Re: weirdness with slow ssh connections (IPv6 related?)

Top Page
Attachments:
Message as email
+ (text/plain)
+ (text/html)
+ (text/plain)
Delete this message
Reply to this message
Author: Lisa Kachold
Date:  
To: Main PLUG discussion list
Subject: Re: weirdness with slow ssh connections (IPv6 related?)
On Wed, Oct 28, 2009 at 6:16 PM, Eric Shubert <> wrote:

> Steven A. DuChene wrote:
> > I am working on a project with 50 - 70 servers in the AT&T data center
> > on University. They have either RHEL5U3 or CentOS5U3 on the systems.
> > I have DNS configured with the normal bind 9 packages that come with
> > CentOS5U3. My problem is when using ssh to get between the systems
> > if i use the short name for a system it takes a long time to get to
> > a shell prompt on the remote system. If I use the fully qualified
> > domain name or the IP address of I use a "-4" with the short name
> > I get to a shell prompt immediately. So to illustrate:
> >
> > root@adm # ssh new75
> >
> > takes a LONG time to get shell prompt.
> >
> > Any of the following get me a shell prompt almost immediately:
> >
> > root@adm # ssh -4 new75
> >
> > root@adm # ssh new75.wholedomain.here
> >
> > root@adm # ssh 10.4.5.6 (IP address of new75 system)
> >
> > Since the "-4" option seems to have a positive effect I have gone
> > to each system and made sure the IPv6 kernel modules are not loaded
> > and the network file in /etc/sysconfig/ has the following line in
> > it:
> >
> > NETWORKING_IPV6=no
> >
> > but that made little or no difference to the problem. The lines
> > I added to the /etc/modprobe.conf file look like this:
> >
> > alias net-pf-10 off
> > alias ipv6 off
> >
> > I believe it some strange interaction problem between IPv6 and DNS
> > but I do not have a clear plan on what to try next.
> >
> > Any suggestions?
> > --
> > Steven DuChene
> >
> >
>
>
> http://forums.cpanel.net/f5/rh-5-4-update-bind-named-network-unreachable-resolving-ipv6-129889.html
> ?
>
> --
> -Eric 'shubes'
>
> Aggressive WorkAround: Turn off IPV6 completely:


Is the kernel IPV6 module loaded?

# lsmod | grep ipv6

Disable anything that depends on ipv6.
NOTE: You should not allow ipv6 to traverse your bastion ingress firewall
ACL, or filter before this machine, since turning off ip6tables could be a
security risk:

# chkconfig ip6tables off

Save the following line in a file in /etc/modprobe.d/ directory:

install ipv6 /bin/true

Reboot is required here!

Then blacklist the module; it will still load, but it will not work other
than invoke /bin/true so modules that call it still work.

# blacklist ipv6

Be sure networking does not call ipv6:

Edit /etc/sysconfig/network-scripts/ifcfg-eth0

IPV6INIT=no
IPV6_AUTOCONF=no

Finally, you can safely remove the following option from the
/etc/sysconfig/network file, if it exists:

NETWORKING_IPV6=no


REF: http://fedoraproject.org/wiki/IPv6Guide
--
Skype: (623)239-3392
AT&T: (503)754-4452
www.obnosis.com
---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss