Recently switched to 2degrees UFB (from Bigpipe) and ordered a static IP. After the static IP was assigned about a week ago, I've encountered some weird routing issues affecting certain sites. Pretty much excluded every possible local cause I can think of.
- Affected sites fail to load (timeout)
- App updates/downloads from Google Play store on multiple Android devices fail (timeout)
- In the packet captures of the above, no response is seen from the affected IP (just SYNs from the client until timeout)
- Some affected sites have been unavailable intermittently
- trademe.co.nz (intermittent, working at time of writing) ---> 126.96.36.199
- radionz.co.nz (intermittent, working at time of writing) ---> 188.8.131.52
- wn016-fm2.clnz.net (nz.archive.ubuntu.com, ftp.nz.debian.org) ---> 184.108.40.206 NOTE: only consistently broken IP
- Unknown Google IP(s) -- haven't been able to pin down exact IP
- Unknown 2D IP: 220.127.116.11
- 2Degrees UFB connection (900/400 PPPoE)
- pfSense FW (minimal FW rules, no other modules)
- Juniper/HP Gigabit switches to devices, UniFi AP for Wifi
- DNS? Resolution working fine, correct records, match external tests, can reproduce issue using IPs directly.
- Firewall? Nothing being blocked, adding allow rules had no effect. Packets leave WAN interface without issue, no reply traffic received.
- Local network/hardware/software? Multiple devices/OS/hardware/connection combos affected. Resetting FW to defaults had no effect
- Issue with remote server? No issues with any of the above when testing from external locations (work, 2D LTE, AU VPS etc.)
- MTU? Problems persist regardless of link MTU of PPPoE connection (1492/1500/1508 makes no difference)
- General issue? Haven't noticed any issues with sites other than the above. No speed issues, etc.
Why I think its a routing/ISP issue, not local:
- All of the affected sites have worked fine from anywhere outside my home UFB connection (even my 2D LTE connection)
- Issue seemed to have started after switching to a static IP (which happens to be a 202.124.x.x address)
- Total absence of any errors/return traffic from affected IPs suggests routing blackhole or FW block.
Has anyone else had similar issues in the last week or so?
Please let me know if you have any ideas!