Brian J. Murrell wrote:
> On Sat, 2009-10-31 at 12:00 +1300, Amos Jeffries wrote:
>> An option to simply turn IPv6 off is not possible at run time. A rebuild
>> of Squid is needed to fully disable IPv6.
>
> :-( But I don't even really want to disable IPv6. My clients use IPv6
> to access squid.
Sorry, I read the Q wrong :(
>
>> As long as there is no global IPv6 address assigned to the machine Squid
>> should be failing over to IPv4-only requests without a problem.
>
> But there is a global IPv6 address assigned. It's in this space that
> all of the machines on the network communicate.
>
>> If you
>> can identify a problem then please point it out so we can work through
>> fixing it before 3.1 goes into wide scale production.
>
> Well the problem is that I (usually) have both IPv4 and IPv6 Internet
> connections so accessing the IPv6 Web is usually no issue. However at
> the moment my v6 connection is down so all access has to be via IPv4.
> Squid does not know this of course and when it gets an AAAA record for
> www.example.com, it tries to go there, times out and displays an error
> (i.e. web site not responding or some such). Even having it fall back
> to an available A record would be preferable.
Aye, this is what is supposed to be happening. There are a few others
reporting the same issue. I'm unable to replicate it here so far, so I'm
not sure what is breaking it.
ICMPv6 PMTU and DLD discovery should be rejecting the IPv6 connect and
causing immediate failover to IPv4.
Can you check that the MTU setting of your 6to4 interface restricts it
to under 1420 (around 1400 should do)? if its over 1420 you will
encounter problems with some IPV4 networks doing packet fragmentation on
the wrapper packets.
>
> I did read something about the ability to try alternate addresses if a
> connection fails. Indeed, the "connect_timeout" advertises itself as
> the amount of time before this happens. But I don't seem to be getting
> any alternate (i.e. a v4 address when a v6 address fails) connection
> attempts happening. Is a simple failure to reach a remote not cause to
> try an alternate address for a given website?
>
> Would this all work better if I removed some v6 default route info so
> that ICMP no-route messages were being generated?
Perhapse. Probably just the interface down would be enough.
>
>> You might also want to retain the service by setting up your own tunnel.
>
> I don't have that facility at hand. In fact my not-currently-working
> connectivity is a 6to4 tunnel, just not working at the moment.
Ouch. Getting that going again ASAP has to be a priority. Do you know why?
>
>> Squid only needs a client readable tunnel. 6to4 or miredo end-point on
>> the box for example provide enough access for Squid to relay IPv6 web
>> access.
>
> With any hope, this outage isn't going to last long enough to warrant
> making other arrangements.
>
Amos
-- Please be using Current Stable Squid 2.7.STABLE7 or 3.0.STABLE20 Current Beta Squid 3.1.0.14Received on Sat Oct 31 2009 - 03:40:36 MDT
This archive was generated by hypermail 2.2.0 : Sat Oct 31 2009 - 12:00:03 MDT