工单节点使用指南
• 请用平和的语言准确描述你所遇到的问题
• 厂商的技术支持和你一样也是有喜怒哀乐的普通人类,尊重是相互的
• 如果是关于 V2EX 本身的问题反馈,请使用 反馈 节点
这是一个创建于 1250 天前的主题,其中的信息可能已经有所发展或是发生改变。
IPv6 访问超时
~$ curl https://www.zhihu.com -v --ipv6
* Trying 240e:978:5404:0:35:::443...
* TCP_NODELAY set
* Connected to www.zhihu.com (240e:978:5404:0:35::) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
(无响应)
~$ curl https://www.zhihu.com -v --ipv6 --tls-max 1.2
* Trying 240e:978:5404:0:38:::443...
* TCP_NODELAY set
* Connected to www.zhihu.com (240e:978:5404:0:38::) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: /etc/ssl/certs
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
(无响应)
IPv4 正常
~$ curl https://www.zhihu.com -v --ipv4
* Trying 180.101.217.181:443...
* TCP_NODELAY set
* Connected to www.zhihu.com (180.101.217.181) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* ALPN, server accepted to use h2
* Server certificate:
* subject: C=CN; ST=\U5317\U4EAC\U5E02; O=\U667A\U8005\U56DB\U6D77\UFF08\U5317\U4EAC\UFF09\U6280\U672F\U6709\U9650\U516C\U53F8; CN=*.zhihu.com
* start date: Nov 25 00:00:00 2020 GMT
* expire date: Dec 26 23:59:59 2021 GMT
* subjectAltName: host "www.zhihu.com" matched cert's "*.zhihu.com"
* issuer: C=US; O=DigiCert Inc; OU=www.digicert.com; CN=GeoTrust CN RSA CA G1
* SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x56553628ae10)
> GET / HTTP/2
> Host: www.zhihu.com
> user-agent: curl/7.68.0
> accept: */*
>
* Connection state changed (MAX_CONCURRENT_STREAMS == 128)!
< HTTP/2 302
< server: CLOUD ELB 1.0.0
< date: Sun, 06 Jun 2021 14:51:06 GMT
< content-type: text/html; charset=utf-8
< set-cookie: _zap=<???>; path=/; expires=Tue, 06 Jun 2023 14:51:06 GMT; domain=.zhihu.com
< location: //www.zhihu.com/signin?next=%2F
< x-backend-response: 0.032
< pragma: no-cache
< vary: Accept-Encoding
< referrer-policy: no-referrer-when-downgrade
< x-secng-response: 0.03499<???>
< set-cookie: _xsrf=<???>; path=/; domain=zhihu.com; expires=Thu, 23-Nov-23 14:51:06 GMT
< x-lb-timing: 0.035
< x-idc-id: 2
< set-cookie: KLBRSID=<???>; Path=/
< cache-control: private, must-revalidate, no-cache, no-store, max-age=0
< content-length: 93
< x-nws-log-uuid: <???>
< x-cache-lookup: Cache Miss
< x-edge-timing: 0.064
< x-cdn-provider: tencent
<
* Connection #0 to host www.zhihu.com left intact
Redirecting to <a href="//www.zhihu.com/signin?next=%2F">//www.zhihu.com/signin?next=%2F</a>.
DNS 查询
~$ dig www.zhihu.com aaaa @240e:5a::6666
; <<>> DiG 9.16.1-Ubuntu <<>> www.zhihu.com aaaa @240e:5a::6666
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57073
;; flags: qr rd ra; QUERY: 1, ANSWER: 11, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;www.zhihu.com. IN AAAA
;; ANSWER SECTION:
www.zhihu.com. 8 IN CNAME www.zhihu.com.ipv6.dsa.dnsv1.com.
www.zhihu.com.ipv6.dsa.dnsv1.com. 135 IN CNAME 1595096.sched.d0-dk.tdnsv5.com.
1595096.sched.d0-dk.tdnsv5.com. 8 IN AAAA 240e:978:5404:0:35::
1595096.sched.d0-dk.tdnsv5.com. 8 IN AAAA 240e:978:5404:0:33::
1595096.sched.d0-dk.tdnsv5.com. 8 IN AAAA 240e:978:5404:0:3b::
1595096.sched.d0-dk.tdnsv5.com. 8 IN AAAA 240e:978:30a:7:2d::
1595096.sched.d0-dk.tdnsv5.com. 8 IN AAAA 240e:978:5404:0:39::
1595096.sched.d0-dk.tdnsv5.com. 8 IN AAAA 240e:978:5404:0:38::
1595096.sched.d0-dk.tdnsv5.com. 8 IN AAAA 240e:978:a08:2:3b::
1595096.sched.d0-dk.tdnsv5.com. 8 IN AAAA 240e:978:a08:2:2a::
1595096.sched.d0-dk.tdnsv5.com. 8 IN AAAA 240e:978:5404:0:36::
;; Query time: 8 msec
;; SERVER: 240e:5a::6666#53(240e:5a::6666)
;; WHEN: Sun Jun 06 14:54:26 UTC 2021
;; MSG SIZE rcvd: 367
 |
1
wdlth 2021-06-06 23:52:36 +08:00
可以看看路由器的 MTU 是不是 1280,有时候电信宽带用 IPv6 访问一些 CDN 的服务器也不通,然后静态资源出不来……
|
 |
2
haoxingxing OP |
 |
3
yangyang 2021-06-07 08:37:05 +08:00
我前段时间发现无法访问知乎,IPv6 关了就行了,大概也是这问题。
提交 bug 给知乎他们没理我,那就算了 |
 |
4
xiaoyeziyuan 2021-06-07 11:43:29 +08:00
大佬们,跟动静态加速云厂商沟通修复了下,再看下还有问题么?
|
 |
5
tankren 2021-06-07 14:09:48 +08:00
MSS 设置在哪
|
|
6
tankren 2021-06-07 14:14:22 +08:00
我这边的 CDN 是 2408:873c:8010:3:3e:::443, 你改一下 hosts 试试什么反应, 有可能是节点的问题
|
|
7
haoxingxing OP @xiaoyeziyuan 问题仍然存在,没有变化
|
 |
8
EGOISTK21 2021-06-27 17:59:05 +08:00 via iPhone
|
|
9
EGOISTK21 2021-07-03 17:22:30 +08:00 via iPhone
杭州电信,已恢复
|
|
10
haoxingxing OP |
|
11
haoxingxing OP /ipv6 nd set mtu=1492 0
|
 |
12
tingshow163 2023-03-10 23:54:33 +08:00
PPPOE 环境下(通常指家宽),ROS 需求在 IPv6 防火墙上修改 mss 为 1432 (通常都是这样,详细的可以看 https://lyincc.com/tech/access-to-ipv6/)。
命令如下( ROSv7 ): /ipv6/firewall/mangle/add chain=forward action=change-mss new-mss=1432 passthrough=yes protocol=tcp tcp-flags=syn out-interface=pppoe-out1 log=no log-prefix="" out-interface 选择 pppoe 拨号的虚拟网卡,默认情况下都是 pppoe-out1 |
Select Language