IPv4 external - IPv6 internal

Question

We are planning on a process for creating webservers going forward where all webservers would have an IPv6 VIP on our BIG IP box. Each webserver / VIPv6 would have a DNS entry for its IPv6 address.  We would also like to expose an IPv4 address and DNS entry for the same webservers, but we have a limited number of external IPv4 addresses.  &nbsp;
Is it possible to have all of the IPv4 DNS entries point to just 1 IPv4 VIP on the BIG-IP, and have that IPv4 VIP route traffic to the correct IPv6 VIP based on the incoming hostname?  More importantly, is there a scalable souliton to doing this?  I'm sure (for example) it could be done in an iRule with a switch statement that examines the host of the incomming HTTP_REQUEST and routes to the correct server pool. But then every time we point a new IPv4 DNS entry at our IPv4 VIP we would have to add another entry to the iRule's switch statement.  We'd like something more procedural / automatic.&nbsp;
Is there a way to read the hostname in the incomming request, look up the IPv6 DNS entry using the hostname, and just route the request to the correct IPv6 VIP based on just the DNSv6 entry?  Also, is a NAT64 or NAT46 required to make this work?&nbsp;

afedden_1985 · Answer

Interesting question and more details are needed about the servers side of the VIPs. You can have IPv4 VIPs load balance to IPV6 servers or IPV4 VIPs load balance to IPV6 servers it doesn't matter what combination you use. Your question about a VIP targeting a VIP is possible but more complicated than just sending from the VIP to the servers.

craig_baker_187 · Answer

Behind the IPv6 VIPs there will be a pool of IPv6-only servers running docker containers on high end ports. so for example we may have APP_1 running on servers s1, s2 and s3 port 6000.  These 3 address:port pairings would make up the pool.  A IPv6 DNS entry (app1.domain.com) would point to an IPv6 VIP for APP_1.  The VIP would load balance between the servers s1:6000, s2:6000, and s3:6000.

APP_2 may be running on s2, s3 and s5:6001, and would also have its own IPv6 VIP and DNS entry.

Both APP_1 and APP_2 would also have an IPv4 DNS entry.  All IPv4 DNS entries would go to a 3rd VIP that would NAT the IPv4 request into an IPv6 request, and then do the DNS lookup and route accordingly.

We would hope in the future to be able to turn off the IPv4 VIP once we stop getting IPv4 requests.  Also if a request comes in using IPv6 it should be routed directly to the APP's IPv6 VIP by usingt the IPv6 DNS entry.

Is that any more helpful?  What else do you need to know aobut the servers side of the VIPs?

afedden_1985 · Answer

You don't need to do this  send the IPv4 vip traffic to another VIP,  (All IPv4 DNS entries would go to a 3rd VIP that would NAT the IPv4 request into an IPv6 request)
You can just assign the IPV6 server pools to the IPV4 VIPs and F5 will translate for you from IPV4 ingress to the IPV6 server IPs.  As long as the F5 can route IPv6 to the pool it will work.     &nbsp;

craig_baker_187 · Answer

We only have a limited number of external IPv4 addresses, so we can't have an IPv4 address / VIP for every DNS entry.

Forum Discussion

IPv4 external -> IPv6 internal

4 Replies

Recent Discussions

import live updates from version x to version y

Tenant image upgrade

iRule editor partition button does not work

F5Access | MacOS Sonoma

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Related Content

Create isolated environment for internal and external networks

Redirecting to an external site when the internal site is down

2 internal server vlans

CSV to Address External Datagroup File

Using F5 for load balancing internal traffic