Re: ipv6 apt issue

On Tue, Mar 28, 2017 at 1:50 PM, Sven Joachim <svenjoac@gmx.de> wrote:

On 2017-03-28 13:24 -0500, Matt Zagrabelny wrote:

> I'm hitting an IPv6 snafu.
>
> I've got a dual stack host and when doing various apt-y things I attempt to
> connect to:
>
> # apt update
> 0% [Connecting to ftp-chi.osuosl.org (2600:3402:200:227::2)
>
> but it hangs and doesn't seem to complete its connection.

Apparently ftp-chi.osuosl.org works for me, can you reach other IPv6
sites?

Well...

% ping ftp-chi.osuosl.org

PING ftp-chi.osuosl.org(ftp-chi.osuosl.org (2600:3402:200:227::2)) 56 data bytes

--- ftp-chi.osuosl.org ping statistics ---

4 packets transmitted, 0 received, 100% packet loss, time 3052ms

Not there.

% ping google.com

PING google.com(ja-in-x8b.1e100.net (2607:f8b0:4001:c0c::8b)) 56 data bytes

64 bytes from ja-in-x8b.1e100.net (2607:f8b0:4001:c0c::8b): icmp_seq=1 ttl=41 time=24.4 ms

64 bytes from ja-in-x8b.1e100.net (2607:f8b0:4001:c0c::8b): icmp_seq=2 ttl=41 time=24.0 ms

--- google.com ping statistics ---

2 packets transmitted, 2 received, 0% packet loss, time 1001ms

rtt min/avg/max/mdev = 24.097/24.259/24.421/0.162 ms

Yep.

% ping ftp.us.debian.org

PING ftp.us.debian.org(debian.gtisc.gatech.edu (2610:148:1f10:3::89)) 56 data bytes

64 bytes from debian.gtisc.gatech.edu (2610:148:1f10:3::89): icmp_seq=1 ttl=51 time=30.8 ms

64 bytes from debian.gtisc.gatech.edu (2610:148:1f10:3::89): icmp_seq=2 ttl=51 time=31.0 ms

--- ftp.us.debian.org ping statistics ---

2 packets transmitted, 2 received, 0% packet loss, time 1001ms

rtt min/avg/max/mdev = 30.844/30.926/31.009/0.194 ms

Yep.

> If I look at my sources lists:
>
> % grep http /etc/apt/sources.list.d/*.list | sed -e 's/.*http:\/\///' | uniq
> ftp.us.debian.org/debian/ experimental main
> ftp.us.debian.org/debian/ jessie main contrib non-free
> ftp.us.debian.org/debian/ sid main contrib non-free
> ftp.us.debian.org/debian/ stretch main contrib non-free
>
> I don't have an /etc/apt/sources.list file. To my observation, my host
> should only be connecting ftp.us.debian.org.

That's correct, but there are many machines behind ftp.us.debian.org.

DNS queries return all the possible entries (even for round robin.) The resolver chooses one.

> Which has the following v6 addresses:
>
> % dig ftp.us.debian.org aaaa +short
> 2610:148:1f10:3::89
> 2620:0:861:1:208:80:154:15
>
> So, where does the above ftp-chi.osuosl.org (2600:3402:200:227::2) coming
> from?

>From DNS round robin, see https://en.wikipedia.org/wiki/Round_robin_DNS.

The entries in the RR were returned in the above dig command. Those are the only two AAAA records for ftp.us.debian.org. 2600:3402:200:227::2 was not part of the round robin entries.

Here is 10,000 queries for the AAAA records of ftp.us.debian.org:

% for f in `seq 1 10000`; do

dig ftp.us.debian.org aaaa +short

done | sort | uniq

2610:148:1f10:3::89

2620:0:861:1:208:80:154:15

I (always) get the same two addresses.

Looking at the v4 systems for ftp.us.debian.org:

% dig ftp.us.debian.org +short | sort

128.30.2.26

128.61.240.89

208.80.154.15