[squid-users] caching failed tcp connects to destination ips
Hi, we use ipv4 and ipv6 tcp protocol for our outgoing interface. The most sides are accessable via ipv6, if a Record is available, so ipv6 works great in most cases. Some sides like http://www.hsp-steuer.de/ announce ipv6 records, but are not accessable via ipv6. Is it possible that squid notice this fail so that future request will go to ipv4 directly and the user doesn't have to wait for the long tcp timeout every time ? Maybe with a timestamp, so that it will be refreshed after x hours. -- Best regards Dieter -- I do not get viruses because I do not use MS software. If you use Outlook then please do not put my email address in your address-book so that WHEN you get a virus it won't use my address in the From field.
Re: [squid-users] caching failed tcp connects to destination ips
On 07/25/2013 09:52 AM, Dieter Bloms wrote: Hi, we use ipv4 and ipv6 tcp protocol for our outgoing interface. The most sides are accessable via ipv6, if a Record is available, so ipv6 works great in most cases. Some sides like http://www.hsp-steuer.de/ announce ipv6 records, but are not accessable via ipv6. Is it possible that squid notice this fail so that future request will go to ipv4 directly and the user doesn't have to wait for the long tcp timeout every time ? Maybe with a timestamp, so that it will be refreshed after x hours. It depends on what the client wants\needs. most likely ipv4 is the same as ipv6 with couple things that are not the same in the network level. The dns should point to the same resources and allow browsers and proxies to decide if they will use ipv4 or ipv6. Then squid can decide on the right choice which was tested by chrome. Chrome tested first syn faster then use the fastest network address. A couple hours ipcache is not a good choice since the internet is a dynamic system. have you seen ipcache and dns cache yet? Eliezer
Re: [squid-users] caching failed tcp connects to destination ips
On 25/07/2013 6:52 p.m., Dieter Bloms wrote: Hi, we use ipv4 and ipv6 tcp protocol for our outgoing interface. The most sides are accessable via ipv6, if a Record is available, so ipv6 works great in most cases. Some sides like http://www.hsp-steuer.de/ announce ipv6 records, but are not accessable via ipv6. Send them a bug report? Is it possible that squid notice this fail so that future request will go to ipv4 directly and the user doesn't have to wait for the long tcp timeout every time ? Yes it is possible and Squid already does. If you check your cachemgr ipcache report you can see this as the DNS results domain/IP mapping list OK/BAD flags on each IP address known. BAD will not be used, OK will be tried, success is always a gamble. Maybe with a timestamp, so that it will be refreshed after x hours. The DNS lookup result TTL is used, whereupon the DNS server is expected to give better working results. Or if all possible IP (both types) are tried and all fail the markers are reset and it may be re-tried by some other request. Amos
Re: [squid-users] caching failed tcp connects to destination ips
Hi Amos, thank you for your quick answer. On Thu, Jul 25, Amos Jeffries wrote: On 25/07/2013 6:52 p.m., Dieter Bloms wrote: Hi, we use ipv4 and ipv6 tcp protocol for our outgoing interface. The most sides are accessable via ipv6, if a Record is available, so ipv6 works great in most cases. Some sides like http://www.hsp-steuer.de/ announce ipv6 records, but are not accessable via ipv6. Send them a bug report? I did, but the provider is resistant about this. Is it possible that squid notice this fail so that future request will go to ipv4 directly and the user doesn't have to wait for the long tcp timeout every time ? Yes it is possible and Squid already does. If you check your cachemgr ipcache report you can see this as the DNS results domain/IP mapping list OK/BAD flags on each IP address known. BAD will not be used, OK will be tried, success is always a gamble. the ipv6 adress 2001:8d8:88c:37e2:3e1b:35f0:e10:1 is not reachable on port 80, but cachemgr says: --snip-- www.hsp-steuer.de 33 1110 2( 0) 2001:8d8:88c:37e2:3e1b:35f0:e10:1-OK 82.165.11.88-OK --snip-- so is this a bug in squid, that the ipv6 address is listed as OK ? -- Best regards Dieter -- I do not get viruses because I do not use MS software. If you use Outlook then please do not put my email address in your address-book so that WHEN you get a virus it won't use my address in the From field.
Re: [squid-users] caching failed tcp connects to destination ips
On 07/25/2013 10:37 AM, Dieter Bloms wrote: I did, but the provider is resistant about this. ask about it in bind users list. Others will confirm your doubt.. If it's real most likely you it can be reproduced and you will have no problem with the site. Eliezer