What is the best avenue for contacting support for AWS? I have several ISPs experiencing reachability issues with AWS hosted sites. These are from different backbones, different gear, etc. The common denominator is AWS. Been googling around and can’t seem to find a contact. Justin Wilson j2sw@mtin.net — https://j2sw.com - All things jsw (AS209109) https://blog.j2sw.com - Podcast and Blog
Are you sure it's not due to the Verizon outage? As a non-customer, your options for contacting support are limited. On Tue, Jan 26, 2021 at 12:55 PM Justin Wilson (Lists) <lists@mtin.net> wrote:
What is the best avenue for contacting support for AWS? I have several ISPs experiencing reachability issues with AWS hosted sites. These are from different backbones, different gear, etc. The common denominator is AWS.
Been googling around and can’t seem to find a contact.
Justin Wilson j2sw@mtin.net
— https://j2sw.com - All things jsw (AS209109) https://blog.j2sw.com - Podcast and Blog
I would like to know as well who best to reach out to. We are experiencing ipv6 related issues with AWS, unable to load even amazon.com completely when any of our customers have ipv6 connectivity curl -vvv https://images-na.ssl-images-amazon.com/images/I/11EIQ5IGqaL._RC%7C01ZTHTZOb... * Trying 2a04:4e42::272... * TCP_NODELAY set * Connected to images-na.ssl-images-amazon.com (2a04:4e42::272) port 443 (#0) * schannel: SSL/TLS connection with images-na.ssl-images-amazon.com port 443 (step 1/3) * schannel: checking server certificate revocation * schannel: sending initial handshake data: sending 202 bytes... * schannel: sent initial handshake data: sent 202 bytes * schannel: SSL/TLS connection with images-na.ssl-images-amazon.com port 443 (step 2/3) * schannel: failed to receive handshake, SSL/TLS connection failed * Closing connection 0 * schannel: shutting down SSL/TLS connection with images-na.ssl-images-amazon.com port 443 * Send failure: Connection was reset * schannel: failed to send close msg: Failed sending data to the peer (bytes written: -1) * schannel: clear security context handle curl: (35) schannel: failed to receive handshake, SSL/TLS connection failed On Tue, 26 Jan 2021 at 11:00, Josh Baird <joshbaird@gmail.com> wrote:
Are you sure it's not due to the Verizon outage? As a non-customer, your options for contacting support are limited.
On Tue, Jan 26, 2021 at 12:55 PM Justin Wilson (Lists) <lists@mtin.net> wrote:
What is the best avenue for contacting support for AWS? I have several ISPs experiencing reachability issues with AWS hosted sites. These are from different backbones, different gear, etc. The common denominator is AWS.
Been googling around and can’t seem to find a contact.
Justin Wilson j2sw@mtin.net
— https://j2sw.com - All things jsw (AS209109) https://blog.j2sw.com - Podcast and Blog
Hey Michael, Given the fact that the TCP 3-way handshake is established, sounds like some Path MTU blackholing happening. Due to it happening during TLS handshake it's likely from the server towards you. 2a04:4e42::272 and 2a04:4e42:2f::272 belong to Fastly (AS54113) as they host a share of images-na.ssl-images-amazon.com. Looking at a tcpdump, the first large packet in the flow is from the server. I have a full-sized native ipv6 connection so large packets are received: 00:10:28.921224 IP6 (flowlabel 0x4901f, hlim 54, next-header TCP (6) payload length: 1460) 2a04:4e42:2f::272.443 > 2600:1f18:2fe:904:4341:3edf:79e3:de1d.42114: Flags [.], cksum 0xc122 (correct), seq 1:1429, ack 518, win 131, options [nop,nop,TS val 3517605680 ecr 572934936], length 1428 Using https://github.com/falling-sky/mtu1280d to emulate a smaller MTU, in response to the large packet (#1) we send back an icmpv6 packet too big response (#2), triggering Fastly to send smaller packets (#3): 00:11:22.179423 IP6 (flowlabel 0xa9776, hlim 53, next-header TCP (6) payload length: 1460) 2a04:4e42:2f::272.443 > 2600:1f18:2fe:904:4341:3edf:79e3:de1d.42116: Flags [.], cksum 0xc7f0 (correct), seq 1:1429, ack 518, win 131, options [nop,nop,TS val 3934482883 ecr 572988194], length 1428 00:11:22.179527 IP6 (hlim 255, next-header ICMPv6 (58) payload length: 1240) 2600:1f18:2fe:904:4341:3edf:79e3:de1d > 2a04:4e42:2f::272: [icmp6 sum ok] ICMP6, packet too big, mtu 1280 00:11:22.180175 IP6 (flowlabel 0xa9776, hlim 53, next-header TCP (6) payload length: 1236) 2a04:4e42:2f::272.443 > 2600:1f18:2fe:904:4341:3edf:79e3:de1d.42116: Flags [.], cksum 0x8c51 (correct), seq 1:1205, ack 518, win 131, options [nop,nop,TS val 3934482884 ecr 572988196], length 1204 Either your system does not send back an ICMPv6 packet too big reply, or something drops it on the way and it never reaches Fastly. You should check your firewall settings in the path to ensure you don't block ICMP and ICMPv6 packets. Regards, Andras On Sat, Feb 20, 2021 at 7:11 AM Michael Crapse <michael@wi-fiber.io> wrote:
I would like to know as well who best to reach out to. We are experiencing ipv6 related issues with AWS, unable to load even amazon.com completely when any of our customers have ipv6 connectivity
curl -vvv https://images-na.ssl-images-amazon.com/images/I/11EIQ5IGqaL._RC%7C01ZTHTZOb... * Trying 2a04:4e42::272... * TCP_NODELAY set * Connected to images-na.ssl-images-amazon.com (2a04:4e42::272) port 443 (#0) * schannel: SSL/TLS connection with images-na.ssl-images-amazon.com port 443 (step 1/3) * schannel: checking server certificate revocation * schannel: sending initial handshake data: sending 202 bytes... * schannel: sent initial handshake data: sent 202 bytes * schannel: SSL/TLS connection with images-na.ssl-images-amazon.com port 443 (step 2/3) * schannel: failed to receive handshake, SSL/TLS connection failed * Closing connection 0 * schannel: shutting down SSL/TLS connection with images-na.ssl-images-amazon.com port 443 * Send failure: Connection was reset * schannel: failed to send close msg: Failed sending data to the peer (bytes written: -1) * schannel: clear security context handle curl: (35) schannel: failed to receive handshake, SSL/TLS connection failed
On Tue, 26 Jan 2021 at 11:00, Josh Baird <joshbaird@gmail.com> wrote:
Are you sure it's not due to the Verizon outage? As a non-customer, your options for contacting support are limited.
On Tue, Jan 26, 2021 at 12:55 PM Justin Wilson (Lists) <lists@mtin.net> wrote:
What is the best avenue for contacting support for AWS? I have several ISPs experiencing reachability issues with AWS hosted sites. These are from different backbones, different gear, etc. The common denominator is AWS.
Been googling around and can’t seem to find a contact.
Justin Wilson j2sw@mtin.net
— https://j2sw.com - All things jsw (AS209109) https://blog.j2sw.com - Podcast and Blog
On 20. Feb 2021, at 01:16, Andras Toth <diosbejgli@gmail.com> wrote:
00:10:28.921224 IP6 (flowlabel 0x4901f, hlim 54, next-header TCP (6) payload length: 1460)
Weird. Why would an IPv6 server ever send a full-sized packet? You have to sacrifice ~100 bytes to the firewall gods. Grüße, Carsten
On Fri, Feb 19, 2021 at 4:18 PM Andras Toth <diosbejgli@gmail.com> wrote:
Given the fact that the TCP 3-way handshake is established, sounds like some Path MTU blackholing happening. Due to it happening during TLS handshake it's likely from the server towards you.
Could also be another case of botched anycast TCP where packet #2 arrived at a different server than packet #1. -Bill -- William Herrin bill@herrin.us https://bill.herrin.us/
Could have been but that's why I tested with a lower MTU sending back ICMP packet too big to prove that the packet sizes from the server decrease as a result. Andras
On 21 Feb 2021, at 08:27, William Herrin <bill@herrin.us> wrote:
On Fri, Feb 19, 2021 at 4:18 PM Andras Toth <diosbejgli@gmail.com> wrote:
Given the fact that the TCP 3-way handshake is established, sounds like some Path MTU blackholing happening. Due to it happening during TLS handshake it's likely from the server towards you.
Could also be another case of botched anycast TCP where packet #2 arrived at a different server than packet #1.
-Bill
-- William Herrin bill@herrin.us https://bill.herrin.us/
participants (6)
-
Andras Toth
-
Carsten Bormann
-
Josh Baird
-
Justin Wilson (Lists)
-
Michael Crapse
-
William Herrin