Help on setting up a new block
Odd Issues We recently went through an IP Broker and bought a /18 worth of IP's I am listing all my information below. Should be public record. AS Number/Range 395437 AS Handle AS395437 AS Name HIGHLANDTEL RPKI Certified Yes As for the IP Block Net Range 138.43.128.0 - 138.43.191.255 CIDR 138.43.128.0/18 Net Name HCL-73 Net Handle NET-138-43-128-0-1 Net Type Direct Allocation Parent NET-138-0-0-0-0 (VR-ARIN) RPKI Certified Yes In addition, I believe I got all the information in the IRR. I am unclear on this part, but I do know ATT is happy now. I can pass traffic through their network. whois -h whois.bgpmon.net " --roa 395437 138.43.128.0/24" 0 - Valid ------------------------ ROA Details ------------------------ Origin ASN: AS395437 Not valid Before: 2019-02-13 05:00:00 Not valid After: 2029-02-01 05:00:00 Expires in 9y318d10h46m2.39999997615814s Trust Anchor: rpki.arin.net Prefixes: 138.43.128.0/18 (max length /24) So here is my problem. There are certain sites I can not get to on the new ip block. clover.com - They are a large POS vendor catering to small business idrive.com - Online backup heart.org - american heart association onlineproviderservices.com - Looks like an outsourced group that handles medicare landstar.com - trucking company I am working on trying to contact the companies above, but I have started resorting to public shaming on social media. Not an ideal solution. My thought, could I be missing something? Perhaps I need to add a specfic entry in the IRR or anything? Just seems like a lot of sites will not accept my traffic. Any experts like to chime in? John
Do a search on the /16 parent block. It has a history of being on block lists. I imagine some admins have old lists that they do not update very often, or have the entire /16 or greater blocked. I also went through this process when we purchased IPs, and I've had to contact hundreds of networks over the last couple of years to try and get our blocks removed from their firewalls. Our specific block was never on any block lists, but the parent was plastered all over the place. It's potentially more difficult now than in the past because there are some hosting providers that are simply a few people that own VMs on some other infrastructure that they do not control or have visibility into. The VM hosting company might be blocking your network, and so the VMs never see your traffic. This means you might contact Landstar, and then Landstar calls up their web person, but the web person doesn't understand this stuff. The web person phones his web hosting company who can't find anything wrong, because they never see your packets to begin with. Now the web hosting company (if you can get them to do this) needs to contact their DC company that is hosting their VMs to find out if there is a firewall or anti DDoS system etc that is sitting in front of their VMs. Most of these calls take a long time. There is a lot of hand-holding, and captures that need to be sent, and then you just hope you can find someone willing to dig into it on the other end of the phone. Good luck with the process. I believe you will be successful in most cases, but it will take awhile. ----- Pete Baldwin Tuckersmith Communications (P) 519-565-2400 (C) 519-441-7383 On 3/20/19 10:02 AM, John Alcock wrote:
Odd Issues
We recently went through an IP Broker and bought a /18 worth of IP's
I am listing all my information below. Should be public record.
AS Number/Range 395437 AS Handle AS395437 AS Name HIGHLANDTEL RPKI Certified Yes
As for the IP Block
Net Range 138.43.128.0 - 138.43.191.255 CIDR 138.43.128.0/18 <http://138.43.128.0/18> Net Name HCL-73 Net Handle NET-138-43-128-0-1 Net Type Direct Allocation Parent NET-138-0-0-0-0 (VR-ARIN) RPKI Certified Yes
In addition, I believe I got all the information in the IRR. I am unclear on this part, but I do know ATT is happy now. I can pass traffic through their network.
whois -h whois.bgpmon.net <http://whois.bgpmon.net> " --roa 395437 138.43.128.0/24 <http://138.43.128.0/24>"
0 - Valid ------------------------ ROA Details ------------------------ Origin ASN: AS395437 Not valid Before: 2019-02-13 05:00:00 Not valid After: 2029-02-01 05:00:00 Expires in 9y318d10h46m2.39999997615814s Trust Anchor: rpki.arin.net <http://rpki.arin.net> Prefixes: 138.43.128.0/18 <http://138.43.128.0/18> (max length /24)
So here is my problem. There are certain sites I can not get to on the new ip block.
clover.com <http://clover.com> - They are a large POS vendor catering to small business idrive.com <http://idrive.com> - Online backup heart.org <http://heart.org> - american heart association onlineproviderservices.com <http://onlineproviderservices.com> - Looks like an outsourced group that handles medicare landstar.com <http://landstar.com> - trucking company
I am working on trying to contact the companies above, but I have started resorting to public shaming on social media. Not an ideal solution.
My thought, could I be missing something? Perhaps I need to add a specfic entry in the IRR or anything? Just seems like a lot of sites will not accept my traffic.
Any experts like to chime in?
John
On Wed, 20 Mar 2019 10:22:34 -0400, Pete Baldwin said:
��� It's potentially more difficult now than in the past because there are some hosting providers that are simply a few people that own VMs on some other infrastructure that they do not control or have visibility into.� The VM hosting company might be blocking your network, and so the VMs never see your traffic.�� This means you might contact Landstar, and then Landstar calls up their web person, but the web person doesn't understand this stuff.�� The web person phones his web hosting company who can't find anything wrong, because they never see your packets to begin with.�� Now the web hosting company (if you can get them to do this) needs to contact their DC company that is hosting their VMs to find out if there is a firewall or anti DDoS system etc that is sitting in front of their VMs.
Have we reached the point where it is (or should be) due diligence and a BCP to make sure your new address space is reachable on IPv6 as well, to improve your chances of being reachable even if your IPv4 space is in somebody's block list?
Taking a quick look, seems like reachability to the first /24 at least is ok, so I don't think you have a problem there. You may have picked up a subnet with some nuggets of abuse history in there, it's quite common on the secondary V4 market. On Wed, Mar 20, 2019 at 10:05 AM John Alcock <john@alcock.org> wrote:
Odd Issues
We recently went through an IP Broker and bought a /18 worth of IP's
I am listing all my information below. Should be public record.
AS Number/Range 395437 AS Handle AS395437 AS Name HIGHLANDTEL RPKI Certified Yes
As for the IP Block
Net Range 138.43.128.0 - 138.43.191.255 CIDR 138.43.128.0/18 Net Name HCL-73 Net Handle NET-138-43-128-0-1 Net Type Direct Allocation Parent NET-138-0-0-0-0 (VR-ARIN) RPKI Certified Yes
In addition, I believe I got all the information in the IRR. I am unclear on this part, but I do know ATT is happy now. I can pass traffic through their network.
whois -h whois.bgpmon.net " --roa 395437 138.43.128.0/24"
0 - Valid ------------------------ ROA Details ------------------------ Origin ASN: AS395437 Not valid Before: 2019-02-13 05:00:00 Not valid After: 2029-02-01 05:00:00 Expires in 9y318d10h46m2.39999997615814s Trust Anchor: rpki.arin.net Prefixes: 138.43.128.0/18 (max length /24)
So here is my problem. There are certain sites I can not get to on the new ip block.
clover.com - They are a large POS vendor catering to small business idrive.com - Online backup heart.org - american heart association onlineproviderservices.com - Looks like an outsourced group that handles medicare landstar.com - trucking company
I am working on trying to contact the companies above, but I have started resorting to public shaming on social media. Not an ideal solution.
My thought, could I be missing something? Perhaps I need to add a specfic entry in the IRR or anything? Just seems like a lot of sites will not accept my traffic.
Any experts like to chime in?
John
I would start with basic stuff first. Traceroutes to check if/where the packets are being dropped. If the path is clear, then it's probably a HTTP level block, in which case figure out if these companies share the same CDN/web protection solution/hoster. If that's the case, contact them directly. Regards, Filip Hruska On 20 March 2019 3:02:13 pm GMT+01:00, John Alcock <john@alcock.org> wrote:
Odd Issues
We recently went through an IP Broker and bought a /18 worth of IP's
I am listing all my information below. Should be public record.
AS Number/Range 395437 AS Handle AS395437 AS Name HIGHLANDTEL RPKI Certified Yes
As for the IP Block
Net Range 138.43.128.0 - 138.43.191.255 CIDR 138.43.128.0/18 Net Name HCL-73 Net Handle NET-138-43-128-0-1 Net Type Direct Allocation Parent NET-138-0-0-0-0 (VR-ARIN) RPKI Certified Yes
In addition, I believe I got all the information in the IRR. I am unclear on this part, but I do know ATT is happy now. I can pass traffic through their network.
whois -h whois.bgpmon.net " --roa 395437 138.43.128.0/24"
0 - Valid ------------------------ ROA Details ------------------------ Origin ASN: AS395437 Not valid Before: 2019-02-13 05:00:00 Not valid After: 2029-02-01 05:00:00 Expires in 9y318d10h46m2.39999997615814s Trust Anchor: rpki.arin.net Prefixes: 138.43.128.0/18 (max length /24)
So here is my problem. There are certain sites I can not get to on the new ip block.
clover.com - They are a large POS vendor catering to small business idrive.com - Online backup heart.org - american heart association onlineproviderservices.com - Looks like an outsourced group that handles medicare landstar.com - trucking company
I am working on trying to contact the companies above, but I have started resorting to public shaming on social media. Not an ideal solution.
My thought, could I be missing something? Perhaps I need to add a specfic entry in the IRR or anything? Just seems like a lot of sites will not accept my traffic.
Any experts like to chime in?
John
-- Sent from my Android device with K-9 Mail. Please excuse my brevity.
I found an interesting pattern. I see a lot of traffic stopping at softlayer.com. Big datacenter? Could they be doing some blocking? John On Wed, Mar 20, 2019 at 10:31 AM Filip Hruska <fhr@fhrnet.eu> wrote:
I would start with basic stuff first.
Traceroutes to check if/where the packets are being dropped. If the path is clear, then it's probably a HTTP level block, in which case figure out if these companies share the same CDN/web protection solution/hoster. If that's the case, contact them directly.
Regards, Filip Hruska
On 20 March 2019 3:02:13 pm GMT+01:00, John Alcock <john@alcock.org> wrote:
Odd Issues
We recently went through an IP Broker and bought a /18 worth of IP's
I am listing all my information below. Should be public record.
AS Number/Range 395437 AS Handle AS395437 AS Name HIGHLANDTEL RPKI Certified Yes
As for the IP Block
Net Range 138.43.128.0 - 138.43.191.255 CIDR 138.43.128.0/18 Net Name HCL-73 Net Handle NET-138-43-128-0-1 Net Type Direct Allocation Parent NET-138-0-0-0-0 (VR-ARIN) RPKI Certified Yes
In addition, I believe I got all the information in the IRR. I am unclear on this part, but I do know ATT is happy now. I can pass traffic through their network.
whois -h whois.bgpmon.net " --roa 395437 138.43.128.0/24"
0 - Valid ------------------------ ROA Details ------------------------ Origin ASN: AS395437 Not valid Before: 2019-02-13 05:00:00 Not valid After: 2029-02-01 05:00:00 Expires in 9y318d10h46m2.39999997615814s Trust Anchor: rpki.arin.net Prefixes: 138.43.128.0/18 (max length /24)
So here is my problem. There are certain sites I can not get to on the new ip block.
clover.com - They are a large POS vendor catering to small business idrive.com - Online backup heart.org - american heart association onlineproviderservices.com - Looks like an outsourced group that handles medicare landstar.com - trucking company
I am working on trying to contact the companies above, but I have started resorting to public shaming on social media. Not an ideal solution.
My thought, could I be missing something? Perhaps I need to add a specfic entry in the IRR or anything? Just seems like a lot of sites will not accept my traffic.
Any experts like to chime in?
John
-- Sent from my Android device with K-9 Mail. Please excuse my brevity.
On 3/20/19 10:28 AM, John Alcock wrote:
I found an interesting pattern. I see a lot of traffic stopping at softlayer.com <http://softlayer.com>. Big datacenter? Could they be doing some blocking?
John
Could be. They were acquired by IBM a few years ago.
They block IP address from Iran, Cuba, North Korea, and Syria. You can check https://cloud.ibm.com/docs/overview/terms-of-use?topic=overview-terms#notice... for more details. On Wed, Mar 20, 2019 at 11:37 PM Bryan Holloway <bryan@shout.net> wrote:
On 3/20/19 10:28 AM, John Alcock wrote:
I found an interesting pattern. I see a lot of traffic stopping at softlayer.com <http://softlayer.com>. Big datacenter? Could they be doing some blocking?
John
Could be. They were acquired by IBM a few years ago.
of course at the end of the day, there is ZERO requirement for anyone to accept traffic from any prefix. to paraphrase an old greybeard, "my network, my rulez" /Wm On Wed, Mar 20, 2019 at 8:40 AM Siyuan Miao <aveline@misaka.io> wrote:
They block IP address from Iran, Cuba, North Korea, and Syria.
You can check https://cloud.ibm.com/docs/overview/terms-of-use?topic=overview-terms#notice... for more details.
On Wed, Mar 20, 2019 at 11:37 PM Bryan Holloway <bryan@shout.net> wrote:
On 3/20/19 10:28 AM, John Alcock wrote:
I found an interesting pattern. I see a lot of traffic stopping at softlayer.com <http://softlayer.com>. Big datacenter? Could they be doing some blocking?
John
Could be. They were acquired by IBM a few years ago.
On 3/20/19 12:32 PM, william manning wrote:
of course at the end of the day, there is ZERO requirement for anyone to accept traffic from any prefix. to paraphrase an old greybeard, "my network, my rulez"
Wouldn't this be in conflict with the idea of "network neutrality" rules?
_> <_<
-- Bryan Fields 727-409-1194 - Voice http://bryanfields.net
On Wed, 20 Mar 2019 12:45:35 -0400, Bryan Fields said:
On 3/20/19 12:32 PM, william manning wrote:
of course at the end of the day, there is ZERO requirement for anyone to accept traffic from any prefix. to paraphrase an old greybeard, "my network, my rulez"
Wouldn't this be in conflict with the idea of "network neutrality" rules?
Depends. Was softlayer up-front with the customers about what addresses are blocked, and why? If the customers knew that softlayer had a block list and had a way to tell if it was impacting their network access, that's one thing. If softlayer was doing it without informed consent from its customers, that's a different kettle of fish....
not clear what network neutrality has to say about this. are you required to accept DDoS traffic or is that covered by net neutrality? /Wm On Wed, Mar 20, 2019 at 9:47 AM Bryan Fields <Bryan@bryanfields.net> wrote:
On 3/20/19 12:32 PM, william manning wrote:
of course at the end of the day, there is ZERO requirement for anyone to accept traffic from any prefix. to paraphrase an old greybeard, "my network, my rulez"
Wouldn't this be in conflict with the idea of "network neutrality" rules?
_> <_<
-- Bryan Fields
727-409-1194 - Voice http://bryanfields.net
Hi John, I have gone through this pain previously and I suggest you contact the main Geo IP database providers and have them update their DB as some organisation use them, they don't rely on IRR entries. Some hosting companies and content/streaming/Pay-TV providers also use these GeoIP Databases which may take a while to update. Here are a some of these companies FYI; IP2Location www.ip2location.com W3C Geolocation Quova www.quova.com Geo IP by MaxMind www.maxmind.com Cheers, Ahad On Thu, Mar 21, 2019 at 1:05 AM John Alcock <john@alcock.org> wrote:
Odd Issues
We recently went through an IP Broker and bought a /18 worth of IP's
I am listing all my information below. Should be public record.
AS Number/Range 395437 AS Handle AS395437 AS Name HIGHLANDTEL RPKI Certified Yes
As for the IP Block
Net Range 138.43.128.0 - 138.43.191.255 CIDR 138.43.128.0/18 Net Name HCL-73 Net Handle NET-138-43-128-0-1 Net Type Direct Allocation Parent NET-138-0-0-0-0 (VR-ARIN) RPKI Certified Yes
In addition, I believe I got all the information in the IRR. I am unclear on this part, but I do know ATT is happy now. I can pass traffic through their network.
whois -h whois.bgpmon.net " --roa 395437 138.43.128.0/24"
0 - Valid ------------------------ ROA Details ------------------------ Origin ASN: AS395437 Not valid Before: 2019-02-13 05:00:00 Not valid After: 2029-02-01 05:00:00 Expires in 9y318d10h46m2.39999997615814s Trust Anchor: rpki.arin.net Prefixes: 138.43.128.0/18 (max length /24)
So here is my problem. There are certain sites I can not get to on the new ip block.
clover.com - They are a large POS vendor catering to small business idrive.com - Online backup heart.org - american heart association onlineproviderservices.com - Looks like an outsourced group that handles medicare landstar.com - trucking company
I am working on trying to contact the companies above, but I have started resorting to public shaming on social media. Not an ideal solution.
My thought, could I be missing something? Perhaps I need to add a specfic entry in the IRR or anything? Just seems like a lot of sites will not accept my traffic.
Any experts like to chime in?
John
participants (10)
-
Ahad Aboss
-
Bryan Fields
-
Bryan Holloway
-
Filip Hruska
-
John Alcock
-
Pete Baldwin
-
Siyuan Miao
-
Tom Beecher
-
Valdis Klētnieks
-
william manning