Solved

Why are certain web sites not accessible during the day?

Posted on 2014-09-03
4
131 Views
Last Modified: 2015-01-21
At certain times of the day web sites such as Facebook, Craigslist, azlyrics.com, and www.itslearning.com cannot be accessed by our campus.  It is always the same sites at the same time; however the time of day and the amount of time they are not accessible varies.  DNS always resolves the addresses.  I've tried switching to Google's DNS Servers, but that does not solve the problem.

Here is my traffic flow:   ISP (Comcast) <--> Juniper JSR2320 <--> Cisco ASA 5520 <--> Campus LAN

Initially my entire campus shared one NAT'd IP address (using PAT), but I
noticed other devices that had a static NAT were not affected by this
problem.  Through vast amounts of troubleshooting, I segmented my campus
into different groups and gave each group its own PAT'd IP address.  This
problem only affects one group which is currently PAT'd to 192.168.1.2 (not the real IP obviously)
When the problem was occurring, I changed the group with the problem to a
different PAT'd IP address.   I then put a laptop outside the ASA firewall
with the 192.168.1.2 ip address, and the laptop still had the problem.
To me, that test eliminated everything except the J-Series, my ISP, and
the affected sites.

When the problem is occurring trace routes to the sites fail at various points either in or beyond Comcast's network.
Comcast is telling me they are not blocking anything, and one of the affected sites has responded and said they are not blocking us.  I'm at a loss as to what could be causing this problem.
0
Comment
Question by:jeffgood
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 34

Expert Comment

by:Paul MacDonald
ID: 40301070
I expect you're using a proxy server for Internet access and it's being configured to block certain sites at certain times.  This may be by design, or due to a virus of some sort .  Does the problem exist if you change browsers?

Alternately, can you verify you can get to the affected PATed address from outside while the problem exists?  This may be a routing issue somewhere way upstream.
0
 

Author Comment

by:jeffgood
ID: 40301091
We do not have a proxy server.  The problem will affect every computer that is tied to the affected PAT'd address.   When the campus was sharing one IP, every computer on campus was affected.   When that happened, I gave my computer it's own static NAT address, and then I could access the sites.   We have multiple OS/browsers affected

I will attempt to route to the affected IP when the problem occurs.  What is odd though is that we have an entire class c subnet and we are using BGP as our routing protocol.  However, only one IP out of the subnet will be affected.   I would think a routing problem would affect the entire subnet.
0
 
LVL 34

Accepted Solution

by:
Paul MacDonald earned 500 total points
ID: 40301199
As would I, but who knows how the upstream providers have their routers configured?  It may be that one subnet is NOT part of the BGP definition, or that it's somehow misconfigured.
0
 

Author Comment

by:jeffgood
ID: 40562296
This problem just went away.  Guessing it was misconfigured upstream routers.
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
Configuring network clients can be a chore, especially if there are a large number of them or a lot of itinerant users.  DHCP dynamically manages this process, much to the relief of users and administrators alike!
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

691 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question