“I can’t connect to my server!”

As a company that provides 24 hour, always up, service to clients we get some interesting questions. The one I think is the most interesting, and frustrating for us, is when a client says “I can’t connect to my server”. What are a some common things that can prevent a client from reaching their server?

  • Problems with their ISP
  • The server firewall has locked them out
  • DNS issues
  • VPN malfunctioning
  • Problems with one of our upstream providers

These are the top five. So we’ll start at the top and work our way down.

Problems with their ISP

Let’s not forget that the internet is quite literally a connection of cables and wires. Each of these being controlled, but not necessarily owned, by competing companies. Let’s say your ISP is Comcast, this is how your traffic flows to Tranquil Hosting…

I can't get to my server at Tranquil Hosting

From here it can literally be The Wild West. But before we tackle that part of the equation, let’s talk about what can happen within Comcast. If you look closely you will see Packet Shaper in our list above. Yes, Comcast uses packet shaping. Just about every ISP does. It is how they provide a quality of service making services such as VOIP have priority over a Torrent download. There is also the issue of whether Comcast directly connects with the upstream provider that we use and if they do, what type of connection is that? Comcast does peer with a few of the largest upstream providers, but in general they are trying to sell circuits to smaller ISP’s and hosting providers. That is for a different blog post though. So as you can see, even before your packets leave Comcast’s network there is a lot going on. Any one of those switches could have an issue, or be overloaded, along the way. The Packet Shaper could be deprioritizing your traffic. For the purposes of our discussion let’s say your packets make it through the Comcast Intranet unscathed.

Now your traffic is in the Public Internet. It has been handed off to another upstream provider, or maybe a handful, before it actually gets to a router at Tranquil Hosting. While your packets are bouncing around they could run in to any number of troubles. Other providers switches our routers having issues, oversubscribed ports, a bad gbic, etc. Think of it as if you are flying across the world and have to change planes five times. Each time you change planes your luggage needs to change also. Anywhere along the way someone could mess up and your luggage is left in a room, isolated at an airport in a distant country. After all this, your packets reach the Tranquil Hosting router, hooray! Up until this point any issue that has arisen is almost completely out of our control.

Once you are on Tranquil Hosting’s network we can diagnose the issue you are having and see if it has anything to do with our network or if it is an issue with your server. Generally, but not exclusively, the issue is on the server. Not to say we don’t have our share of issues sometimes, because we do. We monitor the network 24/7/365 so in almost every case we know something is going on before you do (and isn’t that how it’s supposed to be?).

This brings us to the next three items on our list. Did the firewall lock you out? Don’t laugh it happens, a lot. A client or one of their staff fat fingers a password enough times and BAM! locked out. A malfunctioning FTP client tries to reconnect a couple hundred times, BAM! locked out. This is usually a quick fix after dropping a ticket in to our support department.

Maybe the issue is DNS

Do you use your registrars DNS? Maybe a paid third party? Could be that their system is affected by something like a DDOS attack. In this case you can almost always access the server via the IP address, sometimes not ideal but does work in a pinch.

Could be the VPN

If you use a VPN to access the server, maybe it is down. Could be at its connection limit or a few other issues. These are generally quick fixes for our support department also.

Finally, maybe one of our upstream providers are having issues

Yes, we have multiple providers. Yes we run BGP. Yes, you should get the best route to your server from your location. Unfortunately it doesn’t always work that way. There is caching of records. Could be that your ISP is forcing traffic over the provider that is having an issue or any number of issues. We can cover this in another blog post.

So, what is the first step when you are having trouble? Do a trace route to your server, then ping it 50 to 100 times. See any anomalies? Look at the points along the trace route, not just the end point. I have seen issues where a clients home router was having an issue and causing huge latency right from the start. After you do these two tests and determine it is not something within your control, contact us. We’ll take it from here. Here are some friendly tips for doing these tests on a windows or a mac. I assume if you are using linux or BSD you know how to do a trace route and ping test already.

Mac Instructions for doing a Trace Route:

  • Go to Applications > Utilities and open Terminal
  • In the Terminal window enter traceroute (your domain or IP), ie; traceroute google.com
  • Let the results run until it ends (hint, if you need to end press CTRL and Z)

Windows Instructions for doing a Trace Route:

  • Go to Start > Programs > Accessories > Command Prompt
  • Enter the word tracert, followed by a space, then your domain or IP
  • Let the results run until it ends