Surprises with Sun Internet Server Sup. 1.0

Surprises with Sun Internet Server Sup. 1.0

Post by John Murtar » Wed, 09 Jul 1997 04:00:00



Folks,

        We use Solaris 2.5.1 as a platform for our web servers
and are getting ready to try the Internet Server Supplement 1.0
to improve performance.  Should we expect any surprises, other
than pleasant ones?
        Apache Web Server (1.2)
        Sendmail (8.8)
        SSL

        Thank you!
--
                                          John
___________________________________________________________________
John Murtari                              Software Workshop Inc.

http://www.thebook.com/

 
 
 

Surprises with Sun Internet Server Sup. 1.0

Post by Mike Stuc » Wed, 09 Jul 1997 04:00:00


:       We use Solaris 2.5.1 as a platform for our web servers
: and are getting ready to try the Internet Server Supplement 1.0
: to improve performance.  Should we expect any surprises, other
: than pleasant ones?

That's a pretty common setup, and one that's made many people happy. It's
made a few rich, too.

_However_... :)   Sun is apparently reporting a major bug in Microsoft's
implementation of the TCP/IP stacks, causing serious slowdowns. This is a
newly reported bug; Sun says it'll release a fix soon.

The other issue is sendmail, which has a wondrous reputation for bugs.
IIRC the release you're using isn't known for any security holes, but you
never know. The ISP I work at switched to qmail (www.qmail.org) precisely
because it's not sendmail.

Mike Stucka / mstucka at math.luc.edu
   "We hear about constitutional rights, free speech, and the free press.
   Every time I hear these words, I say to myself, 'That man is a Red,
   that man is a communist.  You never hear a real American talk like
   that.'"  -- Frank Hague, New York World, Telegram, April 2, 1938

 
 
 

Surprises with Sun Internet Server Sup. 1.0

Post by Paul Murph » Thu, 10 Jul 1997 04:00:00



>         We use Solaris 2.5.1 as a platform for our web servers
> and are getting ready to try the Internet Server Supplement 1.0
> to improve performance.  Should we expect any surprises, other
> than pleasant ones?
>         Apache Web Server (1.2)
>         Sendmail (8.8)
>         SSL

ISS was released as a very temporary measure, and the indications are
that it introduces as many problems as it solves.  You should also be
aware that several recent security patches to 2.5.1 are incompatible
with ISS...

The best advice is probably to install Solaris 2.6, which has the mature
versions of the ISS changes packaged into the system in a
fully-supported manner.

Paul.

--
------------------------------------------------------
Paul J. Murphy - System and Network Manager
Gemini Research Ltd, 162 Science Park, Cambridge
Phone: 01223 435305     Fax: 01223 435301

 
 
 

Surprises with Sun Internet Server Sup. 1.0

Post by Alan C » Thu, 10 Jul 1997 04:00:00




>The other issue is sendmail, which has a wondrous reputation for bugs.
>IIRC the release you're using isn't known for any security holes, but you

Sendmail 8.8.5 has been gone over so closely by so many people its probably
far more secure than most other setups. Qmail means changing a lot of mail
delivery side stuff but its not a bad idea if you have time.

Given the fact Sun took over a year to fix the rsh bug (by releasing 2.6) I
wouldnt worry about trivialities like sendmail that do get fixed fast
--

                                                must read BOFH" - Telsa Gwynne
    Cymru.Net 64K to 2Mbit lines, ISDN, Co hosting, and security work.
=======>>>>>>>>>>>64K UKP 4000/year  128K from UKP 4500/year<<<<<<<<<<<=======

 
 
 

Surprises with Sun Internet Server Sup. 1.0

Post by Rachel Polansk » Fri, 11 Jul 1997 04:00:00





> _However_... :)   Sun is apparently reporting a major bug in Microsoft's
> implementation of the TCP/IP stacks, causing serious slowdowns. This is a
> newly reported bug; Sun says it'll release a fix soon.

I have witnessed this problem firsthand, shortly after the upgrade
of an SS10 from SunOS4.1.3 to Solaris 2.5.1 with a full patch cluster
installed.

Does anyone have a date on when these patches will become available?

I have found an item on the problem at:
http://www.veryComputer.com/

AND, for the record,
MS won't take the blame for the bug, and won't provide patches
probably because lusers are too stupid or apathetic to install patches
on their toy computers, and MS knows that UNIX administrators
are a conscientious bunch and will patch to prevent complaints
from the clueless lusers who continue to use broken toys.

It saves MS the hassle, forces Sun to make a patch, and makes `em
look bad in the bargain :(

Also, IMNSHO,
(and this is pure speculation only - I *love* * theories ;) ),
that MS broke the TCP/IP implementation they use
on purpose, to make www access to Sun servers look bad in
comparison to their own demented idea of a server.

Here is an excerpt of a posting from a discussion list I am on,
that delas with MS Netmeeting problems.

I assume the problems outlined in the post are the same as what we are
seeing with the Sun problem outlined here, and also in the post,
is a possible reason for it.

> Date: Tue, 08 Jul 1997 10:05:51 +0800

> Subject: [Oz-ISP] Problems with Microsoft Netmeeting.
> I wonder if anybody else has seen this problem....
> Last week sometime, we started getting messages from our clients saying
> that Netmeeting is no longer working for them.
> After a few hours of getting Netmeeting to work fine on our ethernet,
> and then dialing in, and it not working, and lots of sessions with
> Tcpdump, the following facts emerge:
> Fact number 1. We have a global MTU of 576 on all our PPP connections.
> Helps the slower machines (read Mac's and Win3.1) keep up with the data.
> Fact number 2. Microsoft, in their wisdom, send out the Netmeeting data
> in 1460 byte packets, and have the "Don't Fragment" flag set. So, our >
> term servers send the ICMP message back, and drop the packet. If this
> has just started in the last week or so, i don't know.
> I do know, that I haven't changed my system since then. And suddenly it
> just broke. I am still trying to figure out just _why_ Microsoft decided
> that voice data needs to be sent in 1460 byte packets, when Real Audio
> comes down fine in 290 odd byte packets.
> Now, according to my copy of Steven's, the biggest packet that should
> ever have the DF flag set, is 296 bytes. This is because the biggest
> packet a router _must_ be able to handle is 296 bytes. Anything else
> should be able to be fragmented.
> Is Microsoft rewriting the TCP/IP spec, and sort of forgetting to tell
> the rest of the world?
> Oh well, time to hack my kernel to 'clear' the DF flag on packets > 576
> on the way though. <smirk>. I can't see the reason to maintain a DF flag
> on voice traffic. Isn't the whole concept of TCP/IP sending packets of
> data that can (or can't) arrive in order (or not) that may (or may not)
> vary in size?
> Mark.

rachel

                 defghijklmnopqrstuvwxyz:  What? No ABC?
--
Rachel Polanskis                 Kingswood, Greater Western Sydney, Australia


                Witty comment revoked due to funding cuts

 
 
 

1. Printing Problem in Sun Internet Workshop 1.0

Hi... Thanks for reading my message.

I have one copy of Sun Internet Workshop 1.0 over Solaris 2.5.
and, I wanted to get manual for using SIW 1.0.

But, Help menu in SIW 1.0 can't print anything. **nothing**.

In Help-Print Menu, I inserted message printer box as "lp" and copies
"1".
I am using network printer in sunos 4.x not in my Solaris 2.5.

how can I print this manual?

** May you have good life**

2. Disable root telnet?

3. To sup or not to sup?

4. pb with OpenServer 5.0

5. Solaris 2.5/Internet Server 1.0 Qs

6. 'truncating inode number' with cpio and DOS filesystem

7. Sun Web server 1.0

8. PPP + Eth0 = go good

9. Sun PCi 1.0 and Win 2K Advanced Server?

10. Sun Web Server 1.0 vs. Apache

11. FS: Internet Gateway Server (Departmnetal or Internet Server)

12. Difference between SUN server 5 and Sun server 20

13. Autoreply in Sun Internet Mail Server (SIMS)