[afnog] Blocked or filtered network ?

Epeli Tagi epelit at sprep.org
Fri Dec 2 02:43:58 UTC 2011


This was somehow tagged as spam.

Anyway, thanks for the detailed analysis Regardt. We all initially concluded 'vodacom' from the tracert from Durban that I had sent earlier.

I will raise this with our local ISP CSL and their upstream providers (BlueSky Communications).

I appreciate your time and efforts.

Regards
Epeli

-----Original Message-----
From: Regardt van de Vyver [mailto:regardt at neology.co.za]
Sent: Thursday, 1 December 2011 10:28 a.m.
To: Epeli Tagi
Cc: afnog at afnog.org
Subject: RE: [afnog] Blocked or filtered network ?

Hi Epeli,

I think the problem is far larger than Vodacom only - as Graham alluded to
a large number of netblocks behind 41.0.0.0/8 seem impacted with
connectivity to Samoa.

I decided to have a quick look at your problem - maybe I can provide some
insights. Some of this is obvious but just typing it all here for
completeness.

Your subnet (123.176.76.160/28) is announced via AS38227.

Looking at the typical AS path flow from that AS:
AS38227-->AS23657-->AS4323-->(most of the world) as seen by HE.net
[http://bgp.he.net/AS38227#_graph4]

Your upstream AS: AS23657 (Blue Sky Communications) announces themselves
via both TW Telecoms (AS4323) and Pacific Teleports (AS38456).

A sample trace from the UK shows:
traceroute to 123.176.76.161 (123.176.76.161), 64 hops max, 52 byte
packets
 1  64.22.106.73 (64.22.106.73) [AS3595]  1 ms  0 ms  1 ms
 2  64.22.106.9 (64.22.106.9) [AS3595]  0 ms  10 ms  0 ms
 3  xe-2-0-5-101.ar1.atl1.us.nlayer.net (69.31.135.41) [AS4436]  4 ms  4
ms  2 ms
 4  ae0-70g.cr1.atl1.us.nlayer.net (69.31.135.129) [AS4436]  0 ms  1 ms  0
ms
 5  xe-0-0-3.cr1.iah1.us.nlayer.net (69.22.142.117) [AS4436] [MPLS: Label
413872 Exp 1]  15 ms [MPLS: Label 414656 Exp 1]  15 ms  15 ms
 6  xe-4-2-1.cr1.lax1.us.nlayer.net (69.22.142.122) [AS4436]  46 ms  47 ms
46 ms
 7  eqix.lsan.twtelecom.net (206.223.123.36) [AS10026]  51 ms  50 ms  50
ms
 8  hnl1-ar3-xe-2-0-0-0.us.twtelecom.net (66.192.250.206) [AS4323]  100 ms
101 ms  114 ms
 9  67.218.63.130 (67.218.63.130) [AS23657]  207 ms  208 ms  208 ms
10  gi0-0-rnas05.apia.samoa.net.ws (123.176.72.250) [AS23649]  152 ms  154
ms  154 ms
11  202.4.48.61 (202.4.48.61) [AS9398/AS9822/AS23649/AS11908/AS17993]  372
ms  210 ms  210 ms

A trace from a 41. range IP in ZA shows:
traceroute to 123.176.76.161 (123.176.76.161), 64 hops max, 52 byte
packets
 1  bnksr01-eth2-2.neoinx.net (41.216.193.17) [AS37105]  0 ms  0 ms  0 ms
 2  bnkcrs01-vl1.neoinx.net (41.216.193.9) [AS37105]  0 ms  0 ms  0 ms
 3  grzbr01.neoinx.net (41.216.193.14) [AS37105]  0 ms  0 ms  0 ms
 4  rrba-ip-hsll-1-wan.telkom-ipnet.co.za (196.25.110.45) [AS5713/AS24077]
1 ms  1 ms  1 ms
 5  ams-ip-dir-globalc-pos-4-0-0.telkom-ipnet.co.za (196.43.18.26)
[AS5713/AS24077]  184 ms  184 ms  185 ms
 6  so-0-2-0.ar2.AMS2.gblx.net (64.210.21.45) [AS3549]  183 ms  183 ms
183 ms
 7  TWTC.TenGigabitEthernet9-1.ar2.SJC2.gblx.net (64.212.32.234) [AS3549]
358 ms  358 ms  358 ms
 8  hnl1-ar3-xe-0-0-0-0.us.twtelecom.net (66.192.250.202) [AS4323]  373 ms
373 ms  373 ms
 9  * * 67.218.63.130 (67.218.63.130) [AS23657]  477 ms !A

The inbound routes don't quite follow what HE.NET has as AS path - this
isn't a problem per se - just a note.

So, the last valid hop is AS23657 -- we never get a response from the
routers on AS23649 (New Skies Satellites - Hong Kong). The moment I saw
the New Skies AS in the path my heart sank - I've had similar issues
before trying to resolve weird and wonderful routing issues with them. But
lets ignore that for the moment ;-)

The AS of interest is AS17993 or Samoatel aka samoa.ws... Anything on this
AS or behind it cannot get to our 41. IP ranges.

At a guess - check with New Skies or SamoaTel - they likely have a static
or a blackhole of some sort within that netblock.

I searched extensively for a public route server or traceroute server
behind that AS to no avail. If you can give me access to a shell or a
traceroute I'll try help from there.

Kind regards,
Regardt van de Vyver


More information about the afnog mailing list