2

Background: At some point I lost contact with my long-time hosting service, IVHosting.com. I.e., support@IVCHosting.com did not reply for several weeks. Snooping around the Internet a bit suggests they were merged into SoftLayer, now known as IBM Cloud. This was unknown to me until my problem below manifested.

The problem: I abruptly stopped receiving emails sent to email accounts at my websites, ed_c1@.efsowell.us and cbsupport@concoursbuilder.us. Windows diagnostics says they are online but not responding. Also, the corresponding websites became unreachable from computers on my home network. However, I can access other websites. Deepening the mystery, others can access my sites, and I can access them from my cell phone.

Unable to reach IVCHosting, I contacted my ISP, Spectrum (a.k.a. Times Warner Cable). They led me through lots of rebooting & resetting of my cable modem & Linksys router. Also various online forums suggested firewall problems etc., all to no effect. Spectrum tech support washed their hands of the matter saying that since I could reach other sites there was nothing wrong with their promised service.

So, with the help of my brother-in-law is in Phoenix, I've been examining trace routes to my website www.efsowell.us.

His trace route shows:

1 <1 ms <1 ms <1 ms 192.168.1.1

2 14 ms 7 ms 7 ms phn4-dsl-gw05.phn4.qwest.net [71.32.112.5]


3 46 ms 8 ms 14 ms 71-32-113-33.phn4.qwest.net [71.32.113.33]


4 * 7 ms 7 ms 4.68.38.185
5 * * * Request timed out.
6 23 ms 23 ms 24 ms 4.7.16.38
7 * * 25 ms ae6.cbs02.eq01.sjc02.networklayer.com [50.97.17.78]


8 24 ms * 24 ms ae0.cbs02.cs01.lax01.networklayer.com [50.97.17.86]


9 * * * Request timed out.
10 * * 44 ms ae2.cbs01.dr01.dal04.networklayer.com [169.45.18.6]


11 44 ms 44 ms 44 ms ae2.dar02.dal13.networklayer.com [169.45.18.39]


12 45 ms 45 ms 45 ms 8d.76.30a9.ip4.static.sl-reverse.com [169.48.118.141]


13 46 ms 48 ms 50 ms a9.76.30a9.ip4.static.sl-reverse.com [169.48.118.169]


14 44 ms 44 ms 44 ms nx19.dnslinks.net [169.62.176.238]

I'm in Orange County, CA. My trace is:

Tracing route to efsowell.us [169.62.176.238]
over a maximum of 30 hops:

1    <1 ms    <1 ms    <1 ms  EdsNetwork.socal.rr.com [192.168.1.1]


2    18 ms     9 ms     8 ms  142.254.183.93
  3    11 ms    11 ms    13 ms  agg60.anhmcapj02h.socal.rr.com [76.167.28.189]


4    12 ms    14 ms    15 ms  72.129.21.92
  5    10 ms    10 ms    10 ms  agg27.tustcaft01r.socal.rr.com [72.129.21.2]


6    15 ms    17 ms    16 ms  209-18-43-72.dfw10.tbone.rr.com [209.18.43.72]


7    18 ms    14 ms    15 ms  bu-ether14.lsancarc0yw-bcr00.tbone.rr.com [66.109.6.4]


8    12 ms    11 ms    12 ms  0.ae4.pr0.lax00.tbone.rr.com [107.14.19.86]


9   202 ms    31 ms    11 ms  te1-6.bbr01.cs01.lax01.networklayer.com [66.109.11.42]


10    13 ms     *        *     ae6.cbs01.cs01.lax01.networklayer.com [50.97.17.64]


11    43 ms     *       43 ms  ae2.cbs01.dr01.dal04.networklayer.com [169.45.18.6]


12    43 ms    42 ms    43 ms  ae2.dar02.dal13.networklayer.com [169.45.18.39]


13    43 ms    48 ms    42 ms  8d.76.30a9.ip4.static.sl-reverse.com [169.48.118.141]


14    43 ms    43 ms    44 ms  a1.76.30a9.ip4.static.sl-reverse.com [169.48.118.161]


15   124 ms     *       48 ms  nx19.dnslinks.net [169.62.176.238]


Trace complete.

Note that in both cases there's a BIG delay at the same place:

cs01.lax01.networklayer.com [50.97.17.86] and cs01.lax01.networklayer.com [50.97.17.64] However, they are translated to different IP addresses. I'm thinking that this means some Domain Name Server isn't up to date. But, I really don't know. The differing IP addresses might be due to the two traces being done at different times. But, there definitely is a bottleneck at the same node in every trace.

So, here's my question. Given that my ISP (Spectrum) doesn't believe the problem is due to their service since I can reach other sites OK, and my hosting service can't seem to fix the problem, how do I get to the bottom of this? Right now I working on transferring my hosting service since I very much doubt that IBM has any interest in working with me.

Thanks in advance for your thoughts.

networking

DavidPostill
  • 156,873
Ed S
  • 143
  • The different IP addresses are due to a (round-robin/load balancing) game we routinely play to keep servers from getting overloaded. If you are getting too many requests coming into a server then you get another server on line and have them share the workload. You might get different IP addresses if you repeat the traceroute from the same machine over and over. – Larryc Mar 19 '21 at 14:55
  • We need to be certain that other people can access your website before we can help you. Try using Browserling to access your website and tell me if it works. http://browserling.com – desbest Mar 19 '21 at 15:35
  • How do you manage the web and mail hosting? Do you have access to a web-based control panel, or an FTP server, or something like that? – u1686_grawity Mar 19 '21 at 16:36
  • Larryc. Thanks for the info. I understand less about the stuff than I know:-( – Ed S Mar 20 '21 at 20:53
  • desBest. I've tried quite a few browsers already. No Joy – Ed S Mar 20 '21 at 20:56
  • user1686. Since i can't get to the website I can't use Plesk or WS-Ftp – Ed S Mar 20 '21 at 20:58

2 Answers2

1

This is more of a comment than an answer, but I don't have enough points on the site to comment yet.

Your traceroute shows your computer can reach the web server in question, so it does not appear to be a routing issue. Since others can access the site, the site isn't down.

I would recommend trying a different browser, or a different computer if you have one. My best guess is that either something on your computer is blocking the site, or perhaps somehow your personal computer has been blocked from the site.

I have seen this happen once or twice with providers for small websites, they limit the bandwidth to your page unless you pay premium fees, and if you have been viewing your site a lot from your home computer, you may have triggered a lockdown on their end.

Also, you mentioned this seems to have happened after your hosting provider was bought out, it is possible the new hosting provider has more strict rules, which is why the problem happened now.

user562378
  • 21
  • Thanks. Regarding browsers, I've tried Chrome, Edge, IE, and Opera. No difference. Regarding computers, the my home brew desktop and HP laptop have same issues. No email received from efsowell.us accounts and can't connect to the site. ditto for concoursbuilder.us. – Ed S Mar 19 '21 at 15:42
  • Do you have a static IP or anything on your home internet connection? Long shot, but maybe your home internet has been blocked. If you want to test it, take the laptop that isn't working at home somewhere else and try it with a different internet connection. If it works, definitely something related to your home internet. – user562378 Mar 20 '21 at 04:25
0

More of an answer about your methodology than the actual problem:

there definitely is a bottleneck at the same node in every trace.

It's not a bottleneck unless it continues onwards from that step until the end. But if only a single hop shows high response times, that's somewhat normal.

(For example, if the router at hop 9 or the link 8–9 were losing or delaying packets during forwarding, it would affect the probes sent to hop 10, hop 11, hop 12 and so on – because all of those have to go through hop 9.)

Most core Internet routers have very high capacity for forwarding packets (just routing and sending them out unaltered), but much lower capacity for answering to packets. They have dedicated ASICs for regular forwarding, but all "unusual" packets (in this case, traceroute probes with TTL reaching 0) are handled by a considerably weaker regular CPU, which might also be taking care of route calculations, BGP, other tasks.

As a result, routers often have limits on how many ICMP responses per second they're going to produce and they don't provide guarantees that those ICMP responses will be sent out as soon as possible (or indeed at all).

For example, here mtr shows a lot of probe loss for SoftLayer core routers, but it does not continue beyond hop 12 (with zero loss afterwards), so it's clear that those routers are perfectly able to forward packets, they're just not generating ICMP "TTL Exceeded" responses as fast as the tool expects.

cs01.lax01.networklayer.com [50.97.17.86] and cs01.lax01.networklayer.com [50.97.17.64] However, they are translated to different IP addresses

That's not the whole name – the two only end with the same domain, but you forgot that one starts with ae0.cbs02 and the other with ae6.cbs01. Which is fine, they're two different routers at the same location.

Also, traceroute doesn't translate domains to IP addresses. It does the exact opposite – it knows only IP addresses and uses reverse DNS to look up a domain name. The rDNS information could be missing or wrong (not all ISPs maintain it) but the IP address is always correct, as it was obtained straight from the ICMP packet.

u1686_grawity
  • 452,512