| SRDB ID |
|
Synopsis |
|
Date |
| 48231 |
|
Sun Fire[TM] 12K/15K: NFS client activity from a domain hangs |
|
30 Oct 2002 |
- Problem Statement:
NFS client activity from a domain hangs
NOTE: All references to the SF15K apply equally to the SF12K.
- Symptoms:
NFS client (rpcbind) activity from a SF15K domain hangs.
SOLUTION SUMMARY:
- Troubleshooting:
Check that both of the following entries exist in /etc/inetd.conf:
sun-dr stream tcp wait root /usr/lib/dcs dcs
sun-dr stream tcp6 wait root /usr/lib/dcs dcs
On a system with a hanging NFS client, verify that rpcbind is
attempting to use the local port 665 (sun-dr from /etc/services)
using netstat -a.
- Resolution:
To resolve this problem, make sure that the SUNWdcsr package has been
installed on the SF15K domain and that the proper entries are present
in the /etc/inetd.conf file. Use netstat -a to make sure that inet
has these ports configured. You'll see the following lines in the
TCP: IPv4 section:
*.sun-dr *.* 0 0 24576 0 LISTEN
*.sun-dr *.* 0 0 24576 0 LISTEN
And you'll see the following line in the TCP: IPv6 section:
*.sun-dr *.* 0 0 24576 0 LISTEN
- Summary of part number and patch ID's
- References and bug IDs
BugId: 4402928
Escalations: 537407
SunSolve Article 48232
- Additional background information:
SF15K domains communicate with the SC using encrypted IP traffic
via IPSEC. On the domain, this ipsec configuration is created when
the SUNWsckmr package is installed. The ports used for encrypted
communication are sun-dr, which is port 665, and cvc_hostd, which
is port 442. This IPSEC configuration is setup in
/etc/inet/ipsecinit.conf as follows:
{ dport sun-dr ulp tcp } permit { auth_algs md5 }
{ sport sun-dr ulp tcp } apply { auth_algs md5 sa unique }
{ dport cvc_hostd ulp tcp } permit { auth_algs md5 }
{ sport cvc_hostd ulp tcp } apply { auth_algs md5 sa unique }
The root cause of this NFS client hang problem is that the NFS client
inadvertently tries to open and use port 665 on a system that has this
IPSEC configuration in place. Since the NFS server that our NFS client
is trying to contact does not have IPSEC configured, the NFS client
hangs while trying to establish its connection with the NFS server.
To work around this problem, NFS must be prevented from opening
this port. This is accomplished with entries in the /etc/inetd.conf
file as follows:
sun-dr stream tcp wait root /usr/lib/dcs dcs
sun-dr stream tcp6 wait root /usr/lib/dcs dcs
These lines instruct the inet daemon (inetd) to open and camp out
on these ports, preventing other processes, such as NFS, from using
them.
These lines are automatically added to the /etc/inetd.conf file during
the installation of the SUNWdcsr package.
- Meta-Data/Problem categorization:
Product/Platform: SF12K/SF15K
Category:
- Keywords
nfs client hang starcat sf15k starkitty sf12k domain
INTERNAL SUMMARY:
SUBMITTER: Darin Carlson
BUG REPORT ID: 4402928
APPLIES TO: Hardware/Sun Fire /15000, Hardware/Sun Fire /12000
ATTACHMENTS:
Copyright (c) 1997-2003 Sun Microsystems, Inc.