[dns-operations] Heads up Linux IPv6 users: larger scale use may require kernel tuning

[bert hubert]

Hi everybody,

This is not strictly DNS related, but folks are now running in to this,
painful slowdowns when offering IPv6 resolver performance.

A very large telco started deploying IPv6 to new users, to the point that
10% of their DNS resolver queries now come in over IPv6. 

Details below. We've since learned that some Linux distributions
automatically tune IPv6 better than the kernel default, but not all do.

The Linux kernel folks are aware of the issue, and people are working on it.

	Bert

----- Forwarded message from bert hubert <bert.hubert at netherlabs.nl> -----

Date: Thu, 27 Feb 2014 20:40:23 +0100
From: bert hubert <bert.hubert at netherlabs.nl>
To: pdns-users at mailman.powerdns.com
Subject: Heads up Linux IPv6 users: larger scale use may require kernel
	tuning

Hi everybody,

More and more deployments are switching on IPv6, some of them are even
'switching over', by giving mobile devices only an IPv6 address and
utilizing DNS64/NAT64 to make this work for IPv4 legacy services. We
describe this on
http://blog.powerdns.com/2013/05/17/ripe-66-powerdns-and-dns64nat64/

However, today we had a Linux user run into problems with their large IPv6
deployment. The root cause turned to be in the Linux kernel.

If you are doing larger scale IPv6 on Linux, check:

$ sysctl net.ipv6.route.max_size

The kernel-level default is 4096. If you have more IPv6 users than this
active simultaneously, things will slow down to a crawl. Today we raised the
value to 16384, but far higher values are probably safe too and may be
required.

We're discussing this the the relevant Linux kernel people here
http://marc.info/?l=linux-netdev&m=139352943109400&w=2 but for now, things
need to be set manually.

Good luck with your IPv6 deployments!

	Bert

----- End forwarded message -----