feat: dynamic address family selection via DescribeMountTargets#358
Closed
guessi wants to merge 1 commit into
Closed
feat: dynamic address family selection via DescribeMountTargets#358guessi wants to merge 1 commit into
guessi wants to merge 1 commit into
Conversation
22b29bb to
e7fdae5
Compare
Call DescribeMountTargets to determine the EFS mount target IP family (IPv4/IPv6) and enforce it in both DNS resolution and efs-proxy TCP connections. Falls back to AF_UNSPEC (OS resolver) when the feature is disabled or the API call fails. A new config key dynamic_address_family_enabled (default: true) allows opting out of the API call to restore pre-3.x behavior. Requires IAM actions: - elasticfilesystem:DescribeMountTargets - ec2:DescribeAvailabilityZones
e7fdae5 to
96a7988
Compare
Contributor
|
#356 - recommended creating IPv6/dualstack mount targets |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Closes #356
Problem
On dual-stack or NAT64 hosts, the OS resolver returns a DNS64-synthesized IPv6 address before the IPv4 address. efs-utils uses
AF_UNSPEC, so the IPv6 address is selected and the NFS connection to port 2049 times out because EFS mount targets are IPv4-only today.The previous approach (PR #357) used an opt-in
prefer_ipv4config flag. This is the wrong abstraction — efs-utils already has enough information (viaDescribeMountTargets) to make the right choice automatically.Change
Calls
DescribeMountTargetsto determine the actual IP family of the mount target and enforces it consistently in both the Python DNS pre-check and the Rust efs-proxy TCP connection establishment.Address family mapping:
IpAddresspresent →AF_INET(IPv4)Ipv6Addressonly →AF_INET6(IPv6)AF_UNSPEC(original behavior)A new config key
dynamic_address_family_enabled = true(inefs-utils.conf) allows opting out of the API call to restore pre-3.x behavior.Requires IAM actions:
elasticfilesystem:DescribeMountTargetsec2:DescribeAvailabilityZonesIf those actions are unavailable, efs-utils falls back to
AF_UNSPECautomatically with no mount failure.Testing
address_familyparam forwardingresolve_addr(IPv4 success, IPv6 success, IPv6-only address with IPv4 requested returns error)