[BBLISA] Amazon EC2 Oddly Rejecting Very Specific IP Addresses

R Gary Cutbill rgary at kluge.net
Tue Apr 13 13:25:18 EDT 2010 

Just a guess....
I've seen routers configured to block forwarding to broadcast addresses. 
Perhaps
the router is (mis-)interpreting the amazon address as a broadcast 
address because
it ends in 255?

I'd start by checking the logs on the router.

-R. Gary

Richard 'Doc' Kinne wrote:
> Folks:
>
> I'd like to see if anyone has heard of circumstances like this before.
>
> I have a server on the Amazon EC2 cloud running a website service. 
> This is largely working well.
>
> However I have one customer that cannot get to it from a specific 
> address. The IP address of my server is 75.101.149.255. When you do a 
> "whois" on this it comes up as:
>
> OrgName:    Amazon.com, Inc.
> OrgID:      AMAZO-4
> Address:    Amazon Web Services, Elastic Compute Cloud, EC2
> Address:    1200 12th Avenue South
> City:       Seattle
> StateProv:  WA
> PostalCode: 98144
> Country:    US
>
> which makes perfect sense.
>
> We originally thought that Amazon might be blocking access to the 
> service to specific IP or IP ranges, but based on traceroutes that 
> didn't seem to make sense.
>
> When my customer tries to do a traceroute from his place to my server 
> he doesn't even get out of his router:
>
> tracert 75.101.149.255
> Tracing route to [75.101.149.255] over a maximum of 30 hops:
>   1     1 ms    <1 ms    <1 ms  www.routerlogin.com 
> <http://www.routerlogin.com> [10.1.1.1]
>   2     *        *        *     Request timed out.
>
> I've never seen anything like that before. I can understand things 
> timing out when you get to the Amazon area, but timing out before you 
> even get into the Net proper? That doesn't make sense to me. 
> Everything else seems to work properly from his location from what 
> he's telling me.
>
> There is a part of me that thinks there may be something wrong somehow 
> with my customer's address. When I do a "whois" on the customer's 
> address it comes back as being owned by IANA, which doesn't seem right 
> at all. Also when I try a traceroute to his address *I* don't get past 
> my router in two totally separate locations (work, that has one ISP, 
> and home, which has a very different ISP).
>
> I've never quite seen anything act like this before and I'm not quite 
> sure how to puzzle it out.
>
> Does anyone have any thoughts?
> -- 
> Doc Kinne, [KQR]
> (From the Gmail Web Interface)
> ------------------------------------------------------------------------
>
> _______________________________________________
> bblisa mailing list
> bblisa at bblisa.org
> http://www.bblisa.org/mailman/listinfo/bblisa

More information about the bblisa mailing list