|From:||"Basch, Richard" <Richard.Basch@gs.com>|
|Subject:||krb5- 1.15 KDC network performance issue|
|Date:||Sat, 24 Dec 2016 05:57:00 +0000|
|CC:||"firstname.lastname@example.org" <email@example.com>, "Harrison, Kayla C." <firstname.lastname@example.org>|
There appears to be a change in behavior in krb5-1.15 vs krb5-1.14 which is showing a significant network performance issue.
- RHEL 6 host
- Additional V4 IP addresses defined (VIPs tied to virtual interfaces, e.g. eth0:1 or to lo:1)
- No IPv6 addresses setup (not that I think this matters)
- kdc_listen = 0.0.0.0:88
Kinit to the machine’s real IP performs sub-second (<1ms)
Kinit to the machine’s VIP takes about 1.0s
strace –tt suggests the delay is in sendmsg(); recvmsg() appears to be behaving quickly.
Here is the interesting thing... if I setup “kdc_listen = VIP:88 0.0.0.0:88”, it performs well. The only reason I don’t want to define VIP:88 in kdc.conf is that VIP may be moved from machine to machine (failover).
Likewise, with krb5-1.14, with kdc_ports = 88, there were no issues.
VP, Technology - Critical Infrastructure
Goldman, Sachs & Co
30 Hudson St. 7th Floor | Jersey City, NJ 07302
email@example.com | +1 (917) 343-4071
P Save a tree: Please don't print this mail unless necessary.
The Goldman Sachs Group, Inc. All rights reserved.
See for important risk disclosures, conflicts of interest and other terms and conditions relating to this e-mail and your reliance on information contained in it. This message may contain confidential or privileged information. If you are not the intended recipient, please advise us immediately and delete this message. See for further information on confidentiality and the risks of non-secure electronic communication. If you cannot access these links, please notify us by reply message and we will send the contents to you.