[dns-operations] Heads up Linux IPv6 users: larger scale use may require kernel tuning

Donovan, Chris donovanc at cloudshield.com
Fri Feb 28 18:24:11 UTC 2014


Why does this effect a DNS server? In many cases, I would expect the routing table to be small (default route + some static routes). Does Linux need to add a route for each client that is connecting to it or are we talking about a scenario where the Linux host is participating in dynamic routing protocols and just received more routes than originally expected?


-----Original Message-----
From: dns-operations-bounces at lists.dns-oarc.net [mailto:dns-operations-bounces at lists.dns-oarc.net] On Behalf Of bert hubert
Sent: Friday, February 28, 2014 4:31 AM
To: dns-operations at mail.dns-oarc.net
Subject: [dns-operations] Heads up Linux IPv6 users: larger scale use may require kernel tuning

Hi everybody,

This is not strictly DNS related, but folks are now running in to this, painful slowdowns when offering IPv6 resolver performance.

A very large telco started deploying IPv6 to new users, to the point that 10% of their DNS resolver queries now come in over IPv6. 

Details below. We've since learned that some Linux distributions automatically tune IPv6 better than the kernel default, but not all do.

The Linux kernel folks are aware of the issue, and people are working on it.


----- Forwarded message from bert hubert <bert.hubert at netherlabs.nl> -----

Date: Thu, 27 Feb 2014 20:40:23 +0100
From: bert hubert <bert.hubert at netherlabs.nl>
To: pdns-users at mailman.powerdns.com
Subject: Heads up Linux IPv6 users: larger scale use may require kernel

Hi everybody,

More and more deployments are switching on IPv6, some of them are even 'switching over', by giving mobile devices only an IPv6 address and utilizing DNS64/NAT64 to make this work for IPv4 legacy services. We describe this on http://blog.powerdns.com/2013/05/17/ripe-66-powerdns-and-dns64nat64/

However, today we had a Linux user run into problems with their large IPv6 deployment. The root cause turned to be in the Linux kernel.

If you are doing larger scale IPv6 on Linux, check:

$ sysctl net.ipv6.route.max_size

The kernel-level default is 4096. If you have more IPv6 users than this active simultaneously, things will slow down to a crawl. Today we raised the value to 16384, but far higher values are probably safe too and may be required.

We're discussing this the the relevant Linux kernel people here
http://marc.info/?l=linux-netdev&m=139352943109400&w=2 but for now, things need to be set manually.

Good luck with your IPv6 deployments!


----- End forwarded message -----
dns-operations mailing list
dns-operations at lists.dns-oarc.net
dns-jobs mailing list

More information about the dns-operations mailing list