[AusNOG] issues connecting to verisign.com.au

Alex Samad - Yieldbroker Alex.Samad at yieldbroker.com
Wed Jul 30 14:30:03 EST 2014


Hi


All solved

2 things

·         Seems like it was an issue with our main transit provider (single router takes out connectivity … for some reason can’t route around it ..)

·         Also it seems like Verisign don’t allow you to ping these servers … all my tests on by backup links were with ping/tracert… bad assumption on my part !


Alex

From: Alex Samad - Yieldbroker
Sent: Wednesday, 30 July 2014 10:26 AM
To: 'Joshua D'Alton'; Damien Gardner Jnr
Cc: ausnog at lists.ausnog.net
Subject: RE: [AusNOG] issues connecting to verisign.com.au

Strange thing is one of our guys can get to the site on their phone via telstra.

A

From: Joshua D'Alton [mailto:joshua at railgun.com.au]
Sent: Wednesday, 30 July 2014 10:24 AM
To: Damien Gardner Jnr
Cc: Alex Samad - Yieldbroker; ausnog at lists.ausnog.net<mailto:ausnog at lists.ausnog.net>
Subject: Re: [AusNOG] issues connecting to verisign.com.au

Same subnet still, so not a routing issue unless they are doing some very strange things on their side, I'd say it is the update as you listed + symantec firewall waiting on an update/refresh.

On Wed, Jul 30, 2014 at 10:19 AM, Damien Gardner Jnr <rendrag at rendrag.net<mailto:rendrag at rendrag.net>> wrote:
That's interesting, perhaps they're in the process of changing something, as I see www.verisign.com.au<http://www.verisign.com.au> resolving to a different IP..  Hard to tell if they have just changed something, as they don't use the standard YYYYMMDDxx as their SOA serial :(

;; ANSWER SECTION:
www.verisign.com.au<http://www.verisign.com.au>. 3309 IN A 202.65.27.182<tel:202.65.27.182>
;; ANSWER SECTION:
pki-admin.verisign.com.au<http://pki-admin.verisign.com.au>. 43 IN A 202.65.27.171<tel:202.65.27.171>

On 30 July 2014 10:13, Joshua D'Alton <joshua at railgun.com.au<mailto:joshua at railgun.com.au>> wrote:
CAN browse to http://www.verisign.com.au/   but not  pki-admin.verisign.com.au<http://pki-admin.verisign.com.au/>    but the traceroutes are the same (obviously, same resolved IP 202.65.27.171<tel:202.65.27.171>)

Router: Sydney
Command: traceroute 202.65.27.171<tel:202.65.27.171>


traceroute to 202.65.27.171<tel:202.65.27.171> (202.65.27.171<tel:%28202.65.27.171>), 30 hops max, 60 byte packets
 1  vlan151.fwl01.syd04.nsw.vocus.net.au<http://vlan151.fwl01.syd04.nsw.vocus.net.au> (175.45.91.194)  0.342 ms  0.281 ms  0.284 ms
 2  ge-0-0-2-910.bdr02.syd04.nsw.VOCUS.net.au<http://ge-0-0-2-910.bdr02.syd04.nsw.VOCUS.net.au> (175.45.72.85)  0.336 ms  0.329 ms  0.431 ms
 3  ge-0-5-0-2.cor01.syd04.nsw.VOCUS.net.au<http://ge-0-5-0-2.cor01.syd04.nsw.VOCUS.net.au> (175.45.72.81)  0.931 ms  0.927 ms  1.063 ms
 4  ten-0-1-0.bdr03.syd03.nsw.VOCUS.net.au<http://ten-0-1-0.bdr03.syd03.nsw.VOCUS.net.au> (114.31.192.35)  0.675 ms  0.796 ms  0.655 ms
 5  p10026.syd.equinix.com<http://p10026.syd.equinix.com> (202.167.228.44)  0.782 ms  0.781 ms  0.771 ms
 6  gi4-0-0.gw1.syd5.asianetcom.net<http://gi4-0-0.gw1.syd5.asianetcom.net> (202.147.55.96)  1.749 ms  1.770 ms  1.875 ms
 7  gi2-0-0.gw1.mel4.asianetcom.net<http://gi2-0-0.gw1.mel4.asianetcom.net> (202.147.42.201)  15.128 ms  14.076 ms  14.060 ms
 8  VSN-0003.gw1.mel1.asianetcom.net<http://VSN-0003.gw1.mel1.asianetcom.net> (203.192.130.150)  17.765 ms  17.765 ms  17.759 ms
 9  202.65.21.202 (202.65.21.202)  15.810 ms !X * *

Router: Sydney
Command: show ip bgp 202.65.27.171<tel:202.65.27.171>


BGP routing table entry for 202.65.27.0/24<http://202.65.27.0/24>
Paths: (1 available, best #1, table Default-IP-Routing-Table)
  Not advertised to any peer
  10026 17812 17812 17812 17812 64001
    114.31.192.11 from 175.45.72.8 (114.31.192.11)
      Origin incomplete, metric 0, localpref 320, valid, internal, best
      Community: 4826:5203 (NSW site 3) 4826:6500
      Originator: 114.31.192.11, Cluster list: 175.45.72.8 114.31.192.21
      Last update: Tue Jul 29 18:34:26 2014

Probably raise it with verisign, or symantec/AS17812   maybe a firewall issue if they using symantec firewall product?

On Wed, Jul 30, 2014 at 9:53 AM, Alex Samad - Yieldbroker <Alex.Samad at yieldbroker.com<mailto:Alex.Samad at yieldbroker.com>> wrote:
Hi

Wondering if anyone else if having issues with  202.65.27.171<tel:202.65.27.171> (pki-admin.verisign.com.au<http://pki-admin.verisign.com.au>)


2. 202.74.32.66                                                                                0.0%    46    0.6   0.6   0.5   0.9   0.1
 3. 203.161.153.217                                                                             0.0%    46    0.9   7.9   0.8 114.5  20.8
 4. 121.101.138.212                                                                             0.0%    46   10.2  10.4  10.2  12.0   0.3
 5. 121.101.138.171                                                                             0.0%    46   49.1  12.1  10.2  53.3   8.4
 6. 121.101.138.205                                                                             0.0%    46   10.3  12.6  10.3  62.5   9.9
 7. ???

I tried this on pipe and vocus and internode, but it seems to be available via Vodafone ??

A
_______________________________________________
AusNOG mailing list
AusNOG at lists.ausnog.net<mailto:AusNOG at lists.ausnog.net>
http://lists.ausnog.net/mailman/listinfo/ausnog


_______________________________________________
AusNOG mailing list
AusNOG at lists.ausnog.net<mailto:AusNOG at lists.ausnog.net>
http://lists.ausnog.net/mailman/listinfo/ausnog



--

Damien Gardner Jnr
VK2TDG. Dip EE. GradIEAust
rendrag at rendrag.net<mailto:rendrag at rendrag.net> -  http://www.rendrag.net/
--
We rode on the winds of the rising storm,
 We ran to the sounds of thunder.
We danced among the lightning bolts,
 and tore the world asunder

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20140730/639fd16f/attachment.html>


More information about the AusNOG mailing list