[Freeipa-users] V6 and v4

Alexander Bokovoy abokovoy at redhat.com
Thu Sep 24 13:36:38 UTC 2015 

On Thu, 24 Sep 2015, Janelle wrote:
>On 9/24/15 12:57 AM, Martin Kosek wrote:
>>On 09/23/2015 10:05 PM, Janelle wrote:
>>>On 9/13/15 11:46 PM, Alexander Bokovoy wrote:
>>>>On Sun, 13 Sep 2015, Janelle wrote:
>>>>>Hello,
>>>>>
>>>>>I read something recently that if ip v6 is disable on a server this
>>>>>hurts performance in some way? Is there more info on this or did I
>>>>>misread it?
>>>>Do not disable IPv6 stack on your machines. By disabling IPv6 you are
>>>>not doing good. On contrary, many contemporary software projects are
>>>>using IPv6-enabled network calls by default because both IPv6 and IPv4
>>>>share the same name space on the machine so you only need to listen on a
>>>>IPv6 port to accept both IPv4 and IPv6. This is a recommended approach
>>>>for networking applications' developers for years already.
>>>>
>>>>Note that this means only that support for IPv6 stack is enabled in the
>>>>kernel. You are not required to go with IPv6 networking addresses, this
>>>>is not really needed if you don't want to. But allowing applications to
>>>>be IPv6 aware is required.
>>>>
>>>>FreeIPA has several components which are programmed in such way that
>>>>they expect IPv6 stack to be enabled for reasons outlined above. If you
>>>>disable IPv6 stack, FreeIPA will partially malfunction and will not
>>>>really be in a supported state, especially when we are talking about
>>>>trusts to Active Directory (and, in future, IPA to IPA trust).
>>>>
>>>BTW - I did re-enable IPv6 and was able to "clean ruv" all the "dead" entries,
>>>which I had not been able to do before. Thank you for this.
>>Hello Janelle,
>>
>>Thanks for confirmation! I added this knowledge to
>>
>>http://www.freeipa.org/page/Troubleshooting#Obsolete_RUV_records
>>
>>as it is definitely not an obvious fix to resolve the RUV issue.
>>
>>Please feel very welcome to extend Troubleshooting guide if you have other
>>advise that could help others speed up their RUV investigation - you have
>>definitely a lot of experience with them.
>>
>>Thanks!
>>Martin
>Final - Final  confirmation now. I now deleted a replica and re-added. 
>No "ghost" entries at all. Everything is perfect. Yeah, this was crazy 
>that it was the fix on all the problems I had for a few months. It 
>definitely was not an obvious one.  I had wondered if it was DNS at 
>one point, but every server/master has a /etc/hosts file with all 
>hostnames and IPs (I never trust DNS).
>
>Thank you for sticking with all my issues and helping with this. This 
>one was a huge help.  At one point I had 9 of these ghost RUVs that 
>would not go away. Even if I deleted them off a server, they would 
>magically re-appear. It was so frustrating.  Having a clean 
>environment is a wonderful thing. I love IPA!!
>
>I will check the DOCs and if there is anything I can add I will.
It looks like 389-ds internally uses IPv6 stack functions as that allows
to support both IPv4 and IPv6 addresses. This means that 389-ds always
listens on tcp6 (netstat -nltp will show that) and if IPv6 stack is
disabled in the kernel, it could cause some issues as not all
functionality would be available to the user space. Again, you don't
need to have IPv6 network addresses, just IPv6 namespace enabled in the
kernel.
-- 
/ Alexander Bokovoy

More information about the Freeipa-users mailing list