New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
No IPv4 fallback and no error reporting on failed connection #280
Comments
Just for clarity, what does "an incorrect IP" mean here? One where connecting times out? I am am puzzled as to the lack of error. Do you get the same issue installing and importing |
Just double-checked the exact setup: I had it set up to point at an IPv6 address that accepts connections on :80 and :443 (try it yourself: 2a01:4f8:d1:3aa1::666). That is the IP of a firewall that proxies requests using HAProxy on IPv4, but not on IPv6. I currently don't have time to try it out with |
Update: Interestingly, just using If necessary, I can restore sentry to the failing DNS setup for a day and provide you with an account and project so you can play with it (you can find my contact details on the domain linked above if you don't want to post your eMail address publicly). |
I'm able to fetch from that URL with both requests and raw urllib3. A test account would be great! My email is |
You should have received an invite, and I also just updated the DNS to once again use the settings that created these issues for me. I also created a project for you in my sentry to play with. If you cannot reproduce with external machines, let me know - the issues occured when machines behind the same firewall attempted to communicate with sentry, so the situation may be more complex than a simple IPv6-to-4 fallback (although removing the AAAA record has fixed the issues, so it has to be something related to that). |
WFM, and I am pretty sure I have no working IPv6 🤷♂️ https://sentry.maass.xyz/sentry/sdk-testing/issues/7341/ idk what's going on tbh. Might try different machines in the same network. |
btw urllib3 already has an ipv6 fallback for this, from what I can tell by looking through their issues. |
I'll test it again this evening and will post the most detailed logs I can get my hands on. |
Wait, you have no working IPv6? In that case, it would be expected to work, as it only uses v4 then. |
This is the log I get from the code in the original issue using Python 3.5.2. As you can see in sentry, no issue was created. The VM the code was running on has an IPv4 and IPv6 connection to the outside world, and both work (i.e., $ pip freeze
certifi==2018.11.29
pkg-resources==0.0.0
sentry-sdk==0.7.6
urllib3==1.24.1 If you know a way to make urllib3 output useful logs, let me know. |
I just sent an event on a remote server with working ipv6 and ipv4 (same urllib3 version). Please check |
$ curl -6 -v http://sentry.maass.xyz/
* Trying 2a01:4f8:d1:3aa1::666...
* connect to 2a01:4f8:d1:3aa1::666 port 80 failed: Keine Route zum Zielrechner
* Failed to connect to sentry.maass.xyz port 80: Keine Route zum Zielrechner
* Closing connection 0
curl: (7) Failed to connect to sentry.maass.xyz port 80: Keine Route zum Zielrechner Hm, then it seems to be related to how our firewall handles internal connections, if it works from outside (don't have an IPv6-speaking device ready outside of that NAT). I guess this makes it less of a sentry problem than a configuration problem on our end. However, I still think that the sentry logs in debug mode should reflect that the message could not be sent, and ideally contain the error that occured. I'd be happy to be a guinea pig to test any code that adds this functionality on my broken setup. |
@malexmave I just got reminded by the weekly report that your Sentry instance sends: Is this still an issue for you? |
Since I removed the v6 record again after this test, currently everything runs fine, but since I did not update anything, I would assume it would still break again if I re-added the AAAA record. As I said, I'd be happy to test any patches that make the fallback to IPv4 more robust / improve the logging of errors in this setup. |
@malexmave cool. fwiw I don't have a way to repro this... I tried this on uberspace.de which supposedly has ipv6 support all the way, but didn't find issues. |
Do you mind if I just close this? It seems not very actionable to me in its current state. A missing error during debug mode would be a bug but then I don't know how to reproduce the part where urllib3 swallows all errors. |
The setup is a bit more complicated than simple v6 support. The situation is the following: Sentry is running in a VM in a NATted network behind a firewall. The firewall uses HAProxy to terminate TLS connections and forward the contents to the correct VM. If connections come from outside the VM NAT network, they work fine on v4 and v6. If they come from a different VM inside the NATted network, they are lost at the firewall due to a misconfiguration (as I learned when I talked to the server admin). So, the issue here is less the fact that in this specific setup, the messages don't get through, and more the fact that no log message indicates that the connection failed. |
If you want to play with this specific setup, I could probably get you a VM with SSH access. If you think that this is too specific to warrant your time, or if you suspect that the error lies in urllib and not sentry, I'd also be fine with closing this issue without a fix. |
I'm trying to gauge how many people are affected by this issue. Let's keep this open for now. One last question: Could you try installing different versions of urllib3? You mentioned earlier that requests works fine. Does this also mean that it behaves/errors as expected when neither IPv6 nor IPv4 work in your specific (mis)configuration? I believe there might be discrepancies between the version used by requests vs the one used by the SDK. For example one might use a urllib3 provided by your Linux distro (distros are often happy to violently patch things) while the other installs from PyPI. |
I have a similar issue with the latest version of sentry_sdk with self-managed sentry service.
This is the code which initializes my sentry. It works good with sentry.io. Wondering what could be the issue. duplicate issue #399
|
@sreedharbukya this issue is about something very specific in the HTTP library we're using, so I wouldn't call this the same issue just because the symptoms are |
This issue has gone three weeks without activity. In another week, I will close it. But! If you comment or otherwise update it, I will reset the clock, and if you label it "A weed is but an unloved flower." ― Ella Wheeler Wilcox 🥀 |
As this is a very old issue, and it seems to be very specific to a certain network setup and thus not affecting a lot of users, I think it is save to close this issue. If you come across this issue and what to help fixing this, please create a new Issue and link to this one. Thanks! |
If you self-host a sentry instance and have a broken IPv6 setup on the server (i.e., you have an AAAA record set up for the domain, but it points at the wrong IP), but a working IPv4 setup, sentry-python will attempt to deliver the issue via IPv6 (if the network supports it), fail, and not retry with IPv4.
If this isn't intended behavior, I would recommend implementing an IPv4 fallback. At a minimum, it would be nice if the system would report an error if the connection failed - even with debug enabled, the log does not indicate that the connection failed, and is more or less indistinguishable from a log where the reporting worked.
In my eyes, an IPv4 fallback would be desirable either way, because some places have broken IPv6 networks (they provide v6 IPs, but do not let them access the internet). This is another scenario where the robustness of reporting would be improved with a v4 fallback.
Steps to reproduce:
A
record, butAAAA
record pointing at an incorrect IPThe text was updated successfully, but these errors were encountered: