Re: Azure Looking Glass
I think we found the issue. Looks like a pmtu issue with our upstream provider and their connection to the microsoft fabric. Working with them now. Thank you everyone for helping. Some reached me off list to help. John On Fri, Jun 28, 2024 at 10:31 PM Lincoln Dale wrote: > Presumably nothing stops you spinning up an instance in Azure and doing > pings/traceroutes yourself. > But perhaps you could be doing this from your own IPs towards . > > Have you configured your end in a manner that doesn't do MTU 1500 or that > relies on PMTUD to function? > If yes, well perhaps start there... you're not on a solid foundation. > > > On Sat, Jun 29, 2024 at 7:46 AM John Alcock wrote: > >> I have gotten pretty close to figuring out my issue with the Azure >> Cloud. When I advertise my routes through one specific upstream provider, >> I have an issue. If I pull my routes from them, all works well. >> >> I believe this is some type of MTU issue. Could be filtering, but I >> doubt it. >> >> Is there an Azure Looking glass that I can use to originate pings and >> traceroutes? My googlefu is weak and I haven't found it yet. >> >> With that information, I think I can help my upstream provider know where >> the problem lies. >> >> John Acock >> AS395437 >> >
Azure Looking Glass
I have gotten pretty close to figuring out my issue with the Azure Cloud. When I advertise my routes through one specific upstream provider, I have an issue. If I pull my routes from them, all works well. I believe this is some type of MTU issue. Could be filtering, but I doubt it. Is there an Azure Looking glass that I can use to originate pings and traceroutes? My googlefu is weak and I haven't found it yet. With that information, I think I can help my upstream provider know where the problem lies. John Acock AS395437
Azure Contact
Morning, I have an odd problem. Sometime in the past 12 hours, certain ip blocks in my range can no longer access sites hosted on Azure Cloud. Not all of my blocks, but some of them. What is better is that I can traceroute and ping.. So, I am suspecting some type of filter? Is there an Azure person lurking around that can contact me off list? John Alcock Network Engineer - Highland Telephone AS395437
The great Netflix vpn debacle!
Well, It happened. I have multiple subscribers calling in. They can not access Netflix. Any contacts on list for Netflix that I can use to get my up blocks whitelisted? John
Contact for Greendot
One of my ip blocks is being blocked. Is there someone from greendot lurking on the list? Feel free to contact me offlist. John
Re: Arin taking down raking
Damn autocorrect. Rpki not raking. On Thu, Jun 3, 2021 at 3:29 PM John Alcock wrote: > This looks special? > > > https://www.bleepingcomputer.com/news/security/arin-will-take-down-its-rpki-for-30-minutes-to-test-your-bgp-routes/ >
Arin taking down raking
This looks special? https://www.bleepingcomputer.com/news/security/arin-will-take-down-its-rpki-for-30-minutes-to-test-your-bgp-routes/
ADT Security
Anyone from the ADT Security system on list? None of my subscribers on my new IP Space can use the ADT Security system. Contact me off the list.. j...@alcock.org AS395437
Re: CGNAT Solutions
Thank you everyone for the suggestions. To clarify small ISP. 12K subscribers 35 Gigs traffic at peak. Growing about 500 megs per month traffic. John On Tue, Apr 28, 2020 at 3:12 PM John Alcock wrote: > Afternoon, > > I run a small ISP in Tennessee. COVID has forced a lot of people to work > from home. I am starting to run low on IP's and need to consider CGNAT. > > I do have IPV6 space, but we all know that until we force everyone to move > to IPV6, we need to keep IPV4 up and running. > > I could buy more space, but I am really wondering if that is the > best option. It is expensive. I know CGNAT devices are expensive as well, > but it looks like I could stretch it out a bit. > > My thinking is to convert about 50% of my subscribers to CGNAT. > > I am interested in vendors or devices you have used in the past. I > already know about the pitfalls many of my subscribers will have with CGNAT > such as VPN's, Gamers, etc. > > What are your thoughts on CGNAT vendors? > > A10Networks > F5Networks > Others? >
CGNAT Solutions
Afternoon, I run a small ISP in Tennessee. COVID has forced a lot of people to work from home. I am starting to run low on IP's and need to consider CGNAT. I do have IPV6 space, but we all know that until we force everyone to move to IPV6, we need to keep IPV4 up and running. I could buy more space, but I am really wondering if that is the best option. It is expensive. I know CGNAT devices are expensive as well, but it looks like I could stretch it out a bit. My thinking is to convert about 50% of my subscribers to CGNAT. I am interested in vendors or devices you have used in the past. I already know about the pitfalls many of my subscribers will have with CGNAT such as VPN's, Gamers, etc. What are your thoughts on CGNAT vendors? A10Networks F5Networks Others?
Netflix Open Connect
I figure Netflix is busy just like every other company during the pandemic. I sent a request several weeks ago for Netflix OCA. I have not heard anything. Anyone from Netflix contact me off list? I am in charge of AS395437 John
Re: Purchasing IPv4 space - due diligence homework
Well, I did all three above and still had issues. I am still having issues. I had to contact many people to get off of various blacklists, etc. These are lists that are not publish and you will not know until you start using the space. Luckily, I have had great help from the list here in getting support and in some cases back-channel support. The hard part is getting a hold of the right people. For example: Softlayer/IBM was initially blocking my ip space. But, it was not really them. It was NTT on behalf of Softlayer. The request has to come from Softlayer. That has been resolved. I honestly do not even know who to thank. I am currently fighting the same issue with playstation.com. Akami is blocking access on behalf of Sony. The request has to come from Sony. After many emails with abuse@playstation, I am making headway. Problem is not solved yet, but I believe they are making headway. Luckly Akami open a ticket and told me what to tell the Sony NOC. Right now, I am fighting some odd ball blocks. Several mobile banking sites. There is not even a support number. I am having to try and use the NOC/Abuse contacts via ARIN first and not having any luck. Try calling a bank and telling them that your are a network engineer and can not access their sites. That goes downhill pretty quick. If you can get past the first line of tech support it is a challenge. "Have you cleared your cookies? You need to call your ISP", then you get a 2nd line person who basically blows you off. Here is the thing. You will have problems. Just be prepared to make lots of phone calls and send lots of emails. Once you get to the right person, things can get a moving. John On Wed, Apr 3, 2019 at 11:20 AM Torres, Matt via NANOG wrote: > All, > > Side stepping a migration to IPv6 debate…. I’d like to hear advise from > the group about performing due diligence research on an IPv4 block before > purchasing it on the secondary market (on behalf of an end-user company). > My research has branched into two questions: a) What ‘checks’ should I > perform?, and b) what results from those checks should cause us to walk > away? > > > > My current list is: > >1. Check BGP looking glass for route. It should not show up in the >Internet routing table. If it does, walk away. >2. Check the ARIN registry. The longer history without recent >transfers or changes is better. I don’t know what explicit results should >cause me to walk away here. >3. Check SORBS blacklisting. It should not show up except maybe the >DUHL list(?). If it does, walk away. > > > > Anything else? Advise? > > Thanks, > > Matt > > >
Re: Contact information requested - Sony/Playstation
Awesome, thanks! On Mon, Apr 1, 2019 at 3:48 PM Simon Lockhart wrote: > On Mon Apr 01, 2019 at 03:36:34pm -0400, John Alcock wrote: > > More problems with my new IP Block. Any contacts on the list for > > Sony/PlayStation Network. My new IP Block 138.43.128.0/18 can not > access. > > snei-noc-ab...@am.sony.com are the right people, and generally responsive. > > Simon >
Contact information requested - Sony/Playstation
Ahh... More problems with my new IP Block. Any contacts on the list for Sony/PlayStation Network. My new IP Block 138.43.128.0/18 can not access. John
Re: FW: softlayer.com
0.0 0.0 > > > > aveline@sea04-sl01:~$ mtr 138.43.128.1 --report-wide > > Start: Fri Mar 22 08:19:09 2019 > > HOST: sea04-sl01Loss% Snt Last Avg > Best Wrst StDev > > 1.|-- [REDACTED] 0.0%100.7 > 1.2 0.7 1.8 0.0 > > 2.|-- ae12.dar02.sr01.sea01.networklayer.com 0.0%100.6 > 0.7 0.5 1.3 0.0 > > 3.|-- ae9.bbr01.wb01.sea02.networklayer.com 0.0%101.2 > 1.0 0.7 1.5 0.0 > > 4.|-- six.seattle-wa.us.windstream.net 0.0%101.5 > 1.0 0.7 1.7 0.0 > > 5.|-- ae12-0.cr01.chcg01-il.us.windstream.net0.0%10 41.1 > 41.2 41.0 41.6 0.0 > > 6.|-- ae17-0.cr02.chcg01-il.us.windstream.net0.0%10 41.1 > 41.4 41.1 42.0 0.0 > > 7.|-- ae10-0.cr01.atln02-ga.us.windstream.net0.0%10 63.8 > 64.4 63.5 71.1 2.3 > > 8.|-- ae0-0.pe06.atln02-ga.us.windstream.net 0.0%10 63.7 > 63.7 63.5 64.0 0.0 > > 9.|-- h43.88.198.64.static.ip.windstream.net 0.0%10 71.6 > 71.8 71.5 72.8 0.0 > > 10.|-- east.tndodge-21.static.tncsvl.blomand.net 0.0%10 71.8 > 70.8 70.2 71.8 0.3 > > 11.|-- ??? 100.0100.0 > 0.0 0.0 0.0 0.0 > > > > > > Regards, > > Siyuan Miao > > > > > > On Fri, Mar 22, 2019 at 10:10 PM Nikolas Geyer wrote: > > This is the best approach. Have run into this problem a few times and had > zero success getting the filters removed without having SL customers log > tickets with support. Verbiage needs to be “this prefix is blocked, please > escalate to your backbone team”. > > > > Sent from my iPhone > > > On Mar 22, 2019, at 9:56 AM, Forrest Christian (List Account) < > li...@packetflux.com> wrote: > > Another idea... > > > > Have you tried reaching out to some of the blocked sites? They likely > have better contact information than is available publicly, especially a > larger one like indeed. > > > > On Thu, Mar 21, 2019, 3:41 PM John Alcock wrote: > > Still looking for anyone from softlayer.com > > > > It has been a challenge. Anything hosted by softlayer.com is being > blocked. > > > > Here is a small list so far > > > > windowbook.tpondemand.com > ahainstructornetwork.americanheart.org > clover.com > Cebroker.com > Softlayer.com > indeed.com & Enforce Staffing > > > > It is growing every day. > > > > John > > > > On Wed, Mar 20, 2019 at 12:35 PM John Alcock wrote: > > Afternoon, > > > > Thought I would start a new thread. After researching, traceroutes, etc, > I think I found my problem. > > > > 9 out of the 10 sites that subscribers on my new block is being hosted by > softlayer. > > > > Anyone on the list have contacts with softlayer. Right now I have an > email to abuse. The support line will not help me out. > > > > John > >
Re: softlayer.com
Still looking for anyone from softlayer.com It has been a challenge. Anything hosted by softlayer.com is being blocked. Here is a small list so far windowbook.tpondemand.com ahainstructornetwork.americanheart.org clover.com Cebroker.com Softlayer.com indeed.com & Enforce Staffing It is growing every day. John On Wed, Mar 20, 2019 at 12:35 PM John Alcock wrote: > Afternoon, > > Thought I would start a new thread. After researching, traceroutes, etc, > I think I found my problem. > > 9 out of the 10 sites that subscribers on my new block is being hosted by > softlayer. > > Anyone on the list have contacts with softlayer. Right now I have an > email to abuse. The support line will not help me out. > > John >
softlayer.com
Afternoon, Thought I would start a new thread. After researching, traceroutes, etc, I think I found my problem. 9 out of the 10 sites that subscribers on my new block is being hosted by softlayer. Anyone on the list have contacts with softlayer. Right now I have an email to abuse. The support line will not help me out. John
Re: Help on setting up a new block
I found an interesting pattern. I see a lot of traffic stopping at softlayer.com. Big datacenter? Could they be doing some blocking? John On Wed, Mar 20, 2019 at 10:31 AM Filip Hruska wrote: > I would start with basic stuff first. > > Traceroutes to check if/where the packets are being dropped. If the path > is clear, then it's probably a HTTP level block, in which case figure out > if these companies share the same CDN/web protection solution/hoster. If > that's the case, contact them directly. > > Regards, > Filip Hruska > > On 20 March 2019 3:02:13 pm GMT+01:00, John Alcock > wrote: >> >> Odd Issues >> >> We recently went through an IP Broker and bought a /18 worth of IP's >> >> I am listing all my information below. Should be public record. >> >> AS Number/Range 395437 >> AS Handle AS395437 >> AS Name HIGHLANDTEL >> RPKI Certified Yes >> >> As for the IP Block >> >> Net Range 138.43.128.0 - 138.43.191.255 >> CIDR 138.43.128.0/18 >> Net Name HCL-73 >> Net Handle NET-138-43-128-0-1 >> Net Type Direct Allocation >> Parent NET-138-0-0-0-0 (VR-ARIN) >> RPKI Certified Yes >> >> In addition, I believe I got all the information in the IRR. I am >> unclear on this part, but I do know ATT is happy now. I can pass traffic >> through their network. >> >> whois -h whois.bgpmon.net " --roa 395437 138.43.128.0/24" >> >> 0 - Valid >> >> ROA Details >> >> Origin ASN: AS395437 >> Not valid Before: 2019-02-13 05:00:00 >> Not valid After: 2029-02-01 05:00:00 Expires in >> 9y318d10h46m2.3997615814s >> Trust Anchor: rpki.arin.net >> Prefixes: 138.43.128.0/18 (max length /24) >> >> >> So here is my problem. There are certain sites I can not get to on the >> new ip block. >> >> clover.com - They are a large POS vendor catering to small business >> idrive.com - Online backup >> heart.org - american heart association >> onlineproviderservices.com - Looks like an outsourced group that handles >> medicare >> landstar.com - trucking company >> >> I am working on trying to contact the companies above, but I have started >> resorting to public shaming on social media. Not an ideal solution. >> >> My thought, could I be missing something? Perhaps I need to add a >> specfic entry in the IRR or anything? Just seems like a lot of sites will >> not accept my traffic. >> >> Any experts like to chime in? >> >> John >> > > -- > Sent from my Android device with K-9 Mail. Please excuse my brevity. >
Help on setting up a new block
Odd Issues We recently went through an IP Broker and bought a /18 worth of IP's I am listing all my information below. Should be public record. AS Number/Range 395437 AS Handle AS395437 AS Name HIGHLANDTEL RPKI Certified Yes As for the IP Block Net Range 138.43.128.0 - 138.43.191.255 CIDR 138.43.128.0/18 Net Name HCL-73 Net Handle NET-138-43-128-0-1 Net Type Direct Allocation Parent NET-138-0-0-0-0 (VR-ARIN) RPKI Certified Yes In addition, I believe I got all the information in the IRR. I am unclear on this part, but I do know ATT is happy now. I can pass traffic through their network. whois -h whois.bgpmon.net " --roa 395437 138.43.128.0/24" 0 - Valid ROA Details Origin ASN: AS395437 Not valid Before: 2019-02-13 05:00:00 Not valid After: 2029-02-01 05:00:00 Expires in 9y318d10h46m2.3997615814s Trust Anchor: rpki.arin.net Prefixes: 138.43.128.0/18 (max length /24) So here is my problem. There are certain sites I can not get to on the new ip block. clover.com - They are a large POS vendor catering to small business idrive.com - Online backup heart.org - american heart association onlineproviderservices.com - Looks like an outsourced group that handles medicare landstar.com - trucking company I am working on trying to contact the companies above, but I have started resorting to public shaming on social media. Not an ideal solution. My thought, could I be missing something? Perhaps I need to add a specfic entry in the IRR or anything? Just seems like a lot of sites will not accept my traffic. Any experts like to chime in? John
HULU NOC
Afternoon, I have searched the forums and have had no luck. We have just received a new block of ip's. None of my subscribers can get to Hulu. I have started updating all the major GeoIP Databases. I figure I need to get Hulu to update their database. Of course calling regular support is useless Anyone have a contact? John Alcock j...@alcock.org Network Engineer Highland Communications