Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


3409 posts

Uber Geek
+1 received by user: 404

Trusted

Topic # 93969 2-Dec-2011 13:01
Send private message

So we are having issues with one of our primary IP subnets not working this last week. I have double checked our router and am almost positive it has nothing to do with that. The way it works is we have a linking subnet of say 60.234.1.0/29 with our subnet 60.234.1.16/28 routed via 60.234.1.2.

I have rung Orcon 3 times about this and all I want is for them to confirm this entry is in their routing table but their helpdesk is providing basically no support (as they can only get this info from network operations) and apparently network operations isn't providing any useful information on the ticket. Seriously, this should take someone less than 10 seconds to lookup.

Could someone checking these forums please send me a PM as our old account manager has left and I'm getting nowhere with the helpdesk/technical team 





Create new topic
677 posts

Ultimate Geek
+1 received by user: 27

Trusted

  Reply # 552641 2-Dec-2011 14:09
Send private message

60.234.1.2 is a DNS server, is that just an example?

Sorry long week, 60.234.2.2 is DNS not 1.2...

Have you heard from any one?




meat popsicle



3409 posts

Uber Geek
+1 received by user: 404

Trusted

  Reply # 552664 2-Dec-2011 14:49
Send private message

Hey, thanks for the reply.

Yup it was just an example (I don't really want to publish our actual subnets). I've just PM'd Detonate with the details. I'll send a copy through to you too.

Cheers







3409 posts

Uber Geek
+1 received by user: 404

Trusted

  Reply # 552701 2-Dec-2011 16:06
Send private message

Thanks to a couple of Orcon guys on here with good customer service I have gotten a response. Big thumbs up ;)







3409 posts

Uber Geek
+1 received by user: 404

Trusted

  Reply # 553925 5-Dec-2011 10:48
Send private message

OK so done some more investigation over the weekend and while the Orcon guys have advised the routing looks ok I'm just trying to figure this out.

If I do a trace route to the WAN address on our gateway it works fine (this is the address which Orcon route our subnet through):

60.234.23.X is from New Zealand(NZ) in region Oceana

TraceRoute to 60.234.23.X

Hop (ms) (ms) (ms) IP Address Host name
1 0 0 0 206.123.64.154 jbdr2.0.dal.colo4.com
2 0 0 0 64.124.196.225 xe-4-2-0.er2.dfw2.us.above.net
3 43 0 0 64.125.26.205 xe-0-0-0.er1.dfw2.us.above.net
4 0 0 0 64.125.12.170 above-cogent.dfw2.us.above.net
5 0 0 0 154.54.6.93 te0-2-0-3.ccr21.dfw01.atlas.cogentco.com
6 6 6 6 154.54.0.133 te0-1-0-7.mpd21.iah01.atlas.cogentco.com
7 40 40 40 154.54.44.250 te0-2-0-3.mpd21.lax01.atlas.cogentco.com
8 39 39 39 154.54.0.218 te8-2.mpd01.lax05.atlas.cogentco.com
9 39 39 39 38.104.84.30 xe-0-1-0.cre1.la1.odyssey.net.nz
10 164 164 164 121.99.12.0 -
11 166 165 165 121.99.12.1 orcon-1.cre1.nct.odyssey.net.nz
12 165 166 165 60.234.23.X -
Trace complete



However if I try to do a trace route to an IP in our routed subnet it just stalls at Orcon's router:


TraceRoute to 60.234.28.X 

Hop (ms) (ms) (ms) IP Address Host name
1 0 0 0 206.123.64.154 jbdr2.0.dal.colo4.com
2 0 0 0 64.124.196.225 xe-4-2-0.er2.dfw2.us.above.net
3 9 0 0 64.125.26.205 xe-0-0-0.er1.dfw2.us.above.net
4 0 0 0 64.125.12.170 above-cogent.dfw2.us.above.net
5 0 0 0 154.54.6.57 te0-0-0-4.ccr21.dfw01.atlas.cogentco.com
6 7 6 6 154.54.2.226 te0-1-0-1.ccr21.iah01.atlas.cogentco.com
7 40 41 40 154.54.0.237 te0-3-0-6.ccr21.lax01.atlas.cogentco.com
8 40 40 40 154.54.30.186 te2-8.mpd01.lax05.atlas.cogentco.com
9 40 40 40 38.104.84.30 xe-0-1-0.cre1.la1.odyssey.net.nz
10 196 197 205 121.99.12.0 -
11 198 197 197 121.99.12.1 orcon-1.cre1.nct.odyssey.net.nz
12 Timed out Timed out Timed out -
13 Timed out Timed out Timed out -
14 Timed out Timed out Timed out -
15 Timed out Timed out Timed out -
Trace aborted.



This suggests to me there is something wrong still at Orcon's end as the ICMP is not even reaching our router.





12 posts

Geek


  Reply # 553971 5-Dec-2011 12:00
Send private message



silly question,

your router is setup to respond to ICMP from anywhere right?

45 posts

Geek


  Reply # 553972 5-Dec-2011 12:00
Send private message

Zeon: 
This suggests to me there is something wrong still at Orcon's end as the ICMP is not even reaching our router.


Traceroute shows it's getting to Orcon's router but the next hop isn't replying.

Your router is the next hop, and as I've checked Orcon's route for that is correct, I'd start looking at your router.

 



3409 posts

Uber Geek
+1 received by user: 404

Trusted

  Reply # 554015 5-Dec-2011 13:20
Send private message

fobski: 

silly question,

your router is setup to respond to ICMP from anywhere right?


Yup, sure can (as seen in the first trace route) 

detonate:

Traceroute shows it's getting to Orcon's router but the next hop isn't replying.

Your router is the next hop, and as I've checked Orcon's route for that is correct, I'd start looking at your router.

 


I realize but its odd because if I trace route to the WAN address on our router (as in the first trace route) it responds fine and I can ping it from anywhere on the internet. If I trace route to some of our subnets (which have 2 of our own routers) at the datacenter they work fine too so I don't think the orcon router is dropping the ICMP.

It could well be our router but we have 6 the same and I'm comparing the settings with all of our others and nothing is jumping out at me at the moment. I'll try connecting directly into the linking subnet to see how our Orcon assigned gateway responds to pings for that subnet.





45 posts

Geek


  Reply # 554033 5-Dec-2011 13:35
Send private message

Are you routing that subnet elsewhere or is it locally attached to that router?
Or are you DNATting it?

Can you ping things in that /28 from the router in question?



3409 posts

Uber Geek
+1 received by user: 404

Trusted

  Reply # 554217 5-Dec-2011 19:48
Send private message

OK I flushed the config completely out of my router and started afresh. Everything is working now but the trace route still looks wierd:


2 hos-tr1.juniper1.rz10.hetzner.de 213.239.224.1 de 0.167 ms
hos-tr2.juniper1.rz10.hetzner.de 213.239.224.33 de 0.147 ms
hos-tr4.juniper2.rz10.hetzner.de 213.239.224.97 de 18.257 ms
3 hos-bb1.juniper1.ffm.hetzner.de 213.239.240.224 de 4.794 ms
hos-bb1.juniper4.ffm.hetzner.de 213.239.240.230 de 4.792 ms
hos-bb1.juniper1.ffm.hetzner.de 213.239.240.224 de 4.794 ms
4 r1fra1.core.init7.net 77.109.135.17 ch 4.889 ms 4.939 ms
r1fra1.core.init7.net 82.197.166.85 ch 12.303 ms
5 r1fra2.core.init7.net 77.109.128.138 ch 5.071 ms 14.815 ms 5.058 ms
6 r1ams2.core.init7.net 77.109.128.201 ch 18.862 ms 18.784 ms 18.862 ms
7 xe-10-2-0.ams20.ip4.tinet.net 77.67.76.9 de 45.285 ms 43.410 ms 43.393 ms
8 xe-10-2-0.lax20.ip4.tinet.net 89.149.182.46 de 166.061 ms
xe-9-2-0.lax20.ip4.tinet.net 89.149.184.169 de 165.087 ms
xe-10-2-0.lax20.ip4.tinet.net 89.149.182.46 de 166.061 ms
9 orcon-gw.ip4.tinet.net 173.241.131.242 us 165.179 ms 165.159 ms 165.164 ms
10 * * *
11 ORCON-1.cre1.nct.odyssey.net.nz 121.99.12.1 nz 291.011 ms 291.373 ms 290.979 ms
12 * * *
13 * * *
14 * * *
No reply for 3 hops. Assuming we reached firewall.


I don't know why it isn't showing the other hops as I have fully allowed ICMP. Anyway thanks everyone for the help!





455 posts

Ultimate Geek
+1 received by user: 26

Trusted

  Reply # 554562 6-Dec-2011 16:50
Send private message

Non-Symmetric routing?
What sort of route you got put some firewall rules on there to log IMCP traffic, got a spare server with Ethernet port setup a monitor port dump all traffic to that and do a packet capture.




---------------------------------------------------------------
Nebukadnessar


Create new topic

Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.