By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Users in parts of northern Italy blocked from website access, but no other worldwide locales are blocked

0

I am supporting a company which has a production EC2 instance in Asia-Pacific (Singapore) running a fairly simple web server. As of sometime Friday (European Central time) a company employee in the Milan area reported that the instance was unreachable. An attempt to connect times out. Company people in the US, Asia, and central Europe have no issues connecting to the web server. If the user in Milan switches to a TOR browser (therefore a different source IP somewhere in the world) he has no issues accessing our website.

I gave our user a URL with the public IP address of our web server instead of the name in order to validate that this was not a DNS issue, and the result is the same. There is no connection being made at all between his system and our instance via public IP. A traceroute shows that the connection goes through AWS routers with public IP addresses and eventually just never connects.

Our firewall ACLs for the instance in Singapore have no restrictions at all to destination port 443 from 0.0.0.0 (everywhere). There have been no changes made to our AWS configuration or the configuration of the web server on the instance at all for the last several months. It appears quite strongly that there is an internal network routing problem or blockage within AWS which is preventing our user in Milan from reaching our site in Singapore.

We do not have a paid support account which would allow us to create a Tech Support ticket. Does anyone have any idea how to reach AWS about what appears to be a network infrastructure issue for them? Does anyone have any other ideas which I should pursue in order to identify what is causing this connection problem specific to the Milan area?

Topics
Networking & Content DeliveryCompute
Tags
Amazon VPCAmazon EC2Networking & Content Delivery
Language
English
Rob Scott
asked 2 years ago220 views
1 Answer
0

We'll need to figure out first whether this issue is specific to your user's source and destination or something else. Can you please have them open http://ec2-reachability.amazonaws.com/ and report any red flag they see in there?

Also do you have some other exposed services in the same region your user could try?

AWS
Giorgio Bonfiglio
answered 2 years ago
  • Rob Scott
    2 years ago

    We also have a non-production EC2 instance in the Indonesia region. My user cannot connect to that system, either.

    Running the EC2 reachability test: my user reports that he cannot reach Singapore or Jakarta regions.

    In case I didn’t mention it, my user has tried multiple browsers on a Macintosh, on Windows, and on a smartphone. All have failed.

  • Rob Scott
    2 years ago

    Additional information: user in Milan reports additional info that points to the inability to connect specifically to his ISP, which happens to be the largest ISP providing services to a substantial portion of Italy. The problem seems specific to Telecom Italia (TIM) which provides both his wired connection and his wireless phone services in Milan. His wife has phone service from Vodaphone in Milan and had no problems connecting to our server.

  • Rob Scott
    2 years ago

    My user sent me a screen shot of a traceroute from his system to our system public IP 54.169.6X.XX. After internal Telecom Italia RFC1989 private IP space, traffic emerges on public IP space and from there on to AWS public address space. The public address trail is this: 195.22.205.116 (TIM) 195.22.196.170 (TIM) 195.22.205.116 (OK, this is odd, going back to the same router)

    52.93.11.191 (AWS address space from here down) 15.230.29.139 52.93.11.109 52.93.11.89 52.93.10.227

    (and it's all * all the way down from here)

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content