Hi, I am trying to setup a simple, dual-stack LVS-TUN cluster and I've stumbled on the IPv6 setup of the realserver. I did get it to work after all, but I still wonder whether I've got it totally wrong.
All systems are Debian Wheezy based with Linux 3.2.0, ipvsadm v1.26. This is my working configuration: # director ip addr add 62.217.124.85/32 scope global dev eth0 ip -6 addr add 2001:648:2ffc:106::85/128 scope global dev eth0 preferred_lft 0 ipvsadm -R <<EOF -A -t 62.217.124.85:80 -s rr -a -t 62.217.124.85:80 -r 194.177.210.213:80 -i -w 1 -A -t [2001:648:2ffc:106::85]:80 -s rr -a -t [2001:648:2ffc:106::85]:80 -r [2001:648:2ffc:100::213]:80 -i -w 1 EOF # realserver ip ip addr add dev tunl0 62.217.124.85/32 brd 62.217.124.85 ip link set dev tunl0 up ip -6 tunnel add lvs6tun0 mode ip6ip6 local 2001:648:2ffc:100::213 remote 2001:648:2ffc:106::78 dev eth0 ip link set dev lvs6tun0 up ip -6 addr add 2001:648:2ffc:106::85 dev lvs6tun0 At first I tried to setup the ipv6 tunnel interface following the guidelines for ipv4. I could not use tunl0 since the encapsulation is different (ip6ip6): ip -6 addr add dev ip6tnl0 2001:648:2ffc:106::85/128 scope global ip link set dev ip6tnl0 up This didn't work; no traffic on ip6tnl0 and I noticed the realserver was sending icmp6 parameter problem back to the director. Then I tried to get the director to use 6-in-4 encapsulation (SIT), which perhaps would be easier to setup on the realserver (like IPIP for ipv4). ipvsadm -t [2001:648:2ffc:106::85]:80 -r 194.177.210.213:80 -i -w 1 This also didn't work; ipvsadm -l shows this: Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn TCP [2001:648:2ffc:106::85]:http rr -> [c2b1:d2d5:2ffc:106::85]:http Tunnel 1 0 0 This matches the 32 bits of the realserver ipv4 address + the last 96 bits of the service address. Finally when I did get to setup the tunnel as in the working configuration above, it still didn't work until I set the remote endpoint. Not being able to use "remote any" means I have to setup a different tunnel for every director. So I wonder whether it is at all possible to use a setup similar to ipv4, without an explicit tunnel setup or at least without specifying a remote endpoint. I would rather use iptables rules to limit the endpoints (directors) that can send tunneled traffic to the realserver. I'm also curious if IPVS can do ipv6-in-ipv4 encapsulation. Thanks in advance for your insight. Regards, Zenon Mousmoulas _______________________________________________ Please read the documentation before posting - it's available at: http://www.linuxvirtualserver.org/ LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org Send requests to lvs-users-requ...@linuxvirtualserver.org or go to http://lists.graemef.net/mailman/listinfo/lvs-users