On Thu, 24 Sep 2015, Janelle wrote:
On 9/24/15 12:57 AM, Martin Kosek wrote:
On 09/23/2015 10:05 PM, Janelle wrote:
On 9/13/15 11:46 PM, Alexander Bokovoy wrote:
On Sun, 13 Sep 2015, Janelle wrote:
Hello,
I read something recently that if ip v6 is disable on a server this
hurts performance in some way? Is there more info on this or did I
misread it?
Do not disable IPv6 stack on your machines. By disabling IPv6 you are
not doing good. On contrary, many contemporary software projects are
using IPv6-enabled network calls by default because both IPv6 and IPv4
share the same name space on the machine so you only need to listen on a
IPv6 port to accept both IPv4 and IPv6. This is a recommended approach
for networking applications' developers for years already.
Note that this means only that support for IPv6 stack is enabled in the
kernel. You are not required to go with IPv6 networking addresses, this
is not really needed if you don't want to. But allowing applications to
be IPv6 aware is required.
FreeIPA has several components which are programmed in such way that
they expect IPv6 stack to be enabled for reasons outlined above. If you
disable IPv6 stack, FreeIPA will partially malfunction and will not
really be in a supported state, especially when we are talking about
trusts to Active Directory (and, in future, IPA to IPA trust).
BTW - I did re-enable IPv6 and was able to "clean ruv" all the "dead" entries,
which I had not been able to do before. Thank you for this.
Hello Janelle,
Thanks for confirmation! I added this knowledge to
http://www.freeipa.org/page/Troubleshooting#Obsolete_RUV_records
as it is definitely not an obvious fix to resolve the RUV issue.
Please feel very welcome to extend Troubleshooting guide if you have other
advise that could help others speed up their RUV investigation - you have
definitely a lot of experience with them.
Thanks!
Martin
Final - Final confirmation now. I now deleted a replica and re-added.
No "ghost" entries at all. Everything is perfect. Yeah, this was crazy
that it was the fix on all the problems I had for a few months. It
definitely was not an obvious one. I had wondered if it was DNS at
one point, but every server/master has a /etc/hosts file with all
hostnames and IPs (I never trust DNS).
Thank you for sticking with all my issues and helping with this. This
one was a huge help. At one point I had 9 of these ghost RUVs that
would not go away. Even if I deleted them off a server, they would
magically re-appear. It was so frustrating. Having a clean
environment is a wonderful thing. I love IPA!!
I will check the DOCs and if there is anything I can add I will.
It looks like 389-ds internally uses IPv6 stack functions as that allows
to support both IPv4 and IPv6 addresses. This means that 389-ds always
listens on tcp6 (netstat -nltp will show that) and if IPv6 stack is
disabled in the kernel, it could cause some issues as not all
functionality would be available to the user space. Again, you don't
need to have IPv6 network addresses, just IPv6 namespace enabled in the
kernel.
--
/ Alexander Bokovoy
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
