Happy Eyeballs

by Craig Miller

DNS

Adafruit Happy Eyeballs

Why do we need it?

Humans like speed, especially when it comes to the internet. Happy Eyeballs gives us the fastest content to our web browser, choosing either IPv4 or IPv6, whichever is faster.

Because speed is king.

What is Happy Eyeballs?

It refers to an algorithm that will try to make connections to web content using multiple addresses over both IPv4 and IPv6, and use that which returns the fastest. It was standardized by RFC 6555 in 2012, and later updated in 2017 by the current standard RFC 8305. From RFC 8305:

Since specific addresses or address families (IPv4
or IPv6) may be blocked, broken, or sub-optimal on a network, clients
that attempt multiple connections in parallel have a chance of
establishing a connection more quickly.

Happy Eyeballs requests

Making Multiple requests over IPv6 & IPv4

How does Happy Eyeballs work?

Many websites will have multiple DNS entiries. This done for many reasons, some of them cited in RFC 8305. For example running host against cnn.com will yield:

$ host cnn.com
cnn.com has address 151.101.1.67
cnn.com has address 151.101.129.67
cnn.com has address 151.101.65.67
cnn.com has address 151.101.193.67
cnn.com has IPv6 address 2a04:4e42:400::323
cnn.com has IPv6 address 2a04:4e42:200::323
cnn.com has IPv6 address 2a04:4e42:600::323
cnn.com has IPv6 address 2a04:4e42::323

The Happy Eyeballs algorithm approach has several distinct phases:

  1. Initiation of asynchronous DNS queries

  2. Sorting of resolved destination addresses

  3. Initiation of asynchronous connection attempts

  4. Establishment of one connection, which cancels all other attempts

Initiation of asynchronous DNS queries

As seen, DNS entries for a host can have multiple addresses, both for IPv4 and IPv6. The client will make a AAAA request, followed immediately by an A request. Happy Eyeballs, says the client must attempt to make a connection to the first IP address that is returned, regardless of address family.

Additionally, if there are multiple DNS servers configured on the host (very common in a dual-stack set up), then the client will make the AAAA and A requests to each of the DNS servers, using the IPv6 addresses first.

Sorting of resolved destination addresses

Once the client receives all the answers from the DNS server(s), it will sort them into a list based on the Destination Address selection from RFC 6724. These include some of the following:

Since this phase is all internal to the client, it is rather quick.

Initiation of asynchronous connection attempts

Now that the list of which addresses should be contacted, the race is on. The client will imitate TCP connections starting from the top of the list on down. RFC 8305 suggests a delay of 250 miliseconds (aka Connection Attempt Delay) should be used.

Establishment of one connection, which cancels all other attempts

Once the TCP 3-way-handshake is complete on one of the connections, all others still in a TCP incomplete state should be cancelled.

1. Hands On - Use cURL with Happy Eyeballs

Use the following command:

time curl --happy-eyeballs-timeout-ms 50 --trace-ascii /tmp/debug  http://api64.ipify.org

Then examine the curl debug log:

more /tmp/debug

Discuss the following:











The Problem with Happy Eyeballs

The good news is that at the cost of some extra network traffic (in DNS lookups and extra TCP-SYN packets), content can be retrieved faster, and thus displayed faster on a modern web browser.

However, the biggest problem with Happy Eyeballs is that it hides network problems. You network may have connectivity issues in IPv4 or IPv6, and Happy Eyeballs will happily use the other protocol.

Why is this a problem? Because not all protocols use the Happy Eyeballs approach. For example, printer services. You web might work, but you can't print. Another common application which does not use Happy Eyeballs is ssh.

Don't assume because the Web works, that the network is working.

2. Hands On/Demo - cURL with Happy Eyeballs hides network problems

NOTE: one must have a dual-stack network for this lab.

On your router, disable IP Masquerading (NAT) on the WAN interface. This will break IPv4 on the outbound packets, as they will no longer be NAT-ed.

As before, use the following command:

time curl --happy-eyeballs-timeout-ms 50 --trace-ascii /tmp/debug  http://api64.ipify.org

Then examine the curl debug log:

more /tmp/debug

Discuss the following:

After discussion, re-enable IP Masquerading (NAT) on your router.











Testing Happy Eyeballs

Because modern browsers support Happy Eyeballs, the easiest place to test is on your own browser. There are many websites which will do this, one is he.test-ipv6.com.

Where doesn't Happy Eyeballs work?

But Happy Eyeballs isn't any help in certain network environments. Happy Eyeballs relies on the ability to race between two (or more) different paths. When there is only one path to the destination site, there can be no race.

For the most part, as a web user, you don't have any control of these single path situations. As a Network Designer, you have some control.

Common single path environments are:

Most websites currently resolve to a single IPv4 and a single IPv6 address. Having a IPv4/6-only network, usually results in a single path to the website.

Summary

Happy Eyeballs is a method by which content is delivered faster to modern browsers (Firefox, Chrome, etc). It works well in Dual-Stack networks, but it also adds additional network traffic (multiple DNS lookups, multiple TCP SYNs) as well as CPU cycles to run the algorithm.

Happy Eyeballs gives us faster content, but, it also hides network problems, and doesn't add any value in single protocol networks.

Additional Info:


24 November 2020