nanog mailing list archives

Re: NANOG Digest, Vol 54, Issue 3 (Comcast's IPv6 Information Site Unreachable)

From: "Brzozowski, John" <John_Brzozowski () Cable Comcast com>
Date: Mon, 2 Jul 2012 11:06:42 +0000

Folks,

We will report back shortly with some updates.

Thanks for the mail.

John
=========================================
John Jason Brzozowski
Comcast Cable
m) +1-609-377-6594
e) mailto:john_brzozowski () cable comcast com
o) +1-484-962-0060
w) http://www.comcast6.net
=========================================

On Jul 1, 2012, at 10:46 PM, <nanog-request () nanog org>
 <nanog-request () nanog org> wrote:

Send NANOG mailing list submissions to
      nanog () nanog org

To subscribe or unsubscribe via the World Wide Web, visit
      https://mailman.nanog.org/mailman/listinfo/nanog
or, via email, send a message with subject or body 'help' to
      nanog-request () nanog org

You can reach the person managing the list at
      nanog-owner () nanog org

When replying, please edit your Subject line so it is more specific
than "Re: Contents of NANOG digest..."


Today's Topics:

  1. Re: Comcast's IPv6 Information Site Unreachable (Sadiq Saif)
  2. RE: Comcast's IPv6 Information Site Unreachable (Frank Bulk)
  3. Re: Comcast's IPv6 Information Site Unreachable (Derek Ivey)
  4. Re: [c-nsp] NTP Servers (Jimmy Hess)
  5. Re: Comcast's IPv6 Information Site Unreachable (Jimmy Hess)
  6. Re: FYI Netflix is down (steve pirk [egrep])
  7. Re: Comcast's IPv6 Information Site Unreachable (Derek Ivey)


----------------------------------------------------------------------

Message: 1
Date: Sun, 1 Jul 2012 19:37:54 -0400
From: Sadiq Saif <sadiq () asininetech com>
To: Derek Ivey <derek () derekivey com>
Cc: nanog () nanog org
Subject: Re: Comcast's IPv6 Information Site Unreachable
Message-ID:
      <CABSLv--jqtdX3eyORRRaWgXtV_UAjFY7jzGEcVRyDo_WmQ60KA () mail gmail com>
Content-Type: text/plain; charset=UTF-8

Website is reachable here via my HE tunnel. Pings are not going
through though as you showed.

On Sun, Jul 1, 2012 at 7:28 PM, Derek Ivey <derek () derekivey com> wrote:

Anyone else having trouble getting to Comcast's IPv6 Information site? It
appears to be unreachable over IPv6.

[root@server ~]# ping6 comcast6.net
PING comcast6.net(speedlab-app05.newcastlerdc.de.panjde.comcast.net) 56 data
bytes
From te-4-1-ur01.newcastlerdc.de.panjde.comcast.net icmp_seq=0 Destination
unreachable: Administratively prohibited
From te-4-1-ur01.newcastlerdc.de.panjde.comcast.net icmp_seq=1 Destination
unreachable: Administratively prohibited
From te-4-1-ur01.newcastlerdc.de.panjde.comcast.net icmp_seq=2 Destination
unreachable: Administratively prohibited
From te-4-1-ur01.newcastlerdc.de.panjde.comcast.net icmp_seq=3 Destination
unreachable: Administratively prohibited
From te-4-1-ur01.newcastlerdc.de.panjde.comcast.net icmp_seq=4 Destination
unreachable: Administratively prohibited
^C
--- comcast6.net ping statistics ---
5 packets transmitted, 0 received, +5 errors, 100% packet loss, time 4008ms

[root@server ~]# traceroute6 comcast6.net
traceroute to comcast6.net (2001:558:fe16:7:69:252:216:215), 30 hops max, 40
byte packets
1  pfsense.d3r3k.net (2001:470:8:d15::1)  0.278 ms  0.282 ms  0.317 ms
2  2001:470:7:d15::1 (2001:470:7:d15::1)  20.794 ms  24.746 ms 28.569 ms
3  gige-g4-12.core1.ash1.he.net (2001:470:0:90::1)  28.946 ms 29.124 ms
29.144 ms
4  as6453.gige-g3-16.core1.ash1.he.net (2001:470:0:191::2)  28.917 ms
28.936 ms  28.097 ms
5  if-ae2.2.tcore2.AEQ-Ashburn.ipv6.as6453.net (2001:5a0:600:500::1)
28.059 ms  31.771 ms  57.135 ms
6  2001:5a0:600:500::72 (2001:5a0:600:500::72)  28.959 ms 2001:559::31d
(2001:559::31d)  29.041 ms  29.060 ms
7  pos-3-11-0-0-cr01.ashburn.va.ibone.comcast.net (2001:558:0:f5a4::1)
32.553 ms  19.810 ms  16.526 ms
8  2001:558:0:f669::2 (2001:558:0:f669::2)  39.019 ms  37.954 ms 36.368 ms
9  2001:558:0:f57f::1 (2001:558:0:f57f::1)  67.134 ms  67.151 ms 67.166 ms
10  pos-2-7-0-0-cr01.denver.co.ibone.comcast.net (2001:558:0:f54d::1)
81.571 ms  81.507 ms  81.569 ms
11  2001:558:0:f744::2 (2001:558:0:f744::2)  80.633 ms  80.760 ms 79.825 ms
12  2001:558:d0:33::1 (2001:558:d0:33::1)  104.686 ms  105.060 ms 105.040 ms
13  te-3-1-ur03.cmc.co.ndcwest.comcast.net (2001:558:d0:5::1) 104.335 ms
103.962 ms  104.068 ms
14  te-3-1-ur03.cmc.co.ndcwest.comcast.net (2001:558:d0:5::1) 104.492 ms !X
104.597 ms !X  104.999 ms !X

Thanks,
Derek




-- 
Sadiq S
O< ascii ribbon campaign - stop html mail - www.asciiribbon.org



------------------------------

Message: 2
Date: Sun, 1 Jul 2012 20:35:24 -0500
From: "Frank Bulk" <frnkblk () iname com>
To: "'Derek Ivey'" <derek () derekivey com>,  <nanog () nanog org>
Subject: RE: Comcast's IPv6 Information Site Unreachable
Message-ID: <000201cd57f2$f3973e90$dac5bbb0$@iname.com>
Content-Type: text/plain;     charset="us-ascii"

ICMP to www.comcast6.net has been blocked since 3:16 pm Central on 6/7/2012.
But their site loads fine over port 80.

Frank

-----Original Message-----
From: Derek Ivey [mailto:derek () derekivey com] 
Sent: Sunday, July 01, 2012 6:28 PM
To: nanog () nanog org
Subject: Comcast's IPv6 Information Site Unreachable

Anyone else having trouble getting to Comcast's IPv6 Information site? 
It appears to be unreachable over IPv6.

[root@server ~]# ping6 comcast6.net
PING comcast6.net(speedlab-app05.newcastlerdc.de.panjde.comcast.net) 56 
data bytes
From te-4-1-ur01.newcastlerdc.de.panjde.comcast.net icmp_seq=0 
Destination unreachable: Administratively prohibited
From te-4-1-ur01.newcastlerdc.de.panjde.comcast.net icmp_seq=1 
Destination unreachable: Administratively prohibited
From te-4-1-ur01.newcastlerdc.de.panjde.comcast.net icmp_seq=2 
Destination unreachable: Administratively prohibited
From te-4-1-ur01.newcastlerdc.de.panjde.comcast.net icmp_seq=3 
Destination unreachable: Administratively prohibited
From te-4-1-ur01.newcastlerdc.de.panjde.comcast.net icmp_seq=4 
Destination unreachable: Administratively prohibited
^C
--- comcast6.net ping statistics ---
5 packets transmitted, 0 received, +5 errors, 100% packet loss, time 4008ms

[root@server ~]# traceroute6 comcast6.net
traceroute to comcast6.net (2001:558:fe16:7:69:252:216:215), 30 hops 
max, 40 byte packets
 1  pfsense.d3r3k.net (2001:470:8:d15::1)  0.278 ms  0.282 ms  0.317 ms
 2  2001:470:7:d15::1 (2001:470:7:d15::1)  20.794 ms  24.746 ms 28.569 ms
 3  gige-g4-12.core1.ash1.he.net (2001:470:0:90::1)  28.946 ms 29.124 
ms  29.144 ms
 4  as6453.gige-g3-16.core1.ash1.he.net (2001:470:0:191::2)  28.917 ms  
28.936 ms  28.097 ms
 5  if-ae2.2.tcore2.AEQ-Ashburn.ipv6.as6453.net (2001:5a0:600:500::1)  
28.059 ms  31.771 ms  57.135 ms
 6  2001:5a0:600:500::72 (2001:5a0:600:500::72)  28.959 ms 
2001:559::31d (2001:559::31d)  29.041 ms  29.060 ms
 7  pos-3-11-0-0-cr01.ashburn.va.ibone.comcast.net 
(2001:558:0:f5a4::1)  32.553 ms  19.810 ms  16.526 ms
 8  2001:558:0:f669::2 (2001:558:0:f669::2)  39.019 ms  37.954 ms 36.368 ms
 9  2001:558:0:f57f::1 (2001:558:0:f57f::1)  67.134 ms  67.151 ms 67.166 ms
10  pos-2-7-0-0-cr01.denver.co.ibone.comcast.net (2001:558:0:f54d::1)  
81.571 ms  81.507 ms  81.569 ms
11  2001:558:0:f744::2 (2001:558:0:f744::2)  80.633 ms  80.760 ms 79.825 ms
12  2001:558:d0:33::1 (2001:558:d0:33::1)  104.686 ms  105.060 ms 105.040 ms
13  te-3-1-ur03.cmc.co.ndcwest.comcast.net (2001:558:d0:5::1) 104.335 
ms  103.962 ms  104.068 ms
14  te-3-1-ur03.cmc.co.ndcwest.comcast.net (2001:558:d0:5::1) 104.492 ms 
!X  104.597 ms !X  104.999 ms !X

Thanks,
Derek






------------------------------

Message: 3
Date: Sun, 01 Jul 2012 21:44:40 -0400
From: Derek Ivey <derek () derekivey com>
To: Frank Bulk <frnkblk () iname com>
Cc: nanog () nanog org
Subject: Re: Comcast's IPv6 Information Site Unreachable
Message-ID: <4FF0FD08.8050706 () derekivey com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed

Thanks for the input guys! Sounds like it might be an issue with my 
tunnel then. I had problems getting to a few sites last week 
(http://www.dslreports.com/forum/r27265527-IPV6-Issues-Facebook-and-Engadget) 
and HE resolved the issue pretty quickly. I will ask them if they are 
aware of it.

Thanks,
Derek


On 7/1/2012 9:35 PM, Frank Bulk wrote:

ICMP to www.comcast6.net has been blocked since 3:16 pm Central on 6/7/2012.
But their site loads fine over port 80.

Frank

-----Original Message-----
From: Derek Ivey [mailto:derek () derekivey com]
Sent: Sunday, July 01, 2012 6:28 PM
To: nanog () nanog org
Subject: Comcast's IPv6 Information Site Unreachable

Anyone else having trouble getting to Comcast's IPv6 Information site?
It appears to be unreachable over IPv6.

[root@server ~]# ping6 comcast6.net
PING comcast6.net(speedlab-app05.newcastlerdc.de.panjde.comcast.net) 56
data bytes
 From te-4-1-ur01.newcastlerdc.de.panjde.comcast.net icmp_seq=0
Destination unreachable: Administratively prohibited
 From te-4-1-ur01.newcastlerdc.de.panjde.comcast.net icmp_seq=1
Destination unreachable: Administratively prohibited
 From te-4-1-ur01.newcastlerdc.de.panjde.comcast.net icmp_seq=2
Destination unreachable: Administratively prohibited
 From te-4-1-ur01.newcastlerdc.de.panjde.comcast.net icmp_seq=3
Destination unreachable: Administratively prohibited
 From te-4-1-ur01.newcastlerdc.de.panjde.comcast.net icmp_seq=4
Destination unreachable: Administratively prohibited
^C
--- comcast6.net ping statistics ---
5 packets transmitted, 0 received, +5 errors, 100% packet loss, time 4008ms

[root@server ~]# traceroute6 comcast6.net
traceroute to comcast6.net (2001:558:fe16:7:69:252:216:215), 30 hops
max, 40 byte packets
  1  pfsense.d3r3k.net (2001:470:8:d15::1)  0.278 ms  0.282 ms  0.317 ms
  2  2001:470:7:d15::1 (2001:470:7:d15::1)  20.794 ms  24.746 ms 28.569 ms
  3  gige-g4-12.core1.ash1.he.net (2001:470:0:90::1)  28.946 ms 29.124
ms  29.144 ms
  4  as6453.gige-g3-16.core1.ash1.he.net (2001:470:0:191::2)  28.917 ms
28.936 ms  28.097 ms
  5  if-ae2.2.tcore2.AEQ-Ashburn.ipv6.as6453.net (2001:5a0:600:500::1)
28.059 ms  31.771 ms  57.135 ms
  6  2001:5a0:600:500::72 (2001:5a0:600:500::72)  28.959 ms
2001:559::31d (2001:559::31d)  29.041 ms  29.060 ms
  7  pos-3-11-0-0-cr01.ashburn.va.ibone.comcast.net
(2001:558:0:f5a4::1)  32.553 ms  19.810 ms  16.526 ms
  8  2001:558:0:f669::2 (2001:558:0:f669::2)  39.019 ms  37.954 ms 36.368 ms
  9  2001:558:0:f57f::1 (2001:558:0:f57f::1)  67.134 ms  67.151 ms 67.166 ms
10  pos-2-7-0-0-cr01.denver.co.ibone.comcast.net (2001:558:0:f54d::1)
81.571 ms  81.507 ms  81.569 ms
11  2001:558:0:f744::2 (2001:558:0:f744::2)  80.633 ms  80.760 ms 79.825 ms
12  2001:558:d0:33::1 (2001:558:d0:33::1)  104.686 ms  105.060 ms 105.040 ms
13  te-3-1-ur03.cmc.co.ndcwest.comcast.net (2001:558:d0:5::1) 104.335
ms  103.962 ms  104.068 ms
14  te-3-1-ur03.cmc.co.ndcwest.comcast.net (2001:558:d0:5::1) 104.492 ms
!X  104.597 ms !X  104.999 ms !X

Thanks,
Derek






------------------------------

Message: 4
Date: Sun, 1 Jul 2012 20:59:42 -0500
From: Jimmy Hess <mysidia () gmail com>
To: PC <paul4004 () gmail com>
Cc: "nanog () nanog org" <nanog () nanog org>
Subject: Re: [c-nsp] NTP Servers
Message-ID:
      <CAAAwwbX-fEzaLRPrbrhM4MowFY=FJ2aGe=T4xFN+TprqKmG_GQ () mail gmail com>
Content-Type: text/plain; charset=ISO-8859-1

On 7/1/12, PC <paul4004 () gmail com> wrote:

If your application requires sub-5 second accuracy, (such as end of a
banking day), then Windows NTP is unsuitable for the purpose.

Looks like CYA on Microsoft's part.

That i've seen,   Windows NTP in physical environments with a hardware
system clock not having issues consistently provides  accuracy  better
than  +/-  0.5 against the time source it's synced with,  but  in
virtual environments,  which have incompatibilities with high
sub-second RTC accuracy in the first place, neither Windows nor Unix
NTP services are able to provide that consistently  without much
tinkering.

If it's absolutely critical that you have   sub-5  second accuracy,
even Unix NTP is not to be considered good enough,     you need highly
accurate hardware time source,  something more accurate than the usual
system clock you find in a PC or server.  Unix NTP can only do so much
to correct  for a broken system clock;  although it does do a very
good job disciplining PC real-time clocks that consistently run a bit
too fast or too slow,  ultimately the
personal computer clocks can at times be unreliable....

If they were perfect, you wouldn't need time sync in the first place;
just set them once,
and correct the  annual  0.01 seconds worth of error  once a year....

--
-JH



------------------------------

Message: 5
Date: Sun, 1 Jul 2012 21:20:11 -0500
From: Jimmy Hess <mysidia () gmail com>
To: Derek Ivey <derek () derekivey com>
Cc: nanog () nanog org
Subject: Re: Comcast's IPv6 Information Site Unreachable
Message-ID:
      <CAAAwwbVQmcmeGMG44FgSUS6+c9GRTAXBh6DF5P6BEp0rQJVJpA () mail gmail com>
Content-Type: text/plain; charset=ISO-8859-1

On 7/1/12, Derek Ivey <derek () derekivey com> wrote:

Anyone else having trouble getting to Comcast's IPv6 Information site?
It appears to be unreachable over IPv6.


Looks like just ICMP that's broken.

~# telnet comcast6.net 80
Trying 2001:558:fe23:2:69:252:208:135...
Connected to comcast6.net (2001:558:fe23:2:69:252:208:135).
Escape character is '^]'.
HEAD / HTTP/1.1
Host: comcast6.net
User-Agent: Telnet

HTTP/1.1 200 OK
Date: Mon, 02 Jul 2012 02:21:33 GMT
Server: Apache/2.2.15 (Red Hat)
X-Powered-By: PHP/5.3.3
Set-Cookie: 1a3c31c9847a772452af472ce0afd5f3=5hcm2m506se424huah4eo5lvo7; path=/
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Cache-Control: no-cache
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=utf-8

Connection closed by foreign host.



~# ping6 comcast6.net
PING comcast6.net(speedlab-app05.newcastlerdc.de.panjde.comcast.net)
56 data bytes

From te-4-1-ur01.newcastlerdc.de.panjde.comcast.net icmp_seq=0

Destination unreachable: Administratively prohibited

From te-4-1-ur01.newcastlerdc.de.panjde.comcast.net icmp_seq=1

Destination unreachable: Administratively prohibited

From te-4-1-ur01.newcastlerdc.de.panjde.comcast.net icmp_seq=2

Destination unreachable: Administratively prohibited

From te-4-1-ur01.newcastlerdc.de.panjde.comcast.net icmp_seq=3

Destination unreachable: Administratively prohibited

From te-4-1-ur01.newcastlerdc.de.panjde.comcast.net icmp_seq=4

Destination unreachable: Administratively prohibited

From te-4-1-ur01.newcastlerdc.de.panjde.comcast.net icmp_seq=5

Destination unreachable: Administratively prohibited

From te-4-1-ur01.newcastlerdc.de.panjde.comcast.net icmp_seq=6

Destination unreachable: Administratively prohibited

From te-4-1-ur01.newcastlerdc.de.panjde.comcast.net icmp_seq=7

Destination unreachable: Administratively prohibited

--- comcast6.net ping statistics ---
8 packets transmitted, 0 received, +8 errors, 100% packet loss, time 6999ms



------------------------------

Message: 6
Date: Sun, 1 Jul 2012 19:38:16 -0700
From: "steve pirk [egrep]" <steve () pirk com>
To: Jay Ashworth <jra () baylink com>
Cc: NANOG <nanog () nanog org>
Subject: Re: FYI Netflix is down
Message-ID:
      <CAK4no06996brnEm=9117ANePGqrj6_6FDc999KD+ae_kWyWAbA () mail gmail com>
Content-Type: text/plain; charset=windows-1252

On Sun, Jul 1, 2012 at 11:38 AM, Jay Ashworth <jra () baylink com> wrote:

Not entirely.  Datacenters do go down, our best efforts to the contrary
notwithstanding.  Amazon doesn't guarantee you redundancy on EC2, only
the tools to provide it yourself.  25% Amazon; 75% service provider
clients;
that's my appraisal of the blame.

From a Wired article:

That?s what was supposed to happen at Netflix Friday night. But it didn?t
work out that way. According to Twitter messages from Netflix Director of
Cloud Architecture Adrian Cockcroft and Instagram Engineer Rick Branson, it
looks like an Amazon Elastic Load Balancing service, designed to spread
Netflix?s processing loads across data centers, failed during the outage.
Without that ELB service working properly, the Netflix and Pintrest
services hosted by Amazon crashed.


http://www.wired.com/wiredenterprise/2012/06/real-clouds-crush-amazon/

The GSLB fail-over that was supposed to take place for the affected
services (that had configured their applications to fail-over) failed.

I heard about this the day after Google announced the Compute Engine
addition to the App Engine product lines they have. The demo was awesome.
I imagine Google has GSLB down pat by now, so some companies might start
looking... ;-]

--steve


------------------------------

Message: 7
Date: Sun, 01 Jul 2012 22:45:51 -0400
From: Derek Ivey <derek () derekivey com>
To: Jimmy Hess <mysidia () gmail com>
Cc: nanog () nanog org
Subject: Re: Comcast's IPv6 Information Site Unreachable
Message-ID: <4FF10B5F.2090205 () derekivey com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed

Someone replied to my DSL Reports thread: 
http://www.dslreports.com/forum/r27289866-

Apparently there is an ACL issue with their load balancer that is 
blocking ICMP and causing PMTU issues for people who use tunnels.

http://www.dslreports.com/forum/r27226136- 
<http://www.gossamer-threads.com/lists/nsp/ipv6/34197>

It looks like it's been going on since June 11. It's strange that 
Comcast hasn't resolved the issue by now.

Thanks,
Derek

On 7/1/2012 10:20 PM, Jimmy Hess wrote:

On 7/1/12, Derek Ivey <derek () derekivey com> wrote:

Anyone else having trouble getting to Comcast's IPv6 Information site?
It appears to be unreachable over IPv6.

Looks like just ICMP that's broken.

 ~# telnet comcast6.net 80
Trying 2001:558:fe23:2:69:252:208:135...
Connected to comcast6.net (2001:558:fe23:2:69:252:208:135).
Escape character is '^]'.
HEAD / HTTP/1.1
Host: comcast6.net
User-Agent: Telnet

HTTP/1.1 200 OK
Date: Mon, 02 Jul 2012 02:21:33 GMT
Server: Apache/2.2.15 (Red Hat)
X-Powered-By: PHP/5.3.3
Set-Cookie: 1a3c31c9847a772452af472ce0afd5f3=5hcm2m506se424huah4eo5lvo7; path=/
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Cache-Control: no-cache
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=utf-8

Connection closed by foreign host.



 ~# ping6 comcast6.net
PING comcast6.net(speedlab-app05.newcastlerdc.de.panjde.comcast.net)
56 data bytes
From te-4-1-ur01.newcastlerdc.de.panjde.comcast.net icmp_seq=0
Destination unreachable: Administratively prohibited
From te-4-1-ur01.newcastlerdc.de.panjde.comcast.net icmp_seq=1
Destination unreachable: Administratively prohibited
From te-4-1-ur01.newcastlerdc.de.panjde.comcast.net icmp_seq=2
Destination unreachable: Administratively prohibited
From te-4-1-ur01.newcastlerdc.de.panjde.comcast.net icmp_seq=3
Destination unreachable: Administratively prohibited
From te-4-1-ur01.newcastlerdc.de.panjde.comcast.net icmp_seq=4
Destination unreachable: Administratively prohibited
From te-4-1-ur01.newcastlerdc.de.panjde.comcast.net icmp_seq=5
Destination unreachable: Administratively prohibited
From te-4-1-ur01.newcastlerdc.de.panjde.comcast.net icmp_seq=6
Destination unreachable: Administratively prohibited
From te-4-1-ur01.newcastlerdc.de.panjde.comcast.net icmp_seq=7
Destination unreachable: Administratively prohibited

--- comcast6.net ping statistics ---
8 packets transmitted, 0 received, +8 errors, 100% packet loss, time 6999ms





End of NANOG Digest, Vol 54, Issue 3
************************************

Current thread:

Re: NANOG Digest, Vol 54, Issue 3 (Comcast's IPv6 Information Site Unreachable) Brzozowski, John (Jul 02)