Hear me out :)
We have our own /24. This block has some security services on it, provided by the ISP, that make it be announced via that service instead of directly by ourselves. That security service exists in multiple places so that if one center gets overwhelmed we can be pushed via another.
For example we normally get announced out of our ISP's connection in City X, but if City X gets overwhelmed, we can be rerouted to be announced via Y.
We recently had a situation where we had to get shunted to City Y. Once things got cleared up we moved back to City X. Now nothing in our /24 can access FB.
My first thought is somehow stale routing exists in whatever ISP FB uses. We are going to test by switching back to City X briefly after-hours, but we can't stay that way. City X increases our latency and that degrades performance for certain key applications.
Our ISP isn't much help as we can't prove anything. Traceroutes don't help with as many IPs and differing paths traffic might take to get to FBs datacenters.
Any thoughts?
No comments:
Post a Comment