[squid-users] IPv6 happy eyeball on dualstack host
Alex Rousskov
rousskov at measurement-factory.com
Wed Jun 5 13:24:32 UTC 2024
On 2024-06-05 07:31, sachin gupta wrote:
> We are shifting to IPv6 dual stack hosts. As per squid documentation
> <https://wiki.squid-cache.org/Features/IPv6>, IPv6 is enabled by
> default.
That statement is a bit misleading: IPv6 detection or probing is enabled
in default Squid builds (i.e. ./configure --enable-ipv6 is the default),
but whether a Squid instance will actually "enable IPv6" also depends on
the result of certain startup probes or checks. If those startup checks
fail, Squid will not send DNS AAAA queries.
> As per documentation, based on DNS response squid will try both IP4 and
> IPv6 if DNS return both addresses.
FWIW, this summary does not quite match modern Squid behavior. The
difference is _not_ important for your current triage because your Squid
currently does not even request an IPv6 address from DNS. Once you fix
that, you should _not_ expect Squid to use both IPv4 and IPv6 TCP/IP
connections in every test case: Squid may or may not use both address
families, depending on various runtime factors that affect Squid's Happy
Eyeballs algorithm (e.g., see happy_eyeballs_connect_timeout directive).
> But I see that squid is only getting IPv4 address
To be more precise, your Squid does not send a DNS AAAA query after
sending a DNS A query (no idnsSendSlaveAAAAQuery line after idnsALookup
in your cache.log). That fact suggests that your Squid runs with
disabled IPv6. I suggest the following triage steps:
1. Examine "/path/to/your/executable/squid -v" output to make sure your
Squid executable is _not_ built with --disable-ipv6.
2. Examine level-1 cache.log for startup BCP 177 warnings like this one:
WARNING: BCP 177 violation. Detected non-functional IPv6 loopback
3. Examine _early_ level-2 startup ProbeTransport messages. For example:
$ your/squid -f your.squid.conf -N -X -d9 2>&1 | grep ProbeTransport
ProbeTransport: Detected IPv6 hybrid or v4-mapping stack...
ProbeTransport: Detected functional IPv6 loopback ...
ProbeTransport: IPv6 transport Enabled
Someday, somebody will (a) completely remove --disable-ipv6 and (b)
improve startup probing code to make steps 1 and 3 completely
unnecessary. We have recently done a couple of baby steps towards (a).
HTH,
Alex.
> though with dis command I can see IPv6 address as well.
> Also from same host, I am able to make curl command to google using IPv6.
>
> DNS logs for squid
>
> 24/06/05 10:41:54.953 kid1| 5,4| AsyncCallQueue.cc(59) fireNext:
> entering helperHandleRead(conn4 local=[::] remote=[::] FD 13 flags=1,
> data=0x55c87a45bb38, size=5, buf=0x55c87a45bd60)
>
> 2024/06/05 10:41:54.953 kid1| 5,4| AsyncCall.cc(41) make: make call
> helperHandleRead [call4]
>
> 2024/06/05 10:41:54.953 kid1| 78,3| dns_internal.cc(1792) idnsALookup:
> idnsALookup: buf is 32 bytes for www.google.com <http://www.google.com>,
> id = 0xe006
>
> 2024/06/05 10:41:54.953 kid1| 5,4| AsyncCall.cc(29) AsyncCall: The
> AsyncCall helperHandleRead constructed, this=0x55c87a9301e0 [call89]
>
> 2024/06/05 10:41:54.953 kid1| 5,5| Read.cc(58) comm_read_base:
> comm_read, queueing read for conn4 local=[::] remote=[::] FD 13 flags=1;
> asynCall 0x55c87a9301e0*1
>
> 2024/06/05 10:41:54.954 kid1| 5,5| ModEpoll.cc(116) SetSelect: FD 13,
> type=1, handler=1, client_data=0x7f183475a700, timeout=0
>
> 2024/06/05 10:41:54.954 kid1| 5,4| AsyncCallQueue.cc(61) fireNext:
> leaving helperHandleRead(conn4 local=[::] remote=[::] FD 13 flags=1,
> data=0x55c87a45bb38, size=5, buf=0x55c87a45bd60)
>
> 2024/06/05 10:41:54.955 kid1| 78,3| dns_internal.cc(1318) idnsRead:
> idnsRead: starting with FD 11
>
> 2024/06/05 10:41:54.955 kid1| 5,5| ModEpoll.cc(116) SetSelect: FD 11,
> type=1, handler=1, client_data=0, timeout=0
>
> 2024/06/05 10:41:54.955 kid1| 78,3| dns_internal.cc(1364) idnsRead:
> idnsRead: FD 11: received 48 bytes from 10.0.32.2:53 <http://10.0.32.2:53>
>
> 2024/06/05 10:41:54.955 kid1| 78,3| dns_internal.cc(1171) idnsGrokReply:
> idnsGrokReply: QID 0xe006, 1 answers
>
> 2024/06/05 10:41:54.955 kid1| 5,5| Connection.cc(99) cloneProfile:
> 0x55c87a944210 made conn56 local=0.0.0.0 remote=142.251.215.228:80
> <http://142.251.215.228:80> HIER_DIRECT flags=1
>
> 2024/06/05 10:41:54.955 kid1| 5,5| Connection.cc(99) cloneProfile:
> 0x55c87a944830 made conn57 local=0.0.0.0 remote=142.251.215.228:80
> <http://142.251.215.228:80> HIER_DIRECT flags=1
>
> 2024/06/05 10:41:54.955 kid1| 5,3| ConnOpener.cc(43) ConnOpener: will
> connect to conn57 local=0.0.0.0 remote=142.251.215.228:80
> <http://142.251.215.228:80> HIER_DIRECT flags=1 with 15 timeout
>
> 2024/06/05 10:41:54.955 kid1| 5,5| comm.cc(428) comm_init_opened: conn58
> local=0.0.0.0 remote=[::] FD 16 flags=1 is a new socket
>
> 2024/06/05 10:41:54.955 kid1| 5,4| AsyncCall.cc(29) AsyncCall: The
> AsyncCall Comm::ConnOpener::earlyAbort constructed, this=0x55c87a944cd0
> [call95]
>
> 2024/06/05 10:41:54.955 kid1| 5,5| comm.cc(1004) comm_add_close_handler:
> comm_add_close_handler: FD 16, AsyncCall=0x55c87a944cd0*1
>
> 2024/06/05 10:41:54.955 kid1| 5,4| AsyncCall.cc(29) AsyncCall: The
> AsyncCall Comm::ConnOpener::timeout constructed, this=0x55c87a944d70
> [call96]
>
>
> Dig Output
>
>
> dig www.google.com <http://www.google.com>AAAA
>
>
> ; <<>> DiG 9.16.23-RH <<>> www.google.com <http://www.google.com> AAAA
>
> ;; global options: +cmd
>
> ;; Got answer:
>
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27477
>
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
>
>
> ;; OPT PSEUDOSECTION:
>
> ; EDNS: version: 0, flags:; udp: 4096
>
> ;; QUESTION SECTION:
>
> ;www.google.com <http://www.google.com>.INAAAA
>
>
> ;; ANSWER SECTION:
>
> www.google.com <http://www.google.com>.237INAAAA2607:f8b0:400a:804::2004
>
>
> ;; Query time: 0 msec
>
> ;; SERVER: 10.0.32.2#53(10.0.32.2)
>
>
> Can you please help and let me know if I am missing anything.
>
>
> Regards
>
> Sachin
>
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> https://lists.squid-cache.org/listinfo/squid-users
More information about the squid-users
mailing list