Solved

How much control does an ISP have on packets once they have left the ISP's network?

Posted on 2008-06-25
15
338 Views
Last Modified: 2013-12-14
I am not really familiar with BGP routing or anything, but I am wondering if an ISP has any say in the path a packet takes on the internet once it has left their edge router? I know they can pick which direction to send it off to through one of their peers or transit providers, but once it is on that other network do they have any control in routing decisions?

The reason I ask is because I am having a strange issue with getting to a particular host on the internet. http://cent.mnathani.com  and am unable to get to it for periods of around 30 min  a couple of times each day. I have narrowed this down to users on my ISP, it seems to be affecting only.

Trace when its not working as well as when it is (attached) :




http://mnathani.com/graph shows specific times of the 'outages'

Using a looking glass service to check if the site is up when I can't get to it shows the site online.

Not working:
 

C:\Documents and Settings\Mansoor>tracert cent.mnathani.com
 

Tracing route to cent.mnathani.com [208.100.59.177]

over a maximum of 30 hops:
 

1 10 ms 12 ms 9 ms 64.230.197.193

2 8 ms 8 ms 8 ms dis10-toronto12_Vlan102.net.bell.ca [64.230.234.29]

3 8 ms 8 ms 8 ms core4-toronto12_GE12-1.net.bell.ca [64.230.221.109]

4 19 ms 19 ms 19 ms core2-chicago23_pos3-0-0.net.bell.ca [64.230.147.22]

5 19 ms 19 ms 19 ms bx4-chicago23_POS5-0.net.bell.ca [64.230.203.54]

6 19 ms 18 ms 18 ms dcr1-so-3-1-0.chicago.savvis.net [208.175.10.85]

7 18 ms 19 ms 19 ms ber1-ge-8-3.chicago.savvis.net [204.70.204.213]

8 19 ms 19 ms 19 ms ber1-vlan-241.chicagoequinix.savvis.net [204.70.196.22]

9 19 ms 19 ms 19 ms ber2-vlan-240.chicagoequinix.savvis.net [204.70.194.230]

10 19 ms 19 ms 18 ms 208.173.176.218

11 * * * Request timed out.

12 * * * Request timed out.

13 * * * Request timed out.

14 * * * Request timed out.

15 * * * Request timed out.

16 * * * Request timed out.

17 * * * Request timed out.

18 * * * Request timed out.

19 * * * Request timed out.

20 * * * Request timed out.

21 * * * Request timed out.

22 * * * Request timed out.

23 * * * Request timed out.

24 * * * Request timed out.

25 * * * Request timed out.

26 * * * Request timed out.

27 * * * Request timed out.

28 * * * Request timed out.

29 * * * Request timed out.

30 * * * Request timed out.
 

Trace complete.
 
 

Working:
 

C:\Documents and Settings\Mansoor>tracert cent.mnathani.com
 

Tracing route to cent.mnathani.com [208.100.59.177]

over a maximum of 30 hops:
 

1 9 ms 9 ms 9 ms 64.230.197.193

2 9 ms 8 ms 8 ms dis10-toronto12_Vlan102.net.bell.ca [64.230.234.29]

3 8 ms 7 ms 8 ms core4-toronto12_GE12-1.net.bell.ca [64.230.221.109]

4 18 ms 18 ms 18 ms core2-chicago23_pos3-0-0.net.bell.ca [64.230.147.22]

5 18 ms 25 ms 18 ms bx4-chicago23_POS5-0.net.bell.ca [64.230.203.54]

6 19 ms 28 ms 18 ms dcr1-so-3-1-0.chicago.savvis.net [208.175.10.85]

7 19 ms 18 ms 18 ms ber1-ge-8-3.chicago.savvis.net [204.70.204.213]

8 19 ms 18 ms 19 ms ber1-vlan-241.chicagoequinix.savvis.net [204.70.196.22]

9 18 ms 19 ms 18 ms ber2-vlan-240.chicagoequinix.savvis.net [204.70.194.230]

10 18 ms 19 ms 39 ms 208.173.176.218

11 19 ms 19 ms 24 ms ip61.216-86-149.static.steadfast.net [216.86.149.61]

12 19 ms 19 ms 19 ms chi10.fhdomains.com [208.100.10.39]

13 19 ms 19 ms 19 ms cent.mnathani.com [208.100.59.177]
 

Trace complete.

Open in new window

0
Comment
Question by:mnathani
  • 5
  • 5
  • 2
  • +2
15 Comments
 

Assisted Solution

by:Zordrack
Zordrack earned 100 total points
Comment Utility
The ISP has NO controll over a packet once it has left it's network.
That is the very nature of a packet switched network.

The only thing the ISP can do is choose the next hop in the route and, if that hop supports it, tag it with QoS.

Aside from that all bets are off and the only part the ISP plays is to pick up the packet from you and pass it on to the next hop towards it's destination.
0
 
LVL 13

Assisted Solution

by:kdearing
kdearing earned 100 total points
Comment Utility
Looking at the 2 traces, it looks like this is the culprit:
ip61.216-86-149.static.steadfast.net [216.86.149.61]
0
 
LVL 4

Author Comment

by:mnathani
Comment Utility
Is it not possible that  >> 208.173.176.218   is not pointing to the next hop which would be ip61.216-86-149.static.steadfast.net [216.86.149.61]  

and so is therefore the culprit??

Also, does my ISP have any responsibility in getting this corrected? Seeing how this issue only affects users on my ISP.
0
 

Expert Comment

by:Zordrack
Comment Utility
Yes it is possible, however usually it is the node the drops out that is the guilty party.

And sorry but no, your ISP's responsibility drops off as soon as the hand over your packet to a peer.
If anything try contacting steadfast.net and tell them there's an issue between 208.173.176.218 and 216.86.149.61.
I wouldnt hold my breath though.
0
 
LVL 21

Assisted Solution

by:from_exp
from_exp earned 100 total points
Comment Utility
hi!

As it was already been mentioned your ISP can't control traffic side from it's own network. however it's up to him to decide to which of his upstream to send traffic.
and sometimes ISPs prefer to by very cheap best effort connection, and you can experience packet drops and delays during busy hours.

As for the particular host, it is also possible, that ip61.216-86-149.static.steadfast.net is doing some firewalling staff.
because remember, if there is routing issue you would receive route/destination unreachable instead of time outs..
0
 
LVL 9

Accepted Solution

by:
Press2Esc earned 200 total points
Comment Utility
I would provide this outage info a/o contact Steadfast Networks @ noc@steadfast.net or call (+1-312-602-2689). If mnathani.com is hosted, I would also provide the same info to the hosting co.

Check your log files @ mnathani.com server for down time (e.g., loss of internet access, unusual traffic, etc).  If mnathani.com is NOT hosted by a hosting service, what type of connection (e.g., cable, dsl, frame, t1, etc) do you have for mnathani.com?

P2E
0
 
LVL 4

Author Comment

by:mnathani
Comment Utility
cent.mnathani.com is hosted at futurehosting.biz  It has not been down as I have confirmed with the provider, as well as checked my logs. The outages seem specific to my ISP. I have also contacted Steadfast, and they say that they have atleast 10 other users also using my ISP having the same problem. They blame my ISP, but when I Contacted my ISP they say that the issue is occurring outside their network and they can't really do anything.
0
Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

 
LVL 21

Expert Comment

by:from_exp
Comment Utility
hmm...
I suppose the best you can do is collect as much trace statistics as possible, then push your own ISP. they should try to escalate the problem to their upstream....
possibly you can find the truth there....
0
 
LVL 9

Expert Comment

by:Press2Esc
Comment Utility
I used this (freeware) ping/traceroute pgm to "convince" an ISP THEY had a router issue...  Check out this little jewel.

- http://www.filetransit.com/view.php?id=31106
0
 
LVL 4

Author Comment

by:mnathani
Comment Utility
Heres some info, I got after creating a support ticket with Steadfast Networks.
steadfast.pdf
0
 
LVL 9

Expert Comment

by:Press2Esc
Comment Utility
As I recommended I am glad you were able to contact Steadfast Networks AND they were responsive.   Unfortunately you will need to harrass the ISP until they fix the issue OR provide you a alternate solution/explaination.  Be sure and provide them your support tkt from Steadfast Networrks.

Did you dload the pgm I recomended? It gives you % downtime and you can adjust the test period/frequency for the tests..  Maybe you need to show your ISP an actual percentage of loss on their router(s) b4 they get off their duff.

P2E
0
 
LVL 4

Author Comment

by:mnathani
Comment Utility
I have not had a chance to try the software

I currently use the software called 'The Dude' which is sufficient as it shows me graphs of when there is connectivity and when it is down.

I had posted some of them at http://mnathani.com/graph

0
 
LVL 9

Expert Comment

by:Press2Esc
Comment Utility
According to your tracert to cent.mnathani.com [208.100.59.177], your issue is NOT your ISP (Bell Canada), it is 208.173.176.218, which belongs to Savvis, who is also Steadfast

whois
http://freednsinfo.com/result.php?query_form=whois_lookup&query=208.100.59.177

Open in new window

0
 
LVL 9

Expert Comment

by:Press2Esc
Comment Utility
sorry for the jibberish earlier, got sidetracked and somehow the reply got sent...

According to your tracert to cent.mnathani.com [208.100.59.177], your issue is NOT your ISP (Bell Canada), it is the router @ 208.173.176.218.  A DNS Lookup of that router shows the IP originates from Future Hosting, LLC.  See details below:

ip whois information for 208.100.59.177
-----------------------------------------------------------------
NoZone, Inc. STEADFAST-2 (NET-208-100-0-0-1)
208.100.0.0 - 208.100.63.255
Future Hosting, LLC CUSTBLK-208-100-59-0-24 (NET-208-100-59-0-1)
208.100.59.0 - 208.100.59.255

# ARIN WHOIS database, last updated 2008-06-29 19:10
0
 
LVL 4

Author Comment

by:mnathani
Comment Utility
I have another update on this issue. Looking at a trace route I did from the server at cent.mnathani.com in chicago back to my ip, it showed Telia within the Trace route.

So, I contacted the Telia NOC and they said this is a known issue in Chicago with Bell's Hardware and affecting their Peering and that it has been going on for almost a month now.

They also mentioned that Bell is aware of it.

Unfortunately they were not able to provide the incident number to me as I am not a customer of theirs.

Here is the trace result:

traceroute to server32.mnathani.com (69.158.156.159), 30 hops max, 40 byte packets
1 chi10.fhdomains.com (208.100.10.39) [AS32748] 0.069 ms 0.057 ms 0.022 ms
2 chi-bb1-link.telia.net (213.248.104.85) [AS1299] 0.711 ms 0.799 ms 0.759 ms
3 * * *
4 core2-chicago23_POS8-0.net.bell.ca (64.230.203.41) [AS577] 0.705 ms 0.657 ms 3001.290 ms
5 core4-toronto12_pos1-0-0.net.bell.ca (64.230.147.21) [AS577] 10.930 ms 11.012 ms 10.964 ms
6 dis10-toronto12_GE1-2.net.bell.ca (206.108.107.226) [AS577] 11.127 ms 11.189 ms 11.162 ms
7 bas2-toronto12_GE1-0-102.net.bell.ca (64.230.234.30) [AS577] 14.017 ms 15.625 ms 16.170 ms
8 bas2-toronto12-1168022687.dsl.bell.ca (69.158.156.159) [AS577] 20.527 ms 24.562 ms 25.858 ms
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

As dyndns has reduced the capabilities of the free service, I looked around for other free providers of Dynamic DNS service. After testing several I decided to move my DNS hosting to Hurricane Electric as then domains that require dynamic hostnam…
Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now