Re: [squid-users] Squid 3.1.0.17<--> Google/YouTube "(101) Network is unreachable",, error???

[Amos Jeffries]

Jan Houtsma wrote:
Op 10-3-2010 1:44, Amos Jeffries schreef:
On Tue, 09 Mar 2010 21:42:42 +0100, Jan Houtsma <l...@houtsma.net> wrote:
  
Op 9-3-2010 21:37, Henrik Nordström schreef:
    
tis 2010-03-09 klockan 19:49 +0100 skrev Jan Houtsma:

  
      
Yes. The wget was from the squid server itself where using the proxy
        
it
  
fails, and using direct internet connection it works.
    
        
What does access.log say when it fails? Do the reported server address
match what you expect it to be for the requested host?
  
      
1268167273.909    250 192.168.1.16 TCP_MISS/503 4234 GET
http://www.google.com/ - DIRECT/www.google.com text/html

    
  
      
So when squid is forwarding the http-GET request it fails. But when
        
wget
  
itself sends the http-GET request it works.
    
        
Perhaps time to fire up wireshark to look at the traffic..

The error message received is very low level.. squid could not even
      
open
  
the TCP connection to the server.

Regards
Henrik

      
Yea, will do that
    
That log trace you showed had Squid attempting and failing to connect to
IPv6-google.
I would suspect a v6 routing failure here. Squid-3.1 has known bugs with
failover to IPv4 if IPv6 fails on a mixed-IP domain.
 Does the wget direct test you made from the Squid box use google IPv6
addresses for its succeeding connection?

Amos
  

Hi,

I agree! Then how can i prevent this? I also noticed mixed AAAA and A
records coming back from the resolver in the tcpdump traces. Is quid
confused? But i don't know if that could be the reason that squid fails
and succeeds when i press ^R within a few seconds after the first
failure..... If that is IP-v6 related what should i do? I guess i am not
the only person in the world that is using squid v3.1 on a fedora box. I
think it's strange that only i seem to have this symptom? It also only
started recently. Can it be that google made changed in DNS or that
squid was updated via yum? I do see squid was updated on both march 28
and on march 5 on my box.

Nov 25 20:39:57 Updated: 7:squid-3.0.STABLE10-1.fc10.x86_64
Dec 22 22:03:18 Updated: 7:squid-3.0.STABLE10-3.fc10.x86_64
Feb 28 16:19:57 Updated: 7:squid-3.1.0.16-6.fc12.x86_64               
<----- Google problem started to happen here???
Mar 05 14:38:11 Updated: 7:squid-3.1.0.17-3.fc12.x86_64

It could well be that it started on feb 28 when squid was bumped up to
version 3.1??


Most likely. 3.1 adds IPv6 support where 3.0 would not even try to use 
it. Henrik is the one who would know if the "-3" patched package fixes 
the related issues from 3.1.0.16.

I more suspect some blockage somewhere in the network, however. Squid is 
getting "cannot connect", which indicates something like a firewall or 
tunnel PMTU issue between Squid and google.

The squid internal issues I know of tend to show up as "cannot assign 
address", or "family not supported", or trying to contact a mangled 
v4-mapped address.

FWIW: We are happily receiving Google IPv6 here with the code about to 
be released as 3.1.0.18. Available in daily snapshots now.

Amos
--
Please be using
  Current Stable Squid 2.7.STABLE8 or 3.0.STABLE24
  Current Beta Squid 3.1.0.17