Skip to content

How to create a 'Dual Stack' load-balancer

Estimated time to read: 3 minutes

This tutorial builds on the more basic load balancer tutorial, see How to create a load balancer on Cyso Cloud, and adds an additional virtual IP to accept IPv6 traffic. The load balancer in this tutorial will receive traffic on both IPv4 and IPv6 addresses and distribute it to a single IPv4 backend server using the Round-Robin algorithm on TCP ports 80 (HTTP) and 443 (HTTPS).

Requirements:

  • A Cyso Cloud account
  • One or more hosts with accessible services on TCP ports 80 and 443

Limitations:

  • Dual stack load balancers are currently only supported in the FRA region due to a limitation in region AMS.

Gathering network details

  1. Retrieve the public subnet id: 

    $ openstack subnet show public -c id -c ip_version -c network_id
+------------+--------------------------------------+
| Field      | Value                                |
+------------+--------------------------------------+
| id         | 63ccc6cf-0900-49a8-97fd-1e3919a658bd |
| ip_version | 4                                    |
| network_id | 2745668c-777f-42eb-baff-38d1155bfb20 |
+------------+--------------------------------------+

  2. Retrieve the public6 subnet id: 

    $ openstack subnet show public6 -c id -c ip_version -c network_id
+------------+--------------------------------------+
| Field      | Value                                |
+------------+--------------------------------------+
| id         | 49b2cbef-5e71-4290-8480-25728be553b8 |
| ip_version | 6                                    |
| network_id | 2745668c-777f-42eb-baff-38d1155bfb20 |
+------------+--------------------------------------+

  3. Gather the addresses of the hosts to be assigned as members, in this example just one: 

    10.0.0.20

In this example, host 10.0.0.20 is running a simple web service on TCP ports 80 and 443 and can respond to simple HTTP requests:

$ curl http://10.0.0.20:80/
Hello Cloud!

Ensure the services on the host are accessible to the load balancer.

Configure the load balancer

  1. Create a load balancer with a VIP in public subnet and an additional VIP in the public6 subnet: 

    $ openstack loadbalancer create \
  --name load-balancer-dual-vip \
  --vip-network-id 2745668c-777f-42eb-baff-38d1155bfb20 \
  --additional-vip subnet-id=49b2cbef-5e71-4290-8480-25728be553b8

  2. Create a listener to accept traffic on TCP port 80: 

    $ openstack loadbalancer listener create \
  --name listener-tcp-80 \
  --protocol TCP \
  --protocol-port 80 load-balancer-dual-vip

  3. Create a supporting pool: 

    $ openstack loadbalancer pool create \
  --name pool-tcp-80 \
  --lb-algorithm ROUND_ROBIN \
  --listener listener-tcp-80 \
  --protocol TCP

  4. Add the host as member: 

    $ openstack loadbalancer member create \
  --address 10.0.0.20 \
  --protocol-port 80 pool-tcp-80

  5. Create a listener to accept traffic on TCP port 443: 

    $ openstack loadbalancer listener create \
  --name listener-tcp-443 \
  --protocol TCP \
  --protocol-port 443 load-balancer-dual-vip

  6. Create a supporting pool: 

    $ openstack loadbalancer pool create \
  --name pool-tcp-443 \
  --lb-algorithm ROUND_ROBIN \
  --listener listener-tcp-443 \
  --protocol TCP

  7. Add the host as member: 

    $ openstack loadbalancer member create \
  --address 10.0.0.20 \
  --protocol-port 443 pool-tcp-443

The load balancer is now configured and should shortly convert to an online status:

$ openstack loadbalancer show -c operating_status load-balancer-dual-vip
+------------------+--------+
| Field            | Value  |
+------------------+--------+
| operating_status | ONLINE |
+------------------+--------+

Test connectivity

  1. Retrieve the VIP addresses of the load balancer: 

    $ openstack loadbalancer show -c vip_address -c additional_vips -f json load-balancer-dual-vip 
{
  "vip_address": "81.24.13.195",
  "additional_vips": [
    {
      "subnet_id": "49b2cbef-5e71-4290-8480-25728be553b8",
      "ip_address": "2a14:6480::14a"
    }
  ]
}

  2. Test endpoint on port 80: 

    $ curl -4 http://81.24.13.195:80/
Hello Cloud!

  3. Test endpoint on port 80 from an IPv6 enabled host: 

    $ curl -6 http://[2a14:6480::14a]:80/
Hello Cloud!

To test HTTPS access, change port 80 to 443 and http to https in the curl examples. You can also test the endpoints in a browser, but these tend to be more restrictive when working with self-signed certificates.

Conclusion

You now have enabled IPv6 connectivity for an IPv4 only service. The next step can be to add a DNS AAAA record in order for IPv6 enabled clients to resolve your IPv6 enabled service.