On 06/07/2011 12:38 PM, Brian High wrote:
Hi 389 users,
After searching through bugzilla, list archives, wikis, blogs, etc., I am still puzzled.
We have 389 running on a single-homed RHEL5.6 (389-ds-1.1.3-4). (We are getting ready to
upgrade in about a week to the latest version.)
What version of 389-ds-base?
We had disabled IPv6 in the interface setup (i.e. NETWORKING_IPV6=no
in /etc/sysconfig/network), but recently found the following:
1. The OS still has IPv6 enabled (ip6tables running and interface has "inet6
addr" in ifconfig).
2. Since we installed it last year, 389 has been listening on "all
interfaces".
3. Even though there are no incoming 389 requests via IPv6, our 389 server opens lots of
IPv6 connections.
4. This has created a file descriptor shortage in the past. A quick fix was to restart
dirsrv.
5. In researching how prevent it, we did all of the related performance tunes as
recommended.
6. But, ultimately, we see in netstat and lsof that open IPv6 connections increase each
day.
7. Even with ip6tables dropping all IPv6 traffic, we still see this increase in
connections.
8. Considering we do not run IPv6 here at all, and the firewall blocks it anyway, this
was surprising.
9. We took more steps to disable IPv6 in RHEL and configured 389 to only listen on the
one IPv4 address.
So, while it is now fixed, we cannot help but wonder, why 389 is trying to make these
extra IPv6 connections. The number varies throughout the day, relative to load, so it
must be in response to real requests on IPv4 somehow. Is 389 trying to reply to requests
on *both* IPv4 and IPv6 networks, even for requests from IPv4?
Any leads in understand this puzzle will be greatly appreciated.
Not sure, but let
us know if you can reproduce this problem with
389-ds-base 1.2.8.3 (current Stable).
Mystified,
Brian High
--
389 users mailing list
389-users(a)lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users