NetBSD Problem Report #57864
From www@netbsd.org Thu Jan 18 03:40:09 2024
Return-Path: <www@netbsd.org>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
(Client CN "mail.NetBSD.org", Issuer "mail.NetBSD.org CA" (not verified))
by mollari.NetBSD.org (Postfix) with ESMTPS id E51F51A9238
for <gnats-bugs@gnats.NetBSD.org>; Thu, 18 Jan 2024 03:40:08 +0000 (UTC)
Message-Id: <20240118034007.A18F21A9239@mollari.NetBSD.org>
Date: Thu, 18 Jan 2024 03:40:07 +0000 (UTC)
From: sk757a@outlook.com
Reply-To: sk757a@outlook.com
To: gnats-bugs@NetBSD.org
Subject: Install first tries to load from cdn.netbsd.org using ipv6
X-Send-Pr-Version: www-1.0
>Number: 57864
>Category: install
>Synopsis: Install first tries to load from cdn.netbsd.org using ipv6
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: install-manager
>State: open
>Class: support
>Submitter-Id: net
>Arrival-Date: Thu Jan 18 03:45:00 +0000 2024
>Last-Modified: Thu Jan 18 19:00:01 +0000 2024
>Originator: Sergey Kuznetsov
>Release: 10.0_rc3
>Organization:
>Environment:
>Description:
Install gives priority to ipv6 addresses and this leads to long waits and messages Can't connect to [2a04:4e42:...]:80 Operation timed out. Sometimes many times in a row.
My provider does not support ipv6, but ipv6 works on the local network.
>How-To-Repeat:
>Fix:
>Audit-Trail:
From: Martin Husemann <martin@duskware.de>
To: gnats-bugs@netbsd.org
Cc:
Subject: Re: install/57864: Install first tries to load from cdn.netbsd.org
using ipv6
Date: Thu, 18 Jan 2024 06:53:58 +0100
On Thu, Jan 18, 2024 at 03:45:01AM +0000, sk757a@outlook.com wrote:
> Install gives priority to ipv6 addresses and this leads to long waits
> and messages Can't connect to [2a04:4e42:...]:80 Operation timed out.
> Sometimes many times in a row. My provider does not support ipv6, but
> ipv6 works on the local network.
The installation assumes a working internet connection (if you use the
network download parts). It does not prefer IPv6 over IPv4 or vice
versa, but assumes you can use the addresses returned from DNS if
there is a route.
You have several options:
- fix the DHCP setup to not provide a default route for IPv6
- fix the DNS setup (e.g. by using a DNS cache that filters external
IPv6 responses)
- pick a sane provider that properly supports dual stack access
(yes, I know that my be hard)
- use a tunnel service to get proper external IPv6 routed to your
local network (Hurricane electric are an example of a free offer for that)
So even if that may sound a bit harsh, I would not consider this a bug
in the installer.
Martin
From: Robert Elz <kre@munnari.OZ.AU>
To: gnats-bugs@netbsd.org
Cc:
Subject: Re: install/57864: Install first tries to load from cdn.netbsd.org using ipv6
Date: Thu, 18 Jan 2024 17:51:08 +0700
Date: Thu, 18 Jan 2024 05:55:02 +0000 (UTC)
From: Martin Husemann <martin@duskware.de>
Message-ID: <20240118055502.15D861A9239@mollari.NetBSD.org>
| - fix the DHCP setup to not provide a default route for IPv6
That one is the "correct" solution for the setup described.
Make the default route go away. You don't need it for your
lolal network, even if you have multiple v6 prefixes in use
on different LANs.
| - fix the DNS setup (e.g. by using a DNS cache that filters external
| IPv6 responses)
Might work, but is the wrong way.
| - pick a sane provider that properly supports dual stack access
| (yes, I know that my be hard)
| - use a tunnel service to get proper external IPv6 routed to your
| local network (Hurricane electric are an example of a free offer f=
or that)
Those two amount to 'change the environment', which would be better
long term - it is really unconsciable these days for any ISP to
not fully support v6, and losing customers becausr=3De of that is the
way they get taught.
| So even if that may sound a bit harsh, I would not consider this a bu=
g
| in the installer.
Definitely is not. Martin, close this.
kre
From: Robert Elz <kre@munnari.OZ.AU>
To: gnats-bugs@netbsd.org
Cc:
Subject: Re: install/57864: Install first tries to load from cdn.netbsd.org using ipv6
Date: Thu, 18 Jan 2024 18:01:55 +0700
Date: Thu, 18 Jan 2024 05:55:02 +0000 (UTC)
From: Martin Husemann <martin@duskware.de>
Message-ID: <20240118055502.15D861A9239@mollari.NetBSD.org>
| - fix the DHCP setup to not provide a default route for IPv6
Actually one minor correction on that - it is fine for the
end hosts to have a default route to the local router, is
is that router (and any others on the network) which must
not have a default route (where is it sending stuff? And
it needs to be sending back ICMPv6 'unreachable' and the
NetBSD stack needs to notice that in SYN SENT state, and fail)
If the latter part doesn't work, then the host default routes
need to go as well, which unless the LAN is very simple, will
likely mean every host would need local static route config,
or to be config'd to be a router and run a routing daemon.
Hosts don't normally learn routing details, beyond what they
can interpret from redirects.
Either way the v6 connect attempt will still happen, but be
rejected quickly.
It might also be possible to config your local DNS stub resolver
to return v4 addresses before v6 in the addrlist returned to
the app.
kre
From: Sergei K <sk757a@outlook.com>
To: gnats-bugs@netbsd.org
Cc:
Subject: Re: install/57864: Install first tries to load from cdn.netbsd.org
using ipv6
Date: Thu, 18 Jan 2024 21:24:49 +0500
On 18.01.2024 10:55, Martin Husemann wrote:
> The following reply was made to PR install/57864; it has been noted by GNATS.
>
> From: Martin Husemann <martin@duskware.de>
> To: gnats-bugs@netbsd.org
> Cc:
> Subject: Re: install/57864: Install first tries to load from cdn.netbsd.org
> using ipv6
> Date: Thu, 18 Jan 2024 06:53:58 +0100
>
> On Thu, Jan 18, 2024 at 03:45:01AM +0000, sk757a@outlook.com wrote:
> > Install gives priority to ipv6 addresses and this leads to long waits
> > and messages Can't connect to [2a04:4e42:...]:80 Operation timed out.
> > Sometimes many times in a row. My provider does not support ipv6, but
> > ipv6 works on the local network.
>
> The installation assumes a working internet connection (if you use the
> network download parts). It does not prefer IPv6 over IPv4 or vice
> versa, but assumes you can use the addresses returned from DNS if
> there is a route.
>
> You have several options:
>
> - fix the DHCP setup to not provide a default route for IPv6
> - fix the DNS setup (e.g. by using a DNS cache that filters external
> IPv6 responses)
> - pick a sane provider that properly supports dual stack access
> (yes, I know that my be hard)
> - use a tunnel service to get proper external IPv6 routed to your
> local network (Hurricane electric are an example of a free offer for that)
>
> So even if that may sound a bit harsh, I would not consider this a bug
> in the installer.
>
> Martin
Thank you for the clarification, Martin and Robert. Yes, the problem is
definitely not with install, but rather with the behavior of the system
with defaults. Even after I waited for all these ip6 requests to fail
with timeout and successfully installed the system, pkg_add also worked
with huge delays (~7m) ip4 used only after lan-only ip6. I found two
ways to fix this:
1. Add -4 to dhcpcd_flags
2. ip6addrctl=YES
I understand that my network setup is far from ideal and I can just
disable ip6 completely without any consequences, but I would like to
point out that all other operating systems that I use do not experience
similar difficulties.
From: Martin Husemann <martin@duskware.de>
To: gnats-bugs@netbsd.org
Cc:
Subject: Re: install/57864: Install first tries to load from cdn.netbsd.org
using ipv6
Date: Thu, 18 Jan 2024 17:37:56 +0100
On Thu, Jan 18, 2024 at 04:25:02PM +0000, Sergei K wrote:
> with defaults. Even after I waited for all these ip6 requests to fail
> with timeout and successfully installed the system, pkg_add also worked
> with huge delays (~7m) ip4 used only after lan-only ip6. I found two
> ways to fix this:
7m is a strange value, I would have expected maximal 1m (per request).
What does it do that long, can't be trying to connect to the non-reachable
IPv6 address?
Can you show the output of
host cdn.netbsd.org
on your system?
A workaround for such setups w/o changing the network environment would
be to implement "happy eyball" both in ftp(1) and libfetch (for pkg_add),
which I would love to see in general (but it does not fit into both internally
very well).
Martin
From: Sergei K <sk757a@outlook.com>
To: gnats-bugs@netbsd.org
Cc:
Subject: Re: install/57864: Install first tries to load from cdn.netbsd.org
using ipv6
Date: Thu, 18 Jan 2024 23:55:55 +0500
On 18.01.2024 21:40, Martin Husemann wrote:
> 7m is a strange value, I would have expected maximal 1m (per request).
> What does it do that long, can't be trying to connect to the non-reachable
> IPv6 address?
>
> Can you show the output of
>
> host cdn.netbsd.org
>
> on your system?
All clear
> # host cdn.netbsd.org
> cdn.netbsd.org is an alias for dualstack.o.ssl.global.fastly.net.
> dualstack.o.ssl.global.fastly.net has address 151.101.85.6
> dualstack.o.ssl.global.fastly.net has IPv6 address 2a04:4e42:70:262
>
> # host cdn.netbsd.org
> cdn.netbsd.org is an alias for dualstack.o.ssl.global.fastly.net.
> dualstack.o.ssl.global.fastly.net has address 151.101.85.6
> dualstack.o.ssl.global.fastly.net has IPv6 address 2a84:4e42::262
> dualstack.o.ssl.global.fastly.net has IPv6 address 2a04:4e42:200::262
> dualstack.o.ssl.global.fastly.net has IPv6 address 2a84:4e42:400::262
> dualstack.o.ssl.global.fastly.net has IPv6 address 2a84:4e42:600::262
>
> # host cdn.netbsd.org
> cdn.netbsd.org is an alias for dualstack.o.ssl.global.fastly.net.
> dualstack.o.ssl.global.fastly.net has address 146.75.1.6
> dualstack.o.ssl.global.fastly.net has IPv6 address 2a04:4e42:14:262
>
> # host cdn.netbsd.org
> cdn.netbsd.org is an alias for dualstack.o.ssl.global.fastly.net.
> dualstack.o.ssl.global.fastly.net has address 151.101.85.6
> dualstack.o.ssl.global.fastly.net has IPv6 address 2a04:4e42:14:262
I also measured the running time of several runs of pkg_add (in s):
> 77
> 77
> 302
> 77
> 77
> 77
> 302
> 77
> 77
> 77
The worst case (456 s) did not happen again. One might think that I was
simply mistaken, but since there is a photo of the screen, there is no
doubt :-)
Well, thank you. The question can be closed now.
(Contact us)
$NetBSD: query-full-pr,v 1.47 2022/09/11 19:34:41 kim Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2024
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.