Help on setting up a new block
Pete Baldwin
pete at tccmail.ca
Wed Mar 20 14:22:34 UTC 2019
Do a search on the /16 parent block. It has a history of being on
block lists. I imagine some admins have old lists that they do not
update very often, or have the entire /16 or greater blocked. I also
went through this process when we purchased IPs, and I've had to contact
hundreds of networks over the last couple of years to try and get our
blocks removed from their firewalls. Our specific block was never on
any block lists, but the parent was plastered all over the place.
It's potentially more difficult now than in the past because there
are some hosting providers that are simply a few people that own VMs on
some other infrastructure that they do not control or have visibility
into. The VM hosting company might be blocking your network, and so the
VMs never see your traffic. This means you might contact Landstar, and
then Landstar calls up their web person, but the web person doesn't
understand this stuff. The web person phones his web hosting company
who can't find anything wrong, because they never see your packets to
begin with. Now the web hosting company (if you can get them to do
this) needs to contact their DC company that is hosting their VMs to
find out if there is a firewall or anti DDoS system etc that is sitting
in front of their VMs.
Most of these calls take a long time. There is a lot of
hand-holding, and captures that need to be sent, and then you just hope
you can find someone willing to dig into it on the other end of the phone.
Good luck with the process. I believe you will be successful in
most cases, but it will take awhile.
-----
Pete Baldwin
Tuckersmith Communications
(P) 519-565-2400
(C) 519-441-7383
On 3/20/19 10:02 AM, John Alcock wrote:
> Odd Issues
>
> We recently went through an IP Broker and bought a /18 worth of IP's
>
> I am listing all my information below. Should be public record.
>
> AS Number/Range 395437
> AS Handle AS395437
> AS Name HIGHLANDTEL
> RPKI Certified Yes
>
> As for the IP Block
>
> Net Range 138.43.128.0 - 138.43.191.255
> CIDR 138.43.128.0/18 <http://138.43.128.0/18>
> Net Name HCL-73
> Net Handle NET-138-43-128-0-1
> Net Type Direct Allocation
> Parent NET-138-0-0-0-0 (VR-ARIN)
> RPKI Certified Yes
>
> In addition, I believe I got all the information in the IRR. I am
> unclear on this part, but I do know ATT is happy now. I can pass
> traffic through their network.
>
> whois -h whois.bgpmon.net <http://whois.bgpmon.net> " --roa 395437
> 138.43.128.0/24 <http://138.43.128.0/24>"
>
> 0 - Valid
> ------------------------
> ROA Details
> ------------------------
> Origin ASN: AS395437
> Not valid Before: 2019-02-13 05:00:00
> Not valid After: 2029-02-01 05:00:00 Expires in
> 9y318d10h46m2.39999997615814s
> Trust Anchor: rpki.arin.net <http://rpki.arin.net>
> Prefixes: 138.43.128.0/18 <http://138.43.128.0/18> (max length /24)
>
>
> So here is my problem. There are certain sites I can not get to on
> the new ip block.
>
> clover.com <http://clover.com> - They are a large POS vendor catering
> to small business
> idrive.com <http://idrive.com> - Online backup
> heart.org <http://heart.org> - american heart association
> onlineproviderservices.com <http://onlineproviderservices.com> - Looks
> like an outsourced group that handles medicare
> landstar.com <http://landstar.com> - trucking company
>
> I am working on trying to contact the companies above, but I have
> started resorting to public shaming on social media. Not an ideal
> solution.
>
> My thought, could I be missing something? Perhaps I need to add a
> specfic entry in the IRR or anything? Just seems like a lot of sites
> will not accept my traffic.
>
> Any experts like to chime in?
>
> John
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20190320/894e7576/attachment.html>
More information about the NANOG
mailing list