I’m seeing more and more IPv6 implementations in the wild. And even IPv6 only Citrix ADC gateways. I decided to write this blog post to get a head start how-to enable IPv6 and create a simple IPv6 load balancer (with IPv4 backend service) on the Citrix ADC.
First we need to get the list of addresses we are going to use. In my case it will be:
IPv6 NSIP: 2a02:a446:4f22::8209 (It is not really needed, but I will add it for IPv6 management)
IPv6 SNIP: 2a02:a446:4f22::1202
IPv6 Gateway: 2a02:a446:4f22::1
IPv6 Virtual Server IP: 2a02:a446:4f22::1214
IPv4 Service on my local network: 192.168.2.133 port 80
IPv4 Mapped IP: 192.168.2.210
Second we will update the ADC with the NSIP, SNIP and default route.
# Add IPv6 NSIP, SNIP and default route add ns ip6 2a02:a446:4f22::8209/48 -type NSIP -vServer DISABLED -mgmtAccess ENABLED -restrictAccess ENABLED -dynamicRouting ENABLED add ns ip6 2a02:a446:4f22::1212/48 -vServer DISABLED add route6 ::/0 2a02:a446:4f22:3:: -advertise DISABLED
Now you are able to manage the ADC via http(s)://[<your nsip address>] (URL directly to IPv6 addresses should be in brackets)
Third we create the load balancer to an IPv4 resource on the network.
# Create LBSG and LBVS add serviceGroup LBSG_PIHOLE_HTTP HTTP -maxClient 0 -maxReq 0 -cip DISABLED -usip NO -useproxyport YES -cltTimeout 180 -svrTimeout 360 -CKA NO -TCPB NO -CMP NO add lb vserver LBVS_PIHOLE_HTTP HTTP 2a02:a446:4f22::1214 80 -persistenceType NONE -cltTimeout 180 #Bind LBSG to LBVS bind lb vserver LBVS_PIHOLE_HTTP LBSG_PIHOLE_HTTP
If all is correct you should be able to open the website via http://[<your lbvs address>]
When the website is not shown properly you should implement VIP insertion. That will insert an IPv4 address in the HTTP header which is sent to the backend service.
# Assign mapped IP to IPv6 VIP address set ns ip6 2a02:a446:4f22::1214 -map 192.168.2.210 # Enable VIP insertion set lb vserver LBSG_PIHOLE_HTTP -insertVserverIPPort ON
Creating a TLS (HTTPS) LBVS is just the same as normal. Pretty simple he đŸ˜‰
To check if your endpoint supports IPv6 I’ve created a page which is only available in IPv6: http://[2a02:a446:4f22::1213]