Site not accessible from AT&T ceullar data

I have a site, sheltermanager.com that is no longer accessible from AT&T cellular data in the US as of about a week ago. There are no issues accessing it from any other ISP or mobile service in the US (or the rest of the world).

AT&T are insisting there is nothing wrong at their end and the problem has to be Cloudflare. I’m dubious, but this is doing a lot of harm to my business and customers. I saw a recent post from another Cloudflare user with the same problem and their only resolution was to stop using Cloudflare on their site, which is not something I’m willing to do.

How can we troubleshoot this? I’ve asked a colleague to produce a traceroute to sheltermanager.com from their cell phone, which is below and looks ok to me:

  1. 172.26.96.161 (172.26.96.161) 46.428 ms, 100/100 ps, 0.0% loss
  2. 172.16.12.252 (172.16.12.252) 49.598 ms, 100/100 ps, 0.0% loss
  3. 12.249.2.1 (12.249.2.1) 42.295 ms, 100/100 ps, 0.0% loss [AS 7018] United States
  4. 12.83.179.194 (12.83.179.194) 49.755 ms, 100/100 ps, 0.0% loss [AS 7018] United States
  5. 12.123.18.229 (12.123.18.229) 41.812 ms, 100/100 ps, 0.0% loss [AS 7018] United States
  6. 4.68.39.1 (4.68.39.1) 49.575 ms, 99/99 ps, 0.0% loss [AS 3356] United States
  7. ae-3-3701.edge4.atlanta2.level3.net (4.69.216.145) 66.602 ms, 99/99 ps, 0.0% loss [AS 3356] United States
  8. 4.15.112.22 (4.15.112.22) 81.197 ms, 99/99 ps, 0.0% loss [AS 3356] United States
  9. 104.26.14.150 (104.26.14.150) 61.548 ms, 99/99 ps, 0.0% loss [AS 13335] United States

When you say “no longer accessible” - what type of error do they get? The traceroute does show them reaching us successfully, as you have described.

I can see your domain loading fine worldwide here https://wheresitup.com/demo/results/60b78093572cad2508768f20 so it sounds quite unusual.

Can you have the impacted user provide the output from these two:

https://sheltermanager.com/cdn-cgi/trace
https://cloudflare.com/cdn-cgi/trace

1 Like

Hi, thanks for replying. I went through Cloudflare support and AT&T and think we have it figured out. The error message was about failing SSL handshake.

The issue appears to be related to IPv6 and the transparent proxies used by AT&T for their cell users. I disabled IPv6 on my domain with Cloudflare and that seems to have cured the issue for now, obviously there will be many other Cloudflare sites affected by this. AT&T are looking into it.

1 Like

Thanks for the update. I just checked my site over AT&T 5G and it looks like this issue has been resolved.

Thanks for the update, both. Internally it looks like our Network team are talking to AT&T to help get this resolved. For now if you are impacted, disabling IPv6 for your zone via our API can help:

4 Likes

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.

I’ve disabled the IPv6 on my site because of the AT&T network debacle discussed here:

It seems to have fixed the problem for now.

The discussion is now closed, but it ends by saying that Cloudflare is talking with AT&T about a solution. Is there a way that I can know when the problem is solved so I can re-enable IPv6?

Kind of amazing, but due to the number of US users I had who were affected, I was invited to a meeting with AT&T’s network team. I helped them run a few traces and they’re going to notify me when the IPv6 problem is fixed from their end. I’ll post here again when that happens.

One thing I found absolutely amazing was that they’d never heard of Cloudflare, they confirmed they were having some similar issues with other reverse proxy/CDN services.

1 Like

I will let you know when our Network team have an update @scot.mortimer - you may also want to raise a contact with AT&T directly to get updates from them.

1 Like

Hello all, we appear to be suffering from the exact same problem in the UK. We’ve had a number of customers complain that they are unable to access our app and website. Looking into it, it happens that my own device over Three’s 5G is one of the affected devices.

It appears that DNS is the issue, since I can ping and traceroute from the device to Cloudflare IP’s no problem at all, provided I do the DNS lookup through 8.8.8.8 or 1.1.1.1. However, if I allow the device to use the default DNS servers as provided by the mobile network, our entire zone is missing.

I haven’t yet tried disabling IPv6 through the API since I need to OK that before I can do it, but wanted to raise awareness that this might be affecting more than just AT&T in the US.

Please let me know if there is anything I can do to provide more information.

@jack6 thanks for raising but this sounds like a separate issue - can you raise a new topic and provide the output from yourdomain.com/cdn-cgi/trace and traceroutes and DNS lookups to yourdomain.com (replace appropriately) as well as cloudflare.com for comparison.

AT&T contacted me to say they’ve resolved the issue. I’ve re-enabled IPv6 on my domain and had some users with AT&T cell phones check and verify that it’s now fixed for me.

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.

Just to confirm - we’ve had a notification from AT&T that they have resolved this and our testing shows that - if you do see further issues - it’s best to raise examples with AT&T directly.

If you disabled IPv6 as a workaround for your domain, we recommend that you re-enable it via the API.

2 Likes