Answer the question
In order to leave comments, you need to log in
P
P
p4s8x2016-08-31 04:04:07
p4s8x, 2016-08-31 04:04:07
Network problems - Hetzner + Rostelecom, what could be the reason?
And so - at night - some users lost access to our server.
When sending a GET request, at least on HTTP, at least on HTTPS, sites do not open. Although the pings are great!
Studying with tcpdump gave amazing results:
If you send a request - from a home PC with a Rostelecom provider - the packets arrive with a delay of 5 seconds and they arrive on the port !! FTP
03:54:50.042817 IP (tos 0x0, ttl 118, id 8698, offset 0, flags [DF], proto TCP (6), length 52)
my-home-source-host-rostelecom.60881 > dest-host-on-hetzner.<b>ftp</b>: Flags [S], cksum 0xfc34 (correct), seq 2416028328, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
03:54:50.612415 IP (tos 0x0, ttl 118, id 8699, offset 0, flags [DF], proto TCP (6), length 52)
my-home-source-host-rostelecom.60881 > dest-host-on-hetzner.<b>ftp</b>: Flags [S], cksum 0xfc34 (correct), seq 2416028328, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
03:54:51.183418 IP (tos 0x0, ttl 118, id 8700, offset 0, flags [DF], proto TCP (6), length 48)
my-home-source-host-rostelecom.60881 > dest-host-on-hetzner.<b>ftp</b>: Flags [S], cksum 0x1044 (correct), seq 2416028328, win 8192, options [mss 1460,nop,nop,sackOK], length 0If you make a request from outside - then everything goes fine
03:41:47.587102 IP ec2-107-22-104-97.compute-1.amazonaws.com.44918 > dest-host-on-hetzner.http: Flags [S], seq 1024789060, win 29200, options [mss 1460,sackOK,TS val 38748967 ecr 0,nop,wscale 9], length 0
03:41:47.688250 IP ec2-107-22-104-97.compute-1.amazonaws.com.44918 > dest-host-on-hetzner.<b>http</b>: Flags [.], ack 1157822854, win 58, options [nop,nop,TS val 38748992 ecr 144064853], length 0
03:41:47.688292 IP ec2-107-22-104-97.compute-1.amazonaws.com.44918 > dest-host-on-hetzner.<b>http</b>: Flags [P.], seq 0:126, ack 1, win 58, options [nop,nop,TS val 38748992 ecr 144064853], length 126
03:41:47.790853 IP ec2-107-22-104-97.compute-1.amazonaws.com.44918 > dest-host-on-hetzner.<b>http</b>: Flags [.], ack 171, win 60, options [nop,nop,TS val 38749018 ecr 144064878], length 0
03:41:47.790890 IP ec2-107-22-104-97.compute-1.amazonaws.com.44918 > dest-host-on-hetzner.<b>http</b>: Flags [.], ack 176, win 60, options [nop,nop,TS val 38749018 ecr 144064878], length 0
03:41:47.804198 IP ec2-107-22-104-97.compute-1.amazonaws.com.44918 > dest-host-on-hetzner.<b>http</b>: Flags [F.], seq 126, ack 176, win 60, options [nop,nop,TS val 38749021 ecr 144064878], length 0
03:41:47.905192 IP ec2-107-22-104-97.compute-1.amazonaws.com.44918 > dest-host-on-hetzner.<b>http</b>: Flags [.], ack 177, win 60, options [nop,nop,TS val 38749046 ecr 144064907], length 0The situation is the same with some other providers, for example, the site does not work under Megafon 3G, but works fine under Tele2, does not work under online in one part of Moscow, but works under online from another part of Moscow.
How can this even be? Where, theoretically, is the problem node? Not sure yet who to contact!
2 answer(s)
@p4s8x
@athacker
O
Oleg Svirchev, 2016-08-31 @p4s8x
All answers here - https://www.hetzner-status.de/en.html
Also the AWS part of the subnet is blocked.
It seems that the RKN was smart ..
A
athacker, 2016-08-31 @athacker
Judging by the difference in routes based on the port, most likely, Rostelecom has done something with the schemes that provide blocking according to the lists of Roskomnadzor. Theoretically, in addition to ports 80 and 8080, a similar rake should be observed from 443.
Similar questions
D
T
The_End_1102020-12-15 00:08:58
How to fix the problem with the drop in the Internet on 1 device?
4Reply
M
I
P
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question