11.3 Setting up L4 Switch for IPv6 Support

IPv6 provides large number of available addresses, increased security, and reliability. For supporting IPv6, the L4 switch must support addressing both IPv4 and IPv6 as seen in the following figure.

There is no change in listener configuration for Access Manager devices. Hence, real IP configuration and real server group configuration in L4 switch remain the same. Change is required only in the virtual server configuration to accept IPv6 connections.

Figure 11-3 L4 Switch Support For Both IPv4/IPv6

The existing IPv4 virtual server configuration is as follows:

  • server virtual vir-ipv4 10.50.50.1

  • predictor round-robin

  • port 8080

  • port 8443

  • bind 8080 real1 8080 real2 8080 real3 8080 real4 8080

  • bind 8443 real1 8443 real2 8443 real3 8443 real4 8443

Use the following procedure to configure the L4 switch for IPv6 support.

  1. Add an IPv6 virtual server for each of the corresponding IPv4 virtual servers:

    • server virtual vir-ipv6 2001::1

    • predictor round-robin

    • port 8080

    • port 8443

    • bind 8080 real1 8080 real2 8080 real3 8080 real4 8080

    • bind 8443 real1 8443 real2 8443 real3 8443 real4 8443

    NOTE:All real server configurations (real1, real2, real3, real4) in the above sample remains same for both IPv4 virtual server and IPv6 virtual server configurations.

  2. (Optional) To use a client IPv6 address for Authorization or Identity Injection Policies, L4 switch must be configured to send X-Forwarded-For IP header with each HTTP request.

IPv6 support is explained in the following scenarios. For simplicity IPv4 information is not provided. These scenarios support IPv6 in addition to IPv4. For more information about limitations for this support, see Section 11.3.3, Limitations.