[389-users] extra IPv6 traffic wasting file descriptors

Rich Megginson rmeggins at redhat.com
Tue Jun 7 18:42:42 UTC 2011 

On 06/07/2011 12:38 PM, Brian High wrote:
> Hi 389 users,
>
> After searching through bugzilla, list archives, wikis, blogs, etc., I am still puzzled.
>
> We have 389 running on a single-homed RHEL5.6 (389-ds-1.1.3-4).  (We are getting ready to upgrade in about a week to the latest version.)
What version of 389-ds-base?
> We had disabled IPv6 in the interface setup (i.e. NETWORKING_IPV6=no in /etc/sysconfig/network), but recently found the following:
>
> 1.  The OS still has IPv6 enabled (ip6tables running and interface has "inet6 addr" in ifconfig).
> 2.  Since we installed it last year, 389 has been listening on "all interfaces".
> 3.  Even though there are no incoming 389 requests via IPv6, our 389 server opens lots of IPv6 connections.
> 4.  This has created a file descriptor shortage in the past.  A quick fix was to restart dirsrv.
> 5.  In researching how prevent it, we did all of the related performance tunes as recommended.
> 6.  But, ultimately, we see in netstat and lsof that open IPv6 connections increase each day.
> 7.  Even with ip6tables dropping all IPv6 traffic, we still see this increase in connections.
> 8.  Considering we do not run IPv6 here at all, and the firewall blocks it anyway, this was surprising.
> 9.  We took more steps to disable IPv6 in RHEL and configured 389 to only listen on the one IPv4 address.
>
> So, while it is now fixed, we cannot help but wonder, why 389 is trying to make these extra IPv6 connections.  The number varies throughout the day, relative to load, so it must be in response to real requests on IPv4 somehow.  Is 389 trying to reply to requests on *both* IPv4 and IPv6 networks, even for requests from IPv4?
>
> Any leads in understand this puzzle will be greatly appreciated.
Not sure, but let us know if you can reproduce this problem with 
389-ds-base 1.2.8.3 (current Stable).
> Mystified,
> Brian High
>
> --
> 389 users mailing list
> 389-users at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users

More information about the 389-users mailing list