weirdness with slow ssh connections (IPv6 related?)
Lisa Kachold
lisakachold at obnosis.com
Wed Oct 28 18:59:42 MST 2009
On Wed, Oct 28, 2009 at 6:16 PM, Eric Shubert <ejs at shubes.net> wrote:
> Steven A. DuChene wrote:
> > I am working on a project with 50 - 70 servers in the AT&T data center
> > on University. They have either RHEL5U3 or CentOS5U3 on the systems.
> > I have DNS configured with the normal bind 9 packages that come with
> > CentOS5U3. My problem is when using ssh to get between the systems
> > if i use the short name for a system it takes a long time to get to
> > a shell prompt on the remote system. If I use the fully qualified
> > domain name or the IP address of I use a "-4" with the short name
> > I get to a shell prompt immediately. So to illustrate:
> >
> > root at adm # ssh new75
> >
> > takes a LONG time to get shell prompt.
> >
> > Any of the following get me a shell prompt almost immediately:
> >
> > root at adm # ssh -4 new75
> >
> > root at adm # ssh new75.wholedomain.here
> >
> > root at adm # ssh 10.4.5.6 (IP address of new75 system)
> >
> > Since the "-4" option seems to have a positive effect I have gone
> > to each system and made sure the IPv6 kernel modules are not loaded
> > and the network file in /etc/sysconfig/ has the following line in
> > it:
> >
> > NETWORKING_IPV6=no
> >
> > but that made little or no difference to the problem. The lines
> > I added to the /etc/modprobe.conf file look like this:
> >
> > alias net-pf-10 off
> > alias ipv6 off
> >
> > I believe it some strange interaction problem between IPv6 and DNS
> > but I do not have a clear plan on what to try next.
> >
> > Any suggestions?
> > --
> > Steven DuChene
> >
> >
>
>
> http://forums.cpanel.net/f5/rh-5-4-update-bind-named-network-unreachable-resolving-ipv6-129889.html
> ?
>
> --
> -Eric 'shubes'
>
> Aggressive WorkAround: Turn off IPV6 completely:
Is the kernel IPV6 module loaded?
# lsmod | grep ipv6
Disable anything that depends on ipv6.
NOTE: You should not allow ipv6 to traverse your bastion ingress firewall
ACL, or filter before this machine, since turning off ip6tables could be a
security risk:
# chkconfig ip6tables off
Save the following line in a file in /etc/modprobe.d/ directory:
install ipv6 /bin/true
Reboot is required here!
Then blacklist the module; it will still load, but it will not work other
than invoke /bin/true so modules that call it still work.
# blacklist ipv6
Be sure networking does not call ipv6:
Edit /etc/sysconfig/network-scripts/ifcfg-eth0
IPV6INIT=no
IPV6_AUTOCONF=no
Finally, you can safely remove the following option from the
/etc/sysconfig/network file, if it exists:
NETWORKING_IPV6=no
REF: http://fedoraproject.org/wiki/IPv6Guide
--
Skype: (623)239-3392
AT&T: (503)754-4452
www.obnosis.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.PLUG.phoenix.az.us/pipermail/plug-discuss/attachments/20091028/db494226/attachment.htm
More information about the PLUG-discuss
mailing list