Load Balancer + IPv6

  • I'm trying to create a load balancer with IPv6 but I can't enter the IPv6 IP address on the Monitor page (see attachment).


    Version 2.1-BETA1 (amd64) built on Mon Apr 8 15:12:06 EDT 2013 FreeBSD 8.3-RELEASE-p7

  • Host header must be a FQDN, cannot be an IP.

  • I'm using a IP address with IPv4 load balancing which works fine.

    I added a FQDN for the IPv6 address in DNS forwarder/Host Overrides, the monitor is now accepted but load balancing does not work yet.

  • Difference is an IPv4 IP is actually a valid FQDN technically - dots and numbers make a valid FQDN. It's not what you want to put there, that's if you need to use a HTTP host header. A host header must be a valid FQDN, or empty.

  • I picked this back up now that I got all other IPv6 kinks out of the way.

    I created a monitor for http ipv6 (attachment LB_monitor_6.png). webmonitor_ipv6.nedzone resolves to 2a02:990:101::40.

    I have two web servers and if I query them directly from the LAN they respond as expected:
    wget web.nedzone
    –2013-05-14 08:43:20--  http://web.nedzone/
    Resolving web.nedzone... 2a02:990:101::20
    Connecting to web.nedzone|2a02:990:101::20|:80... connected.
    HTTP request sent, awaiting response... 403 Forbidden
    2013-05-14 08:43:20 ERROR 403: Forbidden.

    Then I create a pool (LB_pool_6.png).

    Now the problem starts. The load balancer says the servers are offline (LB_status_6.png). If I change the IPv6 monitor to TCP or ICMP (can ping the servers from pfSense) then my IPv4 balancers die (they redirect to the pfSense IP??? Getting the DNS rebind check page) and the load balancer keeps insisting the servers are offline.

    As per the suggestion above I created DNS entries for the IPv6 addresses, but the LB-pool does not accept those as pool member.

    Searched the forum and Googled for a tutorial on IPv6 load balancing, but other that load balancing multiple WAN connections (which is not what I'm trying to do here) I can't find anything.

    Where am I going wrong? Any help appreciated.

  • Fixed it. Pure ignorance.

  • What was it? Solutions always appreciated and helpful for others who'll find this thread in the future.

  • Well, just don't stop after creating the pool, like I did.

    After I created the pool I checked the status and it showed the IPv6 pool members as offline. That's the point where I posted my "problem". Because I can't let it rest I kept tinkering with it and some time later I also created the Virtual Server. After that the pool members show as online.

    Apparently, after applying changed settings there is a brief moment where none of the pools are online. During testing I changed settings quicker than that reload time. I need to be more patient.

    The only thing left (and which I have not "played with yet) is that when all pool members are down the incoming connections are routed to the pfSense server itself!! Which means visitors of the website are getting the pfSense interface. DNS rebinding check prevents them from being able to (try to) log in but the warning message has resulted in some posts in my forum from people who think my site had been hijacked. To prevent this I've put the pfSense interface on a non-standard port. Now when all pool members are down the site just doesn't load.

Log in to reply