search

routeviews / issues

Repository for tracking issues and discussions visible to the public.
MIT License
1 stars 1 forks source link

Unable to reach `archive.routeviews.org` via FTP or HTTPS over the weekend #148

Closed jsf9k closed 3 months ago

jsf9k commented 3 months ago

Effected Services/Hosts

archive.routeviews.org

Details

I have an AWS EC2 instance that pulls the latest RIB file once a week and uses the ASN information to enrich a report that gets sent out weekly. Starting this weekend, I was unable to download ftp://archive.routeviews.org/route-views4/bgpdata/2024.07/RIBS/rib.20240707.0200.bz2 or https://archive.routeviews.org/route-views4/bgpdata/2024.07/RIBS/rib.20240707.0200.bz2 from the instance. I checked on my local machine and there I was unable to download the RIB file via FTP, but I still could via HTTPS.

Did you make some changes on your end that could have caused this behavior? I am particularly interested as to why the HTTPS link is unreachable from my AWS EC2 instance.

Console output or logs

$ wget https://archive.routeviews.org/route-views4/bgpdata/2024.07/RIBS/rib.20240707.0200.bz
--2024-07-08 13:50:43--  https://archive.routeviews.org/route-views4/bgpdata/2024.07/RIBS/rib.20240707.0200.bz
Resolving archive.routeviews.org (archive.routeviews.org)... 128.223.51.20, 2001:468:d01:33::80df:3314
Connecting to archive.routeviews.org (archive.routeviews.org)|128.223.51.20|:443... failed: Connection timed out.
Connecting to archive.routeviews.org (archive.routeviews.org)|2001:468:d01:33::80df:3314|:443... failed: Network is unreachable.
hanskuhn commented 3 months ago

Thanks for your report. Investigating now.

hanskuhn commented 3 months ago

@jsf9k Can you please provide the IP4 and IP6 address for your EC2 instance?

jsf9k commented 3 months ago

Sure. The IPv4 address is 100.27.42.254. The instance is IPv4-only; it has no means to egress IPv6 traffic.

hanskuhn commented 3 months ago

@jsf9k -- I just noticed that the command you provided above has a misspelling of the filename. It should end in '.bz2' but ends in '.bz'. I was able to use the correct filename to successfully download https://archive.routeviews.org/route-views4/bgpdata/2024.07/RIBS/rib.20240707.0200.bz2 from a VM hosted outside our infra.

I know that doesn't explain why you got "connection timeout" but I'm unable to create that on my side.

I can't find your IP address in our ACLs for banned hosts that have disrupted service.

It looks like ICMP is being blocked somewhere on your end so I can't debug the path from archive to your VM.

If you can provide a traceroute to archive.routeviews.org from your VM, that might help.

hanskuhn commented 3 months ago

Is it fixed now?

We found an unintentional ACL that was matching a large netblock which included your ip4 address.

jsf9k commented 3 months ago

Yep, I can download via HTTPS and FTP from my local machine and from our server. Thank you!

Seanstoppable commented 2 months ago

@hanskuhn I've noticed the same problem from my own workflows. Currently in azure (IP 20.88.203.241), and also noticed from home internet (Comcast)

hanskuhn commented 2 months ago

Can you provide a bit more detail? I've looked in our reject logs for the ip your provided and it doesn't match. I don't have enough information to investigate but happy to explore if you share the command you are running and the error you are getting.

Seanstoppable commented 2 months ago

Looks like it was covered in #160 and #161, and access is restored. Thanks!

hanskuhn commented 2 months ago

Great! Thanks for the followup to confirm it's working for you.