Print Page - ping to 2600:: not working, neither some apps using cloudfront.net

Title: ping to 2600:: not working, neither some apps using cloudfront.net
Post by: zervaninfo on June 09, 2024, 01:16:26 PM

Hello, I am using short IPv6 address 2600:: for testing connection. It was working for years, but some time ago it is not reachable from HE tunnel anymore. Is there a way to fix it?

Title: Re: ping to 2600:: not working
Post by: sttun on June 30, 2024, 11:50:51 PM

It seam the issue is with arin, they are the ones that annpunce the /48 that includes 2600::

Title: ping to 2600:: not working, neither some apps using cloudfront.net
Post by: zervaninfo on September 23, 2024, 02:38:49 AM

It seems that there are more troubles with connectivity, some Android apps are not working through HE Tunnel Broker.

For example, some times ago, my Strava and AliExpress apps stopped to worked correctly. Here are details:

AliExpress is loading media from ae-pic-a1.aliexpress-media.com, which is CNAME to cloudfront.net (actually d3e2y37tle8w9m.cloudfront.net, 2600:9000:...) - not reachable from HE;
Strava is loading data from cdn-1.strava.com, which is CNAME to cloudfront.net (actually d3u3hkafyj3iak.cloudfront.net, 2600:9000:...).

I have set IPv6 address to 100:: to those names on my local DNS (MikroTik router) and now both apps are working correctly:

.*\.aliexpress-media\.com
cdn.*\.strava\.com

But there are 70+ more CNAMEs to cloudfront.net in my DNS cache - it means, many apps are not working or working very slowly (after app realizes that IPv6 is not working and uses IPv4).

Unfortunately, I can't find a way to completely change *.cloudfront.net in MikroTik (.*\.cloudfront\.net is not working, because it is checking only original name, not CNAME, I will consult it with MikroTik).

However, this is not solution, it is just quick hack. Why is cloudfront.net not working through HE tunnel? Who is responsible? Who could fix that?

Title: Re: ping to 2600:: not working, neither some apps using cloudfront.net
Post by: Pentium4User on December 01, 2024, 02:51:31 AM

2600:9000::/28 is the infor I got from whois.
According to the HE looking glass, it is not announced. At Telekom (AS3320), it is not in the routing table too.

amzn-noc-contact@amazon.com can be contacted, this is in the whois address.
d3e2y37tle8w9m.cloudfront.net at this time (TTL 40 sec) points to various networks in 2600:9000:223c::/48, which is in the HE routing table. I can ping that properly via AS3320.

Please try if the problem still exists.

For 2600::
Reachable from only a few AS, other big ones like 3320 don't have that in their routing table.
Contact Cogent/Sprint and ask them. I dunno about the peering/routing policies they have.

Hurricane Electric's IPv6 Tunnel Broker Forums

General IPv6 Topics => IPv6 Basics & Questions & General Chatter => Topic started by: zervaninfo on June 09, 2024, 01:16:26 PM