IPv6 Issues / Question

dubstep · May 13, 2011, 8:54pm

Last night I had my provider (Linode) add IPv6 support for my server. I
also had them assign me an IPv6 pool to use.

I have Nginx 1.0.2 compiled with IPv6 support, restarted my Nginx and
everything was fine all night and most of the morning. However, within
minutes of me adding AAAA records to my domains, Nginx stopped and
running and took the IPv4 networking down with it. I hadn’t even
restarted Nginx after adding the records.

Upon reboot with Nginx disabled, everything runs fine. I start Nginx
and make a single IPv4 page request, the network is completely gone
again on all ports.

I don’t believe in coincidences so what could adding AAAA records to
domains Nginx is listening for on port 80 trigger? Nginx had been
running without problems for 12 hours with IPv6 enabled on the server
with an assigned global scope IPv6 address. Within minutes of me adding
those AAAA records, the trouble began.

I don’t see anything in the logs that helps. Here is my configuration
for Nginx:

nginx: configure arguments:
–sbin-path=/usr/sbin/nginx
–conf-path=/etc/nginx/nginx.conf
–user=nginx
–group=nginx
–http-client-body-temp-path=/var/lib/nginx/tmp/client_body
–http-proxy-temp-path=/var/lib/nginx/tmp/proxy
–http-fastcgi-temp-path=/var/lib/nginx/tmp/fastcgi
–error-log-path=/var/log/nginx/error.log
–http-log-path=/var/log/nginx/access.log
–prefix=/usr/share/nginx
–pid-path=/var/run/nginx.pid
–add-module=…/headers-more-nginx-module
–add-module=…/ngx_http_redis-0.3.1
–add-module=…/ngx_http_upstream_keepalive
–add-module=…/memc-nginx-module
–add-module=…/ngx_cache_purge
–add-module=/usr/local/rvm/gems/ruby-1.9.2-p0@rails3/gems/passenger-3.0.2/ext/nginx
–add-module=…/ngx_http_log_request_speed
–add-module=…/mod_strip
–with-ipv6
–with-http_ssl_module
–with-http_gzip_static_module
–with-http_xslt_module
–with-http_image_filter_module
–with-http_geoip_module
–with-http_sub_module
–with-http_realip_module
–with-http_stub_status_module
–with-http_flv_module
–without-mail_pop3_module
–without-mail_imap_module
–without-mail_smtp_module
–without-select_module
–without-poll_module
–with-openssl=…/openssl-1.0.0d
–with-pcre=…/pcre-8.12
–with-zlib=…/zlib-1.2.5
–with-cpu-opt=Xeon
–with-cc-opt=‘-pipe -s -O3 -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions
-fstack-protector --param=ssp-buffer-size=4 -mmmx -msse -msse2 -msse3
-mfpmath=sse -mtune=native -march=native -enable-new-dtags -DNODEBUG
-DNDEBUG -enable-stdcall-fixup -frerun-loop-opt -ftracer’

Posted at Nginx Forum:

holstebm · May 13, 2011, 9:06pm

I should add that disabling IPv6 this way:

sysctl -w net.ipv6.conf.all.disable_ipv6=1
sysctl -w net.ipv6.conf.default.disable_ipv6=1
sysctl -w net.ipv6.conf.lo.disable_ipv6=1

without making any changes to the Nginx configuration, works. So it is
definitely related to IPv6 and Nginx.

TIA!

Bret

Posted at Nginx Forum:

holstebm · May 13, 2011, 9:14pm

On Fri, May 13, 2011 at 02:54:06PM -0400, holstebm wrote:

and make a single IPv4 page request, the network is completely gone
again on all ports.

What do you mean by “took the IPv4 networking down” ? Does it mean
that any (inlcuding ssh, etc) IPv4 traffic goes down, or only HTTP or
what ?

–
Igor S.

holstebm · May 13, 2011, 9:26pm

Literally everything. SSH - everything. This is a VPS (Linode) with a
Lish AJAX console that normally works even when all other networking is
disabled and even it was down. I was literally blind and the only
option left was to reboot each time. It took several reboots to narrow
it down to a particular service.

Please let me know if there is a particular log I should look at. I’ve
looked at the messages and syslog as well as the access and error logs
for nginx and they are all missing entries during the time networking
was down.

Thanks! I’ve been using Nginx for years barely a hiccup until this.

Bret

Posted at Nginx Forum:

holstebm · May 13, 2011, 9:37pm

On Fri, May 13, 2011 at 03:25:47PM -0400, holstebm wrote:

Literally everything. SSH - everything. This is a VPS (Linode) with a
Lish AJAX console that normally works even when all other networking is
disabled and even it was down. I was literally blind and the only
option left was to reboot each time. It took several reboots to narrow
it down to a particular service.

I believe this is a bug in Linux or VPS.
A user mode program even run with root privilege that makes only usual
listen/bind/setsockopt/accept/etc syscalls on IPv6 sockets should not
cause such issues.

–
Igor S.

holstebm · May 13, 2011, 9:28pm

I haven’t eliminated the possibility that Nginx is the symptom and not
the cause. Of course, under the circumstances, I’m not sure how I might
do that. But I am willing to provide anything you need to help get to
the bottom of this.

Posted at Nginx Forum:

holstebm · May 13, 2011, 9:48pm

Okay, thanks, I’ll into that bit more. This is a production machine
which, right now, limits me a bit. I is running Ubuntu 10.04 with one
of the kernels from Linode. Sometime overnight this weekend, I’ll play
with it a bit more. I can use other kernels or compile my own, if
necessary.

I was hoping what you thought about the AAAA records being added and the
appearance of the issue might be helpful as it seems strange. Perhaps a
routing problem of some sort when Nginx sent out a reply?

Thanks for you help!

Bret

Posted at Nginx Forum:

holstebm · May 13, 2011, 9:49pm

On Fri, May 13, 2011 at 03:47:29PM -0400, holstebm wrote:

Okay, thanks, I’ll into that bit more. This is a production machine
which, right now, limits me a bit. I is running Ubuntu 10.04 with one
of the kernels from Linode. Sometime overnight this weekend, I’ll play
with it a bit more. I can use other kernels or compile my own, if
necessary.

I was hoping what you thought about the AAAA records being added and the
appearance of the issue might be helpful as it seems strange. Perhaps a
routing problem of some sort when Nginx sent out a reply?

AAAA record may just cause IPv6 traffic to the host.
And the traffic may cause kernel issues.

–
Igor S.