Cloudflare source IPv6 lookups with RIR's

Towards the end of last year VOX had their IPv6 subnet adjusted from a /32 to a /29 by Afrinic.

When I test from the original subnet 2c0f:fd58::/32 I am able to access the below servers hosted by cloudflare without any issues over IPv6. However when testing from any other subnet in the /29 (example: 2c0f:fd59::/32) we encounter the below issues.

As mentioned previously, we had a similar issue with another provider where their API was not updating the /29 as a local South African subnet.

For example:
Battlestate Game servers appear to be hosted in the Cloudflare subnet: 2606:4700::/44, We are currently picking up an issue with our clients running on IPv6 when connecting to the Battlestate local game servers. The issue experienced is that the Game Client is detecting the incorrect region when connecting to cloudflare servers from 2c0f:fd58::/29 (AS 11845)

  • Note: When running IPv4 only, there are no issues connecting to the local game servers hosted with Cloudflare.

What exact error code(s)/message(s) do you see?

MaxMind is providing the database that Cloudflare is using to determine the geographic location for IP addresses.

MaxMind is having IP addresses from all the 8 individual /32’s (making up the /29) as being South Africa (ZA).

Can you share how exactly you have tested things and came to this conclusion?

And what exactly makes you believe that the problem is with Cloudflare?

Thanks for the info around MaxMind etc, so we’re not seeing any error codes, but just noticed that the customer, when testing with the Vox (South African) v6 IP within the /29 block, appears to be in Europe and not South Africa. In another instance there was an error that came up, when connecting to 2606:4700::6812:1b03:

image

which is error 103003, “matchmaker error. Wrong region USA.”

A pcap was done to get the destination IPv6 address when we were testing from the Vox IPv6 address and came back as Cloudflare on the whois.

I will see if there’s a way to check the Vox /29 IPv6 prefix with MaxMind. Thank you.

That part doesn’t seem to be a problem with neither Cloudflare nor MaxMind.

But an issue that needs to be escalated with the technical team of:

This one seems to be a regular request to one of Cloudflare’s Proxies for HTTP traffic.

The vast majority of Cloudflare’s IP addresses are registered to the headquarters in the United States.

Sounds to me like Battlestate need to restore original visitor IPs:

Without that kind of configuration to their set up, all their backend sees, will be the Cloudflare IP addresses, and not the original visitor’s IP.

And, likely the reason why you’re seeing that “Wrong region USA” error.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.