cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED
  • The questioner has marked this post as solved.

Routing problem on Swisscom

Schauwejeu68
Level 1
1 of 13

Hello,

 

the Swisscom customers cannot access these sites for a while without any reason. (all of hosted domains) like

burger-meister.ch
buri.tv
ristorante-olivo.ch
grapix.ch

and many many more.

 

I think there is misconfiguration (routing) problem on Swisscom therefore I need help.

ACCEPTED SOLUTION 1

Accepted Solutions
Freildofla90
Level 1
13 of 13

I am the Post Owner

 

Today I am at office of company. The problem still continue. I am suspicios that the router does not work properly. Here is the tracert direct from router:

Traceroute to burger-meister.ch (109.232.216.249),30 hops max
1 83.77.50.1 1.50.77.83.dynamic.wline.res.cust.swisscom.ch
1ms 2ms 2ms
2 138.187.131.211 mira.ip-plus.net
2ms 2ms 32ms
3 138.187.129.136 i79zhb-015-ae0.bb.ip-plus.net
2ms 2ms 2ms
4 138.187.130.61 i00dcx-005-ae11.bb.ip-plus.net
848ms 7ms 9ms
5 80.81.192.82 frankfurt1.ln1.turktelekom.com.tr
7ms 7ms 7ms
6 212.156.101.197 00-ebgp-gayrettepe-k---301-fra-col-1.statik.turktelekom.com.tr
975ms 42ms 42ms
7 212.156.120.184 212.156.120.184.static.turktelekom.com.tr
42ms 40ms 40ms
8 81.212.202.18 00-gayrettepe-xrs-t2-2---00-ebgp-gayrettepe-k.statik.turktelekom.com.tr
43ms 42ms 40ms
9 195.175.172.84 00-gayrettepe-t3-5---00-gayrettepe-xrs-t2-2.statik.turktelekom.com.tr
44ms 295ms 43ms
10 195.175.172.84 00-gayrettepe-t3-5---00-gayrettepe-xrs-t2-2.statik.turktelekom.com.tr
46ms
11 85.111.76.42 85.111.76.42.dynamic.ttnet.com.tr

  
 

and cannot ping still.

 

I reboot the router and turned off totally the firewall. It did not help. In this point we need direct support from Swisscom. In this connection somehow many domains does not work,

12 Comments 12
kaetho
Level 1
2 of 13

Hi @Schauwejeu68 

die angegebenen Seiten gehen bei mir alle übers Swisscomnetz. Die burgermeister.ch hat aber kein gültiges ssl-Zertifikat.

 

Und jetzt habe ich Hunger...

Schauwejeu68
Level 1
3 of 13

@kaetho  schrieb:

Hi @Schauwejeu68 

die angegebenen Seiten gehen bei mir alle übers Swisscomnetz. Die burgermeister.ch hat aber kein gültiges ssl-Zertifikat.

 

Und jetzt habe ich Hunger...


that means only some of Swisccom connections or IP Block affected this.

we cannot ping the site even under Swisscom.

Schauwejeu68
Level 1
4 of 13

to better understand here is MTR results:

 

from Swisscom:

 

|------------------------------------------------------------------------------------------|
| WinMTR statistics |
| Host - % | Sent | Recv | Best | Avrg | Wrst | Last |
|------------------------------------------------|------|------|------|------|------|------|
| centrobusiness - 0 | 26 | 26 | 1 | 1 | 2 | 2 |
|1.50.77.83.dynamic.wline.res.cust.swisscom.ch - 0 | 26 | 26 | 2 | 3 | 7 | 4 |
| No response from host - 100 | 5 | 0 | 0 | 0 | 0 | 0 |
| i79zhh-010-ae28.bb.ip-plus.net - 0 | 26 | 26 | 3 | 16 | 64 | 44 |
| mira.ip-plus.net - 0 | 26 | 26 | 2 | 3 | 14 | 4 |
| i79zhb-015-ae0.bb.ip-plus.net - 0 | 26 | 26 | 2 | 4 | 19 | 6 |
| i00dcx-005-ae11.bb.ip-plus.net - 0 | 26 | 26 | 7 | 8 | 17 | 10 |
| frankfurt1.ln1.turktelekom.com.tr - 0 | 26 | 26 | 7 | 8 | 10 | 9 |
|34-ebgp-acibadem-sr12e-k---301-fra-col-1.statik.turktelekom.com.tr - 0 | 26 | 26 | 44 | 44 | 49 | 46 |
|27-organize4-t4-1---27-mervesehir-t4-1.statik.turktelekom.com.tr - 0 | 26 | 26 | 44 | 45 | 50 | 46 |
|34-acibadem-xrs-t2-2---34-ebgp-acibadem-sr12e-k.statik.turktelekom.com.tr - 14 | 15 | 13 | 44 | 45 | 48 | 44 |
|00-gayrettepe-xrs-t2-2---34-acibadem-xrs-t2-2.statik.turktelekom.com.tr - 0 | 26 | 26 | 44 | 45 | 53 | 45 |
|00-gayrettepe-t3-5---00-gayrettepe-xrs-t2-2.statik.turktelekom.com.tr - 0 | 26 | 26 | 44 | 46 | 50 | 47 |
| No response from host - 100 | 5 | 0 | 0 | 0 | 0 | 0 |
| 85.111.76.42.dynamic.ttnet.com.tr - 0 | 26 | 26 | 45 | 54 | 100 | 47 |
| 88.218.128.14 - 0 | 26 | 26 | 44 | 45 | 53 | 46 |
| No response from host - 100 | 5 | 0 | 0 | 0 | 0 | 0 |
| No response from host - 100 | 5 | 0 | 0 | 0 | 0 | 0 |
| No response from host - 100 | 5 | 0 | 0 | 0 | 0 | 0 |
| No response from host - 100 | 5 | 0 | 0 | 0 | 0 | 0 |
| No response from host - 100 | 5 | 0 | 0 | 0 | 0 | 0 |
| No response from host - 100 | 5 | 0 | 0 | 0 | 0 | 0 |
| No response from host - 100 | 5 | 0 | 0 | 0 | 0 | 0 |
| No response from host - 100 | 5 | 0 | 0 | 0 | 0 | 0 |
| No response from host - 100 | 5 | 0 | 0 | 0 | 0 | 0 |
| No response from host - 100 | 5 | 0 | 0 | 0 | 0 | 0 |
| No response from host - 100 | 5 | 0 | 0 | 0 | 0 | 0 |
| No response from host - 100 | 5 | 0 | 0 | 0 | 0 | 0 |
| No response from host - 100 | 5 | 0 | 0 | 0 | 0 | 0 |
| No response from host - 100 | 5 | 0 | 0 | 0 | 0 | 0 |
|________________________________________________|______|______|______|______|______|______|

here is from another provider:

 

Host Loss% Snt Last Avg Best Wrst StDev
1. 139.162.128.2 0.0% 484 8.0 1.8 0.5 40.1 2.8
2. 139.162.129.10 0.0% 484 20.8 2.9 0.3 48.6 5.6
3. 199.245.16.73 0.0% 484 0.8 1.9 0.8 21.4 1.8
4. ae-3.r00.frnkge07.de.bb.gin.ntt. 0.0% 484 4.3 1.9 0.9 18.0 1.6
5. 213.198.83.198 0.0% 484 6.7 1.4 0.5 9.7 1.5
6. 34-ebgp-acibadem-sr12e-k---301-f 0.0% 484 55.5 50.5 49.5 60.1 1.6
7. 34-acibadem-xrs-t2-2---34-ebgp-a 32.0% 484 50.1 50.5 49.6 60.6 1.4
8. 00-gayrettepe-xrs-t2-2---34-acib 0.6% 484 49.9 50.4 49.7 63.0 1.5
9. 00-gayrettepe-t3-5---00-gayrette 0.0% 484 50.4 63.3 50.0 914.9 71.2
10. (waiting for reply)
11. 85.111.76.42.dynamic.ttnet.com.t 0.0% 483 52.2 56.8 50.3 142.9 13.3
12. 88.218.128.14 0.0% 483 55.4 51.2 50.0 79.2 2.3
13. srvc249.trwww.com 2.3% 483 51.3 51.0 49.9 66.2 1.7

 

 

Lori-77
Level 1
5 of 13

Hallo @Schauwejeu68  

 

Die Webseiten funktionieren auch bei mir tadellos wie @kaetho bereits geschrieben hat.

 

Hast du die DNS-Adressen auf dem Centro Buissnes geändert.

Welcher Centro hast du?

 

 

Gruss Lorenz

 

 

gasoo
Level 1
6 of 13

All of the mentioned websites are hosted on the same IP address.

 

The lookup looks the same on Google and Swisscom DNS.

 

Swisscom DNS:

 

 

; <<>> DiG 9.16.13 <<>> @195.186.1.162 burger-meister.ch
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24249
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;burger-meister.ch.		IN	A

;; ANSWER SECTION:
burger-meister.ch.	3912	IN	A	109.232.216.249

;; Query time: 6 msec
;; SERVER: 195.186.1.162#53(195.186.1.162)
;; WHEN: Mi Apr 28 23:06:25 CEST 2021
;; MSG SIZE  rcvd: 62

 

 

 

 Google DNS:

 

 

; <<>> DiG 9.16.13 <<>> @8.8.8.8 burger-meister.ch
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58842
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;burger-meister.ch.		IN	A

;; ANSWER SECTION:
burger-meister.ch.	14399	IN	A	109.232.216.249

;; Query time: 43 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Mi Apr 28 23:06:25 CEST 2021
;; MSG SIZE  rcvd: 62

 

 

 

 

The IP for all domains (also including www.XXXXX) are the same on Google and Swisscom DNS.

 

 

I do not know the Windows tool used by you, so I have no clue which protocol is used.

However, as you can see in your output, the last IP from the Swisscom trace is the second last IP from the trace with your second provider.

So up until that IP, everything works as expected.

 

Now I used traceroute on Linux for my test and if called without any parameter, it uses UDP on random ports as protocol. This traceroute failed.

 

 

 

[user@WS ~]$ traceroute 109.232.216.249
traceroute to 109.232.216.249 (109.232.216.249), 30 hops max, 60 byte packets
 1  localgw (192.168.240.13)  0.510 ms  3.611 ms  3.576 ms
 2  localnet (192.168.236.16)  3.551 ms  3.521 ms  3.498 ms
 3  localnet (192.168.237.15)  3.469 ms  2.814 ms  3.037 ms
 4  1.212.194.178.dynamic.wline.res.cust.swisscom.ch (178.194.212.1)  6.018 ms  6.175 ms  6.471 ms
 5  * * *
 6  * * *
 7  i79zhb-015-ae6.bb.ip-plus.net (138.187.129.155)  8.648 ms  8.862 ms  9.211 ms
 8  i00dcx-005-ae11.bb.ip-plus.net (138.187.130.61)  13.701 ms  13.865 ms  14.226 ms
 9  frankfurt1.ln1.turktelekom.com.tr (80.81.192.82)  15.784 ms  9.713 ms  9.322 ms
10  00-ebgp-gayrettepe-k---301-fra-col-1.statik.turktelekom.com.tr (212.156.101.59)  41.453 ms 34-ebgp-acibadem-sr12e-k---301-fra-col-1.statik.turktelekom.com.tr (212.156.101.231)  42.486 ms 00-ebgp-gayrettepe-k---301-fra-col-1.statik.turktelekom.com.tr (212.156.101.211)  45.319 ms
11  34-acibadem-xrs-t2-2---34-ebgp-acibadem-sr12e-k.statik.turktelekom.com.tr (81.212.209.217)  43.656 ms 27-organize4-t4-1---27-mervesehir-t4-1.statik.turktelekom.com.tr (81.212.25.58)  47.446 ms 212.156.120.184.static.turktelekom.com.tr (212.156.120.184)  46.344 ms
12  00-gayrettepe-xrs-t2-2---34-acibadem-xrs-t2-2.statik.turktelekom.com.tr (81.212.212.253)  45.566 ms 00-gayrettepe-xrs-t2-2---00-ebgp-gayrettepe-k.statik.turktelekom.com.tr (81.212.202.18)  45.263 ms 34-acibadem-xrs-t2-2---34-ebgp-acibadem-sr12e-k.statik.turktelekom.com.tr (81.212.209.217)  49.384 ms
13  00-gayrettepe-t3-5---00-gayrettepe-xrs-t2-2.statik.turktelekom.com.tr (195.175.172.84)  49.217 ms  47.190 ms  47.374 ms
14  * * *
15  85.111.76.42.dynamic.ttnet.com.tr (85.111.76.42)  42.271 ms *  41.929 ms
16  85.111.76.42.dynamic.ttnet.com.tr (85.111.76.42)  46.772 ms * *
17  * * *
18  * * *
19  * * *
20  * * *
21  * * *
22  * * *
23  * * *
24  * * *
25  * * *
26  * * *
27  * * *
28  * * *
29  * * *
30  * * *

 

 

 

 

The next step is a traceroute with ICMP, which was successfull.

 

 

 

[user@WS ~]$ traceroute -I 109.232.216.249
traceroute to 109.232.216.249 (109.232.216.249), 30 hops max, 60 byte packets
 1  localgw (192.168.240.13)  0.510 ms  3.611 ms  3.576 ms
 2  localnet (192.168.236.16)  3.551 ms  3.521 ms  3.498 ms
 3  localnet (192.168.237.15)  3.469 ms  2.814 ms  3.037 ms
 4  1.212.194.178.dynamic.wline.res.cust.swisscom.ch (178.194.212.1)  8.667 ms  8.452 ms  9.280 ms
 5  * * *
 6  i79zhb-020-ae30.bb.ip-plus.net (193.134.95.172)  50.719 ms  48.065 ms  48.342 ms
 7  i79zhb-015-ae6.bb.ip-plus.net (138.187.129.155)  6.381 ms  4.436 ms  4.691 ms
 8  i00dcx-005-ae11.bb.ip-plus.net (138.187.130.61)  9.696 ms  11.988 ms  12.066 ms
 9  frankfurt1.ln1.turktelekom.com.tr (80.81.192.82)  12.897 ms  9.929 ms  10.329 ms
10  34-ebgp-acibadem-sr12e-k---301-fra-col-1.statik.turktelekom.com.tr (212.156.101.231)  43.531 ms  43.913 ms  44.297 ms
11  34-acibadem-xrs-t2-2---34-ebgp-acibadem-sr12e-k.statik.turktelekom.com.tr (81.212.209.217)  44.768 ms  42.078 ms  42.266 ms
12  00-gayrettepe-xrs-t2-2---34-acibadem-xrs-t2-2.statik.turktelekom.com.tr (81.212.212.253)  42.254 ms  41.612 ms  41.555 ms
13  00-gayrettepe-t3-5---00-gayrettepe-xrs-t2-2.statik.turktelekom.com.tr (195.175.172.84)  42.761 ms  43.134 ms  43.330 ms
14  * * *
15  85.111.76.42.dynamic.ttnet.com.tr (85.111.76.42)  43.421 ms  43.149 ms  43.317 ms
16  88.218.128.14 (88.218.128.14)  41.905 ms  42.041 ms  42.714 ms
17  srvc249.trwww.com (109.232.216.249)  42.703 ms  42.308 ms  42.445 ms

 

 

 

 

Last traceroute uses TCP with port 80 as Protocol and is also successful.

 

 

 

[user@WS ~]$ traceroute -T 109.232.216.249
traceroute to 109.232.216.249 (109.232.216.249), 30 hops max, 60 byte packets
 1  localgw (192.168.240.13)  0.424 ms  0.481 ms  0.473 ms
 2  localnet (192.168.236.16)  1.079 ms  1.126 ms  1.231 ms
 3  localnet (192.168.237.15)  3.223 ms  4.749 ms  5.793 ms
 4  1.212.194.178.dynamic.wline.res.cust.swisscom.ch (178.194.212.1)  8.205 ms  10.145 ms  11.381 ms
 5  * * *
 6  * * *
 7  i79zhb-015-ae6.bb.ip-plus.net (138.187.129.155)  23.575 ms  23.748 ms  23.915 ms
 8  i00dcx-005-ae11.bb.ip-plus.net (138.187.130.61)  25.662 ms  26.160 ms  27.600 ms
 9  * * *
10  * * *
11  * * *
12  * * *
13  00-gayrettepe-t3-5---00-gayrettepe-xrs-t2-2.statik.turktelekom.com.tr (195.175.172.84)  49.316 ms  49.413 ms *
14  00-gayrettepe-t3-5---00-gayrettepe-xrs-t2-2.statik.turktelekom.com.tr (195.175.172.84)  55.521 ms *  49.537 ms
15  85.111.76.42.dynamic.ttnet.com.tr (85.111.76.42)  45.882 ms  45.599 ms *
16  88.218.128.14 (88.218.128.14)  45.431 ms 85.111.76.42.dynamic.ttnet.com.tr (85.111.76.42)  47.153 ms 88.218.128.14 (88.218.128.14)  42.778 ms
17  srvc249.trwww.com (109.232.216.249)  43.783 ms  45.854 ms  44.433 ms

 

 

 

 

So all traceroutes were made from within the subnet 178.194.213.0/24

The same results were also achieved from within the subnet 178.193.212.0/24 and 178.192.42.0/24

However, I won't post all the output here because it is pretty much the same as above.

 

From what I can see, there is no problem at the moment with any of the mentioned websites.

If the problem is solved, maybe there was a temporary problem on the webserver.

If the problem persists, maybe you could try a DNS lookup on your system and also check with what protocol/port your trace is operating and if necessary, change it to TCP/80 or ICMP and try again.

Schauwejeu68
Level 1
7 of 13

Hello gasoo,

 

many thanks for anaylise.

 

for one week we are getting feedbacks from  cucina customers that they cannot access to our another site:

cucinarestaurant.ch. On this page there is a reservation feature and because of inaccessibility potential customers cannot access the site and cannot make reservation. We have moved the site to cloudfare now this site is accessible.

 

To fix this problem I did not move burger-meister.ch to cloudfare. It would temporary solution and the backoffice of burger-meister and cucina cannot use outlook, only webmail.

 

it seems some of Swisscom users cannot access these sites and still need a solution

PowerMac
Level 1
8 of 13

I tried to reproduce your problem, but from here everything seems to be OK. Both over my DSL and the 4G mobile connection. My current DSL external IP is in the 85.4.138.0/24 range.

However it's not completely clear to me with which domains the problems are occuring. You mentioned these websites as problematic:

https://www.cucinarestaurant.ch/ (you moved that site to Cloudflare and the problems have gone since, right?)
https://www.burger-meister.ch/ (note: currently lacking redirect from http to https)
https://www.buri.tv/
https://ristorante-olivo.ch/

https://www.grapix.ch/

So the last 4 websites in that list (that are all hosted on the same server in Turkey) could be used to reproduce the problem, correct? Is it the complete websites that are unreachable for those Swisscom customers, or just the reservation feature on them? And how many different Swisscom customers reported this problem to you? Are you able to find out their current external IP address (can easily be found out using https://whatismyip.com/ for example).

One thing I noticed is that the server is still supporting the deprecated TLS 1.0 and 1.1 versions, however that's not likely the cause of the problems you described.

have you tried turning it off and on again?
Schauwejeu68
Level 1
9 of 13

@PowerMac 

ttps://www.cucinarestaurant.ch/ (you moved that site to Cloudflare and the problems have gone since, right?)

yes

 

So the last 4 websites in that list (that are all hosted on the same server in Turkey) could be used to reproduce the problem, correct?

yes

 

Is it the complete websites that are unreachable for those Swisscom customers, or just the reservation feature on them?

Because of website is unaccesible they cannot see reservation section on page

 

And how many different Swisscom customers reported this problem to you? Are you able to find out their current external IP address

I cannot say exact size of affected users. This complains not coming direct to us. we are responsible only IT&WEB related tasks of Cucina Group AG. I can say only the IP of Cucina Office. (later)

 

edit: IP: 83.77.50.x

Edited
PowerMac
Level 1
10 of 13

I just created a RIPE Atlas measurement that pings that IP 109.232.216.249 from 45 Swisscom connections and (for comparison) from 45 other internet connections in Switzerland. This should expose any routing problems or instabilities. You can view the results by clicking here. There are apparently other connections in Switzerland that cannot ping that IP.  Therefore I created another measurement with just a few of the more interesting probes doing ICMP traceroutes. Surprisingly, these traceroutes all seem to get through. I have a suspicion what that could be, but let's run the measurement a few hours more and see what happens.

have you tried turning it off and on again?
PowerMac
Level 1
11 of 13

I created a third measurement, using the same probes as before, but this time with TCP traceroute. All connections seem to succeed.

So not even from many different internet connections throughout Switzerland can we reproduce the problem. Seems more and more like a specific problem of currently one single customer - is that possible?

 

You might be able to further isolate the problem by accessing the server's landing page and also try the same for neighboring IP's. Ie. try to open these URLs from that internet connection that currently cannot open the domains mentioned:

http://109.232.216.248/

http://109.232.216.249/

http://109.232.216.250/

If a big "SORRY" message appears, basic http(s) connectivity to the server is working and the problem would lie somewhere else. Maybe in an IP blacklisting in place or something else only the server operator could tell.

 

Anyway, what is the reason you are hosting these websites in Turkey? Nothing against international business, but things can get a lot more complicated also from a technical point of view, as this case illustrates nicely.

have you tried turning it off and on again?
Schauwejeu68
Level 1
12 of 13

Seems more and more like a specific problem of currently one single customer - is that possible?

They told me that many people cannot accesing the site and cannot make reservations but tomorrow I will try to get more information and I will try to deactive firewall and check the setting carefully. The strange thing is they can access to these sites with a VPN or from cloudfare. I do not remember did I say but they cannot ping the above sites, either

 

Anyway, what is the reason you are hosting these websites in Turkey? Nothing against international business, but things can get a lot more complicated also from a technical point of view, as this case illustrates nicely.

The main reason is support and availability. We were using two important hosting companies in Switzerland and they were often going offline and support was really poor and slow.  Now I can 7/24 access to support and they are really good and speedy.

Freildofla90
Level 1
13 of 13

I am the Post Owner

 

Today I am at office of company. The problem still continue. I am suspicios that the router does not work properly. Here is the tracert direct from router:

Traceroute to burger-meister.ch (109.232.216.249),30 hops max
1 83.77.50.1 1.50.77.83.dynamic.wline.res.cust.swisscom.ch
1ms 2ms 2ms
2 138.187.131.211 mira.ip-plus.net
2ms 2ms 32ms
3 138.187.129.136 i79zhb-015-ae0.bb.ip-plus.net
2ms 2ms 2ms
4 138.187.130.61 i00dcx-005-ae11.bb.ip-plus.net
848ms 7ms 9ms
5 80.81.192.82 frankfurt1.ln1.turktelekom.com.tr
7ms 7ms 7ms
6 212.156.101.197 00-ebgp-gayrettepe-k---301-fra-col-1.statik.turktelekom.com.tr
975ms 42ms 42ms
7 212.156.120.184 212.156.120.184.static.turktelekom.com.tr
42ms 40ms 40ms
8 81.212.202.18 00-gayrettepe-xrs-t2-2---00-ebgp-gayrettepe-k.statik.turktelekom.com.tr
43ms 42ms 40ms
9 195.175.172.84 00-gayrettepe-t3-5---00-gayrettepe-xrs-t2-2.statik.turktelekom.com.tr
44ms 295ms 43ms
10 195.175.172.84 00-gayrettepe-t3-5---00-gayrettepe-xrs-t2-2.statik.turktelekom.com.tr
46ms
11 85.111.76.42 85.111.76.42.dynamic.ttnet.com.tr

  
 

and cannot ping still.

 

I reboot the router and turned off totally the firewall. It did not help. In this point we need direct support from Swisscom. In this connection somehow many domains does not work,

Back to top