On 10/30/11 02:17, Amos Jeffries wrote:
On 30/10/11 05:49, Martin Birgmeier wrote:
On 10/29/11 17:58, Will Roberts wrote:
On 10/29/2011 10:50 AM, Martin Birgmeier wrote:
I have full IPv4/IPv6 connectivity - with a glitch: one host which
announces both IPv4 and IPv6 addresses can in fact only be reached
over
IPv4.
How do I configure squid to try only the IPv4 address for this host?
You can specify the host's IP address in either your system hosts file
or a hosts file specific to squid. Though if it changes you'll have to
remember you've done that.
Another option it to use tcp_outgoing_address <your IPv4 address> <acl>
Where the acl could be something like:
acl brokenipv6 dstdomain brokendomain.com
--Will
Hmmm... the first method will give me the next headache when the
target's IP address changes.
The second method does not work because I have a dynamic IP address.
Any further alternatives?
Squid detects connection failures by backlisting the failed IP and
moving on to the alternatives. Which in this case would be the IPv4
address.
* Ensure that balance_on_multiple_ip is OFF (default in 3.1+).
Since you noticed the problem, I assume the site is also sitting
behind a ICMP black hole or similar which causes long lag times. You
can workaround this by firewaling the IPv6 destination IP locally,
which make the ICMPv6 messages appear to Squid and failover happen fast.
If the problem remains highly visible after that you have only three
options:
3) Report the problem. Get it fixed properly instead of hacking
around it locally.
4) Use dns_v4_first (available from 3.1.16). Pander to this one
broken site by downgrading most of your HTTP connectivity back to IPv4.
5) ignore it. The website is loosing profitable traffic by their own
actions. Pointing this out in (3) can help.
Amos
Thank you for the information. I had to resort to using dns_v4_first, as
the problem seems to be poor routing of my provider, and there are two
problems with the fallback solution: the delay is too long, and after a
short timeout, the v6 address is tried again.
I have ADSL service with dynamic IP, and have configured 6to4 to get
IPv6 connectivity. While the 6to4 multicast gateway works for most
destinations, for some reason some specific addresses are not routed
correctly and vanish in a black hole. I did report the problem, but
since my service provider does neither offer nor support IPv6, I don't
have much hope for a quick remedy of the situation.
I'd appreciate if you could add an option to squid to make dns_v4_first
selective on acls.
Regards,
Martin
