Can someone on bigpipe tracert trademe for me please?

Forums › Spark New Zealand (including Skinny and BigPipe) › Can someone on bigpipe tracert trademe for me please?

1 | 2 | 3 | 4

412 posts

Ultimate Geek

Lifetime subscriber

#1628966 13-Sep-2016 22:45

solutionz:

See: http://stackoverflow.com/questions/20080577/cant-access-cloudfront-and-fastly-files-web-sites-not-loading

I think it's because of LSN (or NAT444, CGN) that installed in ISP network.
(ISP don't want customers to notice this change.)

My ISP recently deploy LSN short before this problem arise.
I think IP address pool in LSN is too small (poorly deploy by ISP) so too many users share the same IP address.

this cause CDN networks to think they got DOS attack from particular IP address.
then CDN networks will temporary block (or null route) the LSN IP address.

The way I read it, it should only affect CGNAT. Given that I have a static IP I'm not supposed to CGNAT'd and I can actually connect to my home network via said IP.

But if I were CGNAT'd that would be exactly what I'd think.

yitz: Even with static IP, I still think it's to do with your IP being blacklisted somewhere on BigPipe's end. Does your modem/router have a ping facility in its web admin you can try? What does a successful tracert look like? What about to 202.162.72.2 or a site you able to access.

tracert to 202.162.72.2 looks the same as to 202.162.73.2 (trademe)

Successful tracert:

PS C:\WINDOWS\system32> tracert 8.8.8.8

Tracing route to google-public-dns-a.google.com [8.8.8.8]
over a maximum of 30 hops:

1 1 ms 1 ms 1 ms router [192.168.88.1]
2 24 ms 24 ms 23 ms 210.54.34.1
3 24 ms 23 ms 23 ms 122.56.60.68
4 23 ms 22 ms 24 ms 122.56.60.69
5 22 ms 22 ms 22 ms ae11-201.akbr6.global-gateway.net.nz [122.56.118.145]
6 26 ms 22 ms 23 ms ae5-2.akbr7.global-gateway.net.nz [210.55.202.213]
7 45 ms 47 ms 46 ms xe0-0-1.sgbr3.global-gateway.net.nz [202.50.232.110]
8 47 ms 46 ms 46 ms ae2-10.sgbr4.global-gateway.net.nz [202.50.232.246]
9 48 ms 47 ms 50 ms google-gsw.sgbr4.global-gateway.net.nz [202.50.237.198]
10 47 ms 47 ms 47 ms 72.14.237.11
11 46 ms 46 ms 46 ms 216.239.40.255
12 47 ms 47 ms 46 ms google-public-dns-a.google.com [8.8.8.8]

Trace complete.

Ping from the router works!!!

Traceroute from router looks this way:

As you can see it uses a different route!!!

What does it tell us?

Quic Broadband

Move to New Zealand's best fibre broadband service (affiliate link). Note that to use Quic Broadband you must be comfortable with configuring your own router.

yitz

2041 posts

Uber Geek

#1628972 13-Sep-2016 23:02

Wait... have you established two connections to Bigpipe's BNG, one PPPoE and one DHCP ?

zespri

412 posts

Ultimate Geek

Lifetime subscriber

#1628973 13-Sep-2016 23:12

yitz: Wait... have you established two connections to Bigpipe's BNG, one PPPoE and one DHCP ?

Is it even possible? I think only PPPoE is supported?

Aredwood

3885 posts

Uber Geek

#1628979 13-Sep-2016 23:27

Since it is VDSL, are some of your packets getting VLAN 10 tagged. And others not?

zespri

412 posts

Ultimate Geek

Lifetime subscriber

#1628980 13-Sep-2016 23:30

Aredwood:

Since it is VDSL, are some of your packets getting VLAN 10 tagged. And others not?

That's something I have been contemplating as well. In theory, the modem does the tagging, and the router could care less.

It's not clear why these particular sites would exhibit the problem.

Good thought, unfortunately I cannot see how to apply it ;) - If you have any ideas, please let me know!

yitz

2041 posts

Uber Geek

#1628981 13-Sep-2016 23:32

I read that they were trialling DHCP at some stage... also thought that you were running the DV130 in bridge mode... nevermind... you'd better follow the others advice and isolate the Mikrotik from your network. If you are reluctant to restart your VDSL modem then connect a PC directly to your DV130 in PPPoE passthrough mode and establish a PPPoE. Like this: http://pages.bigpipe.co.nz/troubleshooting/pppoe-setup/

yitz

2041 posts

Uber Geek

#1628990 13-Sep-2016 23:52

If you want to follow the troubleshooting path that it's a routing problem... can you browse to www.clearnet.co.nz ?

(it's the login page for Vodafone webmail)

that should be an example of a site that should be reachable through the Global-Gateway Domestic routing table (i.e. should feature the x1-1-1-200.akcr11.global-gateway.net.nz [122.56.118.89] hop)

(need another example of a domestic route that fails going out akcr11 rather than tkcr4)

zespri

412 posts

Ultimate Geek

Lifetime subscriber

#1628992 14-Sep-2016 00:03

Clearnet works...

PS C:\WINDOWS\system32> tracert clearnet.co.nz

Tracing route to clearnet.co.nz [203.97.33.85]
over a maximum of 30 hops:

1 <1 ms <1 ms <1 ms router [192.168.88.1]
2 24 ms 24 ms 23 ms 210.54.34.1
3 23 ms 23 ms 22 ms 122.56.60.68
4 26 ms 26 ms 25 ms 122.56.60.69
5 22 ms 22 ms 28 ms x1-1-1-200.akcr11.global-gateway.net.nz [122.56.118.89]
6 22 ms 23 ms 23 ms ge-2-0-0-906.ie2.telstraclear.net [203.98.18.65]
7 33 ms 24 ms 27 ms front-vrrp-clix.clear.net.nz [203.167.243.214]
8 28 ms 22 ms 25 ms clearnet.co.nz [203.97.33.85]

Trace complete.

May I ask you how you know that this should be an example of such a site?

As a side note, when a PC plugged in to Vigor directly, without mikrotik everything seems to work fine, trademe, stackoverflow, everything. I guess, I'll never know what was wrong.

Talkiet

4786 posts

Uber Geek

Trusted

#1629000 14-Sep-2016 00:13

I think you do know. .. it's something to do with the configuration on the mikrotik. ..

Cheers N

Please note all comments are from my own brain and don't necessarily represent the position or opinions of my employer, previous employers, colleagues, friends or pets.

yitz

2041 posts

Uber Geek

#1629023 14-Sep-2016 00:17

I just find it bizarre how specific the subset of unreachable IPs are. Almost like the packets are tagged somewhere upstream to be inaccessible.

But I agree, might be time to hard reset the Mikrotik and rebuild the configuration.

zespri

412 posts

Ultimate Geek

Lifetime subscriber

#1629026 14-Sep-2016 00:50

yitz: I just find it bizarre how specific the subset of unreachable IPs are. Almost like the packets are tagged somewhere upstream to be inaccessible. But I agree, might be time to hard reset the Mikrotik and rebuild the configuration.

That, unfortunately I've already done. 4 times.

After connecting mikrotik back again, it worked until I rebooted the modem and the router. And then it did not work again. And then it worked...

I do not know what's going on, I better continue tomorrow with the fresh head.

On one hand there are some improvements - it's working sometimes, it was not the case before. On the other hand, it's unstable - with the same configuration sometimes it works sometimes it does not.

Low and behold a trace right between it did not work and then started working:

PS C:\WINDOWS\system32> tracert trademe.co.nz

Tracing route to trademe.co.nz [202.162.72.2]
over a maximum of 30 hops:

1 <1 ms <1 ms <1 ms router [192.168.88.1]
2 24 ms 24 ms 23 ms 210.54.34.1
3 23 ms 23 ms 23 ms 122.56.60.68
4 24 ms 23 ms 23 ms 122.56.60.69
5 23 ms 22 ms 22 ms x1-1-1-200.akcr11.global-gateway.net.nz [122.56.118.89]
6 * * * Request timed out.
7 * * * Request timed out.
8 * 33 ms 32 ms 202.21.128.139
9 34 ms 32 ms 33 ms www.trademe.co.nz [202.162.72.2]

Trace complete.

See that? I tried to open the site in the browser - it gave me the timeout, I did the trace, it started timing out but then went through, and then I tried in the browser again and it worked.

It's as if someone is working late at the bigpipe/spark and changing configs on their side ;)

Anyway, thank you everyone for their respective helps, and especially @yitz. It has been most helpful.

I just wish, I could think up a logical explanation to what's happening.

yitz

2041 posts

Uber Geek

#1629028 14-Sep-2016 00:59

IP is different there 202.162.72.2 compared to 202.162.73.2 earlier.

zespri

412 posts

Ultimate Geek

Lifetime subscriber

#1629030 14-Sep-2016 01:11

yitz:

IP is different there 202.162.72.2 compared to 202.162.73.2 earlier.

Well spotted. It's trademe.co.nz vs www.trademe.co.nz. I should have been more consistent.

zespri

412 posts

Ultimate Geek

Lifetime subscriber

#1631187 15-Sep-2016 18:34

So to get some closure: I no longer have the issues. It may be because bigpipe fixed it on their end, may be routing changed somewhere, and may be (like many of you will think) my tinkering with modem/router made it go away on my end.

The only change I actually did was this. I used to run the modem on PPPoE pass-through mode. So I disabled it like this:

And then I enabled the bridged mode:

Can some one tell me what is the difference between the two? Preferably with technical details ;) It seems that after the modem syncs, the PPPoE response seems to come faster in this mode. The former one worked well with ADSL, but now when I'm on VDSL I noticed that it can take 3 minutes or more to get PPPoE response after modem syncs. In the latter mode, it happens in the matter of seconds.

I'm really glad that my internet is working again, although I still will need to sort out the line speed problem.

Thank you again to everyone who stayed with me while I was troubleshooting this, especially to @dan for his generous offer of a modem to test with and to @yitz for his belief that it might be routing related ;)

Flickky

303 posts

Ultimate Geek

Trusted

#1631629 16-Sep-2016 11:15

yitz:

I read that they were trialling DHCP at some stage... also thought that you were running the DV130 in bridge mode... nevermind... you'd better follow the others advice and isolate the Mikrotik from your network. If you are reluctant to restart your VDSL modem then connect a PC directly to your DV130 in PPPoE passthrough mode and establish a PPPoE. Like this: http://pages.bigpipe.co.nz/troubleshooting/pppoe-setup/

Not public trials, we've been doing lots of network maintenance to prepare for that & IPv6 in the future but this wouldn't have affected OP.

1 | 2 | 3 | 4