FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora Directory

 
 
LinkBack Thread Tools
 
Old 06-07-2011, 06:38 PM
Brian High
 
Default extra IPv6 traffic wasting file descriptors

Hi 389 users,

After searching through bugzilla, list archives, wikis, blogs, etc., I am still puzzled.

We have 389 running on a single-homed RHEL5.6 (389-ds-1.1.3-4). (We are getting ready to upgrade in about a week to the latest version.)

We had disabled IPv6 in the interface setup (i.e. NETWORKING_IPV6=no in /etc/sysconfig/network), but recently found the following:

1. The OS still has IPv6 enabled (ip6tables running and interface has "inet6 addr" in ifconfig).
2. Since we installed it last year, 389 has been listening on "all interfaces".
3. Even though there are no incoming 389 requests via IPv6, our 389 server opens lots of IPv6 connections.
4. This has created a file descriptor shortage in the past. A quick fix was to restart dirsrv.
5. In researching how prevent it, we did all of the related performance tunes as recommended.
6. But, ultimately, we see in netstat and lsof that open IPv6 connections increase each day.
7. Even with ip6tables dropping all IPv6 traffic, we still see this increase in connections.
8. Considering we do not run IPv6 here at all, and the firewall blocks it anyway, this was surprising.
9. We took more steps to disable IPv6 in RHEL and configured 389 to only listen on the one IPv4 address.

So, while it is now fixed, we cannot help but wonder, why 389 is trying to make these extra IPv6 connections. The number varies throughout the day, relative to load, so it must be in response to real requests on IPv4 somehow. Is 389 trying to reply to requests on *both* IPv4 and IPv6 networks, even for requests from IPv4?

Any leads in understand this puzzle will be greatly appreciated.

Mystified,
Brian High

--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 
Old 06-07-2011, 06:42 PM
Rich Megginson
 
Default extra IPv6 traffic wasting file descriptors

On 06/07/2011 12:38 PM, Brian High wrote:
> Hi 389 users,
>
> After searching through bugzilla, list archives, wikis, blogs, etc., I am still puzzled.
>
> We have 389 running on a single-homed RHEL5.6 (389-ds-1.1.3-4). (We are getting ready to upgrade in about a week to the latest version.)
What version of 389-ds-base?
> We had disabled IPv6 in the interface setup (i.e. NETWORKING_IPV6=no in /etc/sysconfig/network), but recently found the following:
>
> 1. The OS still has IPv6 enabled (ip6tables running and interface has "inet6 addr" in ifconfig).
> 2. Since we installed it last year, 389 has been listening on "all interfaces".
> 3. Even though there are no incoming 389 requests via IPv6, our 389 server opens lots of IPv6 connections.
> 4. This has created a file descriptor shortage in the past. A quick fix was to restart dirsrv.
> 5. In researching how prevent it, we did all of the related performance tunes as recommended.
> 6. But, ultimately, we see in netstat and lsof that open IPv6 connections increase each day.
> 7. Even with ip6tables dropping all IPv6 traffic, we still see this increase in connections.
> 8. Considering we do not run IPv6 here at all, and the firewall blocks it anyway, this was surprising.
> 9. We took more steps to disable IPv6 in RHEL and configured 389 to only listen on the one IPv4 address.
>
> So, while it is now fixed, we cannot help but wonder, why 389 is trying to make these extra IPv6 connections. The number varies throughout the day, relative to load, so it must be in response to real requests on IPv4 somehow. Is 389 trying to reply to requests on *both* IPv4 and IPv6 networks, even for requests from IPv4?
>
> Any leads in understand this puzzle will be greatly appreciated.
Not sure, but let us know if you can reproduce this problem with
389-ds-base 1.2.8.3 (current Stable).
> Mystified,
> Brian High
>
> --
> 389 users mailing list
> 389-users@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users

--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 

Thread Tools




All times are GMT. The time now is 10:02 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org