Implement load balancing for IPv6 services - Server Load Balancer

Application Load Balancer (ALB) can forward IPv6 requests. This topic describes how to configure a dual-stack server group that contains IPv4 and IPv6 Elastic Compute Service (ECS) instances for an ALB instance, and enable IPv6 Internet bandwidth for the IPv6 ECS instances in the group. This way, IPv6 clients can access the backend IPv4 and IPv6 services through the ALB instance.

Scenario

The following scenario is used as an example in this topic. A company wants to use ALB to forward requests from IPv6 clients to the IPv4 and IPv6 services in a virtual private cloud (VPC). In this case, the company needs to create ECS instances with IPv4 and IPv6 addresses and enable IPv6 Internet bandwidth for the IPv6 ECS instances. In addition, the company needs to create a dual-stack ALB instance and a dual-stack server group. After the preceding steps are completed, requests from IPv6 clients can be forwarded to the IPv4 and IPv6 services on the backend ECS instances through ALB.

Limits

The dual-stack feature is not available by default. To use the feature, log on to the Quota Center console. On the Whitelist Quotas page, enter the quota ID slb_user_visible_gray_label/support_ipv6, and click Apply. For more information, see Manage ALB quotas.
For more information about the regions that support the dual-stack feature, see Overview of ALB instances.
To use the dual-stack feature, you must enable the IPv6 feature for the vSwitches in the VPC where the IPv4 and IPv6 services are deployed.
Dual-stack ALB instances can forward requests from IPv4 and IPv6 clients to backend IPv4 and IPv6 services.
- Dual-stack ALB instances can forward requests from IPv6 clients to backend IPv4 services of the following types: ECS, elastic network interface (ENI), Elastic Container Instance, and IP. Backend services of the Function Compute type are not supported.
- Dual-stack ALB instances can forward requests from IPv6 clients to backend IPv6 services of the following types: ECS, ENI, and Elastic Container Instance. Backend services of the Function Compute and IP types are not supported.
You cannot enable access control for listeners of dual-stack ALB instances.
You cannot upgrade existing IPv4 ALB instances to dual-stack ALB instances. You can only create dual-stack ALB instances.
When you create a listener for an IPv4 ALB instance, you cannot add dual-stack server groups.

Prerequisites

A VPC that supports IPv6 is created in the China (Shanghai) region. For more information, see Create a VPC that supports both IPv4 and IPv6.
A vSwitch that supports IPv6 is created in Zone E and Zone G of the China (Shanghai) region. For more information, see Create a vSwitch that supports IPv4 and IPv6.

Procedure

Step 1: Create and configure ECS instances

Log on to the VPC console.
In the left-side navigation pane, click vSwitch.
Select the region of the vSwitch. In this example, China (Shanghai) is selected.
On the vSwitch page, find the vSwitch that you want to manage, and choose Create > ECS Instance in the Actions column.
On the Custom Launch tab of the Elastic Compute Service (ECS) page, create an IPv4 ECS instance named ECS01 and an IPv6 ECS instance named ECS02. For more information, see Create an instance by using the wizard.
Note
- In this example, both ECS01 and ECS02 run the Alibaba Cloud Linux operating system.
- When you create an IPv6 ECS instance, select Assign IPv6 Address Free of Charge in the IPv6 section.
Log on to ECS01 and ECS02, and deploy different NGINX services on ECS01 and ECS02. For more information, see Connection methods and Manually build an LNMP stack on an Alibaba Cloud Linux 2 instance.
Assign a static IPv6 address to ECS02.
Note In this example, a static IPv6 address is manually assigned to ECS02. For more information, see Assign an IPv6 address to a Linux instance.
1. Log on to ECS02.
2. Check whether IPv6 is enabled for ECS02.
  Note IPv6 is disabled in Alibaba Cloud Linux 2 images of the aliyun_2_1903_64_20G_alibase_20190829.vhd version and earlier. By default, IPv6 is enabled in Alibaba Cloud Linux 2 images of the aliyun_2_1903_x64_20G_alibase_20200221.vhd version and later.
  Run the ip addr | grep inet6 or ifconfig | grep inet6 command.
  - If information about inet6 is returned, IPv6 is enabled for ECS02.
  - If information about inet6 is not returned, IPv6 is not enabled for ECS02.
  In this example, the response shows that IPv6 is enabled for ECS02, as shown in the following figure.
3. Manually configure the IPv6 address of ECS02.
  1. Run the vi /etc/sysconfig/network-scripts/ifcfg-eth0 command to open the configuration file of the network interface controller (NIC). Replace eth0 in the command with the actual identifier of the NIC. Add the following configurations to the file:
```
DHCPV6C=yes
IPV6INIT=yes
```
    After you add the configurations, press the ESC key, enter :wq, and then press the ENTER key to save and exit.
  2. Restart ECS02.
```
reboot
```

Step 2: Enable IPv6 Internet bandwidth

Log on to the IPv6 Gateway console.
In the top navigation bar, select the region where the IPv6 gateway is deployed. In this example, China (Shanghai) is selected.
On the IPv6 Gateway page, find the IPv6 gateway that is created for the VPC and click Manage in the Actions column.
On the details page of the IPv6 gateway, click the IPv6 Internet Bandwidth tab. Then, find the Internet bandwidth that corresponds to ECS02 and click Create IPv6 Internet Bandwidth in the Actions column.

On the IPv6 Internet Bandwidth (PostPay) page, set the parameters, click Buy Now, and then complete the payment. The following table describes the parameters.


Parameter	Description
Data Transfer	Select a billing method for the Internet bandwidth plan. Valid values: Pay-By-Bandwidth and Pay-By-Data-Transfer. In this example, Pay-By-Data-Transfer is selected.
Bandwidth	Specify a maximum bandwidth value for the Internet bandwidth. In this example, the default value 5 Mbps is used.
Billing Cycle	Select a billing cycle for the Internet bandwidth. In this example, Hour (By Hour) is selected.

Step 3: Configure the security group rules

After you enable Internet bandwidth for ECS02, you must configure security group rules for ECS02 to accept requests from IPv6 clients.

Log on to the ECS console.
In the left-side navigation pane, choose Network & Security > Security Groups.
In the top navigation bar, select the region of the security group. In this example, China (Shanghai) is selected.
On the Security Groups page, find the security group and click Add Rules in the Actions column.
On the Security Group Rules page, click the Inbound tab in the Access Rule section.

Click Add and configure the rule based on the following information. Then, click Save in the Actions column.


Parameter	Description
Action	Select the action of the rule. In this example, Allow is selected.
Priority	Set the priority of the rule. A smaller value indicates a higher priority. Valid values: 1 to 100. The default value 1 is used in this example.
Protocol Type	Select the type of allowed requests. In this example, All ICMP (IPv6) is selected.
Port Range	Specify a range of ports to accept requests from IPv6 clients. If you set Protocol Type to All ICMP (IPv6), you can set Dest (the destination port) to only -1/-1.
Authorization Object	Enter the IPv6 CIDR block to which the rule applies. In this example, ::/0 is used to apply the rule to all IPv6 addresses. Note You can specify IPv6 addresses based on your business requirements.
Description	Enter a description for the rule.

Step 4: Create an ALB instance

Log on to the ALB console.
On the Instances page, click Create ALB.

On the buy page, set the following parameters, click Buy Now, and then complete the payment.


Parameter	Description
Region	Select the region where you want to create the ALB instance. In this example, China (Shanghai) is selected.
Network Type	Select the network type of the ALB instance. The system allocates a public or private IP address to the ALB instance based on the selected network type. Public-facing is selected in this example.
VPC	Select the VPC where you want to deploy the ALB instance. Note Make sure that the IPv6 feature is enabled for the VPC.
Zone	Select at least two zones. In this example, Shanghai Zone E and Shanghai Zone G are selected. Select a vSwitch for each zone. In this example, a vSwitch in Zone E and a vSwitch in Zone G are selected.
IP Mode	Select an IP mode for the ALB instance. In this example, Static IP is selected.
Edition	Select an edition for the ALB instance. Standard is selected in this example.
IP Version	Select the IP version. In this example, Dual-stack is selected.
Instance Name	Enter a name for the ALB instance.
Resource Group	Select the resource group to which the ALB instance belongs.

Return to the Instances page, find the ALB instance, and then click its ID.
In the Basic Information section of the Instance Details tab, find Network. Then, click Change Network Type next to IPv6:Private.
In the Change Network Type dialog box, click OK.
After the change takes effect, you can find that the IPv6 network type changes to Public.

Step 5: Create a server group

Log on to the ALB console.
In the top navigation bar, select the region where you want to create a server group. In this example, China (Shanghai) is selected.
In the left-side navigation pane, choose ALB > Server Groups.
On the Server Groups page, click Create Server Group.

In the Create Server Group dialog box, set the following parameters and click Create.

The following table describes some of the parameters. Keep the default values for other parameters. For more information about the parameters, see Create a server group.


Parameter	Description
Server Group Type	Select a server group type. In this example, Server Type is selected.
Server Group Name	Enter a name for the server group.
VPC	Select a VPC from the VPC drop-down list. Only servers in the VPC can be added to the server group. Note You must select the VPC where the ALB instance is deployed and make sure that IPv6 is enabled for the VPC.
Backend Server Protocol	Select a backend protocol. HTTP is selected in this example.
Scheduling Algorithm	Select a scheduling algorithm. In this example, Weighted Round-Robin is selected.
IPv6 Support	Specify whether to enable IPv6. In this example, IPv6 is enabled.
Session Persistence	Specify whether to enable session persistence. In this example, the default value is used. Session persistence is disabled.
Configure Health Check	Specify whether to enable health checks. In this example, health checks are enabled.
Advanced Settings	If you enable health checks, you can click Modify next to Advanced Settings to configure advanced settings.

On the Server Group page, find the server group that you want to manage and click its ID.
Click the Backend Servers tab and click Add Backend Servers.
In the Add Backend Servers panel, select ECS01 and ECS02. In the IP column, select the IPv4 address of ECS01 and the IPv6 address of ECS02, and click Next.
On the Ports/Weights wizard page, set the ports and weights of ECS01 and ECS02, and click OK.
In this example, both ECS instances use the port 80 and the default weight 100.

Step 6: Configure a listener

Log on to the ALB console.
On the Instances page, find the ALB instance that you want to manage and click the ID of the instance.
Click the Listener tab and click Create Listener.

On the Configure Listener page, set the following parameters and click Next.

The following table describes some of the parameters. Keep the default values for other parameters. For more information, see Add an HTTP listener.


Parameter	Description
Select Listener Protocol	Select a protocol for the listener. HTTP is selected in this example.
Listener Port	Specify a listening port to receive requests and forward them to backend servers. In this example, `80` is used.
Listener Name	Enter a name for the listener.
Advanced Settings	In this example, the default settings are used. You can click Modify to modify the settings.

On the Server Group wizard page, select Server Type and select a server group from the Server Type drop-down list. Check the server group information and click Next.
On the Confirm wizard page, confirm the configurations and click Submit.
Click OK to return to the Listener tab. If Healthy is displayed in the Health Check Status column, ECS01 and ECS02 can process requests forwarded by the ALB instance.

Step 7: Test the network connectivity

After you complete the preceding steps, IPv6 clients can access both the IPv4 and IPv6 services in the VPC through ALB. You can perform the following steps to test the connectivity between an IPv6 client and the ECS instances in the VPC.

Note Before you perform the test, make sure that your client supports IPv6. To check whether your client supports IPv6, visit http://test-ipv6.com/.

Use an IPv6 client to test the connectivity.

Test the connectivity between the IPv6 client and ECS01.
1. Open the CLI of the client.
2. Run the following command to check whether the IPv6 client can access the IPv4 services on ECS01:
```
curl -6 http://<ALB domain name> -v
```
  If the following packets are returned, the IPv6 client can access the IPv4 services on ECS01.
Test the connectivity between the IPv6 client and ECS02.
1. Open the CLI of the client.
2. Run the following command to check whether the IPv6 client can access the IPv6 services on ECS02:
```
curl -6 http://<ALB domain name> -v
```
  If the following packets are returned, the IPv6 client can access the IPv6 services on ECS02.