Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    HA development IPV6 backend seems to have a problem !?!

    Scheduled Pinned Locked Moved
    HA/CARP/VIPs
    1
    2
    62
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • L
      louis2
      last edited by louis2

      I try to route traffic towards my mail server using HA-proxy.

      So:

      • defined a vritual IPV6 IP being the address of the mailserver ad pointed to in the DNS

      • I have only one IPV4 address so that is the IPV4 WAN address

      • Using policy based routing

      • I set an IPV4_GW tag if the destination address in my IP-address and an IPV6_GW tag if the destination is my mailserver-IPV6

      • in second rule(s) I select the SSL ports as related to the mailserver If Match = "Self"

      Than I have two frontends one for IPV4 and one for IPV6.
      And two backends one for IPV4 and one for IPV6

      The backends have an emply prot number, what IMHO does lead to "use the same port as the origin"

      The problem is that this HA-proxy config is accepted for IPV4 but the backend for IPV6 fails

      Frontend

      • name: IPV6_MailServerPorts
      • listen address: external IPV6 address mailserver
      • type ssl/https
      • access Server Name Indication TLS extension ends with: mail.<mydomain>.nl
      • backend BE6_BE6_SslMailServerPorts_465_587_993_995
      • wich empty port number
      • do not log normal
        For Both IPV4 and IPV6 this is accted :)

      Backend

      • two servers address+port (real address no port
      • first server disabled
      • second enabled

      Problem is this works for IPV4 but NOT for the IPV6 backend

      The message is
      [ALERT] (96889) : config : [/var/etc/haproxy_test/haproxy.cfg:470] : 'server BE6_SslMailServerPorts_465_587_993_995_ipvANY/wasbeertje' : could not resolve address '2a02:ab2a4:9e35:14:3:2:5'.
      [ALERT] (96889) : config : [/var/etc/haproxy_test/haproxy.cfg:470] : 'server

      Same message for the other server address

      Note that IMHO the IPV6 BE config is exactly the same as the IPV4 BE. But the IPV4 BE does not give alerts where the IPV6 BE does !!

      Some one an idea?
      Can someone reproduce this as an error?

      L 1 Reply Last reply Reply Quote 0
      • L
        louis2 @louis2
        last edited by

        @louis2

        I worked around the problem by defining the mail-server addresses in my local DNS and using those names in the GUI. Never the less it is definitively not OK

        Also note that I had the problem back when switching the health check on (to basic). Even more obscure switching the problem did persist when switching the health check off again.

        No idea how the check should be done since there is no proper field to define the health check port number.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post