Web Squad ISP

Seeyou

Expert Member
Joined
May 1, 2007
Messages
2,705
Still having critical sites blocked due to the DDOS protection I'm apparently triggering with 30 connections to NNTP servers I guess.

Not sure why this suddenly started happening, hoping support can shed some light on this.

Had the same issues with NNTP and Octotel's packet loss and the upstream DDoS protection when I was on 1gbps. Couldn't get decent throughput with a low number of connections, and couldn't throw enough connections at it to increase throughput beyond about 30-35MB/sec without triggering the packets/sec DDoS protections.

I know WS is experimenting with a TCP accelerator which seems to help quite a bit, but it seems to be off currently from what I can tell.
 

DrJohnZoidberg

Honorary Master
Joined
Jul 24, 2006
Messages
23,995
Had the same issues with NNTP and Octotel's packet loss and the upstream DDoS protection when I was on 1gbps. Couldn't get decent throughput with a low number of connections, and couldn't throw enough connections at it to increase throughput beyond about 30-35MB/sec without triggering the packets/sec DDoS protections.

I know WS is experimenting with a TCP accelerator which seems to help quite a bit, but it seems to be off currently from what I can tell.
I remember you (or someone else) mentioning this however I've never had this issue before, it only started this week.

I was happily getting ~70MB/sec with 50 + 50 connections to two different servers. Now I cannot even set the connections to 15 + 15 without it triggering and breaking my internet for 5 to 15 minutes at a time (and once it never even recovered and had to restart the PPPoE connection).

I have a pending cancellation that I was hoping to avoid, everything seemed to be going so well until this week but now I'm not sure if I should just try my luck elsewhere :(
 

Seeyou

Expert Member
Joined
May 1, 2007
Messages
2,705
I remember you (or someone else) mentioning this however I've never had this issue before, it only started this week.

I was happily getting ~70MB/sec with 50 + 50 connections to two different servers. Now I cannot even set the connections to 15 + 15 without it triggering and breaking my internet for 5 to 15 minutes at a time (and once it never even recovered and had to restart the PPPoE connection).

I have a pending cancellation that I was hoping to avoid, everything seemed to be going so well until this week but now I'm not sure if I should just try my luck elsewhere :(

AFAIK only one of the upstreams has this DDoS protection in place. I wonder if you / your news provider were taking a different route before, and are now going over that one for whatever reason. Only @websquadza would be able to shed light on it, I guess.
 

websquadza

WebSquad
Company Rep
Joined
Mar 26, 2018
Messages
3,322
Ah, I'm with Vumatel (and from what I hear they definitely don't like working weekends ;)).

I'll hear if Vox is able to release my line on the 27/28th. What's the best way of reaching out to your team? sending a mail to support[at]websquad?
Looks like I missed this. Not at all- so anything you can do to move that release up will be great.

With regards to support- the best is via the support email or portal. Once your line is released as well.
 

websquadza

WebSquad
Company Rep
Joined
Mar 26, 2018
Messages
3,322
DNS and IPv6.

@websquadza this is a bit of an offbeat question. Until the day before yesterday I had a local PiHole for DNS to kill all the crap that come through the interwebz on my local network. But, then I spilled a cup of coffee on my desk and killed the PiHole (am an eedjut).

A new piHole will come along in due course, but in the meanwhile I have resorted to NextDNS using IPv6 (which I enabled on my router today).

So, IPv6 appears to work on your service over Octotel, but when it comes to DNS, with the router configured to use my NextDNS supplied IPv6 DNS Server endpoints, my local devices still seem to swap between your supplied IPv4 DNS servers, and the NextDNS IPv6 servers arbitrarily. This may be a fallback problem on the router itself, dunno yet.

I will do some more work on this when I have some time, and most of the time the router configured IPv6 DNS appear to be used on all devices locally. There may also be DNS cache issues.

Next step this side will be to disable IPv4 on the router (TP-Link Archer VR300) altogether to see what happens, but that won't happen today and some of the devices on my network are unlikely to like that very much.

For other folks who might be interested, the free default configuration from NextDNS is fairly comprehensive, but not as good as what comes out of the PiHole software by default.

Not a biggie, just thought I would ask for your thoughts...?

This is an odd one- DNS is generally handled within your OS and network stack, and with dual stack setups, the default behaviour is to query v6 (if it’s available) and fall back to IPv4. I also haven’t had a chance to play with NextDNS.

It sounds to me that IPv6 DNS lookups to your NextDNS may be timing out, or taking too long perhaps? I’d have to dig a little- but I’m sure there’s some sort of timeout functionality to make dual stack requests (switching from v6 to v4) seamless. Have you checked what you’re receiving via the IP6 RA advertisements to ensure its only the NextDNS server? Also, where’s your NextDNS hosted?
 

websquadza

WebSquad
Company Rep
Joined
Mar 26, 2018
Messages
3,322
AFAIK only one of the upstreams has this DDoS protection in place. I wonder if you / your news provider were taking a different route before, and are now going over that one for whatever reason. Only @websquadza would be able to shed light on it, I guess.

We’ve asked the upstream to look at these filters again and advise; but I think the theory that inbound routing has changed for this service may have something to do with this.
 

Gimli_

Senior Member
Joined
Feb 8, 2005
Messages
945
This is an odd one- DNS is generally handled within your OS and network stack, and with dual stack setups, the default behaviour is to query v6 (if it’s available) and fall back to IPv4. I also haven’t had a chance to play with NextDNS.

It sounds to me that IPv6 DNS lookups to your NextDNS may be timing out, or taking too long perhaps? I’d have to dig a little- but I’m sure there’s some sort of timeout functionality to make dual stack requests (switching from v6 to v4) seamless. Have you checked what you’re receiving via the IP6 RA advertisements to ensure its only the NextDNS server? Also, where’s your NextDNS hosted?
Interesting topic. I found an article where APNIC research found that there is in fact a bias in Dns to use IPv4 queries instead of IPv6. There is no 'happy eyeballs' implementation in Dns as there is in the browser. I checked my DLink DIR-825, and even though it is configured with the Websquad supplied dns servers (v4 and v6} it always uses the IPv4 query, never IPv6.
 

Gimli_

Senior Member
Joined
Feb 8, 2005
Messages
945
Interesting topic. I found an article where APNIC research found that there is in fact a bias in Dns to use IPv4 queries instead of IPv6. There is no 'happy eyeballs' implementation in Dns as there is in the browser. I checked my DLink DIR-825, and even though it is configured with the Websquad supplied dns servers (v4 and v6} it always uses the IPv4 query, never IPv6.
Just for reference, here is that article
 

Leno

Expert Member
Joined
May 15, 2005
Messages
2,354
Interesting topic. I found an article where APNIC research found that there is in fact a bias in Dns to use IPv4 queries instead of IPv6. There is no 'happy eyeballs' implementation in Dns as there is in the browser. I checked my DLink DIR-825, and even though it is configured with the Websquad supplied dns servers (v4 and v6} it always uses the IPv4 query, never IPv6.
Depends if you router implements primary and secondary dns, or round robin dns with the supplied forwarders

My Mikrotik shares the queries evenly between the v4 and v6 dns servers I have if I look at connection tracking
 

Gimli_

Senior Member
Joined
Feb 8, 2005
Messages
945
Depends if you router implements primary and secondary dns, or round robin dns with the supplied forwarders

My Mikrotik shares the queries evenly between the v4 and v6 dns servers I have if I look at connection tracking
It has primary and secondary for both IPv4 and IPv6. Yet, never queries with IPv6.
 

IdlePhaedrus

Expert Member
Joined
Jan 31, 2005
Messages
1,582
This is an odd one- DNS is generally handled within your OS and network stack, and with dual stack setups, the default behaviour is to query v6 (if it’s available) and fall back to IPv4. I also haven’t had a chance to play with NextDNS.

It sounds to me that IPv6 DNS lookups to your NextDNS may be timing out, or taking too long perhaps? I’d have to dig a little- but I’m sure there’s some sort of timeout functionality to make dual stack requests (switching from v6 to v4) seamless. Have you checked what you’re receiving via the IP6 RA advertisements to ensure its only the NextDNS server? Also, where’s your NextDNS hosted?
Thanks for the response, and apologies for the late response. I haven't had a chance to look into it any deeper, but suspect your analysis is largely correct.

Am not overly concerned, will live with it until I can get a new PiHole in place. Also not sure where the NextDNS DNS server(s) is(are) located. I don't see a place to set that in the profile settings, just storage location.

Also, I am pretty sure there is a bug with my router firmware as it appears to forget the IPV6 DNS server settings in its setup.

As mentioned, left of centre observation. No biggie.
 

SpiderGear

Senior Member
Joined
Mar 8, 2010
Messages
574
Apologies for the delay here. Had a chat to the team today. They have been monitoring your traffic patterns over the last week and a half since we implemented the restriction and will revert after 14 days from the initial implementation, so on Monday.
 

SpiderGear

Senior Member
Joined
Mar 8, 2010
Messages
574
Apologies for the delay here. Had a chat to the team today. They have been monitoring your traffic patterns over the last week and a half since we implemented the restriction and will revert after 14 days from the initial implementation, so on Monday.
Restriction still in effect. Please can you see why it has not been lifted?
 

Tokolosk

Well-Known Member
Joined
Aug 26, 2016
Messages
306
Anyone else in Cape Town Vumatel having high latency to the US:


Code:
|------------------------------------------------------------------------------------------|
|                                      WinMTR statistics                                   |
|                       Host              -   %  | Sent | Recv | Best | Avrg | Wrst | Last |
|------------------------------------------------|------|------|------|------|------|------|
|                             dlinkrouter -    0 |   92 |   92 |    0 |    0 |   23 |    0 |
|          as-vuma.cp-gwf-03.za.ws.net.za -    2 |   88 |   87 |    0 |    4 |   22 |    2 |
|                         160.119.233.132 -    2 |   88 |   87 |    0 |    5 |   27 |    3 |
|             core.as-01.cp1.za.ws.net.za -    2 |   88 |   87 |    0 |    1 |    8 |    1 |
|                            100.99.197.1 -    0 |   92 |   92 |    1 |    1 |   24 |    1 |
|           165-69-148-197.as37497.za.net -    2 |   88 |   87 |    0 |    1 |   10 |    1 |
|             1-71-148-197.as37497.za.net -    2 |   88 |   87 |    0 |   17 |   25 |   16 |
|     41-79-249-245.static.pccwglobal.net -    2 |   88 |   87 |    0 |   18 |   27 |   17 |
|                            63.218.151.2 -   11 |   65 |   58 |    0 |  162 |  169 |  163 |
|   be2436.ccr21.lon02.atlas.cogentco.com -   18 |   56 |   46 |    0 |  163 |  167 |  163 |
|   be2572.ccr41.lon13.atlas.cogentco.com -   25 |   48 |   36 |    0 |  163 |  194 |  163 |
|   be2099.ccr31.bos01.atlas.cogentco.com -   11 |   65 |   58 |    0 |  225 |  229 |  225 |
|   be3599.ccr21.alb02.atlas.cogentco.com -   14 |   61 |   53 |    0 |  228 |  238 |  229 |
|   be2878.ccr21.cle04.atlas.cogentco.com -   19 |   53 |   43 |    0 |  240 |  244 |  240 |
|   be2717.ccr41.ord01.atlas.cogentco.com -   11 |   65 |   58 |    0 |  246 |  253 |  246 |
|   be2765.ccr41.ord03.atlas.cogentco.com -   15 |   60 |   51 |    0 |  246 |  256 |  247 |
|                             169.254.0.6 -   19 |   53 |   43 |    0 |  246 |  253 |  246 |
|                           10.255.18.217 -   11 |   65 |   58 |    0 |  246 |  250 |  246 |
|                           10.255.18.155 -    9 |   69 |   63 |    0 |  246 |  259 |  246 |
|                           10.255.18.171 -   11 |   65 |   58 |    0 |  246 |  263 |  246 |
|                  drc-sl-a141.fe.core.pw -   22 |   52 |   41 |    0 |  246 |  253 |  246 |
|________________________________________________|______|______|______|______|______|______|
   WinMTR v0.92 GPL V2 by Appnor MSP - Fully Managed Hosting & Cloud Provider
 

Seeyou

Expert Member
Joined
May 1, 2007
Messages
2,705
Anyone else in Cape Town Vumatel having high latency to the US:


Code:
|------------------------------------------------------------------------------------------|
|                                      WinMTR statistics                                   |
|                       Host              -   %  | Sent | Recv | Best | Avrg | Wrst | Last |
|------------------------------------------------|------|------|------|------|------|------|
|                             dlinkrouter -    0 |   92 |   92 |    0 |    0 |   23 |    0 |
|          as-vuma.cp-gwf-03.za.ws.net.za -    2 |   88 |   87 |    0 |    4 |   22 |    2 |
|                         160.119.233.132 -    2 |   88 |   87 |    0 |    5 |   27 |    3 |
|             core.as-01.cp1.za.ws.net.za -    2 |   88 |   87 |    0 |    1 |    8 |    1 |
|                            100.99.197.1 -    0 |   92 |   92 |    1 |    1 |   24 |    1 |
|           165-69-148-197.as37497.za.net -    2 |   88 |   87 |    0 |    1 |   10 |    1 |
|             1-71-148-197.as37497.za.net -    2 |   88 |   87 |    0 |   17 |   25 |   16 |
|     41-79-249-245.static.pccwglobal.net -    2 |   88 |   87 |    0 |   18 |   27 |   17 |
|                            63.218.151.2 -   11 |   65 |   58 |    0 |  162 |  169 |  163 |
|   be2436.ccr21.lon02.atlas.cogentco.com -   18 |   56 |   46 |    0 |  163 |  167 |  163 |
|   be2572.ccr41.lon13.atlas.cogentco.com -   25 |   48 |   36 |    0 |  163 |  194 |  163 |
|   be2099.ccr31.bos01.atlas.cogentco.com -   11 |   65 |   58 |    0 |  225 |  229 |  225 |
|   be3599.ccr21.alb02.atlas.cogentco.com -   14 |   61 |   53 |    0 |  228 |  238 |  229 |
|   be2878.ccr21.cle04.atlas.cogentco.com -   19 |   53 |   43 |    0 |  240 |  244 |  240 |
|   be2717.ccr41.ord01.atlas.cogentco.com -   11 |   65 |   58 |    0 |  246 |  253 |  246 |
|   be2765.ccr41.ord03.atlas.cogentco.com -   15 |   60 |   51 |    0 |  246 |  256 |  247 |
|                             169.254.0.6 -   19 |   53 |   43 |    0 |  246 |  253 |  246 |
|                           10.255.18.217 -   11 |   65 |   58 |    0 |  246 |  250 |  246 |
|                           10.255.18.155 -    9 |   69 |   63 |    0 |  246 |  259 |  246 |
|                           10.255.18.171 -   11 |   65 |   58 |    0 |  246 |  263 |  246 |
|                  drc-sl-a141.fe.core.pw -   22 |   52 |   41 |    0 |  246 |  253 |  246 |
|________________________________________________|______|______|______|______|______|______|
   WinMTR v0.92 GPL V2 by Appnor MSP - Fully Managed Hosting & Cloud Provider

Getting same thing on Octotel. It's going through Cogent, which means through JHB first. Not sure if this is normal as I hardly ever trace to USA:

Code:
|------------------------------------------------------------------------------------------|
|                                      WinMTR statistics                                   |
|                       Host              -   %  | Sent | Recv | Best | Avrg | Wrst | Last |
|------------------------------------------------|------|------|------|------|------|------|
|                             192.168.1.1 -    0 |   15 |   15 |    0 |    0 |    0 |    0 |
|             core.as-01.cp1.za.ws.net.za -    0 |   15 |   15 |    0 |    0 |    1 |    0 |
|                            100.99.197.1 -    0 |   15 |   15 |    0 |    0 |    1 |    1 |
|           165-69-148-197.as37497.za.net -    0 |   15 |   15 |    0 |    0 |    1 |    1 |
|             1-71-148-197.as37497.za.net -    0 |   15 |   15 |   16 |   16 |   17 |   16 |
|     41-79-249-245.static.pccwglobal.net -    0 |   15 |   15 |   17 |   17 |   18 |   17 |
|                            63.218.151.2 -    0 |   15 |   15 |  162 |  162 |  163 |  163 |
|   be2436.ccr21.lon02.atlas.cogentco.com -    0 |   15 |   15 |  162 |  163 |  164 |  163 |
|   be2572.ccr41.lon13.atlas.cogentco.com -    0 |   15 |   15 |  162 |  162 |  163 |  163 |
|   be2099.ccr31.bos01.atlas.cogentco.com -    0 |   15 |   15 |  225 |  225 |  226 |  225 |
|   be3599.ccr21.alb02.atlas.cogentco.com -    0 |   15 |   15 |  228 |  228 |  229 |  228 |
|   be2878.ccr21.cle04.atlas.cogentco.com -    0 |   15 |   15 |  239 |  239 |  240 |  240 |
|   be2717.ccr41.ord01.atlas.cogentco.com -    0 |   15 |   15 |  246 |  246 |  247 |  247 |
|   be2765.ccr41.ord03.atlas.cogentco.com -    0 |   15 |   15 |  247 |  247 |  248 |  248 |
|                             169.254.0.6 -    0 |   15 |   15 |  247 |  247 |  247 |  247 |
|                           10.255.18.217 -    0 |   15 |   15 |  247 |  247 |  247 |  247 |
|                           10.255.18.156 -    0 |   15 |   15 |  247 |  247 |  248 |  247 |
|                           10.255.18.172 -    0 |   15 |   15 |  247 |  247 |  248 |  247 |
|                  drc-sl-a141.fe.core.pw -    0 |   15 |   15 |  246 |  246 |  247 |  246 |
|________________________________________________|______|______|______|______|______|______|
   WinMTR v0.92 GPL V2 by Appnor MSP - Fully Managed Hosting & Cloud Provider
 

websquadza

WebSquad
Company Rep
Joined
Mar 26, 2018
Messages
3,322
Anyone else in Cape Town Vumatel having high latency to the US:


Code:
|------------------------------------------------------------------------------------------|
|                                      WinMTR statistics                                   |
|                       Host              -   %  | Sent | Recv | Best | Avrg | Wrst | Last |
|------------------------------------------------|------|------|------|------|------|------|
|                             dlinkrouter -    0 |   92 |   92 |    0 |    0 |   23 |    0 |
|          as-vuma.cp-gwf-03.za.ws.net.za -    2 |   88 |   87 |    0 |    4 |   22 |    2 |
|                         160.119.233.132 -    2 |   88 |   87 |    0 |    5 |   27 |    3 |
|             core.as-01.cp1.za.ws.net.za -    2 |   88 |   87 |    0 |    1 |    8 |    1 |
|                            100.99.197.1 -    0 |   92 |   92 |    1 |    1 |   24 |    1 |
|           165-69-148-197.as37497.za.net -    2 |   88 |   87 |    0 |    1 |   10 |    1 |
|             1-71-148-197.as37497.za.net -    2 |   88 |   87 |    0 |   17 |   25 |   16 |
|     41-79-249-245.static.pccwglobal.net -    2 |   88 |   87 |    0 |   18 |   27 |   17 |
|                            63.218.151.2 -   11 |   65 |   58 |    0 |  162 |  169 |  163 |
|   be2436.ccr21.lon02.atlas.cogentco.com -   18 |   56 |   46 |    0 |  163 |  167 |  163 |
|   be2572.ccr41.lon13.atlas.cogentco.com -   25 |   48 |   36 |    0 |  163 |  194 |  163 |
|   be2099.ccr31.bos01.atlas.cogentco.com -   11 |   65 |   58 |    0 |  225 |  229 |  225 |
|   be3599.ccr21.alb02.atlas.cogentco.com -   14 |   61 |   53 |    0 |  228 |  238 |  229 |
|   be2878.ccr21.cle04.atlas.cogentco.com -   19 |   53 |   43 |    0 |  240 |  244 |  240 |
|   be2717.ccr41.ord01.atlas.cogentco.com -   11 |   65 |   58 |    0 |  246 |  253 |  246 |
|   be2765.ccr41.ord03.atlas.cogentco.com -   15 |   60 |   51 |    0 |  246 |  256 |  247 |
|                             169.254.0.6 -   19 |   53 |   43 |    0 |  246 |  253 |  246 |
|                           10.255.18.217 -   11 |   65 |   58 |    0 |  246 |  250 |  246 |
|                           10.255.18.155 -    9 |   69 |   63 |    0 |  246 |  259 |  246 |
|                           10.255.18.171 -   11 |   65 |   58 |    0 |  246 |  263 |  246 |
|                  drc-sl-a141.fe.core.pw -   22 |   52 |   41 |    0 |  246 |  253 |  246 |
|________________________________________________|______|______|______|______|______|______|
   WinMTR v0.92 GPL V2 by Appnor MSP - Fully Managed Hosting & Cloud Provider
Getting same thing on Octotel. It's going through Cogent, which means through JHB first. Not sure if this is normal as I hardly ever trace to USA:

Code:
|------------------------------------------------------------------------------------------|
|                                      WinMTR statistics                                   |
|                       Host              -   %  | Sent | Recv | Best | Avrg | Wrst | Last |
|------------------------------------------------|------|------|------|------|------|------|
|                             192.168.1.1 -    0 |   15 |   15 |    0 |    0 |    0 |    0 |
|             core.as-01.cp1.za.ws.net.za -    0 |   15 |   15 |    0 |    0 |    1 |    0 |
|                            100.99.197.1 -    0 |   15 |   15 |    0 |    0 |    1 |    1 |
|           165-69-148-197.as37497.za.net -    0 |   15 |   15 |    0 |    0 |    1 |    1 |
|             1-71-148-197.as37497.za.net -    0 |   15 |   15 |   16 |   16 |   17 |   16 |
|     41-79-249-245.static.pccwglobal.net -    0 |   15 |   15 |   17 |   17 |   18 |   17 |
|                            63.218.151.2 -    0 |   15 |   15 |  162 |  162 |  163 |  163 |
|   be2436.ccr21.lon02.atlas.cogentco.com -    0 |   15 |   15 |  162 |  163 |  164 |  163 |
|   be2572.ccr41.lon13.atlas.cogentco.com -    0 |   15 |   15 |  162 |  162 |  163 |  163 |
|   be2099.ccr31.bos01.atlas.cogentco.com -    0 |   15 |   15 |  225 |  225 |  226 |  225 |
|   be3599.ccr21.alb02.atlas.cogentco.com -    0 |   15 |   15 |  228 |  228 |  229 |  228 |
|   be2878.ccr21.cle04.atlas.cogentco.com -    0 |   15 |   15 |  239 |  239 |  240 |  240 |
|   be2717.ccr41.ord01.atlas.cogentco.com -    0 |   15 |   15 |  246 |  246 |  247 |  247 |
|   be2765.ccr41.ord03.atlas.cogentco.com -    0 |   15 |   15 |  247 |  247 |  248 |  248 |
|                             169.254.0.6 -    0 |   15 |   15 |  247 |  247 |  247 |  247 |
|                           10.255.18.217 -    0 |   15 |   15 |  247 |  247 |  247 |  247 |
|                           10.255.18.156 -    0 |   15 |   15 |  247 |  247 |  248 |  247 |
|                           10.255.18.172 -    0 |   15 |   15 |  247 |  247 |  248 |  247 |
|                  drc-sl-a141.fe.core.pw -    0 |   15 |   15 |  246 |  246 |  247 |  246 |
|________________________________________________|______|______|______|______|______|______|
   WinMTR v0.92 GPL V2 by Appnor MSP - Fully Managed Hosting & Cloud Provider

Seems that the PCCW (handing over to cogent in London) route looks shorter than the direct path for this particular prefix (range of IPs). Not all US paths are affected. We're looking into this.
 

Seeyou

Expert Member
Joined
May 1, 2007
Messages
2,705
@websquadza is there any way to opt out/in from the accelerator on demand? I love it for general use/downloads, but don't find it conducive to stable gaming.
 

websquadza

WebSquad
Company Rep
Joined
Mar 26, 2018
Messages
3,322
@websquadza is there any way to opt out/in from the accelerator on demand? I love it for general use/downloads, but don't find it conducive to stable gaming.

Accelerator doesn’t do anything to UDP traffic (that’s what the games use). So won’t affect anything gaming wise. Impossible to opt out of accelerated traffic. Gaming is probably down to last mile as you mentioned previously it’s about the same on VPNs.
 
Top