Unsolved
This post is more than 5 years old
39 Posts
0
2196
Disabling ipv6 via sysctl on redhat 7 doesn't prevent avamar from listening on ipv6 addresses
So if I try to disable ipv6 via sysctl method documented by redhat, the avamar agent still listens on ipv6 ports 30002 and 28002;
We are running Redhat 7.5 x64 with Avamar 7.4.1 server/client
This leads to delays as the avamar server cannot initiate a backup, the agent has to wake up from a sleep, check in with the server and then see it has work scheduled. This can be 'close to an hour'
The ipv6 must be disabled by editing the /etc/default/grub and doing a mkconfig-grub2; (another method supported by redhat)
If there is a way of controlling the ports the agent listens on with a config file on the client (host that gets backed up) I would appreciate hearing what it is.
Thanks
-Thomas
J_H_
498 Posts
0
April 27th, 2018 14:00
I don't have an answer, but your question may be an answer for me.
(and yes I had a ticket with EMC and they could not understand what was going on)
on new grid 7.4.1-58 when doing a restore it would not go right away
but if I waited until the top of the hour when the client "checked in" it would go soon after that.
I have another server not connecting to the new grid and the security guys told me it was up in the 30000 instead of 28001
so the answer to your question may be my question.
Someone please help us, you are our only hope!
ionthegeek
2K Posts
0
April 30th, 2018 08:00
I'm not sure about the IPv6 question but J.H. - end user, I think I can answer your question.
In order for a backup to start right away, the client has to be "pageable" which means the Avamar Administrator Server can reach the agent on its listen port. Prior to Avamar client version 7.2, this was port 28002.
Avamar server version 7.3 implemented support for TLS encryption of Avamar Administrator Server <=> Avamar agent communication. If "session security" is set to Mixed/Single, Authenticated/Single, or Authenticated/Dual, Avamar will use ports in the 3000x range instead of the 2800x range for communication with the client agent. Secure agent communication is supported for clients running Avamar 7.2 or higher. If the secure agent feature is disabled, the client will fall back to using port 28002.
So first step is to check and make sure the Avamar server can reach the client on port 30002.
Do you have the SR number where you worked this issue? I'd like to review the notes if you don't mind.
J_H_
498 Posts
0
May 1st, 2018 14:00
ticket 10081613
I have gotten in the habit of bouncing the Avamar client on the client server before kicking off a restore because of this issue
simple_gifts
39 Posts
0
May 2nd, 2018 05:00
According to redhat article 8709, there are two ways to disable ipv6;
one is with sysctl and adding entries to /etc/sysctl.d/xxxx.conf
The other is in the /etc/default/grub with a parameter added to GRUB_CMDLINE_LINUX and then regenerate grub config by using grub2-mkconfig
Don't bother using the sysctl kernel options; it doesn't work in redhat 7 primarily (as it seems to indicate in various discussion groups) because of the use of systemd subsystem; systemd 'decides' about what do prior to the use to the sysctl entries one has configured.
I have used the GRUB_CMDLINE_LINUX option and it prevents avamar agent from listening on ipv6; Use it, it works.
On another topic, is there any way to paste into these posts; without the ability to do this on a technical site makes it close to useless.
-T
ionthegeek
2K Posts
0
May 2nd, 2018 06:00
J.H. - end user, in the notes, it says hotfix 290872 resolved your issue. Is that not the case? If that didn't fix the problem, I'd recommend opening a new SR.
J_H_
498 Posts
0
May 2nd, 2018 07:00
we actually installed 2 hot fixes to fix the issue.
it did seem to fix it for windows.
but I still have the issue with AIX and Linux
and they knew that when we talked.
they said they did not know why because they checked the ports
and the servers were just not getting the work order.
and they left we with my work around to bounce the client service.