- Order by phone: 0800 033 8006
- Blog
- Coverage checker
- Store locator
on 10-22-2023 03:21 PM
Is anyone else occasionally getting a 'connection down' error from Chrome (or 'Secure Connection Failed' from Firefox) when changing page - if I hit refresh it works fine. At first I wondered if it was the site I was using but have noticed it on multiple different major websites over the past couple of months and not noticed it from other locations where I don't use Three Broadband so does seem to be related to the router/connection (this is via wired Ethernet too, so not a WiFi problem). I've tried changing DNS server in case that helps but no difference.
It mainly seems to happen when trying to first load a site or (annoyingly) at checkout when a different site is being loaded as part of the checkout process. It certainly doesn't happen everytime but does happen with reasonable frequency. I've also noticed I often get it when trying to pull/push from/to Github too and have to do so a number of times for it to work (browsing the Github website works fine).
on 04-24-2024 02:02 PM
The issue occurs for me with websites also hosted via AWS and other cloud providers, so it's nothing to do with Akamai. (Have checked for Akamai routing in traceroute also)
on 04-24-2024 01:17 PM
New information.. Looks like the problem exisits somewhere between Three and Akamai..
If I manually change my DNS entry for visualstudio.microsoft.com to a different Akamai server (104.123.88.60), I can repeat the abolve connection test repeatedly, with ZERO errors..
Difference being that IP-Geolocation shows the new IP to be at a UK based Akamai datacentre, rather than the Ireland based datacentre..
Because of the way these CDNs work, I don't think theres a nice way to change from one to another. Maybe using a purely UK based DNS resolver.. I'll try this next, currently I run my own resolver based in Iceland.
on 04-24-2024 01:26 PM
Good detective work, @AkiTaiyo! Presumably this is why using a VPN is helping too as the routing to Akamai is being tunnelled and occurring elsewhere rather than between Three and Akamai.
@JonathanB hopefully your senior technical folk can look into this additional info???
on 04-23-2024 04:49 PM
Failed to load their own f'in website..
on 04-23-2024 04:27 PM
With visualstudio.microsoft.com, the failure rate is almost 1 in 5 attempts, which is terrible..
Three needs to fix this ASAP..
on 04-23-2024 03:47 PM
Another failure, this time at visualstudio.microsoft.com.. Once again, served from Akamai..
on 04-23-2024 12:55 PM
Just had it happen again.. This time on sky.com.
Now there is an interesting coincidence here..
The IP address for inews (2.19.176.162) and the one for sky (23.57.166.79) are both served from an Akamai data centre.
Does that mean that Three's network doesn't play nicely with Akamai's infrastructure?
on 04-23-2024 12:37 PM
Sadly it was just coincidence.. After spam loading a bunch of pages I started getting some failures again.
Whats interesting is there doesn't seem to be any suitable explanation for it from the wireshark logs..
Here's a side-by-side of a connection to inews, one fails and one works.
The first picture shows the log from the failed attempt. The curious part of this is that at *exactly* the same time as the 'window update', a FIN is sent from the server to close the connection.
Compare this to refreshing the page, which loads correctly
The opening sequence is identical... Except that WireShark identifies the working session 'Hello' as TLS v1.3, where as the failed session it identified as TLS v1. I suspect this is a identification discrepancy with wireshark. The details both show the same version IDs.
Not sure from here, if anyone has any more insight on this I can provide these two sessions as wireshark files.
The oddity for me is the FIN coming in, initiated by the server end.
on 04-23-2024 09:17 AM
After a bit of playing around in Wireshark with some sites that were intermittent..
It looks like the issue might be related to sites that use the QUIC protocol. This is a UDP based transport on port 443, as apposed to the usual TCP based.
As an experiment, I've configured my firewall to block all UDP traffic on 443.. So far, no more 'end of file' errors..
Will see how it goes, or maybe just a coincidence.
on 04-23-2024 11:45 AM
Interesting, could you keep us updated on how that goes.