[afnog] afnog Digest, Vol 89, Issue 10
mike otieno
otienomike at gmail.com
Thu Aug 11 07:48:59 UTC 2011
In my setup both path A & B are local loops going to the client am giving
transit to. For my upstream provider, i can reach the same site with my
prefixes, i even assigned the client an unused /24 block from a /19
super-block that is working on my network. I tried the same advertisements
through a second upstream but still the same.
On Thu, Aug 11, 2011 at 9:56 AM, <afnog-request at afnog.org> wrote:
> Send afnog mailing list submissions to
> afnog at afnog.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
> http://afnog.org/mailman/listinfo/afnog
> or, via email, send a message with subject or body 'help' to
> afnog-request at afnog.org
>
> You can reach the person managing the list at
> afnog-owner at afnog.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of afnog digest..."
>
>
> Today's Topics:
>
> 1. problem tracing route to google.com (Liliane Uwarugira)
> 2. Re: problem tracing route to google.com (Hugo Lombard)
> 3. Re: problem tracing route to google.com
> (serge.ilunga at bsdcongo.org)
> 4. Re: problem tracing route to google.com (Seun Ojedeji)
> 5. Re: problem tracing route to google.com (Scott Weeks)
> 6. Re: problem tracing route to google.com (Liliane Uwarugira)
> 7. Problem accessing some sites (mike otieno)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Wed, 10 Aug 2011 18:16:09 +0200
> From: "Liliane Uwarugira" <luwarugira at bk.rw>
> To: <afnog at afnog.org>
> Subject: [afnog] problem tracing route to google.com
> Message-ID: <002001cc5778$d0f1eeb0$72d5cc10$@rw>
> Content-Type: text/plain; charset="us-ascii"
>
> Hi All,
>
>
>
> Could you kindly help! I have problem on an outside interface (to
> internet);
> I can successfully ping goolge, but it's strange on the tracert.
>
> Check the scenario :
>
>
>
> C:\Users\user>ping google.com
>
>
>
> Pinging google.com [209.85.148.105] with 32 bytes of data:
>
> Reply from 209.85.148.105: bytes=32 time=213ms TTL=51
>
> Reply from 209.85.148.105: bytes=32 time=211ms TTL=51
>
> Reply from 209.85.148.105: bytes=32 time=212ms TTL=51
>
> Reply from 209.85.148.105: bytes=32 time=215ms TTL=51
>
>
>
> Ping statistics for 209.85.148.105:
>
> Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
>
> Approximate round trip times in milli-seconds:
>
> Minimum = 211ms, Maximum = 215ms, Average = 212ms
>
>
>
> C:\Users\user>tracert 209.85.148.105
>
>
>
> Tracing route to fra07s07-in-f105.1e100.net [209.85.148.105]
>
> over a maximum of 30 hops:
>
>
>
> 1 * * * Request timed out.
>
> 2 * * * Request timed out.
>
> 3 * * * Request timed out.
>
> 4 * * * Request timed out.
>
> 5 * * * Request timed out.
>
> 6 * * * Request timed out.
>
> 7 * * * Request timed out.
>
> 8 * * * Request timed out.
>
> 9 * * * Request timed out.
>
> 10 211 ms 218 ms 215 ms fra07s07-in-f105.1e100.net [209.85.148.105]
>
>
>
> Trace complete.
>
>
>
> I have crosschecked my firewall, but I cannot see anything wrong. Your help
> will be highly appreciated.
>
>
>
> Kind regards,
>
> Uwarugira Liliane
>
> Network System and Telecommunication Officer
>
> Bank of Kigali Ltd.
>
> E-mail: luwarugira at bk.rw
>
> Website:http://www.bk.rw
>
>
>
>
>
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> http://afnog.org/pipermail/afnog/attachments/20110810/fa1b7190/attachment-0001.html
> >
>
> ------------------------------
>
> Message: 2
> Date: Wed, 10 Aug 2011 19:33:27 +0200
> From: Hugo Lombard <hal at elizium.za.net>
> To: Liliane Uwarugira <luwarugira at bk.rw>
> Cc: afnog at afnog.org
> Subject: Re: [afnog] problem tracing route to google.com
> Message-ID: <20110810173327.GH13096 at squishy.elizium.za.net>
> Content-Type: text/plain; charset=us-ascii
>
> On Wed, Aug 10, 2011 at 06:16:09PM +0200, Liliane Uwarugira wrote:
> >
> > Could you kindly help! I have problem on an outside interface (to
> > internet); I can successfully ping goolge, but it's strange on the
> > tracert.
> >
> > Check the scenario :
> >
>
> [...]
>
> > C:\Users\user>tracert 209.85.148.105
> >
>
> Hi Liliane
>
> Can you successfully traceroute anywhere else?
>
> What rules did you add for allowing tracert?
>
> Seeing that the final hop responds, my first guess would be that your
> firewall is not allowing the ICMP Time Exceeded packets (generated from
> the TTL expiring along the route) through.
>
> Regards
>
> --
> Hugo Lombard
>
>
>
> ------------------------------
>
> Message: 3
> Date: Wed, 10 Aug 2011 21:57:51 +0000
> From: serge.ilunga at bsdcongo.org
> To: "Liliane Uwarugira" <luwarugira at bk.rw>, afnog-bounces at afnog.org,
> afnog at afnog.org
> Subject: Re: [afnog] problem tracing route to google.com
> Message-ID:
>
> <1075282084-1313013372-cardhu_decombobulator_blackberry.rim.net-1184097118- at b25.c12.bise7.blackberry
> >
>
> Content-Type: text/plain; charset="Windows-1252"
>
> Hi,
>
> tracert work by issuing subsequent icmp requests with ttl value going from
> 1 to x (number of hops to the target host) and shows time taken to receive
> ttl expired message. the stars in the below output can be due to the fact
> that routers on the path don't answer to icmp requests.
>
> With Regards.
>
> Serge I.
> Envoy? par mon smartphone BlackBerry
>
> -----Original Message-----
> From: "Liliane Uwarugira" <luwarugira at bk.rw>
> Sender: afnog-bounces at afnog.org
> Date: Wed, 10 Aug 2011 18:16:09
> To: <afnog at afnog.org>
> Subject: [afnog] problem tracing route to google.com
>
> _______________________________________________
> afnog mailing list
> http://afnog.org/mailman/listinfo/afnog
>
> ------------------------------
>
> Message: 4
> Date: Wed, 10 Aug 2011 23:20:15 +0100
> From: Seun Ojedeji <seun.ojedeji at gmail.com>
> To: serge.ilunga at bsdcongo.org
> Cc: afnog-bounces at afnog.org, afnog at afnog.org
> Subject: Re: [afnog] problem tracing route to google.com
> Message-ID:
> <CAD_dc6gAau4SHhoqMD+jRmsHYW9TR9Cg7LqMNftJ7oTMeRg4dQ at mail.gmail.com
> >
> Content-Type: text/plain; charset="iso-8859-1"
>
> Yeah i would have also +1d that, but isn't it quite strange that its
> happening right from the edge of his network.... Do you have icmp blocked
> on
> your gatway too? Or the output was editted...
> A traceroute to another destination will almost answer that.
>
> Cheers!
> On Aug 10, 2011 10:59 PM, <serge.ilunga at bsdcongo.org> wrote:
> > Hi,
> >
> > tracert work by issuing subsequent icmp requests with ttl value going
> from
> 1 to x (number of hops to the target host) and shows time taken to receive
> ttl expired message. the stars in the below output can be due to the fact
> that routers on the path don't answer to icmp requests.
> >
> > With Regards.
> >
> > Serge I.
> > Envoy? par mon smartphone BlackBerry
> >
> > -----Original Message-----
> > From: "Liliane Uwarugira" <luwarugira at bk.rw>
> > Sender: afnog-bounces at afnog.org
> > Date: Wed, 10 Aug 2011 18:16:09
> > To: <afnog at afnog.org>
> > Subject: [afnog] problem tracing route to google.com
> >
> > _______________________________________________
> > afnog mailing list
> > http://afnog.org/mailman/listinfo/afnog
> > _______________________________________________
> > afnog mailing list
> > http://afnog.org/mailman/listinfo/afnog
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> http://afnog.org/pipermail/afnog/attachments/20110810/63ea411e/attachment-0001.html
> >
>
> ------------------------------
>
> Message: 5
> Date: Wed, 10 Aug 2011 21:07:40 -0700
> From: "Scott Weeks" <surfer at mauigateway.com>
> To: <afnog at afnog.org>
> Subject: Re: [afnog] problem tracing route to google.com
> Message-ID: <20110810210740.96C2F615 at resin14.mta.everyone.net>
> Content-Type: text/plain; charset="UTF-8"
>
>
>
>
> --- luwarugira at bk.rw wrote:
> From: "Liliane Uwarugira" <luwarugira at bk.rw>
>
> Could you kindly help! I have problem on an outside interface (to
> internet);
> I can successfully ping goolge, but it's strange on the tracert.
> ----------------------------------------------------
>
>
> Top posting to make response clearer...
>
> One thing you could do to be sure it's not your network is try the same
> thing from the CLI of the router that is connected to the internet, which I
> assume is outside the firewall. I see you're doing it from the CLI of a
> workstation.
>
> If you can't log onto the router connected to the internet another thing
> you could do is configure a "permit ip any any" rule on the firewall for
> your workstation's IP address and also make sure there is no access-list
> between the workstation and the firewall. Then repeat the process you did
> below.
>
> A little more info on your network setup could be helpful.
>
> scott
>
>
>
>
>
>
>
>
>
>
>
>
> --- luwarugira at bk.rw wrote:
>
> From: "Liliane Uwarugira" <luwarugira at bk.rw>
> To: <afnog at afnog.org>
> Subject: [afnog] problem tracing route to google.com
> Date: Wed, 10 Aug 2011 18:16:09 +0200
>
> Hi All,
>
>
>
> Could you kindly help! I have problem on an outside interface (to
> internet);
> I can successfully ping goolge, but it's strange on the tracert.
>
> Check the scenario :
>
>
>
> C:\Users\user>ping google.com
>
>
>
> Pinging google.com [209.85.148.105] with 32 bytes of data:
>
> Reply from 209.85.148.105: bytes=32 time=213ms TTL=51
>
> Reply from 209.85.148.105: bytes=32 time=211ms TTL=51
>
> Reply from 209.85.148.105: bytes=32 time=212ms TTL=51
>
> Reply from 209.85.148.105: bytes=32 time=215ms TTL=51
>
>
>
> Ping statistics for 209.85.148.105:
>
> Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
>
> Approximate round trip times in milli-seconds:
>
> Minimum = 211ms, Maximum = 215ms, Average = 212ms
>
>
>
> C:\Users\user>tracert 209.85.148.105
>
>
>
> Tracing route to fra07s07-in-f105.1e100.net [209.85.148.105]
>
> over a maximum of 30 hops:
>
>
>
> 1 * * * Request timed out.
>
> 2 * * * Request timed out.
>
> 3 * * * Request timed out.
>
> 4 * * * Request timed out.
>
> 5 * * * Request timed out.
>
> 6 * * * Request timed out.
>
> 7 * * * Request timed out.
>
> 8 * * * Request timed out.
>
> 9 * * * Request timed out.
>
> 10 211 ms 218 ms 215 ms fra07s07-in-f105.1e100.net [209.85.148.105]
>
>
>
> Trace complete.
>
>
>
> I have crosschecked my firewall, but I cannot see anything wrong. Your help
> will be highly appreciated.
>
>
>
> Kind regards,
>
> Uwarugira Liliane
>
> Network System and Telecommunication Officer
>
> Bank of Kigali Ltd.
>
> E-mail: luwarugira at bk.rw
>
> Website:http://www.bk.rw
>
>
>
>
>
>
>
> _______________________________________________
> afnog mailing list
> http://afnog.org/mailman/listinfo/afnog
>
>
>
>
> ------------------------------
>
> Message: 6
> Date: Thu, 11 Aug 2011 08:52:30 +0200
> From: "Liliane Uwarugira" <luwarugira at bk.rw>
> To: "'Hugo Lombard'" <hal at elizium.za.net>
> Cc: afnog at afnog.org
> Subject: Re: [afnog] problem tracing route to google.com
> Message-ID: <001501cc57f3$3d528770$b7f79650$@rw>
> Content-Type: text/plain; charset="us-ascii"
>
> Hi Hugo, scott and Serge,
>
> Thank you for quick replies. Below is the access-list and the trace route
> from my firewall does not reach google.
>
> access-list inside_out extended permit icmp [my net range] any
>
> Regards,
> Liliane U.
>
>
> -----Original Message-----
> From: Hugo Lombard [mailto:hal at elizium.za.net]
> Sent: Wednesday, August 10, 2011 7:33 PM
> To: Liliane Uwarugira
> Cc: afnog at afnog.org
> Subject: Re: [afnog] problem tracing route to google.com
>
> On Wed, Aug 10, 2011 at 06:16:09PM +0200, Liliane Uwarugira wrote:
> >
> > Could you kindly help! I have problem on an outside interface (to
> > internet); I can successfully ping goolge, but it's strange on the
> > tracert.
> >
> > Check the scenario :
> >
>
> [...]
>
> > C:\Users\user>tracert 209.85.148.105
> >
>
> Hi Liliane
>
> Can you successfully traceroute anywhere else?
>
> What rules did you add for allowing tracert?
>
> Seeing that the final hop responds, my first guess would be that your
> firewall is not allowing the ICMP Time Exceeded packets (generated from
> the TTL expiring along the route) through.
>
> Regards
>
> --
> Hugo Lombard
>
>
>
>
> ------------------------------
>
> Message: 7
> Date: Thu, 11 Aug 2011 09:56:13 +0300
> From: mike otieno <otienomike at gmail.com>
> To: afnog at afnog.org
> Subject: [afnog] Problem accessing some sites
> Message-ID:
> <CALNN_60044trqGdKtcQ6JeSmnq0NmANSRa3STbWT4rH1p06c1Q at mail.gmail.com
> >
> Content-Type: text/plain; charset="iso-8859-1"
>
> Hi
>
> I need some help with a problem am experiencing in my network.
> I have a client that am giving transit, and he has two fiber paths to our
> core routers.
> Path A connects to router A on my network.
> Path B connects to a different router B on my network.
>
> On path A; All the prefixes are working perfectly and accessing all
> internet
> sites.
>
> On path B; The prefixes can open some sites and not others like; yahoo.com
> ,
> .uk. fr and http://www.tvchannelsfree.com/. Now i have a more specific
> block
> /24 advertised on this path and its uplink is preferring this path as the
> best, same with the down-link. As i get this from all looking glasses. To
> eliminate double advertisement we even shut down BGP via path A.
> A trace from this client to yahoo with the source ip advertised via this
> path B, gets lost on the 14th hop and beyond. See below trace;
>
> Tracing the route to yahoo.com (72.30.2.43)
>
> 1 41.215.251.42 0 msec 0 msec 4 msec
> 2 41.84.146.13 [AS 33770] 212 msec 208 msec 212 msec
> 3 * * *
> 4 ae-34-52.ebr2.London1.Level3.net (4.69.139.97) [AS 33770] 208 msec 208
> msec 208 msec
> 5 ae-41-41.ebr1.NewYork1.Level3.net (4.69.137.66) [AS 33770] 280 msec
> ae-42-42.ebr1.NewYork1.Level3.net (4.69.137.70) [AS 33770] 276 msec
> ae-44-44.ebr1.NewYork1.Level3.net (4.69.137.78) [AS 33770] 280 msec
> 6 ae-91-91.csw4.NewYork1.Level3.net (4.69.134.78) [AS 33770] 284 msec
> ae-61-61.csw1.NewYork1.Level3.net (4.69.134.66) [AS 33770] 288 msec 280
> msec
> 7 ae-72-72.ebr2.NewYork1.Level3.net (4.69.148.37) [AS 33770] 276 msec
> ae-92-92.ebr2.NewYork1.Level3.net (4.69.148.45) [AS 33770] 280 msec
> ae-72-72.ebr2.NewYork1.Level3.net (4.69.148.37) [AS 33770] 276 msec
> 8 ae-2-2.ebr4.SanJose1.Level3.net (4.69.135.185) [AS 33770] 348 msec 344
> msec 344 msec
> 9 ae-61-61.csw1.SanJose1.Level3.net (4.69.153.2) [AS 33770] 352 msec
> ae-91-91.csw4.SanJose1.Level3.net (4.69.153.14) [AS 33770] 348 msec
> ae-71-71.csw2.SanJose1.Level3.net (4.69.153.6) [AS 33770] 344 msec
> 10 ae-43-90.car3.SanJose1.Level3.net (4.69.152.197) [AS 33770] 344 msec
> 348
> msec
> ae-23-70.car3.SanJose1.Level3.net (4.69.152.69) [AS 33770] 344 msec
> 11 YAHOO-INC.car3.SanJose1.Level3.net (4.71.112.14) [AS 33770] 348 msec
> 344
> msec 348 msec
> 12 ae-0-d221.msr1.sk1.yahoo.com (216.115.106.139) [AS 33770] 348 msec
> ae-0-d231.msr2.sk1.yahoo.com (216.115.106.143) [AS 33770] 384 msec
> ae-0-d221.msr1.sk1.yahoo.com (216.115.106.139) [AS 33770] 344 msec
> 13 te-9-1.bas-k1.sk1.yahoo.com (68.180.160.13) [AS 33770] 348 msec
> te-8-1.bas-k2.sk1.yahoo.com (68.180.160.11) [AS 33770] 348 msec
> te-9-1.bas-k1.sk1.yahoo.com (68.180.160.13) [AS 33770] 348 msec
> 14 * * *
> 15 * * *
> 16 * * *
> 17 * * *
> 18 * * *
> 19 *
>
> Please help out with ideas as to why i am experiencing this.
> --
> Rgds
> Michael Otieno
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> http://afnog.org/pipermail/afnog/attachments/20110811/d847409b/attachment.html
> >
>
> ------------------------------
>
> _______________________________________________
> afnog mailing list
>
> End of afnog Digest, Vol 89, Issue 10
> *************************************
>
--
Rgds
Michael Otieno
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://afnog.org/pipermail/afnog/attachments/20110811/31f2c8a2/attachment-0001.html>
More information about the afnog
mailing list