[squid-users] Squid doesn't do a fallback from ipv6 to ipv4, if the ipv6 connect fails
Dieter Bloms
squid at bloms.de
Fri Dec 19 15:03:04 UTC 2014
Hello Amos,
On Sat, Dec 20, Amos Jeffries wrote:
> > When I do a http://ssl.ratsinfo-online.net/ the fallback from ipv6
> > to ipv4 works fine, but when I do a
> > https://ssl.ratsinfo-online.net/ squid tries ipv6 only and doesn't
> > do a fallback to ipv4.
> >
> > I would be nice, if you can try it on your dial stack setup.
> >
> > Thank you.
> >
>
> It takes me 10-20 sec to receive any response on the very first DNS
> lookup for that domain. After which all responses are quite fast for a
> few minutes. Then repeat with the slow lookup.
>
> Like you say it responds with 1 IPv4 and 1 IPv6. Which is not too
> many, and none actually failing to resolve. So DNS is reasonable even
> with the occasional delay.
>
> I am seeing approx 40-90% packet loss on several of the NTT.net
> transit hops between me and the site in IPv4. Not sure if that is
> related in any way related to your access path.
>
> My current colo provider blocks network measurements from end-servers
> (but only on v6) so I cant adequately test the v6 connectivity
> anymore. But your log entry indicates that probably a TCP SYN
> handshake did not finish over either IP version.
with https squid doesn't try to connect the webserver over ipv4 (verfied
with tcpdump).
So I think you can test the missing failover from ipv6 to ipv4, if a
connect over ipv6 isn't possible with https connection.
Again with http the failover from ipv6 to ipv4 occur, only https is a
problem.
--
Regards
Dieter
--
I do not get viruses because I do not use MS software.
If you use Outlook then please do not put my email address in your
address-book so that WHEN you get a virus it won't use my address in the
>From field.
More information about the squid-users
mailing list