Bug#1006375: debian-edu-config: squid very slow due to IPv6-lookups being done first, and only then IPv4

To: submit@bugs.debian.org
Subject: Bug#1006375: debian-edu-config: squid very slow due to IPv6-lookups being done first, and only then IPv4
From: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
Date: Thu, 24 Feb 2022 15:08:13 +0000
Message-id: <[🔎] 20220224150813.Horde.Lq1pBfHlI2PLXJQ37PtUL9O@mail.das-netzwerkteam.de>
Reply-to: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>, 1006375@bugs.debian.org

Package: debian-edu-config
Severity: important
Version: 2.12.17
Control: found -1 2.11.56+debu3

Debian Edu is not yet really IPv6-ready. That is another topic andshould be discussed elsewhere. Maybe for some people, Debian Edu worksperfectly on IPv6 and I don't know that yet, please let us know yourexperiences on the Debian Edu mailing list. Thanks. (Don't Cc: suchdiscussion replies to the bug report's mail address, please).

However, here current Debian Edu work best if IPv4 connections (andDNS lookups) are preferred over IPv6 connections and lookups.

In Squid, I made the observation today that squid tries to do an IPv6lookup for a URL first and if that fails, it retries via IPv4. Thisseems to work ok for Debian Edu networks where TJENER does not have apublic IPv6 address. However, in my customer's setup [1], loading acomplex website page via squid takes ages with this. Esp. if the squidproxy is under medium to heavy load by other users on the network.

So, long story cut short, squid tries to route http(s) requests(hostname/path queries, basically) over IPv6 first and falls back assecond choice to IPv4. This takes a bit of extra time for each URL tobe loaded. IMHO, this should be avoided, IPv4 should be preferred insquid. Not only on this one customer setup, but in general it seems(as the whole Debian Edu design currently is 'IPv4-first' or rather'IPv4-only'.

So, I'd like to add (and this extra config line fixed the issue on thecustomer site)


  dns_v4_first on

to /etc/squid/conf.d/debian-edu.conf

Objections? Other opinions???

Mike

[1] In this customer setup TJENER has two network interfaces (a.intern network and a .backbone network). The .backbone network is forWiFi APs being able to access FreeRadius on TJENER (the WiFi APs arenot on the .intern network but on a separate management network). AndTJENER here as a public IPv6 address on the .backbone network's NIC(eth1 here).


--

DAS-NETZWERKTEAM
c\o Technik- und Ökologiezentrum Eckernförde
Mike Gabriel, Marienthaler Str. 17, 24340 Eckernförde
mobile: +49 (1520) 1976 148
landline: +49 (4351) 850 8940

GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22  0782 9AF4 6B30 2577 1B31
mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de

Attachment: pgpdXq94R5XhS.pgp
Description: Digitale PGP-Signatur

Reply to:

Follow-Ups:
- Processed: debian-edu-config: squid very slow due to IPv6-lookups being done first, and only then IPv4
  - From: "Debian Bug Tracking System" <owner@bugs.debian.org>

Prev by Date: Processed: Bug#1006362 marked as pending in debian-edu-config
Next by Date: Processed: debian-edu-config: squid very slow due to IPv6-lookups being done first, and only then IPv4
Previous by thread: Bug#1006362: debian-edu-config: PXE-installed Debian Edu clients don't boot into graphical.target
Next by thread: Processed: debian-edu-config: squid very slow due to IPv6-lookups being done first, and only then IPv4
Index(es):
- Date
- Thread