.0.0.0.0.1 may be represented as 2001::1

Note that a double colon may be used only once in an address. Below is an example of incorrect address format:

- 2001::130F::C0:876A:2EB



IPv6 Fundamentals Address Types

IPv6 defines three address types:

– Unicast: Identifies an interface of an individual node

– Multicast: Identifies a group of interfaces

– Anycast: Identifies a group of interfaces on different nodes; packets that are

sent to the anycast address go to the anycast group member node that is

physically closest to the sender

The table below shows IPv6 address types and their prefixes:

Address Type Usage Network Prefix (in hex)

Global unicast Publicly Unique Address (Routable) 2000::/3

Link-local unicast Used on Single Physical Link FE80::/10

Site-local unicast Similar to RFC1918 in IPv4 FEC0::/10

Multicast All Interfaces in Multicast Group FF00::/8

Loopback Logical IP Address of Device ::1/128

Unspecified Commonly for Static Default Routes ::/128

Standard SLB configuration using IPv6



Configuring SLB Using IPv6 Configure IPv6 Real Servers

• Configuring IPv6 real servers is very similar to IPv4 servers. These

application servers are also either directly attached to the ADX or

Layer 2 connected

ADX> enable

No password has been assigned yet...

ADX# config term

ADX(config)# ipv6 enable

ADX(config)# ipv6 add 2002:a990:a00::a990:a0b/64

ADX(config)# server real rs61 2002:a0a:a00:0:0:0:a0a:ac9

ADX(config-rs-rs61)# port ftp

ADX(config-rs-rs61)# server real rs62 2002:a0a:a00:0:0:0:a0a:aca

ADX(config-rs-rs62)# port ftp

ADX(config-rs-rs62)# port http

ADX(config-rs-rs62)# port http keepalive

ADX(config-rs-rs62)# server real rs63 2002:a0a:a00:0:0:0:a0a:acb

ADX(config-rs-rs63)# port http

ADX(config-rs-rs63)# port http keepalive

ADX(config-rs-rs63)# exit

ADX# write memory



rs2(ftp, http)

10.10.10.202

rs62 (ftp, http)

2002:a0a:a00::a0a:aca

Configuring SLB Using IPv6 IPv4 and IPv6 Server Bindings

IPv4 virtual server cannot

be bound to IPv6 real

server address

IPv6 virtual server cannot

be bound to IPv4 real

server address

(v12.1 and earlier)

A single server can be a

Real Server for both IPv4

and IPv6

rs3 (http)

10.10.10.203

rs63 (http)

2002:a0a:a00::a0a:acb

rs1 (ftp)

10.10.10.201

rs61 (ftp)

2002:a0a:a00::a0a:ac9

vip1 (ftp)

169.144.10.100

vip61 (ftp)

2002:a990:a00::a990:a64

vip2 (http)

169.144.10.200

vip62 (http)

2002:a990:a00::a990:ac8



Configuring SLB Using IPv6 Configure IPv6 Virtual Servers

(config)# server virtual-name vip61 2002:a990:a00::a990:a64

(config-vs-vip61)# port ftp

(config-vs-vip61)# bind ftp rs61 ftp rs62 ftp

(config-vs-vip61)# server virtual vip62 2002:a990:a00::a990:ac8

(config-vs-vip62)# port ftp

(config-vs-vip62)# port http

(config-vs-vip62)# bind http rs62 http rs63 http

• After you define the actual

application server’s physical

addresses (real server), you then

need to configure

• The external application

server address on the ADX,

the external application

server is the virtual server

• It is the IP address or server

name to which client

browsers send requests



Configuring SLB Using IPv6 View the Final Configuration ADX 1000#show running-config

!

!

server real rs61 2002:a0a:a00::a0a:ac9

port ftp

!

server real rs62 2002:a0a:a00::a0a:aca

port ftp

port http

port http keepalive

port http url "HEAD /"

!

server real rs63 2002:a0a:a00::a0a:acb

port http

port http keepalive

port http url "HEAD /"

!

!

server virtual vip61 2002:a990:a00::a990:a64

port ftp

bind ftp rs61 ftp rs62 ftp

!

server virtual vip62 2002:a990:a00::a990:ac8

port http

bind http rs62 http rs63 http

!

ipv6 address 2002:a990:a00::a990:a0b/64

< Output Truncated >



Configuring SLB Using IPv6 “show server virtual” Command

ADX 1000# show server virtual

Virtual Servers Info

Name: vip61 State: Enabled IP:2002:a990:a00::a990:a64: 1

Pred: least-conn ACL-Id: 0 TotalConn: 0

VIP state: healthy

Port State Sticky Concur Proxy DSR CurConn TotConn PeakConn

---- ----- ------ ------ ----- --- ------- ------- --------

default enabled NO NO NO NO 0 0 0

ftp enabled NO NO NO NO 2 549 2

Name: vip62 State: Enabled IP:2002:a990:a00::a990:ac8: 1

Pred: least-conn ACL-Id: 0 TotalConn: 0

VIP state: healthy

Port State Sticky Concur Proxy DSR CurConn TotConn PeakConn

---- ----- ------ ------ ----- --- ------- ------- --------

default enabled NO NO NO NO 0 0 0

http enabled NO NO NO NO 1 1423 2

<output truncated>



Configuring SLB Using IPv6 “show server real” Command

ADX 1000# show server real

Real Servers Info

========================

State - ACT:active, ENB:enabled, FAL:failed, TST:test, SUS:suspect,

GDN:grace-dn, DIS:disabled, UNK:unknown, UNB:unbind,

AWU:await-unbind, AWD: await-shutdown

Name: rs61 State: Enabled IP:2002:a0a:a00:0:0:0:a0a:ac9: 1

Mac: 001a.4b7c.6b3e Weight: 1/1 MaxConn: 2000000

SrcNAT: not-cfg, not-op DstNAT: not-cfg, not-op Serv-Rsts: 0

Port St Ms CurConn TotConn Rx-pkts Tx-pkts Rx-octet Tx-octet Reas

---- -- -- ------- ------- ------- ------- -------- -------- ----

default UNB 0 0 0 0 0 0 0 0

ftp ENB 0 0 0 0 0 0 0 0

Server Total 0 0 0 0 0 0 0

Name: rs62 State: Active IP:2002:a0a:a00:0:0:0:a0a:aca: 1

Mac: 0023.3296.3fd1 Weight: 1/1 MaxConn: 2000000

SrcNAT: not-cfg, not-op DstNAT: not-cfg, not-op Serv-Rsts: 0

Port St Ms CurConn TotConn Rx-pkts Tx-pkts Rx-octet Tx-octet Reas

---- -- -- ------- ------- ------- ------- -------- -------- ----

default UNB 0 0 0 0 0 0 0 0

ftp ACT 0 1 549 2510 2375961 184725 581939487 0

http ACT 0 2 274 247 231 184502 57993 0

Server Total 0 0 0 0 0 0 0

<<Truncated>>



Configuring SLB Using IPv6 “show server bind” Command

ADX 1000# show server bind

Bind info

Virtual server: vip61 Status: enabled IP: 2002:a990:a00::a990:a64

ftp -------> rs61: 2002:a0a:a00:0:0:0:a0a:ac9, ftp (Failed)

rs62: 2002:a0a:a00:0:0:0:a0a:aca, ftp (Active)

Virtual server: vip62 Status: enabled IP: 2002:a990:a00::a990:ac8

http -------> rs62: 2002:a0a:a00:0:0:0:a0a:aca, http (Active)

rs63: 2002:a0a:a00:0:0:0:a0a:acb, http (Failed)

Health Checks



IPv6 Server Health Checks Startup Health Checks

Layer 2

– IPv6 neighbor solicitation message

Layer 3

– IPv6 ping

Layer 4 (TCP)

– Complete TCP 3-way handshake (same as IPv4)

Layer 4 (UDP)

– Sends garbage packet (same as IPv4)



IPv6 Server Health Checks Startup Health Checks — Layer 2-3

IPv6 Neighbor Discovery (ND) protocol

– All real servers are located using an ND Neighbor Solicitation message

unless they are designated as remote servers

– Unlike ARP in IPv4, the Neighbor Solicitation message is not

broadcast, but sent as a Layer 2 multicast to the servers solicited-node

multicast address as defined in the ND protocol

Send IPv6 ping only when:

– ND entry times out

– Time between last packet sent to server and last packet received

increases

– If no response to the ping, repeat at 2 second intervals

– 4 retries with no response then the server is marked as down



IPv6 Server Health Checks Startup Health Checks — Layer 4 (Same as IPv4)

After bind — Layer 4 or 7 health check to bring up application port

(application not known, uses Layer 4 health check)

TCP check — Based on the 3-way handshake

UDP — Sends a garbage packet

– If response with ICMP ―Port Unreachable‖, port is down

– If no response, assumes port is up

– Looks for ICMP port unreachable response to determine if the ADX

should take the port down

Layer 4 health checks for each service configured. Only works

when real server port is bound to a VIP port



IPv6 Server Health Checks Ongoing Health Checks — HTTP

More detailed checks on the Server’s ability

to respond to user’s request

– Layer 2 ND Solicitation and Layer 3 Pings

only validate that the Network stack is

responding, not if the service has failed

HTTP keepalives

– We need to know that the HTTP service is responding

properly

– Open a TCP session to the Server (TCP SYN)

ACK = OK, no ACK = Server is Suspect or Down

– Optionally do a HTTP GET or HEAD request and monitor the

return status

– Improper response or no response:

Take Server #2 out of the rotation for HTTP load balancing



Continuing IPv6 Leadership

Support for complete IPv6 server load balancing deployments

– IPv6 VIP IPv6 Real (SLB666)


– IPv6 VIP IPv4 + IPv6 Real (SLB664+6)


– IPv4 VIP IPv6 + IPv4 Real (SLB446+4)

NEW in 12.4

Complete IPv6 SLB: Migration, Translation and Address Preservation

IPv4 Clients

IPv

4

VIP

IPv6 Clients

IPv

6

VIP

IPv6 App Servers

Brocade

ADX

IPv4 App Servers



Enabling End-to-end IPv6 Services Complete Service Provider IPv6 Solution

Brocade ADX

IPv4 servers

10 GbE Backbone

Brocade MLX

Central Office/ Head-end

Brocade MLX

Brocade CERs

IPv6 servers

1. Transformation and preservation: 1. Transformation and preservation: * SLB664, SLB446, SLB666* SLB664, SLB446, SLB666

3. IPv6 3. IPv6 peeringpeering

4. Dual4. Dual--stack,stack, tunneling,tunneling,

native IPv6native IPv6

IPv4

peer

IPv6

peer

IPv6 IPv6

SLBSLB

Brocade ADX NAT64NAT64

22. NAT Translation (NAT. NAT Translation (NAT6464))

Stateful NAT64: Content-side use-cases This uses NORMAL IPv6 DNS – it does NOT use or need DNS64

23

NAT64 Gateway (shown logically in-line; actually uses Routed topology)

Unchanged

IPv4

Resources IPv6 Clients

Rapid v6-enablement for existing v4 server farms & infrastructure

“Listening” on

IPv6 prefix

IPv4 dynamic

pool of source IPs

Unchanged

IPv4

Infrastructure

IPv6 Interoperability Use Case:

Authoritative

IPv6 DNS

Servers,

standard AAAA

IPv6

Internet

Stateless “NAT46” for Legacy IPv4-only devices Example: IPv4-only Set-Top Boxes requiring access to new IPv6 services,

or as a point solution to enable 3rd-parties during transition

24

NAT64 Gateway

Specifically

defined

IPv6 servers IPv4-only

(legacy)

clients

IPv6 Interoperability Use Case:

Enabling non-upgradeable IPv4-only Clients to Access New IPv6-only Resources

“Listening” on

static map of

IPv4 addresses

IPv6 prefix for

outbound /

inbound

mapping

Native IPv6 passes

through unchanged (optional)

IPv4 DNS

w/map

table

IPv6

networks

(internal or

Internet)

End of Module : Server Load Balancing with IPv6

server load balancing with ipv6 - dawning · pdf fileus government networks are already...

Documents