Re: [squid-users] Prefer IPv4 or IPv6 connectivity

From: Martin Birgmeier <Martin.Birgmeier_at_aon.at>
Date: Sun, 30 Oct 2011 10:23:22 +0100

On 10/30/11 02:17, Amos Jeffries wrote:
> On 30/10/11 05:49, Martin Birgmeier wrote:
>> On 10/29/11 17:58, Will Roberts wrote:
>>> On 10/29/2011 10:50 AM, Martin Birgmeier wrote:
>>>> I have full IPv4/IPv6 connectivity - with a glitch: one host which
>>>> announces both IPv4 and IPv6 addresses can in fact only be reached
>>>> over
>>>> IPv4.
>>>>
>>>> How do I configure squid to try only the IPv4 address for this host?
>>>>
>>>
>>> You can specify the host's IP address in either your system hosts file
>>> or a hosts file specific to squid. Though if it changes you'll have to
>>> remember you've done that.
>>>
>>> Another option it to use tcp_outgoing_address <your IPv4 address> <acl>
>>>
>>> Where the acl could be something like:
>>>
>>> acl brokenipv6 dstdomain brokendomain.com
>>>
>>>
>>> --Will
>>>
>> Hmmm... the first method will give me the next headache when the
>> target's IP address changes.
>>
>> The second method does not work because I have a dynamic IP address.
>>
>> Any further alternatives?
>
> Squid detects connection failures by backlisting the failed IP and
> moving on to the alternatives. Which in this case would be the IPv4
> address.
> * Ensure that balance_on_multiple_ip is OFF (default in 3.1+).
>
> Since you noticed the problem, I assume the site is also sitting
> behind a ICMP black hole or similar which causes long lag times. You
> can workaround this by firewaling the IPv6 destination IP locally,
> which make the ICMPv6 messages appear to Squid and failover happen fast.
>
> If the problem remains highly visible after that you have only three
> options:
>
> 3) Report the problem. Get it fixed properly instead of hacking
> around it locally.
>
> 4) Use dns_v4_first (available from 3.1.16). Pander to this one
> broken site by downgrading most of your HTTP connectivity back to IPv4.
>
> 5) ignore it. The website is loosing profitable traffic by their own
> actions. Pointing this out in (3) can help.
>
>
> Amos
Thank you for the information. I had to resort to using dns_v4_first, as
the problem seems to be poor routing of my provider, and there are two
problems with the fallback solution: the delay is too long, and after a
short timeout, the v6 address is tried again.

I have ADSL service with dynamic IP, and have configured 6to4 to get
IPv6 connectivity. While the 6to4 multicast gateway works for most
destinations, for some reason some specific addresses are not routed
correctly and vanish in a black hole. I did report the problem, but
since my service provider does neither offer nor support IPv6, I don't
have much hope for a quick remedy of the situation.

I'd appreciate if you could add an option to squid to make dns_v4_first
selective on acls.

Regards,

Martin
Received on Sun Oct 30 2011 - 09:23:35 MDT

This archive was generated by hypermail 2.2.0 : Sun Oct 30 2011 - 12:00:03 MDT