Re: AW: AW: AW: [squid-users] Re: dns_v4_first on ignored? from Eliezer Croitoru on 2013-02-12 (squid-users)

From: Eliezer Croitoru <eliezer_at_ngtech.co.il>
Date: Tue, 12 Feb 2013 12:55:03 +0200

On 2/12/2013 2:09 AM, Amos Jeffries wrote:
> No. A bug report will not make any difference here. dns_v4_first is
> about the sorting the results found, not the lookup order. AAAA is
> faster than A in most networks, so we perform that lookup first in 3.1.
> This was altered in 3.2 to perform happy-eyeballs parallel lookups
> anyway so most bugs in the lookup code of 3.1 will be closed as irrelevant.
>
> Note that the current supported release is now 3.3.1.
Thanks,

The logic seems odd to me and now I understood the reason to what happens.

> This is VERY likely to be the problem. Squid tests for IPv6 ability
automatically by opening a socket on a private IP address, if that works
the socket options are noted and used. There is no way for Squid to
identify in advance of opening upstream connections whether the NIC the
kernel chooses to use will be v6-enabled or not.
> Notice that the method used to disable IPv6 was to simply not assign
IPv6 address to the NIC, nothing at the sockets layer was actually
disabled. So every NIC needs to be checked and disabled individually as
well, and any sub-system loading IPv6 functionality into the kernel also
needs disabling as well.

>(Warning: soapbox)
> The big question is, why disable in the first place? v6 is faster
and more efficient than v4 when you get it going properly. And one he*l
of a lot easier to administrate. If any of your upstreams supply native
connections it is well worth taking the option up. If not there is
always 6to4 or other tunnel types that can be built right to the proxy
box to get IPv6 at only a small initial latency on the SYN packet (ping
192.88.99.1 to see what 6to4 adds for you). Note that these are IPv6
connectivity initiated from the proxy to the Internet *only*, so
firewall alterations are minimal to get Squid v6-enabled.

Amos

The main problem with IPV6 is that most of the ISPs around the world
dosn't support\provide it yet.
While trying to use a 4to6 tunnel I have seen some weird stuff going on
when a gateway is used.
A proxy is another thing and speed is most likely the issue in the cases
which 4to6 tunnel is not being used.

Regards,

-- 
Eliezer Croitoru
http://www1.ngtech.co.il
IT consulting for Nonprofit organizations
eliezer <at> ngtech.co.il

Received on Tue Feb 12 2013 - 10:55:27 MST

This archive was generated by hypermail 2.2.0 : Tue Feb 12 2013 - 12:00:05 MST