Re: [squid-users] New Squid prefers IPv4
Hi there On 06/02/2024 16:24, Antony Stone wrote: On Tuesday 06 February 2024 at 16:16:24, Rob van der Putten wrote: On 05/02/2024 18:32, Antony Stone wrote: I believe ping (ICMP) timings are irrelevant. The client (squid in this case) does a DNS lookup for the hostname's A and records, A before . Bind responds within the same millisecond. I think the simultaneity of these lookups is unimportant. then makes two simultaneous HTTP connections to the server (one IPv4, on IPv6) and whichever one responds first *by HTTP* is then regarded as being the best way to route traffic thereafter. I do not see Squid opening two connections simultaneously and then closing one. It's just one connection. Are you sure this is not because Squid has already made earlier connections to this name, decided that IPv4 is better, and continues to use that when you are now testing it? I would expect you to have to start from an "undecided" Squid setup (I have no idea where it keeps this informatin for later use, though) to find out whether this is what's going on. I think i finally have figured this out. The answer is more or less in netdb.state. I couldn't find the file format, so I lookup it up in the source (net_db.cc). It's; network pings_sent pings_recv hops rtt next_ping_time last_use_time host name(s) Squid does send pings. But only once per five minutes per host. Both IPv4 and IPv6 (I checked with tcpdump). And then decides on the ping results. At least, that's what the contents of netdb.state suggests. Regards, Rob ___ squid-users mailing list squid-users@lists.squid-cache.org https://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] New Squid prefers IPv4
On 2024-02-06 10:16, Rob van der Putten wrote: On 05/02/2024 18:32, Antony Stone wrote: On Monday 05 February 2024 at 17:32:51, Rob van der Putten wrote: On 05/02/2024 17:16, Dieter Bloms wrote: On Mon, Feb 05, Rob van der Putten wrote: After upgrading Squid from 3 to 5 the percentage of IPv6 reduced from 61% to less then 1%. Any ideas? yes, since squid5 the happy eyeball algorithm as described in rfc 8305 is used. If your ipv4 connectivity is better than ipv6 than ipv4 is used. I'm not quite sure how this is established. It prefers IPv4 even when the IPv6 ping is slightly smaller. I believe ping (ICMP) timings are irrelevant. The client (squid in this case) does a DNS lookup for the hostname's A and records, A before . Bind responds within the same millisecond. If Squid sends two DNS queries, then the first DNS answer seen/processed by Squid will normally trigger the first (called "primary") TCP connection establishment attempt. A "spare" connection attempt may or may not happen a bit later. DNS cache and persistent connections may play their natural role. then makes two simultaneous HTTP connections to the server (one IPv4, on IPv6) and whichever one responds first *by HTTP* is then regarded as being the best way to route traffic thereafter. I do not see Squid opening two connections simultaneously and then closing one. It's just one connection. What you see matches Squid code (and the Happy Eyeballs RFC/intent). As I said in my earlier response, it is easy to misinterpret Antony's high0-level summary. Please do not use it for low-level triage. See my response for details. HTH, Alex. ___ squid-users mailing list squid-users@lists.squid-cache.org https://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] New Squid prefers IPv4
On Tuesday 06 February 2024 at 16:16:24, Rob van der Putten wrote: > Hi there > > On 05/02/2024 18:32, Antony Stone wrote: > > > > I believe ping (ICMP) timings are irrelevant. The client (squid in this > > case) does a DNS lookup for the hostname's A and records, > > A before . Bind responds within the same millisecond. I think the simultaneity of these lookups is unimportant. > > then makes two simultaneous HTTP connections to the server (one IPv4, on > > IPv6) and whichever one responds first *by HTTP* is then regarded as being > > the best way to route traffic thereafter. > > I do not see Squid opening two connections simultaneously and then > closing one. It's just one connection. Are you sure this is not because Squid has already made earlier connections to this name, decided that IPv4 is better, and continues to use that when you are now testing it? I would expect you to have to start from an "undecided" Squid setup (I have no idea where it keeps this informatin for later use, though) to find out whether this is what's going on. Antony. -- 1960s: Let's build a network which can withstand a nuclear war! 1970s: Hm, that looks good, we'll run it on TCP/IP. 1980s: Nice, how about letting everyone join? 1990s: Hey, you can make money out of this! 2000s: Oh, you can lose it, too. 2010s: Alright, let's just plug absolutely everything into it. 2020s: Meh, my lightswitch is now connected to my lamp via China. Please reply to the list; please *don't* CC me. ___ squid-users mailing list squid-users@lists.squid-cache.org https://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] New Squid prefers IPv4
Hi there On 05/02/2024 18:32, Antony Stone wrote: On Monday 05 February 2024 at 17:32:51, Rob van der Putten wrote: On 05/02/2024 17:16, Dieter Bloms wrote: On Mon, Feb 05, Rob van der Putten wrote: After upgrading Squid from 3 to 5 the percentage of IPv6 reduced from 61% to less then 1%. Any ideas? yes, since squid5 the happy eyeball algorithm as described in rfc 8305 is used. If your ipv4 connectivity is better than ipv6 than ipv4 is used. I'm not quite sure how this is established. It prefers IPv4 even when the IPv6 ping is slightly smaller. I believe ping (ICMP) timings are irrelevant. The client (squid in this case) does a DNS lookup for the hostname's A and records, A before . Bind responds within the same millisecond. then makes two simultaneous HTTP connections to the server (one IPv4, on IPv6) and whichever one responds first *by HTTP* is then regarded as being the best way to route traffic thereafter. I do not see Squid opening two connections simultaneously and then closing one. It's just one connection. So, if you want to understand how this is doing what it is, I suggest you perform a packet capture of HTTP traffic and look at the requests and the response timings. Regards, Rob ___ squid-users mailing list squid-users@lists.squid-cache.org https://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] New Squid prefers IPv4
Spam detection software, running on the system "master.squid-cache.org", has identified this incoming email as possible spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Hello, I'm using Squid 3.5.24 (indluded in Synology DSM 6) and I've an issue with time acl. All works fine except some websites like myhordes.de. Once the user connected to this kind of website, the time acl [...] Content analysis details: (5.5 points, 5.0 required) pts rule name description -- -- 3.6 RCVD_IN_PBLRBL: Received via a relay in Spamhaus PBL [82.64.172.59 listed in zen.spamhaus.org] 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.7 SPF_NEUTRALSPF: sender does not match SPF record (neutral) -0.0 T_SCC_BODY_TEXT_LINE No description available. 1.3 RDNS_NONE Delivered to internal network by a host with no rDNS 0.0 UNPARSEABLE_RELAY Informational: message has unparseable relay lines -0.0 NICE_REPLY_A Looks like a legit reply (A) --- Begin Message --- Hello, I'm using Squid 3.5.24 (indluded in Synology DSM 6) and I've an issue with time acl. All works fine except some websites like myhordes.de. Once the user connected to this kind of website, the time acl has no effect while the page is not reloaded. All datas send and received by javascript continue going thru the proxy server without any filter. Thx a lot for any idea. Regards, Speedy --- End Message --- ___ squid-users mailing list squid-users@lists.squid-cache.org https://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] New Squid prefers IPv4
On 2024-02-05 11:32, Rob van der Putten wrote: On 05/02/2024 17:16, Dieter Bloms wrote: On Mon, Feb 05, Rob van der Putten wrote: After upgrading Squid from 3 to 5 the percentage of IPv6 reduced from 61% to less then 1%. Any ideas? yes, since squid5 the happy eyeball algorithm as described in rfc 8305 is used. If your ipv4 connectivity is better than ipv6 than ipv4 is used. I'm not quite sure how this is established. See RFC 8305 for the general approach, search squid.conf.documented for "Happy Eyeballs" to find relevant configuration directives, and see the following Squid commit message for a subset of Squid implementation caveats: https://github.com/squid-cache/squid/commit/5562295321debdf33b59f772bce846bf6dd33c26 Antony is correct that ICMP is pretty much irrelevant here. A brief algorithm description in Antony's response is easy to misinterpret, but it can be used as a rough approximation of what is actually going on. AFAICT, we do not have a good understanding of how the implemented algorithm actually behaves in various deployment environments. If you believe your IPv6 connectivity is better than your IPv4 connectivity, you may want to investigate why your Squid favors IPv4. HTH, Alex. ___ squid-users mailing list squid-users@lists.squid-cache.org https://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] New Squid prefers IPv4
On Monday 05 February 2024 at 17:32:51, Rob van der Putten wrote: > Hi there > > On 05/02/2024 17:16, Dieter Bloms wrote: > > On Mon, Feb 05, Rob van der Putten wrote: > >> After upgrading Squid from 3 to 5 the percentage of IPv6 reduced from > >> 61% to less then 1%. > >> Any ideas? > > > > yes, since squid5 the happy eyeball algorithm as described in rfc 8305 > > is used. > > If your ipv4 connectivity is better than ipv6 than ipv4 is used. > > I'm not quite sure how this is established. It prefers IPv4 even when > the IPv6 ping is slightly smaller. I believe ping (ICMP) timings are irrelevant. The client (squid in this case) does a DNS lookup for the hostname's A and records, then makes two simultaneous HTTP connections to the server (one IPv4, on IPv6) and whichever one responds first *by HTTP* is then regarded as being the best way to route traffic thereafter. So, if you want to understand how this is doing what it is, I suggest you perform a packet capture of HTTP traffic and look at the requests and the response timings. Antony. -- I want to build a machine that will be proud of me. - Danny Hillis, creator of The Connection Machine Please reply to the list; please *don't* CC me. ___ squid-users mailing list squid-users@lists.squid-cache.org https://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] New Squid prefers IPv4
Hi there On 05/02/2024 17:16, Dieter Bloms wrote: On Mon, Feb 05, Rob van der Putten wrote: After upgrading Squid from 3 to 5 the percentage of IPv6 reduced from 61% to less then 1%. Any ideas? yes, since squid5 the happy eyeball algorithm as described in rfc 8305 is used. If your ipv4 connectivity is better than ipv6 than ipv4 is used. I'm not quite sure how this is established. It prefers IPv4 even when the IPv6 ping is slightly smaller. Regards, Rob ___ squid-users mailing list squid-users@lists.squid-cache.org https://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] New Squid prefers IPv4
Hello Rob, On Mon, Feb 05, Rob van der Putten wrote: > After upgrading Squid from 3 to 5 the percentage of IPv6 reduced from 61% to > less then 1%. > Any ideas? yes, since squid5 the happy eyeball algorithm as described in rfc 8305 is used. If your ipv4 connectivity is better than ipv6 than ipv4 is used. -- Regards Dieter -- I do not get viruses because I do not use MS software. If you use Outlook then please do not put my email address in your address-book so that WHEN you get a virus it won't use my address in the >From field. ___ squid-users mailing list squid-users@lists.squid-cache.org https://lists.squid-cache.org/listinfo/squid-users
[squid-users] New Squid prefers IPv4
Hi there After upgrading Squid from 3 to 5 the percentage of IPv6 reduced from 61% to less then 1%. Any ideas? Regards, Rob ___ squid-users mailing list squid-users@lists.squid-cache.org https://lists.squid-cache.org/listinfo/squid-users
