Announcement

Collapse
No announcement yet.

Traceroute from other countries to WebServer appear slow/blocked.

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Traceroute from other countries to WebServer appear slow/blocked.

    A bit of history. I was on an online chat for some time to MaxCDN, which cache many files for the website Solent Renegades.

    Got them to test a file on the server for speed, served direct from the web-server in unser a second with no caching.
    http://www.solent-renegades.co.uk/testing/1.jpg

    Also tried the same via MaxCDN
    http://cdn.solent-renegades.co.uk/testing/1.jpg
    It took over 10 seconds (at first, its probably cached by now, so have images from 1 to 7.

    They said that the caching system is all working find but their server is having trouble getting information from the webserver.

    The webserver is on 5.77.47.66
    They ran a trace route to this from a few servers around the world.

    -London:
    traceroute Solent Renegades
    traceroute to Solent Renegades (5.77.47.66), 30 hops max, 40 byte packets
    1 1-160-167-89.packetexchange.net (89.167.160.1) 0.241 ms 0.218 ms 0.202 ms
    2 ae0-40g.cr1.lhr1.uk.as4436.gtt.net (69.22.139.116) 0.244 ms 0.244 ms 0.235 ms
    3 ae10-161.lon11.ip4.gtt.net (141.136.102.177) 0.285 ms 0.279 ms 0.269 ms
    4 xe-11-3-1.lon25.ip4.gtt.net (141.136.107.30) 0.395 ms xe-11-0-3.lon25.ip4.gtt.net (89.149.185.69) 0.387 ms 0.388 ms
    5 iomart-gw.ip4.gtt.net (46.33.94.2) 17.153 ms 17.156 ms 17.268 ms
    6 610.net2.north.dc5.as20860.net (62.233.127.182) 1.340 ms 1.414 ms 1.398 ms
    7 87.117.212.50 (87.117.212.50) 1.738 ms 1.826 ms 1.870 ms
    8 * * *
    9 * * *
    10 * * *
    11 * * *
    12 * * *
    13 * * *
    14 * * *
    15 * * *
    16 * * *
    17 * * *
    18 * * *
    19 * * *
    20 * * *
    21 * * *
    22 * * *
    23 * * *
    24 * * *
    25 * * *
    26 * * *
    27 * * *
    28 * * *
    29 * * *
    30 * * *

    Dallas:

    -traceroute Solent Renegades
    traceroute to Solent Renegades (5.77.47.66), 30 hops max, 60 byte packets
    1 69.174.30.1 (69.174.30.1) 0.350 ms 0.509 ms 0.506 ms
    2 ae9-207.dal33.ip4.gtt.net (173.241.130.137) 0.523 ms 0.396 ms 0.375 ms
    3 xe-11-2-2.lon25.ip4.gtt.net (141.136.107.42) 113.981 ms xe-0-3-3.lon25.ip4.gtt.net (89.149.180.50) 109.588 ms xe-11-2-2.lon25.ip4.gtt.net (141.136.107.42) 113.963 ms
    4 iomart-gw.ip4.gtt.net (46.33.94.2) 114.235 ms 114.040 ms 114.037 ms
    5 610.net2.north.dc5.as20860.net (62.233.127.182) 114.976 ms 110.542 ms 114.961 ms
    6 87.117.212.50 (87.117.212.50) 111.192 ms 125.455 ms 115.168 ms
    7 * * *
    [Goes up to 30 with ***]

    -New York:
    traceroute Solent Renegades
    traceroute to Solent Renegades (5.77.47.66), 30 hops max, 60 byte packets
    1 69.174.26.1 (69.174.26.1) 0.250 ms 0.237 ms 0.223 ms
    2 ae12-40g.cr1.nyc2.us.as4436.gtt.net (69.22.142.19 0.287 ms 0.287 ms 0.273 ms
    3 ae4-133.nyc20.ip4.gtt.net (199.229.230.13) 0.416 ms 0.413 ms 0.402 ms
    4 xe-0-1-3.lon25.ip4.gtt.net (89.149.186.22) 78.654 ms 78.666 ms 78.650 ms
    5 iomart-gw.ip4.gtt.net (46.33.94.2) 131.526 ms 131.220 ms 131.496 ms
    6 610.net2.north.dc5.as20860.net (62.233.127.182) 79.679 ms 79.679 ms 79.664 ms
    7 87.117.212.50 (87.117.212.50) 99.784 ms 84.206 ms 84.003 ms
    8 * * *
    [Goes up to 30 with ***]

    I've used Catchpoint to test from the same location and here are the results:

    Dallas: Waterfall
    London: Waterfall
    New York: Waterfall

    Also, here is an MTR from London server. It seems to indicate a block (100% packet loss on last hop) regardless of the files actually being available after the long wait.

    -MTR from London:
    sudo mtr Solent Renegades --report
    Snt: 10 Loss% Last Avg Best Wrst StDev
    1-160-167-89.packetexchange.net 0.0% 0.2 5.4 0.2 27.3 9.6
    ae0-40g.cr1.lhr1.uk.as4436.gtt.net 0.0% 0.3 0.3 0.3 0.3 0.0
    ae10-161.lon11.ip4.gtt.net 0.0% 0.3 1.5 0.3 12.5 3.9
    xe-7-0-2.lon25.ip4.gtt.net 0.0% 0.4 0.4 0.4 0.9 0.2
    iomart-gw.ip4.gtt.net 0.0% 0.5 16.1 0.5 54.5 22.9
    610.net2.north.dc5.as20860.net 0.0% 14.4 2.7 1.4 14.4 4.1
    87.117.212.50 0.0% 1.9 4.1 1.7 11.0 3.3
    ??? 100.0 0.0 0.0 0.0 0.0 0.0

    Is the firewall blocking the CDN? if so why dosn't it block it all the time?



    Also tried another trace route, Visual Trace Route Tool - Find, Track, and Map the Route to an IP Address
    Proxy trace to:-
    Solent Renegades
    22 hops / 5.4 seconds

    United Kingdom1. as9105.com
    United Kingdom2. as13285.net
    United Kingdom3. as13285.net
    United Kingdom4. as13285.net
    United Kingdom5. as13285.net
    United Kingdom6. Level3.net
    United States7. Level3.net
    United States8. Level3.net
    United States9. Level3.net
    United States10. ntt.net
    United States11. ntt.net
    12. 198.199.99.241
    13. 107.170.234.253
    14. 198.199.99.241
    15. telia.net
    16. telia.net
    17. telia.net
    18. telia.net
    Poland19. telia.net
    United Kingdom20. as20860.net
    United Kingdom21. 87.117.211.50
    22. solent-renegades.co.uk

    Testing from England to England, yet it travels 12,000 miles in 5.4seconds.

    Could someone take a look at the routes, is there something that can be optimised?

    Regards
    Dan.

  • #2
    Re: Traceroute from other countries to WebServer appear slow/blocked.

    Dear Dan,

    I've asked one of our senior administrators to look into this for you. Your patience is much appreciated in the meantime..
    Rock _a.k.a._ Jack Daniel

    Follow eUKhost on Twitter || Join eUKhost Community on Facebook

    Comment


    • #3
      Re: Traceroute from other countries to WebServer appear slow/blocked.

      Hi Dan !

      I'm having look into this for you. I will get back to you once the further investigation is done.
      Regards,
      Kieran A.
      Cloud Administrator
      Skype :: Kieran.Alen | eUKhost

      Comment


      • #4
        Re: Traceroute from other countries to WebServer appear slow/blocked.

        Thanks Rock and Kieran

        Comment


        • #5
          Re: Traceroute from other countries to WebServer appear slow/blocked.

          Hi Dan,

          We had a look at the network configuration and route path, but did not find any issue on network level.

          Now, we have taken backup of the existing CSF firewall and then flushed the rules. Please give it a try again and see if there is any difference.
          Regards,
          Kieran A.
          Cloud Administrator
          Skype :: Kieran.Alen | eUKhost

          Comment


          • #6
            Re: Traceroute from other countries to WebServer appear slow/blocked.

            Its an odd one. Thanks for clearing the Firewall, I'm still getting a similar delay on the CDN. It does point to the CDN, or the CDN not being able to get the data from the web server quick.

            The MAXCDN people say its not their end, but its the route the request takes to get to the web page.

            I guess there is little more to be checked, as they say their end if okay, you have checked the network and web server and all checks out well. So I'm not sure which way to go now.

            All I know is when I request http://www.solent-renegades.co.uk/testing/5.jpg it comes back in under 200mS.
            via CDN it over 10 seconds, http://cdn.solent-renegades.co.uk/testing/5.jpg (after 3 times its cached for a month unless I clear the cache) once cached it is quick, as its not having to fetch it from the web server anymore.

            However when I view http://www.solent-renegades.co.uk/testing/5.jpg from various locations around the world on webpagetest.org it comes back fast, so it proves routes around the world seem okay with the ones testes, so why does it take long for maxcdn servers to get data from the website (MaxCDN say its not their end) If only I have something concrete to show MaxCDN its not the web server end.

            Comment


            • #7
              Re: Traceroute from other countries to WebServer appear slow/blocked.

              A reply from MaxCDN
              After testing this from Pingdom testing tools, I noticed that the image pulled via the custom domain (which is basically a CNAME DNS record on your hosting's DNS) the image loads much slower than if pulled directly via the CDN URL (of course both were X-Cache MISS):
              Tested from Amsterdam:
              CDN URL: Website speed test -------- 4.22 seconds
              Custom Domain: Website speed test ----- 7.56 seconds
              Origin URL: Website speed test ------- 4.27 seconds

              This all leads me to believe that the DNS resolving the CNAME on your hosting's end is causing the slowness. Since when the file is pulled through the CDN URL, it gives almost the same response as if it's being pulled directly from the origin.
              I guess it makes sense. The DNS has been moved to 123-reg.co.uk a few weeks back, thanks to 'Rock' as I was getting DNS errors previously. Although I hadn't been looking into CDN speeds before then, so it still may have has this issue on the previous DNS, and with the DNS showing errors it was best to move it anyway.
              Is it likely that 123-reg DNS servers are slow at resolving the CNAME?

              Going by the previous tests http://cdn.transamdan.netdna-cdn.com/testing/1.jpg is contacting the MAXCDN server to pull the image from the webserver if it isn't cached, I can clear the cache of that one item and run the tests, and I do see it returning in about 4 seconds, the same as if I pulled it directly from the website. the use of cdn.solent-=renegades.co.uk is slower in the few tests I ran this morning, the difference between cdn.transamdan.netdna-cdn.com and cdn.solent-renegades.o.uk is the resolution of the CNAME.

              I used to have the DNS on a windows server, thats not there any more, then moved to Linux, then one fo your linux servers, then VPS before being on dedicated, so although there is a chance there is an old record somewhere, I'm not sure though.

              Soo many things I'm unsure of, and I think I am going down the route of a solution but find its not the right route.

              Comment


              • #8
                Re: Traceroute from other countries to WebServer appear slow/blocked.

                Originally posted by TransAmDan View Post
                I guess it makes sense. The DNS has been moved to 123-reg.co.uk a few weeks back, thanks to 'Rock' as I was getting DNS errors previously. Although I hadn't been looking into CDN speeds before then, so it still may have has this issue on the previous DNS, and with the DNS showing errors it was best to move it anyway.
                Is it likely that 123-reg DNS servers are slow at resolving the CNAME?
                Dear Dan,

                I had reverted the NS changes done on 123reg, the same day I tested them. If you check the NS records, your domain's private NS records are used at the moment I can try & have them set to 123reg default ones (ie: ns.123-reg.co.uk & ns2.123-reg.co.uk ) if required.
                Rock _a.k.a._ Jack Daniel

                Follow eUKhost on Twitter || Join eUKhost Community on Facebook

                Comment


                • #9
                  Re: Traceroute from other countries to WebServer appear slow/blocked.

                  I ran some tests in https://www.ultratools.com/tools/dnsHostingSpeedResult and there is little difference between www.solent-renegages.co.uk and cdn.solent-renegades.co.uk, so perhaps I'm going down the wrong avenue again.

                  cdn.solent-renegades.co.uk

                  Name Server AAAA CNAME MX SOA A SPF SRV TXT
                  ns2.solent-renegades.co.uk. 81 80 81 81 81 80 81 81
                  ns1.solent-renegades.co.uk. 81 80 81 80 81 80 81 80
                  Min. Time(ms) 81 80 81 80 81 80 81 80
                  Max. Time(ms) 81 80 81 81 81 80 81 81
                  Avg. Time(ms) 81 80 81 80 81 80 81 80

                  So I think the DNS as it is, is totally fine. Which then points me back to MaxCDN, although it does only happen on larger files, perhaps where it has to go back for another chunk, and many tiny delays total a big delay.

                  So at present the website is running totally fine, as serving the 200kb images direct from the web server, all smaller ones from CDN. So there is no urgency to get CDN working on the larger images, its just odd why its acting this way. I think my next port of call is MaxCDN.


                  When logging into SSH this morning I noticed this message in Red.

                  RBL Blacklist : [CRITICAL] 5.77.47.66 blacklisted bl.spamcannibal.org
                  RBL Blacklist : [CRITICAL] 5.77.47.66 blacklisted bl.spamcannibal.org

                  I believe spamcannibal is complaining about reverse DNS, but DNS checks out all is fine.

                  Comment


                  • #10
                    Re: Traceroute from other countries to WebServer appear slow/blocked.

                    I'm sure its CDN causing the delats. Ofcourse if something isn't cachedn then the CDN must fetch it from the web server and send it to the user, so I would expect a 1 second image from a web server to maybe take 3 seconds. Or maybe faster if its downloading and sending at the same time.

                    Anyway ran a few tests.

                    The image size is 311Kb
                    Origin URL :- Website speed test - 1.61 seconds
                    Custom Domain:- Website speed test -- 16.14 seconds

                    Seems there is a big different in that test, so re-ran (purging cache too) Origin URL:- Website speed test -- 2.87 seconds and again:- Website speed test 1.29 seconds

                    Custom Domain:- Website speed test --27.79 seconds Tried again.
                    Website speed test -- 10.10seconds and again:- Website speed test -- 32.04 seconds

                    It shows that the CDN is taking 10 or 20 times longer. Well until its cached, once cached its whizzy.

                    I asked MaxCDN
                    So to clarify, it is normal for a webserver to send out the image in 1 second, and if served from non-cached CDN take 10 seconds for example? I would have expected maybe 3 times longer than the original file. As CDN needs to fetch it from the web server to then forward onto the user.
                    If around 10 times longer is normal, no problem, I can work around that. Wasn't sure if something was configured wrong.
                    The response wasn't very informative at all
                    The response time for non cached files is caused by the response of the origin server. If the CDN doesn't have the requested file in its cache, it will then forward the request back to the origin server.
                    So weather 10 seconds is normal for a uncached 300kB image I will never know.

                    It seems I'm at the end of my tracking down to where the problem could be, I think its time to let it go. Its not the webserver or network paths, MaxCDN say its not their end. All smaller CDN files on the site are totally fine and fast. At the moment larger files are delivered direct from the web server, once these get requested often it may slow down the server which is why I wanted to take the load off with CDN, however the website wont become busy until about March. By that time I could have written a script to caches images automatically once a month on the CDN.

                    Comment


                    • #11
                      Re: Traceroute from other countries to WebServer appear slow/blocked.

                      Originally posted by TransAmDan View Post
                      When logging into SSH this morning I noticed this message in Red.

                      RBL Blacklist : [CRITICAL] 5.77.47.66 blacklisted bl.spamcannibal.org
                      RBL Blacklist : [CRITICAL] 5.77.47.66 blacklisted bl.spamcannibal.org

                      I believe spamcannibal is complaining about reverse DNS, but DNS checks out all is fine.
                      Yes, the DNS looks all good. I believe this is a glitch with SpamCannibal!
                      Rock _a.k.a._ Jack Daniel

                      Follow eUKhost on Twitter || Join eUKhost Community on Facebook

                      Comment


                      • #12
                        Re: Traceroute from other countries to WebServer appear slow/blocked.

                        Originally posted by Rock View Post
                        Yes, the DNS looks all good. I believe this is a glitch with SpamCannibal!
                        Thanks for the heads up. That would make sense, as if there was a true issue many other spam filters would surely flag it up.

                        So all is good

                        Thanks.

                        Comment


                        • #13
                          Re: Traceroute from other countries to WebServer appear slow/blocked.

                          Originally posted by TransAmDan View Post
                          Thanks for the heads up. That would make sense, as if there was a true issue many other spam filters would surely flag it up.

                          So all is good

                          Thanks.
                          You are welcome Dan! I hope MaxCDN have provided you with a satisfactory response by now..
                          Rock _a.k.a._ Jack Daniel

                          Follow eUKhost on Twitter || Join eUKhost Community on Facebook

                          Comment

                          Working...
                          X