Re: Anyone can't access bsdly.net like I did? (and some other sites)

[Insan Praja SW]

On Tue, 16 Sep 2008 04:27:00 +0700, Peter N. M. Hansteen <[EMAIL PROTECTED]>  
wrote:

"Insan Praja SW" <[EMAIL PROTECTED]> writes:
My company recently bought 202[dot]90[dot]194[dot]0/23 IPs, and since
we  start using this IPs, I can't access www.bsdly.net and several
others site  on the net.

Thanks for reporting this.  I hope it's a temporary routing problem
that will just disappear soon.  By way of debugging, traceroute from
here seems to try to take a scenic route to your subnet before ending
up disallowed:

[EMAIL PROTECTED]:~$ traceroute -I 202.90.194.1
traceroute to 202.90.194.1 (202.90.194.1), 64 hops max, 60 byte packets
 1  10.168.103.1 (10.168.103.1)  17.277 ms  0.960 ms  1.41 ms
 2  213-187-179-197.dd.nextgentel.com (213.187.179.197)  19.26 ms   
98.506 ms  99.858 ms
 3  1.80-202-103.nextgentel.com (80.202.103.1)  15.629 ms  15.913 ms   
15.874 ms
 4  217-13-1-194.dd.nextgentel.com (217.13.1.194)  32.901 ms  23.91 ms   
22.110 ms
 5  80-202-2-74.dd.nextgentel.com (80.202.2.74)  22.41 ms  30.594 ms   
22.997 ms
 6  * * *
 7  oso-b2-link.telia.net (213.248.92.57)  39.839 ms  32.912 ms  49.572  
ms
 8  kbn-bb2-link.telia.net (80.91.250.117)  42.493 ms  47.849 ms  30.725  
ms
 9  hbg-bb2-pos5-0-0.telia.net (213.248.65.125)  42.64 ms  34.820 ms   
52.735 ms
10  ffm-bb2-pos7-0-0.telia.net (213.248.65.121)  44.386 ms  
ffm-bb2-link.telia.net (80.91.248.85)  54.624 ms  
ffm-bb2-pos7-0-0.telia.net (213.248.65.121)  51.565 ms
11  ffm-b3-link.telia.net (80.91.249.141)  49.492 ms  53.717 ms  45.759  
ms
12  france-telecom-119877-ffm-b3.telia.net (213.248.77.206)  55.374 ms   
46.38 ms  56.170 ms
13  * * *
14  * * *
15  * * *
16  202.188.139.165 (202.188.139.165)  360.863 ms  343.342 ms  343.545 ms
17  219.93.174.81 (219.93.174.81)  344.32 ms  361.180 ms  344.423 ms
18  58.27.124.57 (58.27.124.57)  337.910 ms  339.586 ms  337.497 ms
19  58.27.113.4 (58.27.113.4)  353.673 ms  353.621 ms  353.515 ms
20  219.94.12.141 (219.94.12.141)  364.484 ms  471.982 ms  354.163 ms
21  210.187.143.1 (210.187.143.1)  344.819 ms  343.707 ms  343.652 ms
22  202.188.224.118 (202.188.224.118)  353.726 ms  359.527 ms  354.379 ms
23  brf-backbone02-ether0-0.tm.net.my (202.188.0.8)  339.18 ms  337.942  
ms  337.610 ms
24  58.26.88.6 (58.26.88.6)  636.253 ms  379.711 ms  381.87 ms
25  * * *
26  host67-123.cust.sat.net.id (202.149.67.123)  390.556 ms  382.394 ms   
385.217 ms
27  * * *
28  * * *
29  * host67-123.cust.sat.net.id (202.149.67.123)  429.645 ms !H   
394.636 ms !H

A traceroute from your end would likely be useful at this point.
bsdly.net unfortunately is not alone in our local /24, and it wouldn't
surprise me overmuch if a "we-blacklist-/24s-and-/16s-because-we-can"
operation is part of the problem.  If it doesn't blow over
automagically, I likely need to spend some time on this.

Thanks,
Peter
Hi Peter,
$ traceroute www.bsdly.net
traceroute to www.bsdly.net (213.187.179.198), 64 hops max, 40 byte packets
 1  core1-router (202.90.194.2)  3.408 ms  0.896 ms  2.939 ms
 2  202.149.95.69 (202.149.95.69)  6.388 ms  7.522 ms  6.905 ms
 3  bb-1.nx.satata.net (202.149.94.232)  5.890 ms  7.859 ms  7.434 ms
 4  58.26.88.5 (58.26.88.5)  38.867 ms  35.405 ms  33.918 ms
 5  219.93.151.211 (219.93.151.211)  33.849 ms 219.93.151.227  
(219.93.151.227)                                                35.520 ms  
219.93.151.211 (219.93.151.211)  35.670 ms
 6  if-7-3.mcore4.LAA-LosAngeles.as6453.net (216.6.85.37)  227.272 ms   
226.752 m                                              s  224.802 ms
 7  Vlan77.icore1.LAA-LosAngeles.as6453.net (216.6.85.46)  224.232 ms   
232.287 m                                              s  233.779 ms
 8  las-bb1-pos2-3-3.telia.net (213.248.94.49)  280.720 ms  274.574 ms   
257.230                                               ms
 9  nyk-bb1-link.telia.net (80.91.252.226)  318.744 ms  318.127 ms   
318.268 ms
10  kbn-bb1-pos1-3-0.telia.net (213.248.64.21)  340.139 ms  339.660 ms   
339.716                                               ms
11  oso-b2-link.telia.net (80.91.254.234)  333.682 ms  334.749 ms  333.725  
ms
12  * nextgentel-ic-118934-oso-b3.c.telia.net (80.239.193.94)  338.705 ms   
338.5 ms
13  217-13-1-193.dd.nextgentel.com (217.13.1.193)  349.121 ms  348.724 ms   
348.225 ms
14  213-187-179-197.dd.nextgentel.com (213.187.179.197)  451.616 ms   
399.687 ms  400.194 ms
15  skapet.bsdly.net (213.187.179.198)  363.203 ms  362.121 ms  363.217 ms

I got 2 upstreams, when I start prepending my ASNumber to my one of my  
upstream, I can magically access www.bsdly.net :D, even without  
prepending, in/out to your net is only using 1 upstream. So, it must be  
something on the other side. All my routers are openbsd 4.4-current, armed  
with BGPd and PF enabled. This may got something todo with stateful nature  
of PF, which I'm trying to manage :D
Thanks,
Insan


--
insandotpraja(at)gmaildotcom