Can someone confirm this? I have multiple sites on CF and every time the connection is really really slow. However friends from other ISPs and countries do not experience this slowness.
Windows Trace:
C:\Users\alexp>tracert aebian.org
Tracing route to aebian.org [2a06:98c1:3120::3]
over a maximum of 30 hops:
1 2 ms 1 ms 6 ms p200300C1C741Ff8D96988ffffe67420C.dip0.t-ipconnect.de [2003:c1:c741:ff8d:9698:8fff:fe67:420c]
2 8 ms 8 ms 12 ms 2003:0:8800:2800::1
3 113 ms 119 ms 113 ms 2003:3c0:1600:8000::1
4 172 ms * 166 ms 2003:3c0:1600:800a::2
5 187 ms 166 ms * ae-0.r24.asbnva02.us.bb.gin.ntt.net [2001:418:0:2000::269]
6 175 ms 164 ms 161 ms ae-0.a08.asbnva02.us.bb.gin.ntt.net [2001:418:0:2000::2b9]
7 162 ms 164 ms 179 ms 2001:418:0:5000::a9b
8 165 ms 174 ms 166 ms 2400:cb00:352:3::
9 168 ms 164 ms * 2a06:98c1:3120::3
10 * 168 ms 170 ms 2a06:98c1:3120::3
Trace complete.
Mac Trace:
# aebian at Destiny.nethavn in ~ [22:23:49]
→ traceroute6 aebian.org
traceroute6: Warning: aebian.org has multiple addresses; using 2606:4700:3031::6815:4bcc
traceroute6 to aebian.org (2606:4700:3031::6815:4bcc) from 2003:c1:c741:ff8d:28ad:2673:f2a9:4e0c, 64 hops max, 28 byte packets
1 p200300c1c741ff8d96988ffffe67420c.dip0.t-ipconnect.de 2.651 ms 2.372 ms 1.925 ms
2 2003:0:8800:2800::1 8.247 ms 7.931 ms 10.829 ms
3 2003:3c0:1600:8000::1 136.118 ms * 200.704 ms
4 2003:3c0:1600:800a::2 177.453 ms 168.408 ms 170.063 ms
5 *
ae-1.r25.asbnva02.us.bb.gin.ntt.net 164.264 ms
ae-0.r24.asbnva02.us.bb.gin.ntt.net 205.288 ms
6 ae-0.a08.asbnva02.us.bb.gin.ntt.net 169.704 ms 239.376 ms 226.611 ms
7 *
2001:418:0:5000::a9b 194.863 ms
2001:418:0:5000::f13 165.000 ms
8 2400:cb00:601:3:: 188.625 ms
2400:cb00:16:3:: 178.267 ms
2400:cb00:350:3:: 203.598 ms
9 * * *
10 * * *
11 * * *
12 * * *
13 * * *
14 * * *
15 * * *
16 * * *
17 * * *
18 * * *
19 * * *
20 * * *
21 * * *
22 * * *
23 * * *
24 * * *
25 * * *
26 * * *
27 * * *
28 * * *
29 * * *
30 * * *
31 * * *
32 * * *
33 * * *
34 * * *
35 * * *
36 * * *
37 * * *
38 * * *
39 * * *
40 * * *
The connection from which this tracert were made, has 100Mbits and according to e.g fast.com this speed is achieved right before and after the tracert.
There was a post from 2021 that said that changes were made and a few people confirmed it working. However I cannot confirm this now in 2024.
If other infos or logs are needed feel free to reach out.
All ISP’s that are a direct subsidiary of AS3320 Deutsche Telekom will be seeing these issues.
In addition, networks that are a customer of AS3320 Deutsche Telekom, but do not have another, more direct route to AS13335 Cloudflare, would similarly be seeing these issues…
If you’re paying anything to AS3320 Deutsche Telekom, I suggest you to complain to them, for providing such bad quality, and if you cannot get them to man up, as quoted above, then find another ISP that isn’t depending on, or related to AS3320 Deutsche Telekom in any way.
When/if AS3320 Deutsche Telekom does not want to ensure proper capacity on their network links, or otherwise do not want to peer (locally) with other networks, then there is absolutely nothing that these other networks (including Cloudflare) can do about it.
Got a link to the specific post you’re referring to?
So, I created a support case with the ISP (German Telekom) and it seems like they partially solved the issue.
The modem didn’t do an update because of some Security Issues they claimed, but they said they will force an update and in-fact, they router did do an update. They also claimed that because of that, a resolve of certain IPs was not working . I highly doubt their statement but what can you do…
The website connection is now much faster than it was before for some of my websites.
Others still take ages to load since I’m still routed over USA to the CF net…
C:\Users\alexp>tracert -6 aebian.org
Tracing route to aebian.org [2606:4700:3035::ac43:b5f8]
over a maximum of 30 hops:
1 1 ms 7 ms 1 ms p200300C1c7070c8c96988FfFfE67420c.dip0.t-ipconnect.de [2003:c1:c707:c8c:9698:8fff:fe67:420c]
2 50 ms 9 ms 14 ms 2003:0:8800:2800::1
3 * * * Request timed out.
4 172 ms 168 ms 160 ms 2003:3c0:1600:800a::2
5 188 ms 161 ms 162 ms ae-1.r25.asbnva02.us.bb.gin.ntt.net [2001:418:0:2000::26b]
6 162 ms 168 ms 161 ms ae-1.a08.asbnva02.us.bb.gin.ntt.net [2001:418:0:2000::2bb]
7 159 ms 162 ms 159 ms 2001:418:0:5000::a9b
8 170 ms 202 ms 175 ms 2400:cb00:354:3::
9 * 161 ms 161 ms 2606:4700:3035::ac43:b5f8
Guess I’ll have to create another support request with them. They however called me really fast, so at least that is good. Probably gonna create another tomorrow afternoon.
By looking at the traceroutes shared over there, nothing actually changed in the path from AS5483 Magyar Telekom towards AS13335 Cloudflare.
Routing is however two-way, so it could have been nice to the path in the other direction (AS13335 Cloudflare towards AS5483 Magyar Telekom), as the path there could be completely different from the other direction.
Here it sounds like they’re talking about the modem / router located on your address?
There’s nothing in that which can be the culprit to the current issue, with the routing to the United States.
I know the game very well, with those incumbents as well as other companies that are anywhere from tough to impossible, to “work together with”.
The modem / router, or any other kind of “gear” located on your address, will NOT be the changing anything in regards to the peering and/or routing policies of AS3320 Deutsche Telekom.
So yeah, anything you (or they) do there, won’t be changing anything in regards to the routing to the United States.
As the domain name you mentioned is matching your nickname “Aebian”, it somehow makes me think a personal domain?
Do all these multiple sites" you refer to, use the Free plan from Cloudflare?
Yeah, modem is local at my apartment, thats what they remote-updated.
Afaik they did nothing on their side.
Oh yeah, it is my personal blog and my Exchange Online has this as additional domain as well for mail services. Somewhat of a domain for personal / private stuff.
Yup, all of them. And they are using the Tunnel via cloudflared (CF One).
another example domain would be groupwiki.nethavn.group
The most ridiculous thing is, that their support case form is only allowing for 600 characters at most, so I can’t provide detailed information there… I hope I can add links there so I put most of the info in a Github gist hoping they know what Github is enough to click that link then.
Will create a new case tomorrow with them and see how this goes.
Trying to fix a switch / edge gateway side issue by updating a client, yeah suuuure.
Just for the Information sake. I re-opened the ISP Support request again and provided information via GitHub Gist in very detail. I also included a working traceroute from a non-Telekom connection to show them the real fix
Now I have to wait and see what the person gets back with.
I’ll keep y’all posted.
So I had a long call with the Telekom again. This time I got another agent on the phone.
She described, that the issue faced would be due to different security standards that Telekom and Cloudflare use.
The first option she gave was “Maybe you can use a VPN and check if it yields better results”.
I then told her, that this would be only a workaround and a a person would need a VPN-Provider to actually test this workaround.
She understood that this is requiring additional services not everyone wants/have.
I then directed here to the GitHub Gist link I provided in the contact form (she didn’t find that at first) and she told me that this will now be sent to the 3rdLevel Support to check for options.
Fingers crossed that nothing happens. (Oh did I say that out loud?)
I’ll keep you posted again.