Connection to CF via German Telekom is very slow

Cheers & Greetings,

Can someone confirm this? I have multiple sites on CF and every time the connection is really really slow. However friends from other ISPs and countries do not experience this slowness.

Windows Trace:

C:\Users\alexp>tracert aebian.org

Tracing route to aebian.org [2a06:98c1:3120::3]
over a maximum of 30 hops:

  1     2 ms     1 ms     6 ms  p200300C1C741Ff8D96988ffffe67420C.dip0.t-ipconnect.de [2003:c1:c741:ff8d:9698:8fff:fe67:420c]
  2     8 ms     8 ms    12 ms  2003:0:8800:2800::1
  3   113 ms   119 ms   113 ms  2003:3c0:1600:8000::1
  4   172 ms     *      166 ms  2003:3c0:1600:800a::2
  5   187 ms   166 ms     *     ae-0.r24.asbnva02.us.bb.gin.ntt.net [2001:418:0:2000::269]
  6   175 ms   164 ms   161 ms  ae-0.a08.asbnva02.us.bb.gin.ntt.net [2001:418:0:2000::2b9]
  7   162 ms   164 ms   179 ms  2001:418:0:5000::a9b
  8   165 ms   174 ms   166 ms  2400:cb00:352:3::
  9   168 ms   164 ms     *     2a06:98c1:3120::3
 10     *      168 ms   170 ms  2a06:98c1:3120::3

Trace complete.

Mac Trace:

# aebian at Destiny.nethavn in ~ [22:23:49]
→ traceroute6 aebian.org
traceroute6: Warning: aebian.org has multiple addresses; using 2606:4700:3031::6815:4bcc
traceroute6 to aebian.org (2606:4700:3031::6815:4bcc) from 2003:c1:c741:ff8d:28ad:2673:f2a9:4e0c, 64 hops max, 28 byte packets
 1  p200300c1c741ff8d96988ffffe67420c.dip0.t-ipconnect.de  2.651 ms  2.372 ms  1.925 ms
 2  2003:0:8800:2800::1  8.247 ms  7.931 ms  10.829 ms
 3  2003:3c0:1600:8000::1  136.118 ms *  200.704 ms
 4  2003:3c0:1600:800a::2  177.453 ms  168.408 ms  170.063 ms
 5  *
    ae-1.r25.asbnva02.us.bb.gin.ntt.net  164.264 ms
    ae-0.r24.asbnva02.us.bb.gin.ntt.net  205.288 ms
 6  ae-0.a08.asbnva02.us.bb.gin.ntt.net  169.704 ms  239.376 ms  226.611 ms
 7  *
    2001:418:0:5000::a9b  194.863 ms
    2001:418:0:5000::f13  165.000 ms
 8  2400:cb00:601:3::  188.625 ms
    2400:cb00:16:3::  178.267 ms
    2400:cb00:350:3::  203.598 ms
 9  * * *
10  * * *
11  * * *
12  * * *
13  * * *
14  * * *
15  * * *
16  * * *
17  * * *
18  * * *
19  * * *
20  * * *
21  * * *
22  * * *
23  * * *
24  * * *
25  * * *
26  * * *
27  * * *
28  * * *
29  * * *
30  * * *
31  * * *
32  * * *
33  * * *
34  * * *
35  * * *
36  * * *
37  * * *
38  * * *
39  * * *
40  * * *

The connection from which this tracert were made, has 100Mbits and according to e.g fast.com this speed is achieved right before and after the tracert.

There was a post from 2021 that said that changes were made and a few people confirmed it working. However I cannot confirm this now in 2024.

If other infos or logs are needed feel free to reach out.

Any ideas?

Unfortunately, yes.

All ISP’s that are a direct subsidiary of AS3320 Deutsche Telekom will be seeing these issues.

In addition, networks that are a customer of AS3320 Deutsche Telekom, but do not have another, more direct route to AS13335 Cloudflare, would similarly be seeing these issues…

If you’re paying anything to AS3320 Deutsche Telekom, I suggest you to complain to them, for providing such bad quality, and if you cannot get them to man up, as quoted above, then find another ISP that isn’t depending on, or related to AS3320 Deutsche Telekom in any way.

When/if AS3320 Deutsche Telekom does not want to ensure proper capacity on their network links, or otherwise do not want to peer (locally) with other networks, then there is absolutely nothing that these other networks (including Cloudflare) can do about it.

Got a link to the specific post you’re referring to?

I will try and create a support case with them and provide the info I did here and see what they say.

Gladly, Speed issue for Hungarian Telekom users

So, I created a support case with the ISP (German Telekom) and it seems like they partially solved the issue.

The modem didn’t do an update because of some Security Issues they claimed, but they said they will force an update and in-fact, they router did do an update. They also claimed that because of that, a resolve of certain IPs was not working . I highly doubt their statement but what can you do…

The website connection is now much faster than it was before for some of my websites.
Others still take ages to load since I’m still routed over USA to the CF net…

C:\Users\alexp>tracert -6 aebian.org

Tracing route to aebian.org [2606:4700:3035::ac43:b5f8]
over a maximum of 30 hops:

  1     1 ms     7 ms     1 ms  p200300C1c7070c8c96988FfFfE67420c.dip0.t-ipconnect.de [2003:c1:c707:c8c:9698:8fff:fe67:420c]
  2    50 ms     9 ms    14 ms  2003:0:8800:2800::1
  3     *        *        *     Request timed out.
  4   172 ms   168 ms   160 ms  2003:3c0:1600:800a::2
  5   188 ms   161 ms   162 ms  ae-1.r25.asbnva02.us.bb.gin.ntt.net [2001:418:0:2000::26b]
  6   162 ms   168 ms   161 ms  ae-1.a08.asbnva02.us.bb.gin.ntt.net [2001:418:0:2000::2bb]
  7   159 ms   162 ms   159 ms  2001:418:0:5000::a9b
  8   170 ms   202 ms   175 ms  2400:cb00:354:3::
  9     *      161 ms   161 ms  2606:4700:3035::ac43:b5f8

Guess I’ll have to create another support request with them. They however called me really fast, so at least that is good. Probably gonna create another tomorrow afternoon.

Thanks for that!

By looking at the traceroutes shared over there, nothing actually changed in the path from AS5483 Magyar Telekom towards AS13335 Cloudflare.

Routing is however two-way, so it could have been nice to the path in the other direction (AS13335 Cloudflare towards AS5483 Magyar Telekom), as the path there could be completely different from the other direction.

Here it sounds like they’re talking about the modem / router located on your address?

:+1:

There’s nothing in that which can be the culprit to the current issue, with the routing to the United States.

I know the game very well, with those incumbents as well as other companies that are anywhere from tough to impossible, to “work together with”. :frowning:

The modem / router, or any other kind of “gear” located on your address, will NOT be the changing anything in regards to the peering and/or routing policies of AS3320 Deutsche Telekom.

So yeah, anything you (or they) do there, won’t be changing anything in regards to the routing to the United States.

As the domain name you mentioned is matching your nickname “Aebian”, it somehow makes me think a personal domain?

Do all these multiple sites" you refer to, use the Free plan from Cloudflare?

Yeah, modem is local at my apartment, thats what they remote-updated.
Afaik they did nothing on their side.

Oh yeah, it is my personal blog and my Exchange Online has this as additional domain as well for mail services. Somewhat of a domain for personal / private stuff.

Yup, all of them. And they are using the Tunnel via cloudflared (CF One).
another example domain would be groupwiki.nethavn.group

The most ridiculous thing is, that their support case form is only allowing for 600 characters at most, so I can’t provide detailed information there… I hope I can add links there so I put most of the info in a Github gist hoping they know what Github is enough to click that link then.

Will create a new case tomorrow with them and see how this goes.
Trying to fix a switch / edge gateway side issue by updating a client, yeah suuuure.

Thanks for your help / insight.

Just for the Information sake. I re-opened the ISP Support request again and provided information via GitHub Gist in very detail. I also included a working traceroute from a non-Telekom connection to show them the real fix :smiley:

Now I have to wait and see what the person gets back with.
I’ll keep y’all posted.

I wish good luck on the journey. :slight_smile:

Please do that! It will be nice to know the results (if any). :slight_smile:

I’m having the same issue. Are you also from Munich?

So I had a long call with the Telekom again. This time I got another agent on the phone.
She described, that the issue faced would be due to different security standards that Telekom and Cloudflare use.

The first option she gave was “Maybe you can use a VPN and check if it yields better results”.
I then told her, that this would be only a workaround and a a person would need a VPN-Provider to actually test this workaround.

She understood that this is requiring additional services not everyone wants/have.
I then directed here to the GitHub Gist link I provided in the contact form (she didn’t find that at first) and she told me that this will now be sent to the 3rdLevel Support to check for options.

Fingers crossed that nothing happens. (Oh did I say that out loud?)
I’ll keep you posted again.

Let’s just say Greater-Munich-Area.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.