Forum Discussion
CirrostratusAAA HTTP layered vip with ipv6 address
Hi!
I'm trying to create a layered vip with ipv6 to do https for an endpoint in a HTTP AAA server.
However I'm not having much luck getting it to work.
In /var/log/apm I'm getting error "Curl perform failed: Couldn't connect to server (7)"
My experience with ipv6 is limited so there might very well be something simple I have missed.
This is the config I'm using.
ltm node otpgateway.domain.com {
address 62.132.21.215
}
ltm pool layered_aaa_proxy_pool {
members {
otpgateway.domain.com:https {
address 62.132.21.215
}
}
}
ltm virtual layered_aaa_proxy_vip {
destination fd6d:ec93:1c0a:beef::1000.http
ip-protocol tcp
pool layered_aaa_proxy_pool
profiles {
http { }
serverssl {
context serverside
}
tcp { }
}
source-address-translation {
type automap
}
}
apm aaa http otpgateway_layered_HTTP {
auth-type custom-post
content-type xml-utf8
custom-body "<\?xml version=\"1.0\" encoding=\"UTF-8\" \?>........"
form-action /OTPsend
start-uri http://[fd6d:ec93:1c0a:beef::1000]
success-match-type string
success-match-value "200 OK"
}
Changing the address to a v4 works, but for various reasons it would be good if I could use a v6 address.
Should a v6 address work? Or are there any internal limitations for having an ipv6 address on this kind of layered approach?
Thanks!
/Andreas
2 Replies
Stanislas_Piro2Cumulonimbus
Hi, try with a hostname instead of IPv6 and configure this in hosts file (system / device / hosts).
Tom_Lauwereins_Nimbostratus
Hello,
I want to do a custom post with IPv4 but can't get it to work. I used a VIP on the APM itself with a serverssl. The pool members is the AAA authentication server.
ltm virtual vs_smsapi_test { destination 172.29.100.12:http ip-protocol tcp mask 255.255.255.255 pool pool_smsapi_test profiles { http { } serverssl { context serverside } tcp { } } source 0.0.0.0/0 source-address-translation { type automap } vs-index 80 } ltm pool pool_smsapi_test { members { 212.113.89.36:https { address 212.113.89.36 session monitor-enabled state up } } monitor https apm aaa http /andrei/otp_smsapi { auth-type custom-post content-type url-encoded-utf8 custom-body "{\"recipient_phone_number\":\"%{session.logon.last.username}\",\"message\":\"%{session.logon.last.password}\",\"priority\":\"high\"}" form-action /api/sms/ headers { header0 { name Content-Type value application/json } header1 { name Authorization value "Basic xxxxxxx" } } partition andrei start-uri http://172.29.100.12 success-match-type string success-match-value id } net self Vlan400 { address 172.29.100.3/16 traffic-group traffic-group-local-only vlan vlan400 }When testing the connection from another PC to the APM enabled VIP I don't see any traffic via a tcpdump leaving from the vlan400 interface and get this in the apm logs:
Jan 23 17:21:24 BIGIP-C debug apd[16514]: 01490000:7: modules/Authentication/Http/HttpModule.cpp func: "doHttpHeaderBasedAuth()" line: 115 Msg: a933e480: HTTP module: doHttpHeaderBasedAuth(): URL: http://172.29.100.12/api/sms Jan 23 17:21:24 BIGIP-C err apd[16514]: 01490138:3: a933e480: HTTP module: authentication with 'test' failed: Curl perform failed: Failure when receiving data from the peer (56) Jan 23 17:21:24 BIGIP-C debug apd[16514]: 01490111:7: a933e480: HTTP module: authenticateUser(): Curl perform failed: Failure when receiving data from the peer (56)But the strange part is that I don't see any traffic leaving towards 172.29.100.12? Any ideas?
