----------------original message----------------- De: "Philipp Kolmann" kolm...@zid.tuwien.ac.at A: haproxy@formilux.org Date: Wed, 27 Mar 2013 08:35:18 +0100 ------------------------------------------------- > Hi, > > I am new to the list. Please excuse if this has been discussed before, > but I didn't find it in the archives. > > I have 2 linux boxes sharing ipv4 addressess for high available LDAP > Access to our AD infrastructure with keepalived and then forwarding the > requests to our 3 AD Servers. > > With ipv4 it works without issues: > > listen dc-intern-ldap > bind 128.130.30.20:389 transparent > mode tcp > option tcplog > log global > balance leastconn > server dc01 128.130.30.21:389 maxconn 5000 check > server dc02 128.130.30.22:389 maxconn 5000 check > server dc03 128.130.30.23:389 maxconn 5000 check > > if 128.130.30.20 is not assiged on the secondary node, nothing fails. > when keepalived switches over, everything works as expected. > > with 1.5-dev13 I read the ipv6 transparent works now as well: > > listen dc-intern-ldap-v6 > bind 2001:629:1005:30::20:389 transparent > mode tcp > option tcplog > log global > balance leastconn > server dc01 2001:629:1005:30::21:389 maxconn 5000 check > server dc02 2001:629:1005:30::22:389 maxconn 5000 check > server dc03 2001:629:1005:30::23:389 maxconn 5000 check > > Sadly, this fails on the secondary server, since 2001:629:1005:30::20 is > not currently active: > Starting haproxy: haproxy[ALERT] 085/083351 (31506) : Starting proxy > dc-intern-ldap-v6: cannot bind socket [2001:629:1005:30::20:389] failed!
Your kernel or its configration (sysctl) seems to not support a none local bind for ipv6. > > Have I don't something wrong? I would like to also provide IPv6 access > to our LDAP infrastructure (and www later on as well). > > thanks > Philipp > >
