[squid-users] wiki.squid-cache.org is broken

Yuri Voinov yvoinov at gmail.com
Tue Sep 1 13:06:50 UTC 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
 
Found it. My ISP can't pass ICMPv4/v6 to wiki.squid-cache.org . Here is
problem.

# ping wiki.squid-cache.org
no answer from wiki.squid-cache.org

haribda#ping wiki.squid-cache.org
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 77.93.254.178, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)

And I thought this is my hand curves.

01.09.15 18:52, Amos Jeffries пишет:
> On 1/09/2015 10:42 p.m., Yuri Voinov wrote:
>>
>> Not available when IPv6 enabled on my outgoing interface.
>>
>> Note: IPv6 globally not used in my country.
>>
>
> The rest of your country does not matter. For *any* protocol your router
> should either have connectivity to your ISP, or not. It still needs to
> work properly in both situations.
>
>
> In this case Squid cannot determine the route is unavailable before the
> client has given up and gone away. It takes over 20sec. That tells me
> the ICMPv6 is not working properly at all for you.
>
> A router somewhere along the path should be at a border where v6-enabled
> connectivity stops. It is aware of whether there is IPv4/IPv6
> connectivity to its next-hop. It should be *immediately* emitting
> destination-unreachable ICMP/ICMPv6 messages to the software opening the
> connection (ie Squid) when connectivity is absent (or down).
>
> * If you have an IPv4-only network that 'router' is the routing code
> built into the TCP stack of the Squid machine itself. This is what
> triggers in your (working?) case when you dont have any IPv6 address
> assigned to the machine interfaces.
>
> * If you have IPv6-enabled network, but no upstream to ISP. Then your
> border gateway router is responsible for the ICMP(v6) signalling. Squid
> is waiting for that signal or a SYN+ACK ... 20sec ... nope.
>
>
> There has been a myth floating around that simply DROP'ing packets is
> okay to "disable" stuff. That _always_ leads to problems somewhere else.
> Usually this hanging connection one.
>
> DROP does have its uses when fending off DoS attacks *from outside*. But
> for all internally generated traffic using REJECT with the right codes
> is far, far better.
>
> PS. ICMP(v6) are _not_ optional.
>
> Amos
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
 
iQEbBAEBCAAGBQJV5aLqAAoJENNXIZxhPexGztkH93N8XdOBpvbcQ7T+slMt/Khh
yApyDV6vrgx+J5a+jzcaO1nHo3KJ98JS+9t7A6I7Ywdvme6J3VRPCYlZ+3MlsYp8
qL3IyOsxnUb1PUB7UgUwN77/gQrgPClJt2BZEFQbL6dIqiLAFiqLExEC8PN2n+sD
lZ6HeUKwlHj9vXxV4GFl4S8u+QC3tDO6R3E3fEHHD1IaYAWR1KfrZv+30nrXHMAe
7tjLpVUH+YNftKB3JG/MQVG/bXtBPa3/YzzdmhHhCtpPQ+5+TdM4e1DixSOLUzfg
hfZg4kq/5KEGzdb0JztdbGdHOoDKYfD+Hs8us/kaP1lWknuDWwd4fDDrPVefWQ==
=oRAs
-----END PGP SIGNATURE-----



More information about the squid-users mailing list