Skip to content

shared/tls: implement Happy Eyeballs (RFC 8305) in RFC3493Dialer#2753

Merged
stgraber merged 1 commit intolxc:mainfrom
johnae:main
Dec 16, 2025
Merged

shared/tls: implement Happy Eyeballs (RFC 8305) in RFC3493Dialer#2753
stgraber merged 1 commit intolxc:mainfrom
johnae:main

Conversation

@johnae
Copy link
Copy Markdown
Contributor

@johnae johnae commented Dec 12, 2025

The RFC3493Dialer function, before this, tried addresses sequentially with a 10-second timeout per address. This causes problems in dual-stack environments where one address family is unreachable:

  • If DNS returns IPv4 addresses first but IPv4 is unreachable (e.g., in IPv6-only environments), the dialer would spend 10+ seconds timing out on each IPv4 address before trying IPv6.
  • This exceeded typical HTTP client timeouts, causing connection failures even when IPv6 connectivity was available.
    For example, cluster-api-provider-incus would end up with Context Deadline Exceeded since it seems to have a 10-second timeout when fetching the list of images.

This change basically implements Happy Eyeballs (RFC 8305):

  1. Sort addresses with IPv6 first (RFC 8305 recommends preferring IPv6)
  2. Start connection attempts with a 250ms staggered delay (per RFC 8305)
  3. Return the first successful connection immediately
  4. Finally clean up unused connections

@johnae johnae requested a review from stgraber as a code owner December 12, 2025 14:20
@stgraber
Copy link
Copy Markdown
Member

stgraber commented Dec 12, 2025

Looks like your commit is missing the Signed-off-line that we need before we can review it.
Also static analysis is apparently failing, so a few more tweaks needed there before we can review this.

In general, I'm fine with happy eyeballs, though I remember us looking into this a while back and then not pursuing it so I'll want to refresh my memory for whether there was a strong technical reason to avoid it.

@johnae
Copy link
Copy Markdown
Contributor Author

johnae commented Dec 14, 2025

Thanks @stgraber - I've added the signed-off-by line now as requested.

stgraber
stgraber reviewed Dec 16, 2025
View reviewed changes
@stgraber stgraber force-pushed the main branch 2 times, most recently from 61cca53 to dbc2b9a Compare December 16, 2025 18:28
@johnae @stgraber
shared/tls: implement Happy Eyeballs (RFC 8305) in RFC3493Dialer
07852cf 
The RFC3493Dialer function, before this, tried addresses sequentially
with a 10-second timeout per address. This causes problems in dual-stack
environments where one address family is unreachable:

- If DNS returns IPv4 addresses first but IPv4 is unreachable (e.g., in
  IPv6-only environments), the dialer would spend 10+ seconds timing out
  on each IPv4 address before trying IPv6.
- This exceeded typical HTTP client timeouts, causing connection failures
  even when IPv6 connectivity was available.

This change implements Happy Eyeballs (RFC 8305):

1. Sort addresses with IPv6 first (RFC 8305 recommends preferring IPv6)
2. Start connection attempts with a 250ms staggered delay (per RFC 8305)
3. Return the first successful connection immediately
4. Finally clean up unused connections

Signed-off-by: John Axel Eriksson <[email protected]>
@stgraber stgraber merged commit 63c121b into lxc:main Dec 16, 2025
55 of 56 checks passed
@stgraber
Copy link
Copy Markdown
Member

stgraber commented Dec 16, 2025

Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@stgraber stgraber stgraber left review comments

Assignees

No one assigned

Labels

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@johnae @stgraber