[146254] in North American Network Operators' Group
Re: XO blocking individual IP's
daemon@ATHENA.MIT.EDU (Ryan Rawdon)
Tue Nov 8 07:05:33 2011
From: Ryan Rawdon <ryan@u13.net>
In-Reply-To: <8cd9ddd28acb187bf24131339f00e806.squirrel@emailmg.ipower.com>
Date: Tue, 8 Nov 2011 07:04:18 -0500
To: clayton@haydel.org
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Nov 7, 2011, at 10:06 PM, clayton@haydel.org wrote:
>=20
>> "transit provider". Is XO the end-access provider for either you or =
the
>> destination site? Or are both of those on some other connection, and =
XO
>> is a bystander along the way?
>=20
> We're a direct customer. The IP's that I've seen them block have been
> both on our network and on remote networks, so I suspect their =
filtering
> would affect any traffic that happened to pass over XO.
>=20
While troubleshooting another issue last week, someone in the NOC at one =
of our ISPs mentioned that they had encountered something similar =
recently.
"This=20
looks suspiciously like another XO issue we ran across in the last few=20=
months where they used a network security device that blocked =
'suspicious'=20
traffic on particular ports (although it was tcp based from what I could=20=
remember)."
In our case the symptoms looked like GBLX was eating traffic which =
hashed to a certain theoretical link (certain src-dst-srcport-dstport =
combinations) in a LAG or similar, but it was happening right near the =
XO-GBLX edge in the forward path so it's possible it was a security =
device at XO's edge.=
