Client has periods where can't connect to server...

[schwim]

Hi there,

Currently, we can connect to their server, while sometimes they can't at all and sometimes they'll get a partial(very slow) pageload.

I had them run a traceroute, and it seems that they're getting to the server, but then the connection drops:

Welcome to Darwin!
cindys-computer:~ moppets$ traceroute www.domain.com
traceroute to moppetfrocks.com (208.109.107.100), 64 hops max, 40
byte packets
1 192.168.1.1 (192.168.1.1) 2.021 ms 1.369 ms 1.314 ms
2 * * *
3 68.87.219.100 (68.87.219.100) 11.475 ms 10.355 ms 9.710 ms
4 beaverton.or.bverton.comcast.net (68.87.216.50)
10.120 ms 9.637 ms 9.504 ms
5 te-8-4-ur05.beaverton.or.bverton.comcast.net (68.87.216.101)
9.342 ms 9.684 ms 9.534 ms
6 te-9-1-ur06.beaverton.or.bverton.comcast.net (68.87.216.98) 9.927
ms 10.134 ms 9.252 ms
7 te-7-4-ar01.troutdale.or.bverton.comcast.net (68.87.216.106)
172.528 ms 168.578 ms *
8 * * *
9 * * *
10 * * *
11 64.215.30.201 (64.215.30.201) 40.771 ms 38.001 ms 38.923 ms
12 * 67.17.199.142 (67.17.199.142) 91.751 ms *
13 ip-208-109-112-153.ip.secureserver.net (208.109.112.153) 54.253
ms 51.158 ms *
14 ip-208-109-112-142.ip.secureserver.net (208.109.112.142) 52.006
ms 53.768 ms 53.116 ms
15 * * *
<~~ Truncated
49 * * *
traceroute: sendto: No route to host
50 traceroute: wrote domain.com 40 chars, ret=-1
<~~repeated 6 times
52 * * *
<~~ Truncated
64 * * *

We're not sure what to do. We've been working on the site during the whole period of time that they're having a problem, and we've had no issue with connections.

I've checked lfd, and their IP is not blocked(grabbed from the tracert)

Can someone give me some idea of what I might be able to do to find out what the problem is?

thanks,
json

 

[schwim]

Holy cow, I forgot the biggest part:

She uses our support site to log the trouble ticket. That site resides on the same server.

I would think that this means either a domain or IP problem, no? If so, what would cause them to have the problem but not us?

This is an established site in existence for over a year.

thanks,
json

 

[schwim]

I had her try to contact the site both by IP and by domain, with both she received the following error:

Safari can't open the page.
Safari could not open the page http://208.109.107.100 because the server stopped responding.

Any suggestions would be greatly appreciated.

[EDIT] The last thing I could think of was disabling CSF/LFD. The client was still unable to connect.[/EDIT]

thanks,
json

 

[koolcards]

Safari can't open the page.
Safari could not open the page http://208.109.107.100 because the server stopped responding.

Welcome to Darwin!
cindys-computer:~ moppets$ traceroute www.domain.com
traceroute to moppetfrocks.com (208.109.107.100), 64 hops max, 40

Her machine shows the site at 208.109.107.100 but the DNS on your name servers (ns1.schwimsdns.com and ns2.schwimsdns.com) show the site at 208.109.107.220

Host name: moppetfrocks.com
IP address: 208.109.107.220

 

[schwim]

Hi there koolcards,

I missed a spot that I needed to alter the domain. I altered the domains and IP's... so much for thoroughness

her IP is as you stated. We can connect to 220, while she can not.

Sorry for the unnecessary confusion.

thanks,
json

 

[schwim]

Hi Koolcards.

Thanks very much for your contact.

I might have replied too late to do you any good, but she's actually resolving to the correct address. The incorrect IP address was my poor attempt at cloak-and-dagger, which only resulted in confusion.

In short, her computer is resolving the domain as .220. Even when attempting to connect to the site directly via IP, she is refused connection.

She just logged another trouble ticket stating that her husband, at a different location also can not connect to the server.

thanks,
json

 

[koolcards]

Hi Koolcards.
Thanks very much for your contact.
I might have replied too late to do you any good, but she's actually resolving to the correct address. The incorrect IP address was my poor attempt at cloak-and-dagger, which only resulted in confusion.
In short, her computer is resolving the domain as .220. Even when attempting to connect to the site directly via IP, she is refused connection.
She just logged another trouble ticket stating that her husband, at a different location also can not connect to the server.
thanks,
json

Different location and different ISP? I ask because the "No route to host" error means somebody isn't able to resolve the sites IP address. When did you make the DNS change?

 

[schwim]

I've not made a dns change on her domain in almost a year.

She states that her husband, using IE can not access either.

internet explorer cannot display the webpage.

I am waiting for a response from her regarding the ISP's between the two of them.

I don't doubt there is a problem, I just have absolutely no idea what it might be.

thanks,
json

 

[schwim]

Update:

She states that she thinks that her and her husband shares the same ISP. She has called other people that have tried to connect from different ISP's in her area, and they are able to connect without issue.

She has already talked to Comcast, and they of course stated that everything is A-OK and dandy on their end.

With the information we've discussed, what might be her best tactic in discussing the problem with them?

thanks,
json

 

[koolcards]

Update:

She states that she thinks that her and her husband shares the same ISP. She has called other people that have tried to connect from different ISP's in her area, and they are able to connect without issue.

She has already talked to Comcast, and they of course stated that everything is A-OK and dandy on their end.

With the information we've discussed, what might be her best tactic in discussing the problem with them?

thanks,
json

Right, well. I suggested a couple things in that PM and it has to be A)network, B)server, C)or her end.
I and everybody else in the world can connect to her server so, check the box's iptables rulesets to see that she isn't blocked, run the trace from the server to her current IP. If there's nothing there, she needs to look at her firewall or ISP.

Umm, did you say it was intermittent? Is there some kind of security software on the machine that would count her, say, IMAP mail connections toward some kind of limit then shut her out?

 

[schwim]

hi there,

I run Chirpy's script package. You can be blocked with too many connections, but:

1) I get a notice
2) It doesn't explain her husband also being blocked as well.

It is intermittent. She just started having the problem again tonight after a two month period where she connected fine.

Keep in mind that the server is not blocking her. She can connect to the support site, which although uses a different IP is on the same server.

I'm contacting the locator now to see what they say. Unfortunately, I suspect that it won't be much.

I'm totally flummoxed.

thanks,
json

 

[koolcards]

hi there,

I run Chirpy's script package. You can be blocked with too many connections, but:

1) I get a notice
2) It doesn't explain her husband also being blocked as well.

It is intermittent. She just started having the problem again tonight after a two month period where she connected fine.

Keep in mind that the server is not blocking her. She can connect to the support site, which although uses a different IP is on the same server.

I'm contacting the locator now to see what they say. Unfortunately, I suspect that it won't be much.

I'm totally flummoxed.

thanks,
json

A firewall rule can block based on both Source and Destination address so it's worth checking. Just look through the rules for her IP or IP range.
I'm not familiar with Chirpy's scripts, although I know they're good. But I don't know anything about them so can't help with that.

 

[Infopro]

You might try searching for the IP in your logs and see if that turns up anything.

grep 11.22.33.44.55 /var/log/*
grep 11.22.33.44.55 /etc/httpd/logs/error_log

 

[jayh38]

Another thing to look at, do you have dshield and spamhause lists enabled in CSF? They could be on a addresses of a blocked subnet.

I seen this happen that even if you add their IP to the ALLOW list, it still gets blocked.

Just for a test, if you are in fact loading those lists in the firewall, disable them and give it a try if you find nothing else.

 

[kev1nk]

Re: connectivity issues

Hello,

The issues with the "traceroute" could be caused by specific filter placed by the Data Center ot the ISP.You could never be sure about that. However the customer will not try to access
the trace ot to use the icmp. The potential customer will use the services on the cPanel machine. I am talking about web,mail,ftp,dns. You should try telnet to port 80. If you are unable to connect then you have a problem:

1. Firewall on the server
2. Firewall on the customers PC
3. Network connectivity issue

If you are sure about points 1. and 2. , then you have to contact the network specialists in
the DataCetnter or the customers ISP support.

However if you are able to connect via telnet then the problem is in the server configuration
and you could start log monitoring and other troubleshooting procedures.

Best Regards
Kevin K

 

[koolcards]

Another thing to look at, do you have dshield and spamhause lists enabled in CSF? They could be on a addresses of a blocked subnet.

I seen this happen that even if you add their IP to the ALLOW list, it still gets blocked.

Just for a test, if you are in fact loading those lists in the firewall, disable them and give it a try if you find nothing else.

Probably. I've even done the same to myself manually from time to time. He sent me a copy of the rulesets and there's a Chain SPAMHAUS in there with a lot of large subnets blocked. I'm waiting for him to obtain his customer's current IP to try and match it but apparently Jason has to sleep sometime. Who knew? :D

 

[schwim]

Hi there guys,

I'm trying to get into contact with her today to get updated connection information.

As soon as I have her current IP and am sure that she is still unable to connect, I'll continue with the tests,

Do the ones that suggested dhaus and firewall issues, just to remind you, I disabled the firewall(in csf/lfd settings), ensured that it showed that it was turned off, then had her try to connect. She still stated that she couldn't connect.

Her ISP did another traceroute with her and found that it dropped at an IP prior to the server:

We did 2 additional traceroutes with comcast(didn't even realize mac
has traceroute built in) on the line and the drop off is a go daddy
server address: 216.69.188.77

traceroute to moppetfrocks.com (208.109.107.220), 64 hops max, 40
byte packets
1 * * *
2 68.87.219.201 (68.87.219.201) 13.436 ms 15.800 ms 22.505 ms
3 te-9-1-ur04.beaverton.or.bverton.comcast.net (68.87.216.50)
30.721 ms 12.503 ms 15.020 ms
4 te-8-4-ur05.beaverton.or.bverton.comcast.net (68.87.216.101)
31.616 ms 20.181 ms 27.901 ms
5 te-9-1-ur06.beaverton.or.bverton.comcast.net (68.87.216.98)
31.594 ms 21.782 ms 28.189 ms
6 te-7-4-ar01.troutdale.or.bverton.comcast.net (68.87.216.106)
30.752 ms 29.729 ms 39.229 ms
7 * * *
8 68.86.85.77 (68.86.85.77) 47.348 ms 61.378 ms 49.905 ms
9 * * *
10 tengigabitethernet3-1.ar1.snv2.gblx.net (64.214.174.109) 41.391
ms 40.828 ms 44.209 ms
11 * * *
12 * * *
13 ip-208-109-112-142.ip.secureserver.net (208.109.112.142) 54.557
ms 54.723 ms 55.300 ms
14 ip-216-69-188-77.ip.secureserver.net (216.69.188.77) 55.036 ms
55.490 ms 55.268 ms
15 * * *
16 * * *
17 * * *
18 * * *

If her connection were dropping at the server, it would still show the server address wouldn't it? Am I wrong, or is this reflecting that it's dropping off in the GoDaddy Network before ever getting to the server?

I'm often wrong, so nobody will hurt my feelings by saying so

The confusing part to that is that if it is dropping off in the network prior to the server, why can she visit the support site that is on the same server, but uses a different IP?

thanks,
json

 

[koolcards]

Hi Jason,
the responses she's getting are back to her machine from the various nodes along the way and, if you'll look at the times, slightly higher than they really should be.
This is from another location. Notice the Godaddy routers all respond and match her route, starting with 208.109.112.142:

14 32 32 29 208.109.112.142 ip-208-109-112-142.ip.secureserver.net
15 30 30 29 216.69.188.77 ip-216-69-188-77.ip.secureserver.net
16 33 32 31 208.109.112.6 ip-208-109-112-6.ip.secureserver.net
17 33 32 31 208.109.107.220 ip-208-109-107-220.ip.secureserver.net

I suspect the problem is it's peering with Global Crossing (gblx.net). Her connection is dying, for some reason and seems to die within gblx.net. But, as I mentioned last night, it wouldn't hurt to ask the network people at Godaddy about optimizing their route and also asking Global Crossing it they have a problem. Comcast should ask them also 'cause Global Crossing could be ... the weakest link!
(I'm sure that show is still on somewhere) :D

 

[schwim]

Hi there Koolcards,

I don't mind putting my ignorance on display, but this may be a little much, even for me

Her problem has started up again tonight(she could connect fine earlier in the day), but I am currently waiting on her IP information and a new traceroute from her.

When I receive that, if the connections still drops at Global Crossing's server, what do I do? Do I simply contact them telling them that a client can't connect, providing the IP and traceroute information? I've never had to contact anyone like this, and I'm not sure how to go about doing it.

Secondly, you stated that I still need to contact GoDaddy, asking them to optimize the routing. Is this because it's using Global Crossing's servers, or because of the numbers you're seeing on the traceroute? I also am confused as to what I might propose for them to do.

Any suggestions would be greatly appreciated, as I was hoping to actually get some sleep tonight :D

thanks,
json

 

[schwim]

Her latest traceroute:

Traceroute has started ...

traceroute to moppetfrocks.com (208.109.107.220), 64 hops max, 40
byte packets
1 * * *
2 68.87.219.201 (68.87.219.201) 10.915 ms 16.734 ms 12.520 ms
3 te-9-1-ur04.beaverton.or.bverton.comcast.net (68.87.216.50)
11.873 ms 13.443 ms 12.018 ms
4 te-8-4-ur05.beaverton.or.bverton.comcast.net (68.87.216.101)
11.644 ms 13.531 ms 11.987 ms
5 te-9-1-ur06.beaverton.or.bverton.comcast.net (68.87.216.98)
11.562 ms 12.246 ms 11.726 ms
6 te-7-4-ar01.troutdale.or.bverton.comcast.net (68.87.216.106)
13.367 ms 14.571 ms 14.078 ms
7 * te-0-0-0-0-cr01.seattle.wa.ibone.comcast.net (68.86.84.37)
21.078 ms *
8 68.86.85.77 (68.86.85.77) 34.798 ms 60.735 ms 34.747 ms
9 * * *
10 tengigabitethernet3-1.ar1.snv2.gblx.net (64.214.174.109) 41.207
ms 40.574 ms 39.559 ms
11 * * *
12 * * *
13 ip-208-109-112-142.ip.secureserver.net (208.109.112.142) 53.302
ms 55.165 ms 55.163 ms
14 ip-216-69-188-77.ip.secureserver.net (216.69.188.77) 54.537 ms
55.188 ms 55.052 ms
15 ip-208-109-112-6.ip.secureserver.net (208.109.112.6) 58.272 ms * *
16 * * *
17 * * *
18 * * *
19 * * *
20 * * *

thanks,
json