Trouble accessing Cloudflare domains from certain subnet
Hello Cloudflare team,
My name is Mhamad, and I'm the head of the networking department at an ISP in Lebanon.
I'm having a major issue where I can't access any domain that uses Cloudflare's DNS, specifically the addresses 188.114.97.6 and 188.114.96.6. I've tried everything on our end:
* Running pings and traceroutes
* Clearing our cache
* Changing routes and DNS settings
The strange part is that some ISPs in Lebanon can connect just fine, while others, including mine, can't access anything. This is a big problem for our customers.
Could you please look into this on your end? Any help would be greatly appreciated.
Thanks,
Mhamad
25 Replies
Can you elaborate on where exactly you're seeing these issues?
1. What ISP / provider, preferably their AS number?
The AS number can be found here:
* https://1.1.1.1/help
-> AS Number
* https://bgp.tools/
-> The AS number shown under "You are connecting from" like this: "Cloudflare, Inc. (AS13335)"
* https://bgp.he.net/
-> The AS number shown like this: "Your ISP is AS13335 (Cloudflare, Inc.)"
2. Can you share the ping/traceroute results you're referring to?
3. Can you share the ping/traceroute to surrounding IP addresses, according to your explanation, such as e.g.
188.114.96.5, 188.114.96.7, 188.114.97.5 and 188.114.97.7?thats our as number AS210292
1 <1 ms <1 ms <1 ms 192.168.10.1
2 1 ms 1 ms 1 ms 172.16.14.1
3 1 ms 1 ms 1 ms 10.10.12.5
4 1 ms 2 ms 3 ms 10.10.12.1
5 1 ms 1 ms 1 ms 10.5.10.1
6 2 ms 14 ms 1 ms 172.16.80.177
7 * * * Request timed out.
8 6 ms 5 ms 2 ms 172.16.49.1
9 40 ms 41 ms 45 ms 213.242.116.233
10 40 ms 88 ms 57 ms 213.19.217.10
11 * 49 ms 39 ms 162.158.20.40
12 39 ms 39 ms 39 ms 188.114.97.6
thats the other ip
1 <1 ms <1 ms <1 ms 192.168.10.1
2 3 ms 1 ms 1 ms 172.16.14.1
3 1 ms 1 ms 1 ms 10.10.12.5
4 1 ms 1 ms 1 ms 10.10.12.1
5 1 ms 1 ms 1 ms 10.5.10.1
6 2 ms 1 ms 2 ms 10.148.189.1
7 * * * Request timed out.
8 2 ms 3 ms 3 ms 172.16.40.2
9 2 ms 2 ms 4 ms 172.16.80.45
10 * * * Request timed out.
11 5 ms 3 ms 3 ms 172.16.48.1
12 40 ms 38 ms 40 ms ae81.edge4.Marseille1.Level3.net [212.73.201.45]
13 40 ms 54 ms 43 ms 213.19.217.10
14 38 ms 38 ms 38 ms 162.158.20.46
15 38 ms 38 ms 38 ms 188.114.96.7
Seems like it's going through from AS210292 just fine, ... to both
188.114.97.6 and 188.114.96.7?
AS210292 isn't one of the problematic ISP(s)?
Is AS210292 one of the problematic ISP(s)?im the ISP
yes
when i load a site i get nothing at all
after a while i get this ERR_CONNECTION_TIMED_OUT
also in browser Dev mode nothing is showing in network or console
Tactical Report
Strategic Insights, Comprehensive Analysis and Expert Commentary | ...
Get ahead with Tactical Report's in-depth analysis & expert insights on MENA defense, geopolitics and strategic intelligence for informed decisions.
admin
MikroWizard | Mikrotik management solution
Home page
Streamline your network management tasks with MikroWizard, the ultimate MikroTik router management solution. Empower your network administrators with a powerful user-friendly tool to optimize performance and efficiency. Explore MikroWizard now!
Do you see a Cloudflare
Error 1003 - Direct IP access not allowedwhile loading any of these?
1. http://188.114.97.6
2. http://188.114.96.6
3. http://188.114.96.5
4. http://188.114.96.7
5. http://188.114.97.5
6. http://188.114.97.7
If it's mixed yes or no, - which ones are giving Error 1003, and which ones aren't?just a sec
im getting 1003 error on all of them except 2
188.114.97.7
http://188.114.96.7/
So the two ones ending with
.7 are just loading and ending with timeout?
#4 and #6 from my list?
The others are all giving Error 1003?yup
^ As you're saying you're the ISP here, it may be a bit strange to refer you to the ISP (i.e. to yourself)...
lol yes
However, these things happens exactly like this with ISP / government censorships, where ISPs are restricting access to specific IP addresses.
ive even tried connecting directly from my edge router it didnt work
It's exactly what is happening here too...
So if there isn't anything with government censorship within your own network, then you will have to work it out with your upstream / transit carriers.
yes no government censorship
hmmmm
the thing is i can reach the ip via icmp but the page is not loading, i do not think its a transit/upstream issue
ICMP and HTTP(S) are two different traffic types, one of them being filtered doesn't mean that the other one is as well.
Thats true
But tbh our government they do not care about anything and dont block anything
They notify the ISP to block certain services
Thats weird I know but thats how its done here
The upstream is OGERO the official one for the country
As you can reach the surrounding Cloudflare IP addresses, ... then the issue isn't on Cloudflare's side.
So im not blocked on any firewall of urs, right ?
Cloudflare is not blocking you.
Thank you sir
You're welcome.
And if a specific website owner decided to block you (or your network) from accessing their website, you would see something like what you see on this page: https://cloudflare.com/cdn-cgi/error/1020
id like to give you an update it was a transit issue from Liban Telecom
Thank you so much sir
also do you have any idea which ISPs in Lebanon that have a cloudflare CDN so i can peer with their IX ?
You're welcome, and thanks to you for returning with an update!
According to PeeringDB, more notably on the specific page for Cloudflare's primary AS number, 13335, Cloudflare should be available in Berytech Technological Pole, as well as being present on the LebIX internet exchange, which was formerly known as Beirut-IX.
Thank you 🙏🙏