#7924 Connection to fedorapeople.org fails for some of the IP ranges from RHs internal network
Closed: Fixed a year ago by kevin. Opened a year ago by mvadkert.

We are accessing some data from fedorapeople.org from RHs internal network, but for some IP ranges we cannot connect. The traceroute ends somwhere in NCREN. We are not sure why this happens, but it is weird. Note that the gateway is the same in both occassions ....

According to traceroute the packets are dropped somewhere in NCREN

# tracepath -n
 1?: [LOCALHOST]                                         pmtu 1500
 1:  <some-address>                                    6.636ms
 1:  <some-address>                                    7.952ms
 2:  <some-address>                                   10.924ms
 3:  <some-address>                                    0.732ms
 4:  <some-address>                                   12.053ms
 5:  <some-address>                                54.624ms
 6:  <some-address>                                 24.366ms
 7:                                       33.301ms asymm  8
 8:                                      19.711ms
 9:                                      19.766ms
10:                                       20.977ms asymm  9
11:                                          26.623ms asymm 22
12:                                         30.103ms asymm 21
13:                                          25.667ms asymm 19
14:                                         28.618ms
15:                                        27.124ms asymm 16
16:                                        26.877ms
17:                                         27.952ms asymm 18
18:                                         28.355ms asymm 19
19:                                         31.912ms asymm 20
20:  no reply
21:  no reply
22:  no reply
23:  no reply
24:  no reply
25:  no reply
26:  no reply
27:  no reply
28:  no reply
29:  no reply
30:  no reply
     Too many hops: pmtu 1500
     Resume: pmtu 1500

From some other machine the connection it works:

# tracepath -n
 1?: [LOCALHOST]                                         pmtu 1500
 1:  <some ip address>                              3.185ms
 1:  <some ip address>                                1.111ms
 2:  <some ip address>                               0.824ms
 3:  <some ip address>                             17.704ms
 4:  <some ip address>                             12.212ms
 5:                                       17.379ms
 6:                                      21.494ms
 7:                                        0.825ms
 8:                                        0.778ms asymm  7
 9:                                          4.381ms asymm 12
10:                                           7.031ms asymm 19
11:                                         11.237ms asymm 18
12:                                         14.710ms asymm 13
13:                                         6.659ms
14:                                         6.394ms
15:                                          7.914ms
16:                                          8.055ms asymm 15
17:                                         12.917ms
18:                                         12.911ms asymm 17
19:                                         12.433ms asymm 18
20:                                        12.681ms asymm 19
21:                                       13.047ms !H
     Resume: pmtu 1500

Note that the site where fedorapeople.org is hosted, does have a IDS thing. If you do too many invalid ssh attempts from an IP, it blocks that IP from being able to to connect to ANY resources for a bit (I think it's a day? or perhaps two).

Is the external IP both these nets are coming from the same? Or different?

@kevin thanks for the info. Our gateway IP for both these attempts is the same, i.e. So I guess that is not it?

If the http://icanhazip.com/ is the same reported from both... then yeah... no that.

I do note that fedorapeople.org has a ipv6 address. Could it be that some people are getting non routable ipv6 addresses and others not? Or does this happen with ipv4 ?

@kevin according to traceroute logs, we're safely within IPv4 space.

ok. I am really not sure where to go here. Perhaps you could ask RH networking folks to talk to NCREN?

So if working and non working are using the same ip, it's not ip filtering, there must be something else about the failing connection.

Does it happen to any other sites?

Metadata Update from @kevin:
- Issue priority set to: Waiting on Assignee (was: Needs Review)

a year ago

Any news here? Is this still happening?

Any news? Can we engage RH networking folks?

Metadata Update from @mvadkert:
- Issue close_status updated to: Insufficient data
- Issue status updated to: Closed (was: Open)

a year ago

Sorry for the late response. We do not see this problem now. Will try with RH networking folks if it pops up again, thanks.

Metadata Update from @mvadkert:
- Issue status updated to: Open (was: Closed)

a year ago

Metadata Update from @kevin:
- Issue close_status updated to: Fixed
- Issue status updated to: Closed (was: Open)

a year ago

Login to comment on this ticket.