Re: [squid-users] Prefer IPv4 or IPv6 connectivity

On 30/10/11 05:49, Martin Birgmeier wrote:
> On 10/29/11 17:58, Will Roberts wrote:
>> On 10/29/2011 10:50 AM, Martin Birgmeier wrote:
>>> I have full IPv4/IPv6 connectivity - with a glitch: one host which
>>> announces both IPv4 and IPv6 addresses can in fact only be reached over
>>> IPv4.
>>>
>>> How do I configure squid to try only the IPv4 address for this host?
>>>
>>
>> You can specify the host's IP address in either your system hosts file
>> or a hosts file specific to squid. Though if it changes you'll have to
>> remember you've done that.
>>
>> Another option it to use tcp_outgoing_address <your IPv4 address> <acl>
>>
>> Where the acl could be something like:
>>
>> acl brokenipv6 dstdomain brokendomain.com
>>
>>
>> --Will
>>
> Hmmm... the first method will give me the next headache when the
> target's IP address changes.
>
> The second method does not work because I have a dynamic IP address.
>
> Any further alternatives?

Squid detects connection failures by backlisting the failed IP and
moving on to the alternatives. Which in this case would be the IPv4 address.
   * Ensure that balance_on_multiple_ip is OFF (default in 3.1+).

Since you noticed the problem, I assume the site is also sitting behind
a ICMP black hole or similar which causes long lag times. You can
workaround this by firewaling the IPv6 destination IP locally, which
make the ICMPv6 messages appear to Squid and failover happen fast.

If the problem remains highly visible after that you have only three
options:

  3) Report the problem. Get it fixed properly instead of hacking around
it locally.

  4) Use dns_v4_first (available from 3.1.16). Pander to this one broken
site by downgrading most of your HTTP connectivity back to IPv4.

  5) ignore it. The website is loosing profitable traffic by their own
actions. Pointing this out in (3) can help.

Amos

-- 
Please be using
   Current Stable Squid 2.7.STABLE9 or 3.1.16
   Beta testers wanted for 3.2.0.13