Re: IPv6 vrrp and bind transparent
On 2013-03-27 11:22, Lukas Tribus wrote: What kernel are you running? You need at least 2.6.37 to do this with non-local IPv6 binds. Thanks to Lukas and Emeric, that was exactly the issue. Thanks for pointing me to the right direction. Philipp
IPv6 vrrp and bind transparent
Hi, I am new to the list. Please excuse if this has been discussed before, but I didn't find it in the archives. I have 2 linux boxes sharing ipv4 addressess for high available LDAP Access to our AD infrastructure with keepalived and then forwarding the requests to our 3 AD Servers. With ipv4 it works without issues: listen dc-intern-ldap bind 128.130.30.20:389 transparent mode tcp option tcplog log global balance leastconn server dc01 128.130.30.21:389 maxconn 5000 check server dc02 128.130.30.22:389 maxconn 5000 check server dc03 128.130.30.23:389 maxconn 5000 check if 128.130.30.20 is not assiged on the secondary node, nothing fails. when keepalived switches over, everything works as expected. with 1.5-dev13 I read the ipv6 transparent works now as well: listen dc-intern-ldap-v6 bind 2001:629:1005:30::20:389 transparent mode tcp option tcplog log global balance leastconn server dc01 2001:629:1005:30::21:389 maxconn 5000 check server dc02 2001:629:1005:30::22:389 maxconn 5000 check server dc03 2001:629:1005:30::23:389 maxconn 5000 check Sadly, this fails on the secondary server, since 2001:629:1005:30::20 is not currently active: Starting haproxy: haproxy[ALERT] 085/083351 (31506) : Starting proxy dc-intern-ldap-v6: cannot bind socket [2001:629:1005:30::20:389] failed! Have I don't something wrong? I would like to also provide IPv6 access to our LDAP infrastructure (and www later on as well). thanks Philipp
Re: IPv6 vrrp and bind transparent
original message- De: Philipp Kolmann kolm...@zid.tuwien.ac.at A: haproxy@formilux.org Date: Wed, 27 Mar 2013 08:35:18 +0100 - Hi, I am new to the list. Please excuse if this has been discussed before, but I didn't find it in the archives. I have 2 linux boxes sharing ipv4 addressess for high available LDAP Access to our AD infrastructure with keepalived and then forwarding the requests to our 3 AD Servers. With ipv4 it works without issues: listen dc-intern-ldap bind 128.130.30.20:389 transparent mode tcp option tcplog log global balance leastconn server dc01 128.130.30.21:389 maxconn 5000 check server dc02 128.130.30.22:389 maxconn 5000 check server dc03 128.130.30.23:389 maxconn 5000 check if 128.130.30.20 is not assiged on the secondary node, nothing fails. when keepalived switches over, everything works as expected. with 1.5-dev13 I read the ipv6 transparent works now as well: listen dc-intern-ldap-v6 bind 2001:629:1005:30::20:389 transparent mode tcp option tcplog log global balance leastconn server dc01 2001:629:1005:30::21:389 maxconn 5000 check server dc02 2001:629:1005:30::22:389 maxconn 5000 check server dc03 2001:629:1005:30::23:389 maxconn 5000 check Sadly, this fails on the secondary server, since 2001:629:1005:30::20 is not currently active: Starting haproxy: haproxy[ALERT] 085/083351 (31506) : Starting proxy dc-intern-ldap-v6: cannot bind socket [2001:629:1005:30::20:389] failed! Your kernel or its configration (sysctl) seems to not support a none local bind for ipv6. Have I don't something wrong? I would like to also provide IPv6 access to our LDAP infrastructure (and www later on as well). thanks Philipp
RE: IPv6 vrrp and bind transparent
What kernel are you running? You need at least 2.6.37 to do this with non-local IPv6 binds. Date: Wed, 27 Mar 2013 08:35:18 +0100 From: kolm...@zid.tuwien.ac.at To: haproxy@formilux.org Subject: IPv6 vrrp and bind transparent Hi, I am new to the list. Please excuse if this has been discussed before, but I didn't find it in the archives. I have 2 linux boxes sharing ipv4 addressess for high available LDAP Access to our AD infrastructure with keepalived and then forwarding the requests to our 3 AD Servers. With ipv4 it works without issues: listen dc-intern-ldap bind 128.130.30.20:389 transparent mode tcp option tcplog log global balance leastconn server dc01 128.130.30.21:389 maxconn 5000 check server dc02 128.130.30.22:389 maxconn 5000 check server dc03 128.130.30.23:389 maxconn 5000 check if 128.130.30.20 is not assiged on the secondary node, nothing fails. when keepalived switches over, everything works as expected. with 1.5-dev13 I read the ipv6 transparent works now as well: listen dc-intern-ldap-v6 bind 2001:629:1005:30::20:389 transparent mode tcp option tcplog log global balance leastconn server dc01 2001:629:1005:30::21:389 maxconn 5000 check server dc02 2001:629:1005:30::22:389 maxconn 5000 check server dc03 2001:629:1005:30::23:389 maxconn 5000 check Sadly, this fails on the secondary server, since 2001:629:1005:30::20 is not currently active: Starting haproxy: haproxy[ALERT] 085/083351 (31506) : Starting proxy dc-intern-ldap-v6: cannot bind socket [2001:629:1005:30::20:389] failed! Have I don't something wrong? I would like to also provide IPv6 access to our LDAP infrastructure (and www later on as well). thanks Philipp