Enabling IPv6 on Citrix ADC and create simple IPv6 to IPv4 proxy

I’m seeing more and more IPv6 implementations in the wild. And even IPv6 only Citrix ADC gateways. I decided to write this blog post to get a head start how-to enable IPv6 and create a simple IPv6 load balancer (with IPv4 backend service) on the Citrix ADC.

First we need to get the list of addresses we are going to use. In my case it will be:

IPv6 NSIP: 2a02:a446:4f22::8209 (It is not really needed, but I will add it for IPv6 management)
IPv6 SNIP: 2a02:a446:4f22::1202
IPv6 Gateway: 2a02:a446:4f22::1
IPv6 Virtual Server IP: 2a02:a446:4f22::1214
IPv4 Service on my local network: 192.168.2.133 port 80
IPv4 Mapped IP: 192.168.2.210

Second we will update the ADC with the NSIP, SNIP and default route.

# Add IPv6 NSIP, SNIP and default route
add ns ip6 2a02:a446:4f22::8209/48 -type NSIP -vServer DISABLED -mgmtAccess ENABLED -restrictAccess ENABLED -dynamicRouting ENABLED
add ns ip6 2a02:a446:4f22::1212/48 -vServer DISABLED
add route6 ::/0 2a02:a446:4f22:3:: -advertise DISABLED

Now you are able to manage the ADC via http(s)://[<your nsip address>] (URL directly to IPv6 addresses should be in brackets)

Third we create the load balancer to an IPv4 resource on the network.

# Create LBSG and LBVS
add serviceGroup LBSG_PIHOLE_HTTP HTTP -maxClient 0 -maxReq 0 -cip DISABLED -usip NO -useproxyport YES -cltTimeout 180 -svrTimeout 360 -CKA NO -TCPB NO -CMP NO
add lb vserver LBVS_PIHOLE_HTTP HTTP 2a02:a446:4f22::1214 80 -persistenceType NONE -cltTimeout 180

#Bind LBSG to LBVS
bind lb vserver LBVS_PIHOLE_HTTP LBSG_PIHOLE_HTTP

If all is correct you should be able to open the website via http://[<your lbvs address>]

When the website is not shown properly you should implement VIP insertion. That will insert an IPv4 address in the HTTP header which is sent to the backend service.

# Assign mapped IP to IPv6 VIP address
set ns ip6 2a02:a446:4f22::1214 -map 192.168.2.210

# Enable VIP insertion
set lb vserver LBSG_PIHOLE_HTTP -insertVserverIPPort ON

Creating a TLS (HTTPS) LBVS is just the same as normal. Pretty simple he đŸ˜‰

To check if your endpoint supports IPv6 I’ve created a page which is only available in IPv6: http://[2a02:a446:4f22::1213]

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Related Posts

Begin typing your search term above and press enter to search. Press ESC to cancel.

Back To Top