dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
374
share rss forum feed


NomadOfNorad
Premium
join:2007-10-17
Jacksonville, FL

web address shortner ip.gd fails to load for days at a time

I have had a recurring problem where pages through a particular web address shortener service, often used in twitter, frequently fails to load. The web-address-shortener service is ip.gd, if I then go to »www.downforeveryoneorjustme.com/ to check if ip.gd, it tells me that service is loading fine for them. But it's not loading for me through u-verse. It can be like that for several days, and then one day the address just suddenly starts loading again. If I go do a tracert to ip.gd, the trace works for 4 hops, then everything after that is Request timed out, all the way up to hop 30, where it gives up.

Is the failure of this address through u-verse a widespread problem, or is it only in my part of the country that this frustrating malfunction is happening? Is the failure at u-verse, or is it unrelated to u-verse? This is driving me bananas.


mackey
Premium
join:2007-08-20
kudos:12
said by NomadOfNorad:

I have had a recurring problem where pages through a particular web address shortener service, often used in twitter, frequently fails to load. The web-address-shortener service is ip.gd

You sure about that? ip.gd for me brings up some Chinese IP/patent website...




/M


StillLearn
Premium
join:2002-03-21
Streamwood, IL


mackey
Premium
join:2007-08-20
kudos:12
said by StillLearn:

He means is.gd.

Well why didn't he say so :D

I can confirm the site is blocked on AT&T:
traceroute -f 3 is.gd
traceroute to is.gd (89.200.143.50), 30 hops max, 60 byte packets
 3  108-212-128-3.lightspeed.irvnca.sbcglobal.net (108.212.128.3)  7.419 ms  7.562 ms  8.714 ms
 4  * * *
 5  12.83.38.149 (12.83.38.149)  15.484 ms  15.530 ms 12.83.38.133 (12.83.38.133)  15.841 ms
 6  ded3-g4-3-0.sfldmi.ameritech.net (151.164.40.106)  70.319 ms  70.719 ms  71.058 ms
 7  * * *
 8  * * *
 9  * * *
10  * * *
11  *^C
 

The "ded3-g4-3-0.sfldmi.ameritech.net (151.164.40.106)" is AT&T's "blackhole" / banned IP route. is.gd's IP has been blacklisted by AT&T.

/M


rolande
Certifiable
Premium,Mod
join:2002-05-24
Dallas, TX
kudos:6
Reviews:
·AT&T U-Verse
·ViaTalk
How does a traceroute with timeouts conclude that it is blacklisted? That doesn't mean anything. Show me the route doesn't exist in AT&T's looking glass and then maybe you might be on to something.
--
Scott, CCIE #14618 Routing & Switching
»rolande.wordpress.com/


mackey
Premium
join:2007-08-20
kudos:12
said by rolande:

How does a traceroute with timeouts conclude that it is blacklisted?

Because I know how to use Google and when you trace IPs 1 off the trace doesn't go anywhere near 151.164.40.106.

/M


rolande
Certifiable
Premium,Mod
join:2002-05-24
Dallas, TX
kudos:6
Reviews:
·AT&T U-Verse
·ViaTalk
The route exists in AT&T's routing table and is being advertised from 15 different core routers with a single AS path. It is odd that it is leaving the 12/8 network to the old Ameritech space. I see the same thing on my trace. I seem to recall, years ago, there was an issue with a blackholed network in AT&T land and it had to do with a similar issue with an old webserver hosting environment that was assuming authority for certain address space. It was only affecting customers within certain regions, depending on where your WAN access aggregated. Might want to post this in the Direct forum to get some eyes on it that can actually do something about it.

rviews@route-server.ip.att.net> show route 89.200.143.50    
 
inet.0: 453246 destinations, 6798555 routes (453246 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
 
89.200.136.0/21    *[BGP/170] 2d 11:29:09, localpref 100, from 12.122.83.238
                      AS path: 7018 3356 24931 I
                    > to 12.0.1.1 via em0.0
                    [BGP/170] 4w5d 19:35:35, localpref 100, from 12.122.125.224
                      AS path: 7018 3356 24931 I
                    > to 12.0.1.1 via em0.0
                    [BGP/170] 5w0d 11:46:26, localpref 100, from 12.123.1.236
                      AS path: 7018 3356 24931 I
                    > to 12.0.1.1 via em0.0
                    [BGP/170] 8w5d 00:14:37, localpref 100, from 12.123.5.240
                      AS path: 7018 3356 24931 I
                    > to 12.0.1.1 via em0.0
                    [BGP/170] 8w5d 00:15:24, localpref 100, from 12.123.9.241
                      AS path: 7018 3356 24931 I
                    > to 12.0.1.1 via em0.0
                    [BGP/170] 2w4d 09:06:30, localpref 100, from 12.123.13.241
                      AS path: 7018 3356 24931 I
                    > to 12.0.1.1 via em0.0
                    [BGP/170] 6d 07:42:07, localpref 100, from 12.123.17.244
                      AS path: 7018 3356 24931 I
                    > to 12.0.1.1 via em0.0
                    [BGP/170] 5w5d 12:38:39, localpref 100, from 12.123.21.243
                      AS path: 7018 3356 24931 I
                    > to 12.0.1.1 via em0.0
                    [BGP/170] 8w5d 00:14:50, localpref 100, from 12.123.25.245
                      AS path: 7018 3356 24931 I
                    > to 12.0.1.1 via em0.0
                    [BGP/170] 5w1d 10:24:03, localpref 100, from 12.123.29.249
                      AS path: 7018 3356 24931 I
                    > to 12.0.1.1 via em0.0
                    [BGP/170] 2d 12:47:45, localpref 100, from 12.123.33.249
                      AS path: 7018 3356 24931 I
                    > to 12.0.1.1 via em0.0
                    [BGP/170] 5w0d 11:46:51, localpref 100, from 12.123.41.250
                      AS path: 7018 3356 24931 I
                    > to 12.0.1.1 via em0.0
                    [BGP/170] 2w5d 10:09:58, localpref 100, from 12.123.137.124
                      AS path: 7018 3356 24931 I
                    > to 12.0.1.1 via em0.0
                    [BGP/170] 5w1d 10:23:59, localpref 100, from 12.123.142.124
                      AS path: 7018 3356 24931 I
                    > to 12.0.1.1 via em0.0
                    [BGP/170] 5w1d 10:24:03, localpref 100, from 12.123.145.124
                      AS path: 7018 3356 24931 I
                    > to 12.0.1.1 via em0.0
 

--
Scott, CCIE #14618 Routing & Switching
»rolande.wordpress.com/


mackey
Premium
join:2007-08-20
kudos:12

1 recommendation

said by rolande:

The route exists in AT&T's routing table

No, it's only showing the /21 for that netblock.

Ask that route server to do a traceroute:
rviews@route-server.ip.att.net> traceroute 89.200.143.50    
traceroute to 89.200.143.50 (89.200.143.50), 30 hops max, 40 byte packets
 1  gateway.cbbtier3.att.net (12.0.1.202)  2.231 ms  1.293 ms  2.757 ms
 2  * * *
 3  * * *
 4  * * *
 5  * * *
 6  * * *
^C
 

Yet an IP 1 off works fine:
rviews@route-server.ip.att.net> traceroute 89.200.143.49 
traceroute to 89.200.143.49 (89.200.143.49), 30 hops max, 40 byte packets
 1  gateway.cbbtier3.att.net (12.0.1.202)  2.333 ms  3.052 ms  2.899 ms
 2  n54ny401me3-cbbtier3 (12.89.5.13)  2.762 ms  2.537 ms  3.357 ms
 3  cr1.n54ny.ip.att.net (12.122.131.170)  4.548 ms  5.562 ms  4.001 ms
 4  gar3.nw2nj.ip.att.net (12.122.131.101)  3.529 ms  10.564 ms  5.947 ms
 5  ae6.edge3.newyork1.level3.net (4.68.63.141)  15.748 ms  17.219 ms  16.292 ms
 6  vlan60.csw1.NewYork1.Level3.net (4.69.155.62)  85.358 ms vlan70.csw2.NewYork1.Level3.net (4.69.155.126)  87.618 ms vlan60.csw1.NewYork1.Level3.net (4.69.155.62)  85.640 ms
     MPLS Label=1700 CoS=0 TTL=1 S=1
 7  ae-61-61.ebr1.NewYork1.Level3.net (4.69.134.65)  84.901 ms ae-91-91.ebr1.NewYork1.Level3.net (4.69.134.77)  83.576 ms ae-61-61.ebr1.NewYork1.Level3.net (4.69.134.65)  82.848 ms
     MPLS Label=1845 CoS=0 TTL=1 S=1
 8  ae-44-44.ebr2.London1.Level3.net (4.69.137.77)  86.612 ms ae-43-43.ebr2.London1.Level3.net (4.69.137.73)  86.444 ms ae-41-41.ebr2.London1.Level3.net (4.69.137.65)  90.440 ms
     MPLS Label=1669 CoS=0 TTL=1 S=1
 9  vlan104.ebr1.London1.Level3.net (4.69.143.97)  89.867 ms  88.519 ms vlan101.ebr1.London1.Level3.net (4.69.143.85)  85.612 ms
     MPLS Label=1910 CoS=0 TTL=1 S=1
10  ae-1-3.edge4.London2.Level3.net (4.69.141.190)  86.301 ms  86.810 ms  85.621 ms
11  PULSANT-LIM.edge4.London2.Level3.net (212.187.192.246)  87.630 ms  86.567 ms  91.589 ms
12  89-151-95-209.servers.dedipower.net (89.151.95.209)  90.715 ms  86.375 ms  85.269 ms
     MPLS Label=16880 CoS=0 TTL=255 S=1
13  89-151-95-142.servers.dedipower.net (89.151.95.142)  88.161 ms 89-151-95-154.servers.dedipower.net (89.151.95.154)  88.142 ms 89-151-95-150.servers.dedipower.net (89.151.95.150)  86.042 ms
     MPLS Label=278 CoS=0 TTL=1 S=1
14  fw-tv2-a2.memset.net (89.151.85.228)  81.960 ms  80.255 ms  83.430 ms
15  *^C
 

/M


rolande
Certifiable
Premium,Mod
join:2002-05-24
Dallas, TX
kudos:6
Reviews:
·AT&T U-Verse
·ViaTalk
said by mackey:

No, it's only showing the /21 for that netblock.

Which is a valid route to the IP address in question.

Your demo off the route-server does prove the point, though. You were right and I was wrong on the initial assumption.

Notice you do make it one hop on the traceroute and you die at a real AT&T core router. Since there isn't a specific /32 route in the table for that host, that would indicate that they are using some sort of uRPF check with an ACL to drop the traffic instead of a route with a community string.

Like I said before, after your initial response about the bogus routing off to Southfield, MI, that triggered a memory from more than 8 years ago. I recall a similar scenario with a blackholed route and all the traffic routed off to Southfield. This was a legacy location on the Ameritech network for web hosting. I can't specifically recall the detail but I remember that if a route was not in the table that is where the default took you like a dark net or honey pot of sorts where they did forensics. So, that would seem to indicate that the route for that destination is getting filtered somewhere upstream from the Uverse WAN access network.
--
Scott, CCIE #14618 Routing & Switching
»rolande.wordpress.com/


StillLearn
Premium
join:2002-03-21
Streamwood, IL
Reviews:
·AT&T Midwest
After reading that "ded3-g4-3-0.sfldmi.ameritech.net" was a place to block IPs, I was wondering "ded" was a form of "dead" -- a humorously chosen name for an intentional byte bucket. (or maybe ded stands for Dark Emitting Diode -- a variation on the old Dark Emitting Arsenide Diode.)


rolande
Certifiable
Premium,Mod
join:2002-05-24
Dallas, TX
kudos:6
Reviews:
·AT&T U-Verse
·ViaTalk
No it has to do with dedicated circuits. That is some sort of aggregation gateway for dedicated customer circuits.

Probably something like...
ded3 = dedicated circuit router #3
g4-3-0 = Gig4/3 without a subinterface
--
Scott, CCIE #14618 Routing & Switching
»rolande.wordpress.com/


NomadOfNorad
Premium
join:2007-10-17
Jacksonville, FL
Okay, so how would it have gotten into this picklement, and how would we get it back out of there?


NomadOfNorad
Premium
join:2007-10-17
Jacksonville, FL
Well, it seems to be back working again. The is.gd domain now loads immediately.