Currently, if IPv6 is not responding, failover to IPv4 happens after a long delay. It would be good to implement happy eyeballs.
Prerequisite to this is:
- Make AAAA DNS request simultaneously with A DNS request
- Cache IPv6 that do not respond and needed of failover to IPv4
In short, the idea of Happy Eyeballs is to send an IPv6 SYN request, wait for a short period of time (from 150ms to 300ms) and then send IPv4 SYN. Whoever responds first with the ACK wins the race.
See RFC6555 or RFC8305 for more information on this.
Today with the McAfee Web Gateway version 7.7.2, we've experienced significant connection delay (between 3s and 2min) caused by the fallback to IPv4 when the IPv6 path and protocol are not working. This delay will certainly cause a worse user experience ...
Hope you are doing well.
Please refer below link for some information on this:-
Better user experience with DNS handling isavailable in 7.8.2 version:-
DNS handling has been improved for dual stack environments (IPv4/IPv6). DNS queries for A and AAAA records can be made simultaneously and the preferred answer can be used to connect to the server if it does not come later than the fallback IP address type version.
Thank you for your quick response.
Glad to hear that DNS handling has been improved for Dual-Stack environments. Somehow, I want to know what is the timeout configured on the MWG to fallback on the other IP address type version if the first one doesn't work ? It's a very important criteria since it affects the user experience.
Thanks for your response.
Glad to hear such good news. We've been waiting so long to see this improvement.
We'll test it in the production environment and will get back to you if we face any difficulties.
New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.
Thousands of customers use our Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership: