[nznog] Re: routing problem?

On 11/05/2022, at 8:06 PM, Richard Hector wrote:

Hi all,

Hopefully this is acceptable here ...

I have a VPS (with a well-known NZ provider) which I can ping, but can't ssh to. tcptraceroute stops a couple of hops in (I think the first to not respond is our immediate ISP's immediate upstream).

From a different house/ISP, I can connect fine, and from here, I can connect to a different VPS (same provider, different network block)

I'm reasonably confident it's not firewall, partly from extensive testing, and partly because the same behaviour is shown when running tcptraceroute to the gateways of the respective VPS.

Any thoughts?

The fact that the traces make it part way suggest to me that it's a routing problem, but then how does ping work?

I could include tcptraceroute results, but is it considered ok to reveal ISPs etc? My email probably reveals it all anyway, of course ... :-)

Yeah post away. I would suggest run mtr once with tcp, once with udp, once with icmp. mtr has tcp, udp and icmp modes these days and I find it better than traditional tcptraceroute - if for no other reason than it’s got a nice consistent interface regardless what protocol you’re testing with. It may be that the hop that tcptraceroute “stop” at is actually just a router that’s dropping your tcp from hitting the control plane, and higher TTL packets continue through, so let them run their course and see if you get hops after that. Probably also be worth hitting up your ISP, if that’s relevant, as it sounds like it’s an issue with them. -- Nathan Ward