-
Notifications
You must be signed in to change notification settings - Fork 935
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Packages cannot be downloaded on IPv6-only networks #15277
Comments
+1 Important as AWS is going to start charging for IPv4 addresses and already (over)charges a lot for NAT gateways. |
I think there are issues even if you're on an IPv4+IPv6 network which has machines that prefer IPv6. We have some self-hosted GitHub runners and once we enabled IPv6 and the hosts had Ubuntu 22.04 as the base (which prefers IPv6 traffic by default) we saw some Python-related jobs start to take 10x more runtime than earlier. The delays were related to sudden stops in the runs in Python package installations taking several minutes, instead of seconds as earlier. We did some trials on this and once we updated the This article might be of use to others as well: |
Can folks provide the results of the following commands on machines that hare having trouble connecting via IPv6?
|
Of course we can. These are from a machine hooked up to Google fiber in Texas, USA. traceroute6
Hmmh... Not sure how useful that is? curlWell,
and it gets stuck there for several minutes... It then continues:
I think that proves there's a problem somewhere. opensslSimilar story here, it gets stuck. It's actually not printing out anything.
When running the 2nd time, it finished in <1 second. 3rd time, stuck again, etc. Completely random behaviour - sometimes <1 second, sometimes minutes. SummaryConnection problem, but where? Let's get some alternative results from a machine hooked up via DNA cable modem in Oulu, Finland. traceroute
curlThis comes in <1 second.
opensslThis comes in <1 second.
This also comes consistently at <1 second in Oulu, Finland. Repeated >10 times. ConclusionWe might have been barking up the wrong tree alltogether, the issue is possibly elsewhere than pypi.org? |
This is a fun experiment.
In Oulu I get that 100 repeats in:
In the Texas Google fibre machine it's still running it (and this is 3 hours ago already). |
At least for my original problem, pypi.org is the wrong target. files.pythonhosted.org is the correct one. And traceroute / curl won't work because it's an DNS problem or rather an authoritative DNS server not having IPv6 problem.
You'll notice that they use different domains: fastly.net and fastlydns.net.
The solution seems easy: move to the other DNS server. |
Looks like broken IPv6. Is |
and
plus the traceroute:
Work as far as I can tell. |
Then you should ask your provider. |
Who should ask? People responsible for the pypi.org DNS or files.pythonhosted.org? Or me and my colleagues? I'm not sure I understand your reply.
and
Results for the
Is nothing - both in Oulu, FIN and Texas, USA - same as yours @jenslink. For the other one, in Oulu, FI:
and in Texas, USA:
Slightly different output. |
My first guess: Google Fiber as you can't connect from there. You can also try running We have totally different problems. Mine a sever not speaking IPv6 yours looks like a routing problem. |
Hi folks; wearing my Fastly hat: @jenslink is right, there are two separate issues being discussed here. The first issue is that the python names are served from the fastly.net zone, and the fastly.net zone has v4-only nameserver addresses. We don’t publish v6 addresses for that zone. The fastlydns.net zone on the other hand does have dual-stacked nameservers, and we can create a new configuration in that zone that Python can point into. We've opened a ticket internally to start that work, and then Python will be able to either create a new name or point an existing name into the fastlydns zone. The second issue does look like some intermittent routing issue with Google Fiber. I'm afraid I have no insight into the Google Fiber network, but I ran traceroutes to a few Fastly targets from that network using RIPE Atlas probes, and they have reachability. In order to remove the ambiguities from resolving domain names, IPs that you ought to be able to reach Python's services on include:
Chances are that if |
@sdstrowes - Google Fibre, Texas, USA results are interesting and very, very inconclusive - but clearly show there's an issue.
Some of the addresses fail consistently, some of them fail randomly. However, if I run this from Oulu, Finland - the results aren't much better.
Running the traceroute once gives you no idea if it really works. I've run them now multiple times and if you run the traceroute 10 times to each address, then I have zero 100% working addresses. They are all unstable. |
Example of one case, 5 times to the 1st address.
It is taking different routes... |
Aware this thread is going quite far off-topic from the original query. When traceroute calls So in the first two traceroutes pasted above, something's possibly not right locally, possibly even changed during the first traceroute. I'd only be guessing about the issue but I'd consider looking at the router advertisements you're getting from your local router, and perhaps engaging in the google fiber community forums or contacting the ISP themselves to debug. Note that if your local routing really is unstable somehow, your local routing could change during a traceroute, which can make interpretation tricky. I wonder actually what something like That said, the three complete traceroutes all show google fiber & fastly addresses only; those indicate that when the host does have a route, things are good. |
Posted by @jenslink on the pip tracker (pypa/pip#12486), moved here:
The text was updated successfully, but these errors were encountered: