IPVS direct-routing, ldirectord, and IPv6 in Debian Wheezy

Question

I'm encountering a bit of a problem when combining IPv6 with ldirectord/IPVS and direct routing in Wheezy.

(Disclaimer: the prefix fdff:4818:7090:9c9f::/64 used here is made up; I'm using an actual routed IPv6 prefix in my setup.)

I'm trying to distribute HTTP/S sessions coming into a loadbalancer (fdff:4818:7090:9c9f::137) and going to two real servers (fdff:4818:7090:9c9f::101 and fdff:4818:7090:9c9f::102). However, this appears to be failing and both servers end up with a quiescent weight of 0 (or not added if I have quiescent=off).

I know that this works in IPv4 for the same servers. I know that the check I'm using works over IPv6 to either real server:

$ curl fdff:4818:7090:9c9f::101/ldirectord.txt
ldirectord

I also have some non-HTTP services (specifically DNS and LDAP) working over IPv6; IMAPS and SMTPS (in addition to HTTP/S) however don't work; POPS is weird and always "working" even if the server is off. I have a feeling though that the same problem affecting HTTP/S is affecting these other services as well.

I have the DR-required loopback networking enabled, and this is working for those other services; here is the /etc/network/interfaces snippit from one of the real servers:

auto lo:0
iface lo:0 inet static
        address 10.0.0.137
        netmask 255.255.255.255
        pre-up sysctl -w net.ipv4.conf.eth0.arp_ignore=1
        pre-up sysctl -w net.ipv4.conf.eth0.arp_announce=2
iface lo:0 inet6 static
        address fdff:4818:7090:9c9f::137
        netmask 128

Here's the ldirectord.cf snippit:

virtual6=[fdff:4818:7090:9c9f::137]:80
        real6=[fdff:4818:7090:9c9f::101]:80 gate
        real6=[fdff:4818:7090:9c9f::102]:80 gate
        service=http
        scheduler=sh
        request="ldirectord.txt"
        receive="ldirectord"
virtual6=[fdff:4818:7090:9c9f::137]:443
        real6=[fdff:4818:7090:9c9f::101]:443 gate
        real6=[fdff:4818:7090:9c9f::102]:443 gate
        service=https
        scheduler=sh
        request="ldirectord.txt"
        receive="ldirectord"

And here's the output from "ipvsadm -l":

IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  [fdff:4818:7090:9c9f::137]:http sh
  -> [fdff:4818:7090:9c9f::101]:http Route   0      0          0         
  -> [fdff:4818:7090:9c9f::102]:http Route   0      0          0         
TCP  [fdff:4818:7090:9c9f::137]:https sh
  -> [fdff:4818:7090:9c9f::101]:https Route   0      0          0         
  -> [fdff:4818:7090:9c9f::102]:https Route   0      0          0

From my daemon.log, I don't see anything strange except that the IPv6 entries for these services are never set active.

Anyone have any ideas?

No, it's a loopback subinterface for the IPVS DR setup; allows the real servers to respond directly as the VIP to the clients. — Joshua Boniface, Dec 15 '14 at 01:54
Might it be necessary to set "checktype = external" since the defualt "ping" check does not support IPv6? See this example: http://kb.linuxvirtualserver.org/wiki/IPv6_load_balancing#Examples — Terry Burton, Mar 31 '16 at 15:22

IPVS direct-routing, ldirectord, and IPv6 in Debian Wheezy

0 Answers0