Strangest routing issue ever

[w1z4rd]

So I have a server in a datacenter in the states. I ping it. I get 2000ms lag with lost packets. The server comes with 3 IPs (assigned to one network card). So I ping one of the other IPs on the same server and I get normal latency. wtf.

Two different IPs on the same server giving me different results? Never come across this before. Seems to be an IS routing issue as the problem only exists on IS bandwidth.

 

[w1z4rd]

Also, I just did a traceroute... is this normal?

tracert mydomain.co.za

Tracing route to mydomain.co.za [xx.xx.xx.xx]
over a maximum of 30 hops:

1 <1 ms <1 ms <1 ms hyperbasecompany.lan [192.168.1.254]
2 28 ms 28 ms 27 ms dsl-241-24-01.telkomadsl.co.za [41.241.24.1]
3 52 ms 51 ms 51 ms cdsl2-rba-vl2663.ip.isnet.net [196.38.73.25]
4 51 ms 57 ms 53 ms cdsl2-rba-vl150.ip.isnet.net [196.38.73.9]
5 52 ms 52 ms 51 ms core1b-rba-te2-0-0.ip.isnet.net [196.26.0.181]
6 253 ms 251 ms 251 ms mi-za-rba-p6-gi2-0-1-104.ip.isnet.net [168.209.1
64.63]
7 * * 250 ms mi-us-25b-p2-po2-1.ip.isnet.net [168.209.160.213
]
8 * 673 ms 631 ms core1a-dock-gi1-0-17.ip.isnet.net [168.209.164.2
04]
9 575 ms 574 ms 555 ms 168.209.246.1
10 541 ms 549 ms 550 ms ge-2-1-0.mpr1.lhr2.uk.above.net [195.66.224.76]

11 569 ms 551 ms 649 ms ge-4-1-0.mpr1.lhr2.uk.above.net [64.125.27.145]

12 645 ms * 673 ms so-0-1-0.mpr1.dca2.us.above.net [64.125.27.57]
13 656 ms 656 ms * xe-1-3-0.cr1.dca2.us.above.net [64.125.29.21]
14 659 ms 700 ms 667 ms xe-0-2-0.cr1.iah1.us.above.net [64.125.25.114]
15 * 1455 ms * xe-2-1-0.cr1.dfw2.us.above.net [64.125.30.58]
16 710 ms * 701 ms xe-1-1-0.er1.dfw2.us.above.net [64.125.26.210]
17 * 689 ms 691 ms 64.125.199.94.t366.above.net [64.125.199.94]
18 * 699 ms 691 ms te9-1.dsr02.dllstx3.networklayer.com [70.87.253.
22]
19 * * * Request timed out.
20 * * 1484 ms po2.car06.dllstx5.networklayer.com [70.87.254.46

Trace complete.

Why would a IS uncapped account be routing through telkom like that?

 

[ambo]

Why would a IS uncapped account be routing through telkom like that?

That first hop is the ESR which sits inside the Telkom exchange building. Normally it shows up with a different IP. You always go through Telkom for the first hop - normally the ESR just replies with a different IP for each provider but its the same device.

 

[francoislr]

Maybe backup systems due to our internet issues this morning?

 

[francoislr]

tracert mydomain.co.za

Tracing route to mydomain.co.za [196.22.209.19]
over a maximum of 30 hops:

1 1 ms 1 ms 1 ms 192.168.0.254
2 22 ms 21 ms 22 ms 196.22.242.33-bidsl.net [196.22.242.33]
3 47 ms 47 ms 45 ms 196.6.121.50-backbone.cybersmart.co.za [196.6.12
1.50]
4 54 ms 45 ms 52 ms 196.6.121.114-backbone.cybersmart.co.za [196.6.1
21.114]
5 46 ms 50 ms 47 ms ct1.cybersmart.co.za [196.41.124.1]
6 49 ms 47 ms 48 ms vox.cinx.net.za [198.32.214.21]
7 92 ms 68 ms 66 ms 41.193.32.150
8 71 ms 68 ms 68 ms 41.193.32.17
9 67 ms 68 ms 74 ms tugela.megaweb.co.za [196.22.209.86]
10 70 ms 79 ms 70 ms molopo.megapanel.co.za [196.22.209.19]

Trace complete.

Just for interest sake. 384 adsl via Cybersmart.

 

[Peon]

Use visualroute to get a better picture. I wouldnt be surprised if it the peering link thats congested or got pms issues. That 196.x.x.x -> 168.x.x.x I dont like and reckon that link is probably going under maintenance. Notice cyberclever doesnt go through that link.

 

[Tinuva]

Notice cyberclever doesnt go through that link.

Notice how the cybersmart and IS are 2 completely different traceroutes. The guy doing a IS traceroute thought he was clever to hide the IP and domain name he is tracing (stupidest idea ever) and the guy doing the cybersmart traceroute didn't even notice that and just did a traceroute to "mydomain.co.za"...

 

[Peon]

Notice how the cybersmart and IS are 2 completely different traceroutes. The guy doing a IS traceroute thought he was clever to hide the IP and domain name he is tracing (stupidest idea ever) and the guy doing the cybersmart traceroute didn't even notice that and just did a traceroute to "mydomain.co.za"...

Stressed? No sex? 2 different ISP's or backbones, just making a suggestion.

 

[w1z4rd]

The guy doing a IS traceroute thought he was clever to hide the IP and domain name he is tracing (stupidest idea ever)

Er.. not really, I didnt want to share that information. Thought you would be smart enough to pick that up.

Its a pretty important server and I want to keep its IP obscure. The only part I was querying in the traceroute, was the telkom hope (you know, the bolded bit), everything out was irrelevant and I nerfed it (took out the last couple of hops and hid the domain and IP).

 

[Tinuva]

Asking for troubleshooting help without giving details is needless to say very counter productive.

You must be really stupid if you thought I didn't pick up you want to hide it, however I have bad news for you, whether you list it's ip here or not, its not anymore safe, there are trillions of bots out there on the internet scanning all ips 24/7 for security holes. If you are really serious about keeping it safe, you would focus more on security on the server itself on multiple levels (firewall, up to date patches, intrusion detection and locking out ect) instead of hiding the ip in a post you ask for troubleshooting help.

In the end, your question got answered I guess, however no1 can really help you further with the 2000ms latency except for speculating.

As for the Telkom IP showing up, I am very aware of that, its normal on IS accounts, I believe unlike the default half-duplex mpls vpn setup most ISPs use on their IPC connections through Telkom, they make use of some other method, ie. it uses the default IP Telkom has on the BRAS interface, and that is why it is showing up.

 

[SilverNodashi]

Er.. not really, I didnt want to share that information. Thought you would be smart enough to pick that up.

Its a pretty important server and I want to keep its IP obscure.
.

then you should disconnect the server, pour cement over it and dump it in the sea.

Since it's already live on the internet there's no point in "hiding" the IP. Everyone can find out what Standard Bank, of FNB's IP's are. What makes yours so special ?




Getting back to the routing issue. It sounds like it could be a fire-walling problem, either on the server or with the host which does something strange on your IP.


A tracert to that IP from my PC looks fine though:

traceroute to 70.87.254.46 (70.87.254.46), 64 hops max, 52 byte packets
1 dsldevice.lan (192.168.2.253) 58.511 ms 92.703 ms 99.994 ms
2 196-210-136-1.dynamic.isadsl.co.za (196.210.136.1) 8.946 ms 10.036 ms 8.8 30 ms
3 cdsl1-rba-vl2253.ip.isnet.net (196.38.73.181) 10.615 ms 11.576 ms 10.673 ms
4 cdsl1-rba-vl150.ip.isnet.net (196.38.73.17) 11.155 ms 11.602 ms 10.743 ms
5 core2b-pkl-te0-0-0-0.ip.isnet.net (196.26.0.63) 13.519 ms 15.155 ms 11.58 8 ms
6 168.209.201.73 (168.209.201.73) 184.521 ms 180.884 ms *
7 168.209.246.1 (168.209.246.1) 184.363 ms 186.058 ms 182.521 ms
8 ge-2-1-0.mpr1.lhr2.uk.above.net (195.66.224.76) 180.127 ms 180.616 ms 181.221 ms
9 ge-2-1-0.mpr1.lhr2.uk.above.net (64.125.28.141) 181.724 ms 191.796 ms 181.231 ms
10 so-1-1-0.mpr1.dca2.us.above.net (64.125.31.186) 286.073 ms 294.320 ms 286.968 ms
11 xe-1-3-0.cr1.dca2.us.above.net (64.125.29.21) 301.133 ms 302.565 ms 300.721 ms
12 * * xe-0-2-0.cr1.iah1.us.above.net (64.125.25.114) 318.192 ms
13 xe-1-2-0.cr1.dfw2.us.above.net (64.125.26.129) 332.276 ms 330.811 ms 345.473 ms
14 xe-1-1-0.er1.dfw2.us.above.net (64.125.26.210) 317.499 ms 318.107 ms 343.919 ms
15 64.125.199.94.t366.above.net (64.125.199.94) 332.555 ms 333.342 ms 343.867 ms
16 te7-1.dsr02.dllstx3.networklayer.com (70.87.253.18) 332.305 ms
te3-5.dsr02.dllstx3.networklayer.com (70.87.253.90) 318.096 ms 318.538 ms
17 po32.dsr02.dllstx5.networklayer.com (70.85.127.110) 332.532 ms 333.175 ms 332.995 ms
18 po2.car06.dllstx5.networklayer.com (70.87.254.46) 330.953 ms * 331.673 ms