 |
 |
[log in to unmask]" type="cite">I am surprised that you are getting any traceroute at all. Your MICE facing interface IP should not exist on the public internet. I am wondering if there is a default route in someone's table (CNS/Paul Bunyan) (or they are originating the MICE subnet internally) that is enabling you to get as much of a trace as you are getting. -----Original Message----- From: MICE Discuss [mailto:[log in to unmask]] On Behalf Of Frank Bulk Sent: Thursday, August 16, 2018 3:26 PM To: [log in to unmask] Subject: [MICE-DISCUSS] Routing of non-IX traffic When I force a traceroute to originate from our MICE-facing connection, the first hop is 206.108.255.50 (AS32609 aka CNS). Any reason why? To making things more interesting, Incapsula-destined traffic goes via Paul Bunyan. Here's just one example: traceroute to www.yamaha-dealers.com (45.60.73.16), 30 hops max, 60 byte packets 1 AS32609.micemn.net (206.108.255.50) 14.059 ms 14.084 ms 14.076 ms 2 cns70.cnsllc.net (205.149.150.9) 18.484 ms 18.434 ms 18.507 ms 3 fg30.ips.cnsllc.net (205.149.150.30) 20.254 ms 20.346 ms 20.267 ms 4 crss2.PaulBunyan.net (205.149.159.197) 20.527 ms 20.562 ms 20.619 ms 5 cra.PaulBunyan.net (205.149.159.181) 23.398 ms fp233.ips.PaulBunyan.net (205.149.159.233) 22.669 ms cra.PaulBunyan.net (205.149.159.181) 23.393 ms 6 * * * 7 * * * 8 * * * 9 * * * 10 * * * 11 * * * 12 * * * 13 * * * 14 * * * 15 * * * 16 * * * 17 * * * 18 * * * 19 * * * 20 * * * 21 * * * 22 * * * 23 * * * 24 * * * 25 * * * 26 * * * 27 * * * 28 * * * 29 * * * 30 * * * SiouxCenter-Arista-North(s1) The reason I stumbled across this is because we've had more than a dozen customers over the last month complain about access to Incapsula-protected sites. Packet captures show TCP RSTs coming from the far side. Regards, Frank Bulk AS53347
To unsubscribe from the MICE-DISCUSS list, click the following link:
http://lists.iphouse.net/cgi-bin/wa?SUBED1=MICE-DISCUSS&A=1