Unable to reach Cloudflare node

Forums › 2degrees (including Slingshot, Orcon, Flip, Stuff Fibre, MyRepublic, 2talk and Vocus) › Unable to reach Cloudflare node

MindingData

2 posts

Wannabe Geek

#280249 4-Dec-2020 07:46

There is another thread in this forum about increased latency to Cloudflare here (https://www.geekzone.co.nz/forums.asp?forumid=85&topicid=280246). However the poster stated it started on the 3rd, but I've been having issues connecting to a particular Cloudflare IP from the 30th of november (Maybe the latency issue is an attempted fix to resolve my issue?).

Since the 30th of November I've been unable to reach a particular Cloudflare node which happens to proxy one of my websites. I have two websites, both on the same end machine, both behind cloudflare. However the Cloudflare IP acting as a proxy is different for each site, so for one I can reach, one I cannot.

The Tracert for the website that *does* work looks like so :

Tracing route to [104.27.139.59]
over a maximum of 30 hops:

1 <1 ms <1 ms <1 ms amplifi.lan [192.168.188.1]
2 2 ms 1 ms 1 ms 102.7.69.111.static.snap.net.nz [111.69.7.102]
3 7 ms 6 ms 43 ms 198.18.10.218
4 6 ms 7 ms 7 ms 198.18.10.217
5 7 ms 7 ms 8 ms 173.10.69.111.static.snap.net.nz [111.69.10.173]
6 23 ms 24 ms 24 ms snap1.ape.nzix.net [192.203.154.120]
7 24 ms 25 ms 24 ms cloudflare.ape.nzix.net [192.203.154.51]
8 24 ms 24 ms 24 ms 104.27.139.59

And the one that doesn't work looks like so :

Tracing route to *** [104.28.4.7]
over a maximum of 30 hops:

1 <1 ms <1 ms <1 ms amplifi.lan [192.168.188.1]
2 1 ms 2 ms 1 ms 102.7.69.111.static.snap.net.nz [111.69.7.102]
3 7 ms 6 ms 7 ms 198.18.10.218
4 7 ms 6 ms 7 ms 198.18.10.217
5 7 ms 7 ms 7 ms 173.10.69.111.static.snap.net.nz [111.69.10.173]
6 24 ms 24 ms 24 ms 89.59.69.111.static.snap.net.nz [111.69.59.89]
7 * * * Request timed out.

So we die within 2degrees :\

When I earlier talked to 2degrees on the 30th of november, I was actually making it one more hop to :

7 25 ms 24 ms 24 ms 124.150.161.51

An IP that belongs to Fastcom. Although now when I tracert, that is no longer the case.

It's been quite frustrating I have to admit because when I originally called 2degrees with the problem, they acknowledged they couldn't access the site either, and then proposed that we should go through with a factory reset of my modem! I can access sites behind this IP via Vodafone, proxy etc, just not 2 degrees (Which is actually more frustrating than I thought having your mobile phone with the same provider so you can't even hot spot!)

Eventually got through to someone who I forwarded the details to but just now waiting. The only reason I'm posting is because I sited the other cloudflare issue so thought it might be related in some way?

michaelmurfy

meow
13579 posts

Uber Geek
+1 received by user: 10910

Moderator

ID Verified

Trusted

Lifetime subscriber

#2615979 4-Dec-2020 08:15

How is the site set up? Is it managed by Cloudflare directly or is it managed by a hosting company? Feel free to DM me the site address and I can check from my 2degrees connection.

Michael Murphy | https://murfy.nz
Referral Links: Quic Broadband (use R122101E7CV7Q for free setup)

Are you happy with what you get from Geekzone? Please consider supporting us by subscribing.
Opinions are my own and not the views of my employer.

fe31nz

1294 posts

Uber Geek
+1 received by user: 423

#2616510 5-Dec-2020 01:40

I am having a similar problem since about the same time. There is a site I access that has two Cloudflare IPv4 addresses and two Cloudflare IPv6 addresses. It turns out that one particular program I use with that site is preferentially using the IPv4 addresses, and since around the 30th those addresses do not connect. The traces I have done look the same as yours - I get no response from outside the 2Degrees network, so there is no evidence as to whether the packets are actually ever leaving 2Degrees. The IPv6 connections are just fine, so I have a workaround from that of being able to put the two IPv6 addresses in my hosts file so that the bad program only sees IPv6 addresses and everything works again. I have raised the issue with support and sent all the traces two days ago, but have not heard anything back yet.

MindingData

2 posts

Wannabe Geek

#2630428 5-Jan-2021 07:17

I am still having this same issue over a month later.

So far 2degrees has... Well.. they've done nothing except tell me to factory reset my modem. They did email me over the xmas period after follow up emails from my end, asking more trace routes, but it's a bit frustrating when they could just do this themselves. This is *not* an issue on my end, and they've confirmed as much.

I've now just set up my PC's host file to bypass cloudflare and go direct to the server and this works fine, but again, is somewhat annoying as I can't see any annoying caching issues that might arise via Cloudflare as I myself can't view it.

Cloudflare is almost certainly working for everyone not on 2degrees. I can see on the dashboard plenty of requests coming through for the past month.

The website address is dotnetcoretutorials[dot]com. Again this resolves to 104.28.4.7 (Atleast for me) which is the correct cloudflare IP But any attempt to connect to this node fails only from the 2degrees network, Vodafone etc are all fine.

freitasm

BDFL - Memuneh
80646 posts

Uber Geek
+1 received by user: 41030

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#2630429 5-Jan-2021 08:09

I was able to reproduce this - couldn't reach via 2degrees, worked fine over a VPN.

I am not using the 2degrees DNS so that shouldn't be the problem.

Are you sure the Cloudflare configuration is absolutely correct - you don't have a HTTP to HTTPS redirect setup, on top of a non-www to www redirection on your domain causing some loops or any page rules that could cause problems?

Referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies

Support Geekzone by subscribing (browse ads-free), or making a one-off or recurring donation through PressPatron.

timmmay

20858 posts

Uber Geek
+1 received by user: 5350

Trusted

Lifetime subscriber

#2630430 5-Jan-2021 08:12

Try CloudFlare support, who I've found really helpful on the rare occasion I've needed them. The problem might be within the 2deg network, but if so CloudFlare might be able to contact them directly and they probably have contacts into the core network team.

freitasm

BDFL - Memuneh
80646 posts

Uber Geek
+1 received by user: 41030

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#2630431 5-Jan-2021 08:13

An extra bit - accessing with Cloudflare WARP desktop, with WARP enabled works fine. I would raise a ticket with Cloudflare as this sounds like some weird peering problem.


 
fl=46f22
h=dotnetcoretutorials.com
ip={removed}
ts=1609787539.557
visit_scheme=https
uag=Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.66
colo=AKL
http=http/2
loc=NZ
tls=TLSv1.3
sni=plaintext
warp=plus
gateway=off
gateway_account_id={removed}

Referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies

Support Geekzone by subscribing (browse ads-free), or making a one-off or recurring donation through PressPatron.

AliExpress

Shop now on AliExpress (affiliate link).

yitz

2238 posts

Uber Geek
+1 received by user: 594

#2630559 5-Jan-2021 10:56

I can't visit that site through a Compass connection either.

Going off traceroutes it looks to be a DIA filter issue, similar to this thread.