Is there a way to get cloudflare to use the NZ pop?
Our traffic seems to go via sydney which is a round trip
colo=SYD
http=http/1.1
loc=NZ
tls=off
sni=off
warp=off
![]() ![]() ![]() |
|
Please support Geekzone by subscribing, or using one of our referral links: Samsung | AliExpress | Wise | Sharesies | Hatch | GoodSync | Backblaze backup
Auckland PoP seems to be online https://www.cloudflarestatus.com/
It's anycast routed so depends on your ISPs routing setup and the usual Internet factors. Presumably to get maximum traffic some sort of bilateral peering arrangement between your ISP and Cloudflare is needed. I'm also getting routed to Sydney right now but things are fast enough here not to be noticeable.
yitz:
Presumably to get maximum traffic some sort of bilateral peering arrangement between your ISP and Cloudflare is needed.
That's correct - Cloudflare only announce things like DNS and the portal IPs via route servers on peering exchanges. A bilateral peering is required to receive routes for the anycast proxy IPs. It's very, very simple to get that setup, though.
they/them
Prodigi - Optimised IT Solutions
WebOps/DevOps, Managed IT, Hosting and Internet/WAN.
Please support Geekzone by subscribing, or using one of our referral links: Samsung | AliExpress | Wise | Sharesies | Hatch | GoodSync | Backblaze backup
Cloudflare doesn't buy Transit in NZ, which means if your ISP's is one who doesn't peer in NZ (Spark and some of Vodafones network), then traffic will go to the Sydney pop.
If this is an important issue to you, then choose an ISP who has an open peering policy.
A pity when you consider how many people are recommending 1.1.1.1 DNS these days...
This popped up on my news feed today
Mozilla Firefox to begin slow rollout of DNS-over-HTTPS by default at the end of the month using Cloudflare
https://www.theregister.co.uk/2019/09/09/mozilla_firefox_dns/
I would imagine this would impact Spark customers whos DNS requests will go to Sydney. DNS latency has an effect on how "snappy" browsing and other applications feel.
Not sure if the number of FX users would be a worry for Spark...
Please support Geekzone by subscribing, or using one of our referral links: Samsung | AliExpress | Wise | Sharesies | Hatch | GoodSync | Backblaze backup
I'm on 2degrees, I'm using the Auckland node according to the Chrome extension I have.
I'd force Firefox to my local PiHole to prevent advertising servers. Otherwise I think it's a good move for security. I prefer ISP DNS in case there are local caches.
Traceroute here seems to suggest they have transit for 1.1.1.1 if I remember correctly Spark's pings weren't too much higher.
Tracing route to one.one.one.one [1.1.1.1]
over a maximum of 30 hops:
1 2 ms 1 ms 1 ms 192.168.1.250
2 6 ms 3 ms 3 ms lnssp-r2-radius.ch.compassnet.co.nz [203.152.96.105]
3 18 ms 16 ms 16 ms 10.20.4.18
4 21 ms 18 ms 17 ms as4826.auckland.megaport.com [43.243.22.18]
5 21 ms 17 ms 18 ms bundle-12.cor01.akl05.akl.vocus.net.nz [114.31.202.50]
6 21 ms 19 ms 18 ms BE-100.bdr03.akl05.akl.VOCUS.net.nz [114.31.202.35]
7 18 ms 18 ms 17 ms as13335.cust.bdr01.akl05.akl.VOCUS.net.nz [175.45.93.218]
8 18 ms 17 ms 17 ms one.one.one.one [1.1.1.1]
Trace complete.
Ping times to their CDN can be higher:
Tracing route to www.geekzone.co.nz [104.24.3.14]
over a maximum of 30 hops:
1 1 ms 1 ms 1 ms 192.168.1.250
2 4 ms 3 ms 3 ms lnssp-r2-radius.ch.compassnet.co.nz [203.152.96.105]
3 18 ms 16 ms 17 ms 10.20.4.18
4 17 ms 17 ms 17 ms default-rdns.vocus.co.nz [101.98.10.78]
5 * * * Request timed out.
6 41 ms 40 ms 41 ms 4610.syd.equinix.com [45.127.172.93]
7 41 ms 40 ms 41 ms 13335.syd.equinix.com [45.127.172.154]
8 40 ms 39 ms 39 ms 104.24.3.14
Trace complete.
freitasm: Unless your ISP doesn't want it, hence my question to the OP.
And if you are with Spark the answer is also No as sometimes it seems to be Tokyo or Osaka or somewhere else that most definitely isn't New Zealand :/
Brumfondl:
freitasm: Unless your ISP doesn't want it, hence my question to the OP.
And if you are with Spark the answer is also No as sometimes it seems to be Tokyo or Osaka or somewhere else that most definitely isn't New Zealand :/
The events of Christchurch and the ongoing lack of any meaningful action on significant proportion of vile content they protect on the internet means that Spark will most likely never peer with Cloudflare.
I know you geeks may not like it, but it is the reality that Spark have a moral compass when it comes to Christchurch and other ISPs don't.
Sounddude:
This popped up on my news feed today
Mozilla Firefox to begin slow rollout of DNS-over-HTTPS by default at the end of the month using Cloudflare
https://www.theregister.co.uk/2019/09/09/mozilla_firefox_dns/
I would imagine this would impact Spark customers whos DNS requests will go to Sydney. DNS latency has an effect on how "snappy" browsing and other applications feel.
for akamai, this is a horrible move...
#include <std_disclaimer>
Any comments made are personal opinion and do not reflect directly on the position my current or past employers may have.
I had this same issue on Spark Fiber where DNS resolution is a bit slower due to having setup DNS-over-HTTPS using cloudflared on my Pi-Hole Server, and it would sometimes give me intermittant page timeouts or it would take 2-3 seconds for pages to respond.
After some troubleshooting I realised that when using 1.1.1.1 there was an extra 150-200ms of latency on Spark because its going via Sydney through TelstraGlobal. Unfortunately Spark doesnt peer at APE NZIX which is where Cloudflare peers in Auckland
So on a Spark connection, it looked like this:
9 i-90.sydp-core03.telstraglobal.net (202.84.222.81) 32.424 ms 34.378 ms 32.038 ms
10 202.84.138.45 (202.84.138.45) 150.008 ms 150.290 ms 148.379 ms
11 202.84.157.158 (202.84.157.158) 145.684 ms 145.710 ms 143.956 ms
12 unknown.telstraglobal.net (210.57.81.22) 162.217 ms 161.236 ms 162.049 ms
13 one.one.one.one (1.1.1.1) 147.862 ms 147.079 ms 147.250 ms
While on a VPN connection, because of their peering it looks like this
21 ms 21 ms 21 ms bundle-11.cor01.alb01.akl.vocus.net.nz [114.31.202.48]
21 ms 22 ms 20 ms BE-101.bdr03.akl05.akl.VOCUS.net.nz [114.31.202.37]
20 ms 20 ms 20 ms as13335.cust.bdr01.akl05.akl.VOCUS.net.nz [175.45.93.218]
20 ms 20 ms 20 ms one.one.one.one [1.1.1.1]
Not very good for a Spark Customer trying to have a secure network.
So my fix for a DoH setup?
I tried using https://8.8.8.8/dns-query in my Pi-Hole DoH setup, but it wouldn't resolve anything.
With a quick search I found this page on Googles DNS docs: https://developers.google.com/speed/public-dns/docs/doh/ which indicates the upstream is https://dns.google/dns-query
After updating this in my /etc/default/cloudflared config, my DNS resolution dropped to sub 35ms and pages load instantly.
The interesting thing is, it seemed to have changed today.
1.1.1.1 is now routing via VOCUS instead of TelstraGlobal and its gone from ~200ms latency to sub ~35ms latency.
So I guess it should be working fine for those on Spark that were having problems, but im keeping my setup as --upstream https://dns.google/dns-query --upstream https://1.1.1.1/dns-query for now to have that resiliency
traceroute to 1.1.1.1 (1.1.1.1), 30 hops max, 60 byte packets
1 Gateway (192.168.1.254) 0.600 ms 0.587 ms 0.649 ms
2 122-58-248-1-vdsl.sparkbb.co.nz (122.58.248.1) 4.501 ms 6.372 ms 6.424 ms
3 * * *
4 122.56.113.4 (122.56.113.4) 7.083 ms 7.125 ms 7.123 ms
5 ae2-6.tkbr12.global-gateway.net.nz (122.56.127.17) 7.108 ms ae7-2.akbr7.global-gateway.net.nz (122.56.119.53) 6.555 ms 6.550 ms
6 xe7-0-2.sebr3.global-gateway.net.nz (202.50.232.234) 29.039 ms xe5-0-0.sgbr3.global-gateway.net.nz (202.50.232.242) 30.304 ms xe0-0-9.sebr3.global-gateway.net.nz (202.50.232.82) 29.421 ms
7 ae7-10.sebr4.global-gateway.net.nz (122.56.127.214) 30.172 ms 31.355 ms 122.56.119.86 (122.56.119.86) 29.085 ms
8 as4826.sydney.megaport.com (103.26.68.248) 31.340 ms 31.117 ms 29.577 ms
9 BE-110.cor02.syd04.nsw.VOCUS.net.au (175.45.72.30) 30.868 ms be-111.cor01.syd11.nsw.vocus.net.au (175.45.72.32) 30.204 ms 29.641 ms
10 BE-100.bdr02.syd03.nsw.VOCUS.net.au (114.31.192.39) 34.377 ms BE-101.bdr02.syd03.nsw.VOCUS.net.au (114.31.192.37) 32.817 ms 38.501 ms
11 as13335.bdr02.syd03.nsw.VOCUS.net.au (175.45.124.197) 29.541 ms 30.717 ms 29.709 ms
12 one.one.one.one (1.1.1.1) 28.120 ms 28.165 ms 28.180 ms
BarTender:
I know you geeks may not like it, but it is the reality that Spark have a moral compass when it comes to Christchurch and other ISPs don't.
really? you truly going to say that?
wow.
|
![]() ![]() ![]() |