Skip to content

feat: dynamic address family selection via DescribeMountTargets#358

Closed
guessi wants to merge 1 commit into
aws:masterfrom
guessi:feat/dynamic-address-family
Closed

feat: dynamic address family selection via DescribeMountTargets#358
guessi wants to merge 1 commit into
aws:masterfrom
guessi:feat/dynamic-address-family

Conversation

@guessi

@guessi guessi commented Jun 25, 2026

Copy link
Copy Markdown

Closes #356

Problem

On dual-stack or NAT64 hosts, the OS resolver returns a DNS64-synthesized IPv6 address before the IPv4 address. efs-utils uses AF_UNSPEC, so the IPv6 address is selected and the NFS connection to port 2049 times out because EFS mount targets are IPv4-only today.

The previous approach (PR #357) used an opt-in prefer_ipv4 config flag. This is the wrong abstraction — efs-utils already has enough information (via DescribeMountTargets) to make the right choice automatically.

Change

Calls DescribeMountTargets to determine the actual IP family of the mount target and enforces it consistently in both the Python DNS pre-check and the Rust efs-proxy TCP connection establishment.

Address family mapping:

  • IpAddress present → AF_INET (IPv4)
  • Ipv6Address only → AF_INET6 (IPv6)
  • Feature disabled or API unavailable → AF_UNSPEC (original behavior)

A new config key dynamic_address_family_enabled = true (in efs-utils.conf) allows opting out of the API call to restore pre-3.x behavior.

Requires IAM actions:

  • elasticfilesystem:DescribeMountTargets
  • ec2:DescribeAvailabilityZones

If those actions are unavailable, efs-utils falls back to AF_UNSPEC automatically with no mount failure.

Testing

  • All existing Python and Rust tests pass
  • 7 new Python tests covering IPv4/IPv6/dual-stack MTs, no-efs-client, API error, feature-disabled, and address_family param forwarding
  • 3 new Rust tests for resolve_addr (IPv4 success, IPv6 success, IPv6-only address with IPv4 requested returns error)

@guessi guessi force-pushed the feat/dynamic-address-family branch 2 times, most recently from 22b29bb to e7fdae5 Compare June 25, 2026 04:43
Call DescribeMountTargets to determine the EFS mount target IP family
(IPv4/IPv6) and enforce it in both DNS resolution and efs-proxy TCP
connections. Falls back to AF_UNSPEC (OS resolver) when the feature is
disabled or the API call fails.

A new config key dynamic_address_family_enabled (default: true) allows
opting out of the API call to restore pre-3.x behavior.

Requires IAM actions:
  - elasticfilesystem:DescribeMountTargets
  - ec2:DescribeAvailabilityZones
@guessi guessi force-pushed the feat/dynamic-address-family branch from e7fdae5 to 96a7988 Compare June 25, 2026 04:44
@YangjinanHu

Copy link
Copy Markdown
Contributor

#356 - recommended creating IPv6/dualstack mount targets

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

EFS mount fails on dual-stack/NAT64 hosts: IPv6 address selected over IPv4, causing NFS timeout

2 participants