FA struggles to find source of connection issue

[Conan]

 For the past week or so, FA has been struggling to find a source of an occasional connection issue that some users experience. The first public post about it came last Tuesday, when FA asked people to run traceroute from a web service when they were having problems. They clearly didn't bother to investage how the web traceroute service functioned, as they were concerned people's IP's would be exposed. Not possible when it's one webserver tracing another web server.

Smarter people eventually started posting proper traceroutes in the comments, and one common problem became clear. When routed through one particular router at their datacenter (cr1.iad2.inforelay.net [66.231.176.246]) more often than not the next hop, to FA's own router (Which is one of these overpowered beasts) at 66.231.180.84, would fail entirely.

Despite the fact that people were asked to post this, interaction with the users reporting problems in that thread was non-existent or minimal at best.

A few days later, they released another news journal that was full of their patented techno-babble that challenges the Turbo Encabulator script for top prize of "technical sounding things that don't actually mean anything". It was entirely their host's fault!!! How so? Well...

The problem appears to have been a DNS issue on our host's side. Somehow, one of our IPs was issued out to another site via the DNS PTR records, and the conflict caused some issues for certain users. We discussed the issue with our site's host and they made changes this morning to try to rectify the problem.

PTR doesn't have much of anything to do with IP routing, so this seems to be another case of whoever was writing this has no idea what is actually going on, or someone else telling them what is going on has no idea what's going on themselves. Needless to say, this didn't solve the problem and people who knew better started questioning their ability to actually troubleshoot the problem when they're just shouting out meaningless buzzwords. They were, of course, brushed off, with another explanation:

The DNS was suspect because we found a site was issued one of our IPs, and causing some resolving errors when the site tried to access resources on that IP. It was causing a conflict, hence we had thought it related.

Which, again, makes no sense. At least the Asspat Defense League was out in full force when people called them out about the earlier descriptions, Because FA is the only group of people who knows how networking works!

Today they rebooted their network equipment (that'll fix it!), and of course the problem is still happening. Wolfblade even had to call them out on the fact nothing they say makes any sense to anyone who knows how networking works.

Will any relevant response be made to any of the many comments that have been stating the problem to be something other than what it's been represented as being (which is apparently impossible and misleading techno-speak in the opinion of several seemingly knowledgeable people)?
 
 Just a few:
 
 https://www.furaffinity.net/journal...../#cid:34291211
 http://www.furaffinity.net/journal/...../#cid:34338101
 http://www.furaffinity.net/journal/...../#cid:34352615
 http://www.furaffinity.net/journal/4760213/#cid:34368362
 
 The only one of those to get a response just said "taking it up with them!" So how'd that go? Assuming "them" is whoever said it was a DNS issue, what did "them" say when you mentioned a whole bunch of folks agreeing that's a load of nonsense?
 
 What's the point in anybody bothering with tracert when you've not given a serious response to people telling you what the problem is? The consensus also seems very strong that whoever gave the original explanation about it being DNS has no idea what they're talking about. So maybe an update on that note, letting people know that you're not ignoring this community's VAST resources of competent and professional tech-minded users more than willing to help, in favor of someone who is, by intention or ignorance, spouting bullshit.
 
 Nobody is trying to make you feel bad or look bad. This community has always been spilling over with people wanting nothing more than to help. But they tend to be ignored rather vehemently, and it's not slander or defamation when people point out how something makes the site look bad in the hopes the site will stop doing it.
 
 If none of that is to be addressed, then what's the point of these update journals at all?             

Maybe if they hit it harder.

[kayfox]

A correction and comments:

The FA router "routezilla" is a Cisco 7301, not a 7603.

https://twitter.com/furaffinity/status/22051925350
https://twitter.com/furaffinity/status/22058166683 - For added lulz, "Google up the price on that." Obviously money fixes everything.

Not having much detailed troubleshooting info this smells like one of two things:
1. They are using OSPF to peer to InfoRelay's routers and its having a fit for any number of reasons.
2. They are having issues with ARP requests for 66.231.180.84 not being responded to.

Now that I think of it, there might be a third here, based on some people getting ICMP messages saying "Destination administratively prohibited."

3. They have something haywire in their ACLs.

The technical explanations are either unfiltered bullshit made to mask their desire to avoid telling the public what is going on because either they don't know or don't want the public to know, or they are what the FA people actually think is going on.  I hope for their sake its the first of the former, but I kinda fear its the latter.

Churning through it I think there is only one logical explanation that fits what they have said:

* The ACLs depend on DNS for some reason and the issues with DNS is causing traffic to be rejected.

This makes little sense, it both embodies a failure on their part to avoid using a flakey protocol (DNS) in a routing environment and seems like they had made shortcuts while configuring it.  Not being a Cisco guy I cant say for sure, but I dont think ACLs even let you use DNS names.

Some people have speculated that its the load balancer, which while being an unfortunate case of shittrix, is working as designed (and for any of you reading, should not be bypassed even if you could) and is not the cause of the issue.

This whole episode reminds me of Dunning-Kruger, unfortunately I support this kinda networking hardware so I cant hide from these stupid people.

[Pi]

Churning through it I think there is only one logical explanation that fits what they have said:

* The ACLs depend on DNS for some reason and the issues with DNS is causing traffic to be rejected.

This makes little sense, it both embodies a failure on their part to avoid using a flakey protocol (DNS) in a routing environment and seems like they had made shortcuts while configuring it.  Not being a Cisco guy I cant say for sure, but I dont think ACLs even let you use DNS names.

Cisco gear resolves names, if configured with resolvers, at config-time. I don't think even FA is ridiculous enough to screw up their configuration that way.

[Conan]

A correction and comments:

The FA router "routezilla" is a Cisco 7301, not a 7603.

Routezilla was upgraded in 2011 after the last one blew a line card (I think they blew two router line cards within a few days of each other IIRC). I don't remember where I saw it but i'm certain the 7603 is what they said they replaced it with.

[ColonThree]

Does anyone have any idea why a lot of those people are seeing multiple hops to the same IP and then usually failing at that point? I don't really have a strong grasp on the technicalities.

...
13 cr2.iad2.inforelay.net (67.208.89.118) 23.116 ms 24.266 ms 25.177 ms
14 cr2.iad2.inforelay.net (67.208.89.118) 26.760 ms !X * 22.870 ms !X

This one in particular

...
10 inforelay-gw.p4.tinet.net (216.221.158.246) 101.809 ms 104.481 ms 102.750 ms
11 cr2.iad1.inforelay.net (66.231.176.10) 102.811 ms 99.059 ms 97.586 ms
12 cr1.iad2.inforelay.net (66.231.176.246) 106.900 ms 103.030 ms 115.273 ms
[12-18 timeout]
19 * * cr1.iad2.inforelay.net (66.231.176.246) 103.264 ms !X
[20-31 timeout]
32 cr1.iad2.inforelay.net (66.231.176.246) 106.220 ms !X * *

It's like it's redirecting to itself.

[magus]

The short, techical-detail-removed version:

Yes, it's more or less redirecting to itself. This can happen when something goes pretty goofy in the router. Since this appears to be the last hop before handing over to FA, that implies that it's something wrong on FA's side. A flapping interface could easily do things like this randomly and unpredictably.

Since it's FA, it *heavily* implies something is wrong on their end.

[kayfox]

Short answer:

Its not redirecting to itself, its sending a response to the next hop.

Long answer:

Traceroute uses ICMP packets with progressively increasing Time-To-Live settings.  In this case the router at the 14th hop replies with expired TTL as expected, then traceroute increments the TTL and sends to the next hop, and the same router replies with "Destination administratively prohibited" and thusly is listed twice.

[Conan]

They "fixed" it by making InfoRelay stop routing them through that router. This clearly makes it the host's fault, according to the journal posted earlier.

[QuantumCoyote]

Well, FA *IS* infiltrated by, I'm guessing, C.I.A. at the least.
And these guys, whomever they are exactly, have been fucking with me for many years. They must be stupid or insane or just cruel because they just keep at it, despite the fact that these activites are surely illegal.

If they really are that dumb, could they be botching an install or removal of... whatever?

[update: I don't know what is going on exactly, but some of the incriminating furry art has been selectively removed. like I said, I don't know what this means. Dragoneer told me he needed me to provide him with PROOF that artists have been using furry art to manipulate me.(as psy weapons. But I'm not sure I used that exact wording) How am I supposed to provide proof of something with built-in deniability? I hope he did the right thing and contacted the authorities]

[Pi]

You're doing that word-salad paranoid-schizo thing again, QC.