What's new
  • As of today ICMag has his own Discord server. In this Discord server you can chat, talk with eachother, listen to music, share stories and pictures...and much more. Join now and let's grow together! Join ICMag Discord here! More details in this thread here: here.

Website slow due to IPv6 (and a workaround)

doc_loomis

Well-known member
Hi guys.

As many of you, including myself, experience issues with the slow loading website, I did some investigation. It seems it's related to the IPv6 endpoint.
Many of you will be using dual stack with both IPv4 and IPv6 enabled. ICMAG also offers both, IPv4 and IPv6 endpoints.
Now, the is a technique in dual stack that will send requests to both the IPv4 and IPv6 endpoint and pick whichever answers first, slightly preferring IPv6. I don't want to go to deep into detail, for the interested google for "happy eyeballs".

Now, when we hit the v6 endpoint, it is incredibly slow, as the curl output below shows (it might seem a little cryptic if you're not working in IT, but I guess the admins will understand). As some of you might wonder why this happens only sometimes, DNS has a caching mechanism. It prevents clients from asking the DNS server for an IP over and over, when those IPs usually don't change very often.
So the owner of a domain, in this case icmag, can set a so called TTL (time to live). This is set to 300 seconds for icmag.com. So if you're lucky with your first request to icmag.com, and you hit the IPv4 endpoint, you'll have 5 minutes of joy. If you hit the IPv6, you'll have at least 5 minutes of poor performance. Until the TTL on your local machine expires, the client asks for DNS resolution again, and so on.

See the 300 in the answer section, that's the TTL.
Code:
$ dig icmag.com @8.8.8.8
[...]
;; ANSWER SECTION:
icmag.com.        300    IN    A    188.114.96.7
icmag.com.        300    IN    A    188.114.97.7
[...]

IPv6
Here's a request to the IPv6 endpoint, notice the --resolve option to curl, and the Connected to line. Also, the third to last line, which shows the total time it took (20 seconds). I edited out the uninteresting bits.

Code:
$ time curl -v -o /dev/null "https://www.icmag.com/js/vendor/jquery/jquery-3.5.1.min.js?_v=9af17e8a" --resolve 'www.icmag.com:443:2a06:98c1:3121::7'

* Added www.icmag.com:443:2a06:98c1:3121::7 to DNS cache
* Hostname www.icmag.com was found in DNS cache
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
*   Trying [2a06:98c1:3121::7]:443...
* Connected to www.icmag.com (2a06:98c1:3121::7) port 443
[...]
{ [1360 bytes data]
100 89476  100 89476    0     0   4438      0  0:00:20  0:00:20 --:--:--  4314
* Connection #0 to host www.icmag.com left intact

real    0m20,182s
user    0m0,059s
sys    0m0,026s

IPv4
The same request to the IPv4 endpoint takes only half a second to complete:



Code:
$ time curl -v -o /dev/null "https://www.icmag.com/js/vendor/jquery/jquery-3.5.1.min.js?_v=9af17e8a" --resolve 'www.icmag.com:443:188.114.96.7'
* Added www.icmag.com:443:188.114.96.7 to DNS cache
* Hostname www.icmag.com was found in DNS cache
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
*   Trying 188.114.96.7:443...
* Connected to www.icmag.com (188.114.96.7) port 443
[...]
{ [5467 bytes data]
100 89476  100 89476    0     0   150k      0 --:--:-- --:--:-- --:--:--  150k
* Connection #0 to host www.icmag.com left intact

real    0m0,597s
user    0m0,053s
sys    0m0,018s


Workaround
I disabled IPv6 and the website is fast and snappy. But that's not a desirable solution, obviously, so only suited for a quick test. If you're a linux user, you can disable IPv6 for an interface with (as root, and obviously change the wlp0s20f3 to the identifier of your interface)
Code:
sysctl -w net.ipv6.conf.wlp0s20f3.disable_ipv6=1
This change is not persistent, and will be gone after a reboot. You can google how to make it persistent, if you like.

The less invasive option is to add a hosts entry to your /etc/hosts, like:
Code:
188.114.97.7 www.icmag.com icmag.com
That's also suitable for Mac users. That's what I do right now, with the downside, that you'll have to remember it in case the IPs do change for some reason.
I think adding a hosts entry is also possible in Windows, but I haven't touched it in 20 years, so I don't know how to do it there.
*edit* HERE is a howto for windows users.

Explanation
If you add a hosts entry, it will tell your computer to bypass the DNS lookup, and use the IP you configured to resolve requests to icmag.com, thus not seeing the IPv6 and not hitting the IPv6 endpoint. This is the least invasive option for a workaround. But note the downside: You will have to remember it, and you will have to edit it in case the IPs for icmag change. Usually this doesn't happen very often, but it might.


@admins of icmag
I'm a devops/cloud/sre freelancer and happy to assist in debugging, if necessary. Feel free to reach out. It would be nice to find a solution for this, as disabling IPv6 isn't desirable and I couldn't find an extension, that will disable either happy eyeballs or v6 DNS lookups for a certain website. So for now, a static /etc/hosts entry it is for me :/

EDIT
I have noticed this issue on different websites using cloudflare in the meanwhile as well.
Also, here's an issue report on the cloudflare forum.
 
Last edited:

Chills

Well-known member
Hi doc_loomis and icmag- team,

i'm also having massive issues with loading time on icmag.com. Is there any way to solve this with browser apps or settings?
Your solution doc_loomis is a bit to tecnical for me and wouldn't work with android i guess? Maybe someone has fixed this already and can help me with thiss issue? (Stone age man compatible) 😁

Thx alot
 

exploziv

pure dynamite
Administrator
Veteran
Hello, I noticed it's slow at times starting yesterday as well. Now that I know it's not just for me and that's the possible cause I will contact the hosting company to work a solution that will help up all.
Thank you everyone for the info and hope to comeback with good news as soon as possible!
 
Last edited:

doc_loomis

Well-known member
Your solution doc_loomis is a bit to tecnical for me and wouldn't work with android i guess? Maybe someone has fixed this already and can help me with thiss issue
Hey Chills,

You could look for a free proxy server, and configure that. Usually they only support IPv4, and thus you could workaround this issue that way. There are browser extensions for proxies and you can also configure a proxy on your android. It's more a matter of finding a proxy provider, that you trust.

That said, today I'm also having trouble with the IPv4 endpoint. As icmag (or icmags provider) is using cloudflares free plan, and there are many websites going through the same loadbalancers, it could very well be high traffic on some other site, that's causing icmag to be slow.
 

Ca++

Well-known member
Oh.. IC is back. I thought it was lost to that security nonsense that can't complete in time. 59 notifications to deal with now. Jeez, I might log back out instead lol

The CloudFlare really sucks.
 

Ca++

Well-known member
Hey @Ca++ , do you have anymore problems getting in?
I was out for a bit as you know, but that seemed to clear for a while. Than what feels like 2 weeks ago (I would have to look at post history) I was out again. I was trying a lot, as there is no other cannabis site I'm interested in. Just a couple of days ago I fell asleep to wake finding CloudFlare still going around in circles hours later. Then I finally gave up for a couple of days, but just had a feeling I should try again. I didn't even see CloudFlare question me today. Or I would of closed the page. The moment I see it, I pretty much know it's game over. It just can't complete. It hangs. Says it's taking too long, and starts again.

Edit: 16 days to get back in. Though I didn't try over the weekend.
 

exploziv

pure dynamite
Administrator
Veteran
If you are on a free proxy/tor network please try changing nodes if this ever happens again. They are used for spamand other shit by many so they get tagged as dangerous and they get denied access. Also, if you ever have any problems, please shoot an email at [email protected] . We for sure want to know if anyone has any trouble getting in or if there are any unusual load speed problems.
We can't disable or dial back Cloudflare anymore cause that opens us up for attacks. It's the reason we had to get it, they didn't managed to get in, but the attacks were slowing us down for everyone.
Thank you for the info, and hope you won't have any more problems!
 

Ca++

Well-known member
It has a list of all TOR exit nodes, it refreshes every hour. It will see an attack from one, as from all. A new IP has never worked. In connections is a TOR box though. It makes it handle TOR users differently. I think it can even work as a node for them. It uses standard rules, but custom once can be applied. I'm guessing things like speed of navigation highlight bots. What I'm seeing looks like blanket treatment of all nodes, not the AI based approach from ticking the box.

This page was the slowest load by far today. It's been okay, but this was over 30 seconds. It's hanging on the 3rd party website, fontawesome. Where I have to get the 'kit' from, for the non standard character sets (smiles and such I think). I'm diverted there often, and it's damn slow. The kit can be taken from them once built, and added here. That's how it's usually speeded up, as they don't want to keep serving it. My browser won't keep it though. It's 3rd party loading.
 

doc_loomis

Well-known member
Same for me, it is very slow. Usually, the first request is answered in a timely manner, but everything thereafter is really really slow. Feels like some sort of request limit/quota or so.

And the IPv6 endpoint doesn't work at all anymore. Seems the DNS entry changed and it's pointing to non existing/not answering servers. Or is that how you solved the IPv6 issue in the first place? ^^

Code:
$ dig +short -t AAAA icmag.com
2a06:98c1:3120::3
2a06:98c1:3121::3

$ time curl -o /dev/null "https://www.icmag.com/js/vendor/jquery/jquery-3.5.1.min.js?_v=9af17e8a" --resolve 'www.icmag.com:443:2a06:98c1:3121::3'
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
curl: (7) Failed to connect to www.icmag.com port 443 after 1 ms: Couldn't connect to server

$ time curl -o /dev/null "https://www.icmag.com/js/vendor/jquery/jquery-3.5.1.min.js?_v=9af17e8a" --resolve 'www.icmag.com:443:2a06:98c1:3120::3'
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
curl: (7) Failed to connect to www.icmag.com port 443 after 0 ms: Couldn't connect to server
 

doc_loomis

Well-known member
The experience is bad again. I even got a 502 bad gateway today.

1719842682942.png
 

Chills

Well-known member
Same for me. Bad gateway and again very slow. Sometimes it works better for about 5-10 Minutes if i go through googlesearch to icmag or i have to close and reopen my browser. But thats just my amateurish actions...
 

doc_loomis

Well-known member
Yeah, it feels like there is a faulty/high load backend server, that's being hit sometimes. Guess you're doing round robin on the loadbalancer? Some request are fast and snappy, others take ages, that's just my educated guess :)
 
Top