For the IT gurus [Network routing issue to AFF]

[jb747]

And with no changes to my system, AFF has now returned, without needing the VPN.

As for DNS, I wasn't using their DNS server anyway, but Cloudflare. It was the same though, with Google, or even the ABB server. It was fine if I used 4G via Telstra.

 

[sudoer]

Or an ISP DNS issue

It's not. The same behaviour occurs using AussieBB, Google, OpenDNS or Cloudfare DNS servers. The AFF DNS record resolves to the same address (192.69.193.66) on both my affected AussieBB connection as well as other connections which could load AFF.

Suggesting others go deleting files from /Library/Preferences when its clear there are several ABB users affected by this issue is just bad advice.

 

[Quickstatus]

My suggestions especially the library/preferences files have worked for me in the past for other similar issues.. while it may be the ISP never discount some weird issue within the computer/router.

 

[sudoer]

My suggestions especially the library/preferences files have worked for me in the past for other similar issues.. while it may be the ISP never discount some weird issue within the computer/router

Setting aside the fact several ABB users reported the same fault, OP already said it was affecting all devices on his network.

No amount of turning off antivirus, deleting browsing history or deleting system files on a standalone device will fix that - not to mention the risks involved with modifying system files.

 

[cwd]

And with no changes to my system, AFF has now returned, without needing the VPN..

It just started working for me too (but wasn't when you posted)

 

[harvyk]

This is a routing issue, completely outside JB's, yours or my access to fix.
Most likely the router at 216-158-65-145.static.webnx.com has blocked some of the IP's used by your ISP.

This unlikely to be the fault of either your ISP or AFF.

This can happen for a variety of reasons, a network engineer making a mistake with routing tables, an overzealous security program seeing some attacks from the range of your ISP and thus blocking the range. It's most likely not even inside your ISP's control.

All you can do is access AFF from another ISP until the issue is resolved. Your ISP can make their upstream provider aware.
We tend to think of the internet as this lovely interconnected mesh. It's more like hack jobs and patches that sometimes work together. In this case the hamster fell off the hamster wheel and it needs to be reminded to get back on.

Sorry but the suggestions of changing DNS, Anti-virus, browsers will not work.

Edit: It is probably worth while Admin getting in contact with the hosting provider to let them know this is happening. Whilst the site itself might not have been through a change, it is a device under the control of the company that hosts AFF.

 

[admin]

Edit: It is probably worth while Admin getting in contact with the hosting provider to let them know this is happening. Whilst the site itself might not have been through a change, it is a device under the control of the company that hosts AFF.

Have just done

 

[TheRealTMA]

Or an ISP DNS issue

No. See above for details. The DNS is working and doesn't make any difference to the specific issue here since the site resolves to the correct IP address. It's HTTP access to the IP address range that does not work.

 

[NM]

IN my experience, such symptoms as reported originally by JB and since by other are most commonly the result of a re-routing of traffic within the ISP (a link failure and re-routing via another path) where the new path has a different MTU or frame size, and somewhere in the path the ICMP Type-3, Code-4 message returned to the requester is being dropped by a firewall where an overzealous FW admin has decided to block all ICMP messages.

In this case, using VPN reduces the MTU and the traffic gets through without need for fragmentation. Most ISP networks now support Jumbo Frames (>1500 bytes) but some services are limited to regular frames with a max size of 1500 bytes, which can be reduced by other encapsulations. So a frame of 1500 bytes might be ok normally, but if the ISP is re-routing via an alternate path or load balancing over dissimilar links, routers in the path may need to fragment the packets to pass over a link with a reduced MTU, but if the packet is flagged as "do not fragment" (via a bit in the TCP header field) the router will respond back to the source with an ICMP Type-3, Code-4 message noting the maximum frame size supported. If a firewall blocks that message from getting back to the source, it never knows why the packet was dropped and does not know to reduce the MTU for the flow.

One way to test is to temporarily reduce your client network interface MTU (down to say 1400 bytes) and see if it works. You can generally find instructions to set the MTU for your client's network interface via a quick Google search.

 

[mjt57]

I'm back, too. Dunno what they did to fix it, but the sites that I couldn't access at home are now accessable.

 

[harvyk]

IN my experience, such symptoms as reported originally by JB and since by other are most commonly the result of a re-routing of traffic within the ISP (a link failure and re-routing via another path) where the new path has a different MTU or frame size, and somewhere in the path the ICMP Type-3, Code-4 message returned to the requester is being dropped by a firewall where an overzealous FW admin has decided to block all ICMP messages.
<snip>

[Uber Geek Hat On]
ICMP hasn't been blocked, that is obvious since a trace route can be done all the way to the endpoint from other addresses. The ISP has not blocked ICMP either as trace routes will still get as far as 100ge4-1.core1.lax2.he.net (184.105.65.9).

If it was an MTU problem chances are that many people would be experiencing issues, not just a select few coming from a specific range of IP addresses. (My MTU is set to 1500 right now, and I can access AFF no issues).

As I said above, my money would be an administrator corrupting a routing table (easy to do), or an overzealous security program blocking an entire range of IP's after someone launched an attack against them (possible, they do host some other pretty important sites which the world would notice if they went down).

 

[admin]

Our tech support has got back to me:

There isn't really anything that can do about it as it's not within their control, all they would do is ticket the upstreams who in turn would try ticket the ISP , as I said in general these things will clear up within a few hours (They are generally regional outages). If they do occur get some traceroutes and the IP so we can get both the in+return trace to ticket providers if they keep ongoing.

In non-technical speak, this basically means that the problem is with the networks connecting to our server. These are often temporary problems which resolve by themselves. If it happens again, please send me the traceroutes and your IP so we can investigate and report, if necessary.

 

[sudoer]

In non-technical speak, this basically means that the problem is with the networks connecting to our server. These are often temporary problems which resolve by themselves. If it happens again, please send me the traceroutes and your IP so we can investigate and report, if necessary.

Perhaps a good reason to move AFF to a local webhost?

 

[harvyk]

Perhaps a good reason to move AFF to a local webhost?

Makes no difference, any ISP could be affected by such an issue.

 

[sudoer]

Makes no difference, any ISP could be affected by such an issue.

Makes no difference? It would reduce the number of carriers along the way who could cause this sort of problem.

 

[harvyk]

Makes no difference? It would reduce the number of carriers along the way who could cause this sort of problem.

That's right, with limited exception, geographical location makes no real difference to the speed and reliability of a website. There are a range of factors which are far more important than where in the world the physical servers are sitting.

Many services which you think are "Australian" are actually hosted overseas. That's become more pronounced since we've seen the rise of the so called "cloud" providers, and on a side note has been causing lawyers no end of headaches since your data may not be in the country you think it is.

 

[TheRealTMA]

Perhaps a good reason to move AFF to a local webhost?

No, it should not be on a single server but be moved to a distributed CDN type cloud system.

 

[Franky]

What app are you referring to? Firefox? Chrome? Safari? Other web browser?

Apologies - should have been more specific. My AFF app on my fairly new iPad Pro...

 

[ajobbins]

Just been pointed to this thread after having the same issue for the last few days. Still inacccessable for me here (ABB, HFC NBN in VIC). Am on a 202.x.x.x IP, and don't really want to change it as I have a few things pointing externally back at it. Hopefully ABB resolve it soon.

 

[serfty]

Apologies - should have been more specific. My AFF app on my fairly new iPad Pro...

Thanks ... I am still confused as I am not aware of an AFF app.

Do you have a browser shortcut icon?