NetBSD Problem Report #57864

From www@netbsd.org  Thu Jan 18 03:40:09 2024
Return-Path: <www@netbsd.org>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	(Client CN "mail.NetBSD.org", Issuer "mail.NetBSD.org CA" (not verified))
	by mollari.NetBSD.org (Postfix) with ESMTPS id E51F51A9238
	for <gnats-bugs@gnats.NetBSD.org>; Thu, 18 Jan 2024 03:40:08 +0000 (UTC)
Message-Id: <20240118034007.A18F21A9239@mollari.NetBSD.org>
Date: Thu, 18 Jan 2024 03:40:07 +0000 (UTC)
From: sk757a@outlook.com
Reply-To: sk757a@outlook.com
To: gnats-bugs@NetBSD.org
Subject: Install first tries to load from cdn.netbsd.org using ipv6
X-Send-Pr-Version: www-1.0

>Number:         57864
>Category:       install
>Synopsis:       Install first tries to load from cdn.netbsd.org using ipv6
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    install-manager
>State:          open
>Class:          support
>Submitter-Id:   net
>Arrival-Date:   Thu Jan 18 03:45:00 +0000 2024
>Last-Modified:  Thu Jan 18 19:00:01 +0000 2024
>Originator:     Sergey Kuznetsov
>Release:        10.0_rc3
>Organization:
>Environment:
>Description:
Install gives priority to ipv6 addresses and this leads to long waits and messages Can't connect to [2a04:4e42:...]:80 Operation timed out. Sometimes many times in a row.
My provider does not support ipv6, but ipv6 works on the local network.
>How-To-Repeat:

>Fix:

>Audit-Trail:
From: Martin Husemann <martin@duskware.de>
To: gnats-bugs@netbsd.org
Cc: 
Subject: Re: install/57864: Install first tries to load from cdn.netbsd.org
 using ipv6
Date: Thu, 18 Jan 2024 06:53:58 +0100

 On Thu, Jan 18, 2024 at 03:45:01AM +0000, sk757a@outlook.com wrote:
 > Install gives priority to ipv6 addresses and this leads to long waits
 > and messages Can't connect to [2a04:4e42:...]:80 Operation timed out.
 > Sometimes many times in a row. My provider does not support ipv6, but
 > ipv6 works on the local network.

 The installation assumes a working internet connection (if you use the
 network download parts). It does not prefer IPv6 over IPv4 or vice
 versa, but assumes you can use the addresses returned from DNS if
 there is a route.

 You have several options:

  - fix the DHCP setup to not provide a default route for IPv6
  - fix the DNS setup (e.g. by using a DNS cache that filters external
    IPv6 responses)
  - pick a sane provider that properly supports dual stack access
    (yes, I know that my be hard)
  - use a tunnel service to get proper external IPv6 routed to your
    local network (Hurricane electric are an example of a free offer for that)

 So even if that may sound a bit harsh, I would not consider this a bug
 in the installer.

 Martin

From: Robert Elz <kre@munnari.OZ.AU>
To: gnats-bugs@netbsd.org
Cc: 
Subject: Re: install/57864: Install first tries to load from cdn.netbsd.org using ipv6
Date: Thu, 18 Jan 2024 17:51:08 +0700

     Date:        Thu, 18 Jan 2024 05:55:02 +0000 (UTC)
     From:        Martin Husemann <martin@duskware.de>
     Message-ID:  <20240118055502.15D861A9239@mollari.NetBSD.org>

   |   - fix the DHCP setup to not provide a default route for IPv6

 That one is the "correct" solution for the setup described.
 Make the default route go away.  You don't need it for your
 lolal network, even if you have multiple v6 prefixes in use
 on different LANs.

   |   - fix the DNS setup (e.g. by using a DNS cache that filters external
   |     IPv6 responses)

 Might work, but is the wrong way.

   |   - pick a sane provider that properly supports dual stack access
   |     (yes, I know that my be hard)
   |   - use a tunnel service to get proper external IPv6 routed to your
   |     local network (Hurricane electric are an example of a free offer f=
 or that)

  Those two amount to 'change the environment', which would be better
  long term - it is really unconsciable these days for any ISP to
  not fully support v6, and losing customers becausr=3De of that is the
  way they get taught.

   |  So even if that may sound a bit harsh, I would not consider this a bu=
 g
   |  in the installer.

 Definitely is not.   Martin, close this.

 kre

From: Robert Elz <kre@munnari.OZ.AU>
To: gnats-bugs@netbsd.org
Cc: 
Subject: Re: install/57864: Install first tries to load from cdn.netbsd.org using ipv6
Date: Thu, 18 Jan 2024 18:01:55 +0700

     Date:        Thu, 18 Jan 2024 05:55:02 +0000 (UTC)
     From:        Martin Husemann <martin@duskware.de>
     Message-ID:  <20240118055502.15D861A9239@mollari.NetBSD.org>

   |   - fix the DHCP setup to not provide a default route for IPv6

 Actually one minor correction on that - it is fine for the
 end hosts to have a default route to the local router, is
 is that router (and any others on the network) which must
 not have a default route (where is it sending stuff?   And
 it needs to be sending back ICMPv6 'unreachable' and the
 NetBSD stack needs to notice that in SYN SENT state, and fail)

 If the latter part doesn't work, then the host default routes
 need to go as well, which unless the LAN is very simple, will
 likely mean every host would need local static route config,
 or to be config'd to be a router and run a routing daemon.
 Hosts don't normally learn routing details, beyond what they
 can interpret from redirects.

 Either way the v6 connect attempt will still happen, but be
 rejected quickly.

 It might also be possible to config your local DNS stub resolver
 to return v4 addresses before v6 in the addrlist returned to
 the app.

 kre

From: Sergei K <sk757a@outlook.com>
To: gnats-bugs@netbsd.org
Cc: 
Subject: Re: install/57864: Install first tries to load from cdn.netbsd.org
 using ipv6
Date: Thu, 18 Jan 2024 21:24:49 +0500

 On 18.01.2024 10:55, Martin Husemann wrote:
 > The following reply was made to PR install/57864; it has been noted by GNATS.
 >
 > From: Martin Husemann <martin@duskware.de>
 > To: gnats-bugs@netbsd.org
 > Cc:
 > Subject: Re: install/57864: Install first tries to load from cdn.netbsd.org
 >   using ipv6
 > Date: Thu, 18 Jan 2024 06:53:58 +0100
 >
 >   On Thu, Jan 18, 2024 at 03:45:01AM +0000, sk757a@outlook.com wrote:
 >   > Install gives priority to ipv6 addresses and this leads to long waits
 >   > and messages Can't connect to [2a04:4e42:...]:80 Operation timed out.
 >   > Sometimes many times in a row. My provider does not support ipv6, but
 >   > ipv6 works on the local network.
 >   
 >   The installation assumes a working internet connection (if you use the
 >   network download parts). It does not prefer IPv6 over IPv4 or vice
 >   versa, but assumes you can use the addresses returned from DNS if
 >   there is a route.
 >   
 >   You have several options:
 >   
 >    - fix the DHCP setup to not provide a default route for IPv6
 >    - fix the DNS setup (e.g. by using a DNS cache that filters external
 >      IPv6 responses)
 >    - pick a sane provider that properly supports dual stack access
 >      (yes, I know that my be hard)
 >    - use a tunnel service to get proper external IPv6 routed to your
 >      local network (Hurricane electric are an example of a free offer for that)
 >   
 >   So even if that may sound a bit harsh, I would not consider this a bug
 >   in the installer.
 >   
 >   Martin

 Thank you for the clarification, Martin and Robert. Yes, the problem is 
 definitely not with install, but rather with the behavior of the system 
 with defaults. Even after I waited for all these ip6 requests to fail 
 with timeout and successfully installed the system, pkg_add also worked 
 with huge delays (~7m) ip4 used only after lan-only ip6. I found two 
 ways to fix this:

 1. Add -4 to dhcpcd_flags
 2. ip6addrctl=YES

 I understand that my network setup is far from ideal and I can just 
 disable ip6 completely without any consequences, but I would like to 
 point out that all other operating systems that I use do not experience 
 similar difficulties.

From: Martin Husemann <martin@duskware.de>
To: gnats-bugs@netbsd.org
Cc: 
Subject: Re: install/57864: Install first tries to load from cdn.netbsd.org
 using ipv6
Date: Thu, 18 Jan 2024 17:37:56 +0100

 On Thu, Jan 18, 2024 at 04:25:02PM +0000, Sergei K wrote:
 >  with defaults. Even after I waited for all these ip6 requests to fail 
 >  with timeout and successfully installed the system, pkg_add also worked 
 >  with huge delays (~7m) ip4 used only after lan-only ip6. I found two 
 >  ways to fix this:

 7m is a strange value, I would have expected maximal 1m (per request).
 What does it do that long, can't be trying to connect to the non-reachable
 IPv6 address?

 Can you show the output of

 	host cdn.netbsd.org

 on your system?

 A workaround for such setups w/o changing the network environment would
 be to implement "happy eyball" both in ftp(1) and libfetch (for pkg_add),
 which I would love to see in general (but it does not fit into both internally
 very well).

 Martin

From: Sergei K <sk757a@outlook.com>
To: gnats-bugs@netbsd.org
Cc: 
Subject: Re: install/57864: Install first tries to load from cdn.netbsd.org
 using ipv6
Date: Thu, 18 Jan 2024 23:55:55 +0500

 On 18.01.2024 21:40, Martin Husemann wrote:
 >   7m is a strange value, I would have expected maximal 1m (per request).
 >   What does it do that long, can't be trying to connect to the non-reachable
 >   IPv6 address?
 >   
 >   Can you show the output of
 >   
 >   	host cdn.netbsd.org
 >   
 >   on your system?

 All clear

 > # host cdn.netbsd.org
 > cdn.netbsd.org is an alias for dualstack.o.ssl.global.fastly.net.
 > dualstack.o.ssl.global.fastly.net has address 151.101.85.6
 > dualstack.o.ssl.global.fastly.net has IPv6 address 2a04:4e42:70:262
 >
 > # host cdn.netbsd.org
 > cdn.netbsd.org is an alias for dualstack.o.ssl.global.fastly.net.
 > dualstack.o.ssl.global.fastly.net has address 151.101.85.6
 > dualstack.o.ssl.global.fastly.net has IPv6 address 2a84:4e42::262
 > dualstack.o.ssl.global.fastly.net has IPv6 address 2a04:4e42:200::262
 > dualstack.o.ssl.global.fastly.net has IPv6 address 2a84:4e42:400::262
 > dualstack.o.ssl.global.fastly.net has IPv6 address 2a84:4e42:600::262
 >
 > # host cdn.netbsd.org
 > cdn.netbsd.org is an alias for dualstack.o.ssl.global.fastly.net.
 > dualstack.o.ssl.global.fastly.net has address 146.75.1.6
 > dualstack.o.ssl.global.fastly.net has IPv6 address 2a04:4e42:14:262
 >
 > # host cdn.netbsd.org
 > cdn.netbsd.org is an alias for dualstack.o.ssl.global.fastly.net.
 > dualstack.o.ssl.global.fastly.net has address 151.101.85.6
 > dualstack.o.ssl.global.fastly.net has IPv6 address 2a04:4e42:14:262
 I also measured the running time of several runs of pkg_add (in s):
 > 77
 > 77
 > 302
 > 77
 > 77
 > 77
 > 302
 > 77
 > 77
 > 77
 The worst case (456 s) did not happen again. One might think that I was 
 simply mistaken, but since there is a photo of the screen, there is no 
 doubt :-)

 Well, thank you. The question can be closed now.

NetBSD Home
NetBSD PR Database Search

(Contact us) $NetBSD: query-full-pr,v 1.47 2022/09/11 19:34:41 kim Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2024 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.