Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 | 3 | 4


294 posts

Ultimate Geek
+1 received by user: 44

Lifetime subscriber

  Reply # 1628966 13-Sep-2016 22:45
Send private message

solutionz:

 

See: http://stackoverflow.com/questions/20080577/cant-access-cloudfront-and-fastly-files-web-sites-not-loading

 

I think it's because of LSN (or NAT444, CGN) that installed in ISP network.
(ISP don't want customers to notice this change.)

 

My ISP recently deploy LSN short before this problem arise.
I think IP address pool in LSN is too small (poorly deploy by ISP) so too many users share the same IP address.

 

this cause CDN networks to think they got DOS attack from particular IP address.
then CDN networks will temporary block (or null route) the LSN IP address.

 

 

 

 

 

The way I read it, it should only affect CGNAT. Given that I have a static IP I'm not supposed to CGNAT'd and I can actually connect to my home network via said IP.

 

But if I were CGNAT'd that would be exactly what I'd think.

 

 

 

yitz: Even with static IP, I still think it's to do with your IP being blacklisted somewhere on BigPipe's end. Does your modem/router have a ping facility in its web admin you can try? What does a successful tracert look like? What about to 202.162.72.2 or a site you able to access.

 

tracert to 202.162.72.2 looks the same as to 202.162.73.2 (trademe)

 

Successful tracert:

 

 

 

PS C:\WINDOWS\system32> tracert 8.8.8.8

 

Tracing route to google-public-dns-a.google.com [8.8.8.8]
over a maximum of 30 hops:

 

1 1 ms 1 ms 1 ms router [192.168.88.1]
2 24 ms 24 ms 23 ms 210.54.34.1
3 24 ms 23 ms 23 ms 122.56.60.68
4 23 ms 22 ms 24 ms 122.56.60.69
5 22 ms 22 ms 22 ms ae11-201.akbr6.global-gateway.net.nz [122.56.118.145]
6 26 ms 22 ms 23 ms ae5-2.akbr7.global-gateway.net.nz [210.55.202.213]
7 45 ms 47 ms 46 ms xe0-0-1.sgbr3.global-gateway.net.nz [202.50.232.110]
8 47 ms 46 ms 46 ms ae2-10.sgbr4.global-gateway.net.nz [202.50.232.246]
9 48 ms 47 ms 50 ms google-gsw.sgbr4.global-gateway.net.nz [202.50.237.198]
10 47 ms 47 ms 47 ms 72.14.237.11
11 46 ms 46 ms 46 ms 216.239.40.255
12 47 ms 47 ms 46 ms google-public-dns-a.google.com [8.8.8.8]

 

Trace complete.

 

 

 

 

 

Ping from the router works!!!

 

 

Traceroute from router looks this way:

 

 

As you can see it uses a different route!!!

 

What does it tell us?

 

 


1293 posts

Uber Geek
+1 received by user: 295


  Reply # 1628972 13-Sep-2016 23:02
Send private message

Wait... have you established two connections to Bigpipe's BNG, one PPPoE and one DHCP ?

 
 
 
 




294 posts

Ultimate Geek
+1 received by user: 44

Lifetime subscriber

  Reply # 1628973 13-Sep-2016 23:12
Send private message

yitz: Wait... have you established two connections to Bigpipe's BNG, one PPPoE and one DHCP ?

 

Is it even possible? I think only PPPoE is supported?


3272 posts

Uber Geek
+1 received by user: 1283

Subscriber

  Reply # 1628979 13-Sep-2016 23:27
Send private message

Since it is VDSL, are some of your packets getting VLAN 10 tagged. And others not?








294 posts

Ultimate Geek
+1 received by user: 44

Lifetime subscriber

  Reply # 1628980 13-Sep-2016 23:30
Send private message

Aredwood:

 

Since it is VDSL, are some of your packets getting VLAN 10 tagged. And others not?

 

 

That's something I have been contemplating as well. In theory, the modem does the tagging, and the router could care less.

 

It's not clear why these particular sites would exhibit the problem.

 

Good thought, unfortunately I cannot see how to apply it ;) - If you have any ideas, please let me know!


1293 posts

Uber Geek
+1 received by user: 295


  Reply # 1628981 13-Sep-2016 23:32
Send private message

I read that they were trialling DHCP at some stage... also thought that you were running the DV130 in bridge mode... nevermind... you'd better follow the others advice and isolate the Mikrotik from your network. If you are reluctant to restart your VDSL modem then connect a PC directly to your DV130 in PPPoE passthrough mode and establish a PPPoE. Like this: http://pages.bigpipe.co.nz/troubleshooting/pppoe-setup/ 


1293 posts

Uber Geek
+1 received by user: 295


  Reply # 1628990 13-Sep-2016 23:52
Send private message

If you want to follow the troubleshooting path that it's a routing problem... can you browse to www.clearnet.co.nz ?

 

(it's the login page for Vodafone webmail)

 

 

that should be an example of a site that should be reachable through the Global-Gateway Domestic routing table (i.e. should feature the x1-1-1-200.akcr11.global-gateway.net.nz [122.56.118.89] hop)

 

(need another example of a domestic route that fails going out akcr11 rather than tkcr4)




294 posts

Ultimate Geek
+1 received by user: 44

Lifetime subscriber

  Reply # 1628992 14-Sep-2016 00:03
Send private message

Clearnet works...

 

PS C:\WINDOWS\system32> tracert clearnet.co.nz

 

Tracing route to clearnet.co.nz [203.97.33.85]
over a maximum of 30 hops:

 

1 <1 ms <1 ms <1 ms router [192.168.88.1]
2 24 ms 24 ms 23 ms 210.54.34.1
3 23 ms 23 ms 22 ms 122.56.60.68
4 26 ms 26 ms 25 ms 122.56.60.69
5 22 ms 22 ms 28 ms x1-1-1-200.akcr11.global-gateway.net.nz [122.56.118.89]
6 22 ms 23 ms 23 ms ge-2-0-0-906.ie2.telstraclear.net [203.98.18.65]
7 33 ms 24 ms 27 ms front-vrrp-clix.clear.net.nz [203.167.243.214]
8 28 ms 22 ms 25 ms clearnet.co.nz [203.97.33.85]

 

Trace complete.

 

May I ask you how you know that this should be an example of such a site? 

 

As a side note, when a PC plugged in to Vigor directly, without mikrotik everything seems to work fine, trademe, stackoverflow, everything. I guess, I'll never know what was wrong.


3763 posts

Uber Geek
+1 received by user: 2281

Trusted
Spark NZ

  Reply # 1629000 14-Sep-2016 00:13
Send private message

I think you do know. .. it's something to do with the configuration on the mikrotik. ..

Cheers N

1293 posts

Uber Geek
+1 received by user: 295


  Reply # 1629023 14-Sep-2016 00:17
Send private message

I just find it bizarre how specific the subset of unreachable IPs are. Almost like the packets are tagged somewhere upstream to be inaccessible.

 

 

But I agree, might be time to hard reset the Mikrotik and rebuild the configuration.



294 posts

Ultimate Geek
+1 received by user: 44

Lifetime subscriber

  Reply # 1629026 14-Sep-2016 00:50
Send private message

yitz: I just find it bizarre how specific the subset of unreachable IPs are. Almost like the packets are tagged somewhere upstream to be inaccessible. But I agree, might be time to hard reset the Mikrotik and rebuild the configuration.

 

That, unfortunately I've already done. 4 times.

 

After connecting mikrotik back again, it worked until I rebooted the modem and the router. And then it did not work again. And then it worked...

 

I do not know what's going on, I better continue tomorrow with the fresh head.

 

On one hand there are some improvements - it's working sometimes, it was not the case before. On the other hand, it's unstable - with the same configuration sometimes it works sometimes it does not.

 

Low and behold a trace right between it did not work and then started working:

 

PS C:\WINDOWS\system32> tracert trademe.co.nz

 

Tracing route to trademe.co.nz [202.162.72.2]
over a maximum of 30 hops:

 

1 <1 ms <1 ms <1 ms router [192.168.88.1]
2 24 ms 24 ms 23 ms 210.54.34.1
3 23 ms 23 ms 23 ms 122.56.60.68
4 24 ms 23 ms 23 ms 122.56.60.69
5 23 ms 22 ms 22 ms x1-1-1-200.akcr11.global-gateway.net.nz [122.56.118.89]
6 * * * Request timed out.
7 * * * Request timed out.
8 * 33 ms 32 ms 202.21.128.139
9 34 ms 32 ms 33 ms www.trademe.co.nz [202.162.72.2]

 

Trace complete.

 

See that? I tried to open the site in the browser - it gave me the timeout, I did the trace, it started timing out but then went through, and then I tried in the browser again and it worked.

 

It's as if someone is working late at the bigpipe/spark and changing configs on their side ;)

 

Anyway, thank you everyone for their respective helps, and especially @yitz. It has been most helpful.

 

I just wish, I could think up a logical explanation to what's happening.


1293 posts

Uber Geek
+1 received by user: 295


  Reply # 1629028 14-Sep-2016 00:59
Send private message

IP is different there 202.162.72.2  compared to 202.162.73.2 earlier. undecided




294 posts

Ultimate Geek
+1 received by user: 44

Lifetime subscriber

  Reply # 1629030 14-Sep-2016 01:11
Send private message

yitz:

 

IP is different there 202.162.72.2  compared to 202.162.73.2 earlier. undecided

 

 

Well spotted. It's trademe.co.nz vs www.trademe.co.nz. I should have been more consistent.




294 posts

Ultimate Geek
+1 received by user: 44

Lifetime subscriber

  Reply # 1631187 15-Sep-2016 18:34
One person supports this post
Send private message

So to get some closure: I no longer have the issues. It may be because bigpipe fixed it on their end, may be routing changed somewhere, and may be (like many of you will think) my tinkering with modem/router made it go away on my end.

 

The only change I actually did was this. I used to run the modem on PPPoE pass-through mode. So I disabled it like this:

 

 

And then I enabled the bridged mode:

 

 

Can some one tell me what is the difference between the two? Preferably with technical details ;) It seems that after the modem syncs, the PPPoE response seems to come faster in this mode. The former one worked well with ADSL, but now when I'm on VDSL I noticed that it can take 3 minutes or more to get PPPoE response after modem syncs. In the latter mode, it happens in the matter of seconds.

 

I'm really glad that my internet is working again, although I still will need to sort out the line speed problem.

 

Thank you again to everyone who stayed with me while I was troubleshooting this, especially to @dan for his generous offer of a modem to test with and to @yitz for his belief that it might be routing related ;)


297 posts

Ultimate Geek
+1 received by user: 160

Trusted

  Reply # 1631629 16-Sep-2016 11:15
Send private message

yitz:

 

I read that they were trialling DHCP at some stage... also thought that you were running the DV130 in bridge mode... nevermind... you'd better follow the others advice and isolate the Mikrotik from your network. If you are reluctant to restart your VDSL modem then connect a PC directly to your DV130 in PPPoE passthrough mode and establish a PPPoE. Like this: http://pages.bigpipe.co.nz/troubleshooting/pppoe-setup/ 

 



Not public trials, we've been doing lots of network maintenance to prepare for that & IPv6 in the future but this wouldn't have affected OP.





Lannah - find me on twitter.


1 | 2 | 3 | 4
View this topic in a long page with up to 500 replies per page Create new topic



Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Geekzone Live »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.