On 20/12/2012 9:05 a.m., Eliezer Croitoru wrote:
On 12/19/2012 2:33 PM, Dmitry Melekhov wrote:
19.12.2012 16:29, Ralf Hildebrandt пишет:
* Dmitry Melekhov:
19.12.2012 16:19, Ralf Hildebrandt пишет:
When trying to access http://www.vkontakte.ru/, I'm getting an error:
Connection to 2a00:bdc0:3:103:1:0:403:900 failed.
(101) Network is unreachable
to solve this problem I just compiled squid without ipv6 support
:-)
dns_v4_first on
also solves the issue at hand, but I wonder why that particular
hostname will not be contacted using v4..
For the record squid-3.2 tries all the destination IPs it can find, the
above method only means that all attempts failed and the given IPv6
address was the *latest* tried. Squid could very well have tried a bunch
of IPv4 addresses earlier which failed, or scheduled them for connecting
to later but forward_timeout and connect_timeout prevented reaching them.
Also, Squid by default only tries to connect 10 times then gives up.
Lookign at teh website address list I notice that it on a primarily IPv6
network.
# host www.vkontakte.ru
www.vkontakte.ru has IPv6 address 2a00:bdc0:3:103:1:0:403:908
www.vkontakte.ru has IPv6 address 2a00:bdc0:3:103:1:0:403:909
www.vkontakte.ru has IPv6 address 2a00:bdc0:3:103:1:0:403:900
www.vkontakte.ru has IPv6 address 2a00:bdc0:3:103:1:0:403:901
www.vkontakte.ru has IPv6 address 2a00:bdc0:3:103:1:0:403:902
www.vkontakte.ru has IPv6 address 2a00:bdc0:3:103:1:0:403:903
www.vkontakte.ru has IPv6 address 2a00:bdc0:3:103:1:0:403:904
www.vkontakte.ru has IPv6 address 2a00:bdc0:3:103:1:0:403:905
www.vkontakte.ru has IPv6 address 2a00:bdc0:3:103:1:0:403:906
www.vkontakte.ru has IPv6 address 2a00:bdc0:3:103:1:0:403:907
www.vkontakte.ru has address 87.240.188.252
www.vkontakte.ru has address 87.240.188.254
Squid will do all 10 connection attemps before reaching any of the IPv4
addresses.
You can use the dns_v4_first sort order option, or you can extend the
number of connection attempts Squid performs with forward_max_tries.
http://www.squid-cache.org/Doc/config/forward_max_tries/
http://www.squid-cache.org/Doc/config/dns_v4_first/
Some other things to be aware of in 3.2:
* connect_timeout controls each individual TCP connection setup,
ensure this is small to avoid broken IPs quickly but long enough to use
slow links.
* forward_timeout controls *total* time locating a working connection.
For example, N connection attempts with their connect_timeout on each
one all fit within forward_timeout, but the N+1 attempt would take
longer so is cut short or never tried.
http://www.squid-cache.org/Doc/config/connect_timeout/
http://www.squid-cache.org/Doc/config/forward_timeout/
Well, as I wrote- I don't have ipv6, so I just disabled it :-)
If you want better answer- may be someone have it, I'm interesting
too ;-)
Just a nice suggestion to get started on IPV6 if you can and not just
disable it.
Sometime soon IPV6 will be here and you will need to work with it.
When you look at the timeline for IPv6 "soon" is the wrong word.
Probably better to say "last year"...
1994-1998 - 4 years of experimentation and protocol development
1996-2007 - 11 years of software development and rollout. The NAT
'network address translation' years. IPv4 space is already exceeded by
the number of machines connected but NAT hides most end-user hardware
away from global allocations.
2004 + hardware development IPv6 integration at circuit level
2011-2014 IPv4 exhausition/end of life period. As mobile networks
become 4G "smart "devices" IPv4 addresses are all used up; APNIC 2011,
RIPE 2012, ARIN ~2014 all switch to extreme measures for allocation.
2011-2020 IPv4 disconnection phase. As networks *are* going IPv6-only
they disappear from IPv4 visibility. New networks never exist on IPv4 to
start with.
Now check your calendar to see where in the cycle we are...
You don't need to enable your entire network to IPv6 at once. But there
are some services such as Squid and DNS which would benefit you greatly
if they had IPv6 connectivity to the server even if the client
connection is IPv4-only. They are well suited to acting as IPv6<->IPv4
translation devices on your clients behalf. Extending your clients
access to popular IPv6 services (ie google, youtube, facebook to name a
few) when they drop IPv4 service over the next few years.
Amos
