Cloudflare Routing Issue

So I’ve got a site that’s running through Cloudflare, simple stuff.

The very weird thing is that the IP addresses being returned for my site is one in London, and the other one in Pakistan.

My ISP has advised that they route traffic as and how Cloudflare advertises their IP range. Anyone know how to “reset” this behaviour as the site in question is restricted using the WAF rules, to only be accessible from within South Africa.

You can’t set that, routing depends on your ISP

But you can certainly use the firewall to limit access to South Africa. Given, the entries are proxied.

So a nslookup on the domain results in the following:

Server:        192.168.5.1
Address:    192.168.5.1#53

Non-authoritative answer:
Name:    a.b.c.d
Address: 104.21.89.188
Name:    a.b.c.d
Address: 172.67.191.6

The response from my ISP was as follows

So those IP’s do not live in SA so the traceroutes are correct. Cloudflare decides what they announce to us in SA at NAP peering points. Since these IP’s live in the UK and Pakistan it is probably Cloudflare or the website that decided not to enable ZA CDN.

Cloudflare will not announce their ranges that reside outside South Africa to us at NAP Peering points so we use our transit to reach these IP’s

Yes, the entries are proxied and the linked article applies as far as routing is concerned. Your ISP may have to sign a peering agreement with them.

This is very strange. As the website used to always be served between the POPs within South Africa. But now the IP address has completely changed to an IP not located within any of the 3 POPs in South Africa.

So you’re still saying then this is an ISP issue?

Yes and no, it’s a peering issue. Your ISP needs to peer with Cloudflare and the addresses need to be announced. It also depends on the plan you are on, the higher the plan, the better routing typically is.

I will chat to my ISP again, but my mobile data (completely different ISP) resolves to the save colo if I check out domain.com/cdn-cgi/trace

So I do find it hard to believe this is an ISP issue, if two respective ISP’s are having the same IP resolving and same routing to an POP far away.

I will ask a few of my friends, on other ISP’s what they get when they run nslookup

Again, the article really elaborates on that. Both ISPs will have a peering issue here and this is something only they can fix, possibly by working Cloudflare, but the community cannot help here.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.