I would start with basic stuff first.

Traceroutes to check if/where the packets are being dropped. If the path is clear, then it's probably a HTTP level block, in which case figure out if these companies share the same CDN/web protection solution/hoster. If that's the case, contact them directly.

Regards,
Filip Hruska

On 20 March 2019 3:02:13 pm GMT+01:00, John Alcock <john@alcock.org> wrote:
Odd Issues

We recently went through an IP Broker and bought a /18 worth of IP's

I am listing all my information below.  Should be public record.

AS Number/Range 395437
AS Handle AS395437
AS Name HIGHLANDTEL
RPKI Certified Yes

As for the IP Block

Net Range 138.43.128.0 - 138.43.191.255
CIDR 138.43.128.0/18
Net Name HCL-73
Net Handle NET-138-43-128-0-1
Net Type Direct Allocation
Parent NET-138-0-0-0-0 (VR-ARIN)
RPKI Certified Yes

In addition, I believe I got all the information in the IRR.  I am unclear on this part, but I do know ATT is happy now.  I can pass traffic through their network.

whois -h whois.bgpmon.net " --roa 395437 138.43.128.0/24"

0 - Valid
------------------------
ROA Details
------------------------
Origin ASN:       AS395437
Not valid Before: 2019-02-13 05:00:00
Not valid After:  2029-02-01 05:00:00  Expires in 9y318d10h46m2.39999997615814s
Trust Anchor:     rpki.arin.net
Prefixes:         138.43.128.0/18 (max length /24)


So here is my problem.  There are certain sites I can not get to on the new ip block.

clover.com - They are a large POS vendor catering to small business
idrive.com - Online backup
heart.org - american heart association
onlineproviderservices.com - Looks like an outsourced group that handles medicare
landstar.com - trucking company

I am working on trying to contact the companies above, but I have started resorting to public shaming on social media.  Not an ideal solution.

My thought, could I be missing something?  Perhaps I need to add a specfic entry in the IRR or anything?  Just seems like a lot of sites will not accept my traffic.

Any experts like to chime in?

John

--
Sent from my Android device with K-9 Mail. Please excuse my brevity.