On 14/12/2015 3:37 a.m., Patrick Flaherty wrote: > Without 'dns_v4_first', what is sitting on top of the IPv6 connection > timeout? The processing order is: Select set of potential servers to contact, DNS lookups [ both A and AAAA in parallel], IP sorting order [v6 first], TCP connect(2) [which times out], ... repeat until TCP succeeds or runs out of possible server IPs. do HTTP stuff... > Is it a DNS lookup? Regardless of it being IPv6 timing out or IPv6 > timing out falling back on IPv4 and having success of a long process to > maybe should be logged as a warning? > > Second question, without 'dns_v4_first', was I experiencing a IPv6 timeout > and it falling back on IPv4? Because it does ultimately work... just slow. Yes. All the evidence suggests that you are/were. When IPv4 is tried first (dns_v4_first on), then IPv6 is rarely tried at all. So rarely affects the connections even though v6 connectivity remains broken for your network, and when clients *do* try to connect to v6-only services they have the same breakage. It is quite common to have no route to some networks, broken links, broken tunnels, or devices which are v4-only somewhere along the Internet paths. Those events are signalled with ICMP (v4 or v6) packets. So ICMP is *not* optional. It is great that you have working v4, and a temporary workaround in Squid for reducing the impact of the v6 breakage. Now please try to fix the v6. Because a) the workaround really is temporary - it will gradually stop working as more and more services need v6-only access, and b) it will be affecting a lot of other v6 traffic attempts outside of Squid. > > Third question if the answer to question 2 is yes, should the DNS IPv4 > lookup (successful) be cached so that next time it is fast? DNS results are always cached. And before you get to it - yes the cache is also updated with good/bad flags of which IPs are connecting successfully and which are failing, in order to skip the fail ones on later attempts. I think DNS is a red-herring, those processes seem to be working just fine. dns_v4_first just happens to be an option that makes the next stages of Squid (after DNS) use IPv4 instead of IPv6, which reveals or hides the network layer problems at the later TCP connect stage. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
