[squid-users] Fw: Squid 32-bit (2.7.2) much faster than 64-bit (3.5.11)

Amos Jeffries squid3 at treenet.co.nz
Mon Dec 14 05:13:27 UTC 2015 

On 14/12/2015 3:37 a.m., Patrick Flaherty wrote:
> Without 'dns_v4_first', what is sitting on top of the IPv6 connection
> timeout?

The processing order is:
  Select set of potential servers to contact,
  DNS lookups [ both A and AAAA in parallel],
  IP sorting order [v6 first],
  TCP connect(2) [which times out],
  ... repeat until TCP succeeds or runs out of possible server IPs.
  do HTTP stuff...


> Is it a DNS lookup? Regardless of it being IPv6 timing out or IPv6
> timing out falling back on IPv4 and having success of a long process to
> maybe should be logged as a warning?
> 
> Second question, without 'dns_v4_first', was I experiencing a IPv6 timeout
> and it falling back on IPv4? Because it does ultimately work... just slow.

Yes. All the evidence suggests that you are/were.

When IPv4 is tried first (dns_v4_first on), then IPv6 is rarely tried at
all. So rarely affects the connections even though v6 connectivity
remains broken for your network, and when clients *do* try to connect to
v6-only services they have the same breakage.

It is quite common to have no route to some networks, broken links,
broken tunnels, or devices which are v4-only somewhere along the
Internet paths. Those events are signalled with ICMP (v4 or v6) packets.
So ICMP is *not* optional.

It is great that you have working v4, and a temporary workaround in
Squid for reducing the impact of the v6 breakage. Now please try to fix
the v6. Because a) the workaround really is temporary - it will
gradually stop working as more and more services need v6-only access,
and b) it will be affecting a lot of other v6 traffic attempts outside
of Squid.


> 
> Third question if the answer to question 2 is yes, should the DNS IPv4
> lookup (successful) be cached so that next time it is fast?

DNS results are always cached. And before you get to it - yes the cache
is also updated with good/bad flags of which IPs are connecting
successfully and which are failing, in order to skip the fail ones on
later attempts.

I think DNS is a red-herring, those processes seem to be working just
fine. dns_v4_first just happens to be an option that makes the next
stages of Squid (after DNS) use IPv4 instead of IPv6, which reveals or
hides the network layer problems at the later TCP connect stage.

Amos

More information about the squid-users mailing list