I'm hoping someone can help me understand what is going on here and if they have seen similar behavior. Since early yesterday morning the firewall at one of my offices has been alerting that our Verizon Fios connection has gone down and we have failed over to Comcast, only for it to be back up a minute later. I decided to let MTR run for a while to see what was going on, immediately I was greeted by something odd. A trace to my usual destination of Google's 8.8.8.8 DNS only returned 2 hops, the firewall, then Google with an average response time of 3 ms. I manually shutdown the interface with Verizon and ran the test again over Comcast and the trace looks normal. There are no VPNs, MPLS, or anything else on my end. While the Verizon interface is up it seems to be functioning normally and my Pingdom monitor has not recorded an interruption in service for in several days.
To 8.8.8.8
Verizon
| Host | % | Sent | Recv | Avg ms |
|---|---|---|---|---|
| 192.168.100.1 | 0 | 214 | 214 | 0 |
| 8.8.8.8 | 0 | 211 | 211 | 3 |
Comcast
| Host | % | Sent | Recv | Avg ms |
|---|---|---|---|---|
| 192.168.100.1 | 0 | 46 | 46 | 0 |
| 96.120.77.149 | 0 | 46 | 46 | 9 |
| xe-10-0-0-sur01.uofdelaware.de.panjde.comcast.net | 3 | 43 | 42 | 8 |
| be-1-ar03.norristown.pa.panjde.comcast.net | 0 | 46 | 46 | 10 |
| be-201-ar03.ivyland.pa.panjde.comcast.net | 0 | 46 | 46 | 12 |
| 69.241.64.98 | 0 | 46 | 46 | 14 |
| Noresponsefromhost | 100 | 10 | 0 | 0 |
| 209.85.245.29 | 0 | 46 | 46 | 15 |
| 209.85.243.191 | 0 | 46 | 46 | 14 |
| 8.8.8.8 | 0 | 46 | 46 | 14 |
If I ping 8.8.8.8 and increment the TTL manually I get a full trace, except hop 2 (Verizon) responds as 8.8.8.8:
ping -n 1 -i 1 8.8.8.8 - Reply from 192.168.100.1: TTL expired in transit. ping -n 1 -i 2 8.8.8.8 - Reply from 8.8.8.8: bytes=32 time=1ms TTL=254 ping -n 1 -i 3 8.8.8.8 - Reply from 130.81.223.126: TTL expired in transit. ping -n 1 -i 4 8.8.8.8 - Request timed out. ping -n 1 -i 5 8.8.8.8 - Request timed out. ping -n 1 -i 6 8.8.8.8 - Reply from 140.222.2.231: TTL expired in transit. ping -n 1 -i 7 8.8.8.8 - Reply from 209.85.149.208: TTL expired in transit. ping -n 1 -i 8 8.8.8.8 - Request timed out. ping -n 1 -i 9 8.8.8.8 - Reply from 108.170.226.198: TTL expired in transit. ping -n 1 -i 10 8.8.8.8 - Reply from 72.14.238.201: TTL expired in transit. ping -n 1 -i 11 8.8.8.8 - Reply from 8.8.8.8: bytes=32 time=6ms TTL=123
In fact whatever is upstream of us on Verizon's side is responding to any ICMP Echo:
ping -n 1 -i 2 1.1.1.1 - Reply from 1.1.1.1: bytes=32 time=2ms TTL=254 ping -n 1 -i 2 1.2.3.4 - Reply from 1.2.3.4: bytes=32 time=2ms TTL=254 ping -n 1 -i 2 203.0.113.1 - Reply from 203.0.113.1: bytes=32 time=2ms TTL=254
And no there is nothing between out firewall and the ONT.
No comments:
Post a Comment