Since yesterday, I noticed that all of my websites that are routed through Cloudflare can no longer be accessed from Luxembourg and I can’t explain why. Websites on the same server that are not routed through Cloudflare work without any problem.
I checked all the steps from this tutorial and did all the troubleshooting I could from here.
I made sure I’m not blocking any Cloudflare IPs by switching out the entire (physical) server.
I contacted my ISP to make sure there’s no rate limiting in place.
Even though my server should not block any IP’s at all, I made sure to explicitly whitelist all Cloudflare IP ranges.
As I am the hosting provider, I can confirm that the server is working properly from all locations except from Luxembourg.
There is currently no firewall in place that could be dropping packets.
I don’t know how to further troubleshoot this. I could try traceroute, but I don’t have a specific IP address of a Cloudflare server that fails to connect. How could I further investigate?
Some more troubleshooting I did from the location I cannot access my website from:
When you get a 522 error, it should display a Ray ID. Open a support ticket and post the ticket number here, and we can try to get it escalated for you
Thank you for contacting Cloudflare Support. Your issue has been marked as Resolved in our system. If you require further assistance, simply reply to this email to re-open your ticket. If you have a new issue later on, please open a new ticket with us so that we don’t confuse two separate issues. Thanks.
Seems like email support is no longer available. Is there any other option to get support without having to pay $20/month? I really don’t see how the error could be originating from my side…
I did three times now, but I always get the same answer.
Your plan type grants you access to Support via our Cloudflare Community. Our Support team is only available to provide assistance on billing, account, and registrar related issues.
I did some more troubleshooting and here is the output of traceroute I did from two locations:
This location (Germany) works correctly:
traceroute: Warning: [mydomain.com] has multiple addresses; using 188.114.97.3
traceroute to [mydomain.com](188.114.97.3), 64 hops max, 52 byte packets
1 fritz.box (192.168.178.1) 2.001 ms 1.485 ms 1.640 ms
2 loopback1.0001.acln.02.fra.de.net.telefonica.de (62.52.201.192) 10.891 ms 32.953 ms 10.460 ms
3 bundle-ether28.0004.dbrx.02.fra.de.net.telefonica.de (62.53.0.58) 10.684 ms
bundle-ether28.0003.dbrx.02.fra.de.net.telefonica.de (62.53.0.22) 10.427 ms
bundle-ether28.0004.dbrx.02.fra.de.net.telefonica.de (62.53.0.58) 11.098 ms
4 bundle-ether1.0005.prrx.02.fra.de.net.telefonica.de (62.53.10.51) 10.714 ms
bundle-ether2.0005.prrx.02.fra.de.net.telefonica.de (62.53.9.53) 11.273 ms
bundle-ether1.0005.prrx.02.fra.de.net.telefonica.de (62.53.10.51) 11.877 ms
5 * * *
6 172.70.240.3 (172.70.240.3) 35.050 ms * *
7 * * *
8 * * *
9 * * *
10 * * *
11 * * *
12 * * *
13 * * *
14 188.114.97.3 (188.114.97.3) 25.162 ms * *
This location (Luxembourg) does not work correctly:
traceroute: Warning: [mydomain.com] has multiple addresses; using 172.67.219.143
traceroute to [mydomain.com] (172.67.219.143), 64 hops max, 52 byte packets
1 10.2.0.0 (10.2.0.0) 15.995 ms 15.023 ms 15.495 ms
2 fritz.box (192.168.178.1) 15.927 ms 16.983 ms 15.906 ms
3 83.99.109.2 (83.99.109.2) 19.351 ms 18.222 ms 19.316 ms
4 * * *
5 as13335.members.lu-cix.lu (188.93.170.100) 22.260 ms
cloudflare-2.par.franceix.net (37.49.238.59) 24.442 ms
as13335.members.lu-cix.lu (188.93.170.100) 21.114 ms
6 172.71.120.4 (172.71.120.4) 25.061 ms
172.67.219.143 (172.67.219.143) 18.834 ms
172.71.116.4 (172.71.116.4) 28.221 ms
I’ll just quickly summarize the issue first. All of my Websites are hosted on the same server and are proxied through Cloudflare. On Friday, the 16. of December 2022, all of my websites became unavailable when trying to access them from Luxemburg (colo=LUX), but they were still accessible from anywhere else. The issue seems to be to this single Cloudflare location in Luxemburg.
Switching to other origins or pausing Cloudflare did resolve the error, but were not an option. I verified that no incoming packets are dropped and that all Cloudflare IP ranges were allowed to connect.
This led to my suspicion that the problem must be a routing problem between the Cloudflare Colocation in Luxembourg and my origin server. The issue still persists.
However, today I managed to find a workaround, by using DDNS but with disabling IPv4 support completely and only setting the IPv6 entry and using CNAME for all of my DNS entries. This made all of my websites available from Luxembourg again, but is now causing other issues at my end, as I was using the IPv4 DDNS at other places too. So ideally I’d like to re-enable IPv4 support for my DDNS, but this again causes the original issue.
Solving the issue by switching to IPv6 leads me to believe, that the issue is indeed a routing problem.
TL; DR:
I solved the 522/523 errors users from Luxembourg were experiencing by switching my DNS entries to IPv6. Switching back to IPv4 still causes the problem.