Has something gone wrong with EE Mobile Broadband routing?

dave_101 · ‎31-10-2022

I'm trying to understand what's happened with EE's Mobile broadband performance, because it's fallen off a cliff in the past few days.

The culprit appears to be in the way the routing is configured, as whenever I run a traceroute, it flounders around at IP address 11.1.6.254.

In the past, traceroute was quick and logical - it flowed straight from my router to a logical IP address in the same space as my router's (DHCP granted) internet facing IP address. A quick search for 11.1.6.254 seems to imply that it is geolocated to Columbus, OH, and is run by the US Department of Defense.

So my question is, why would EE be forwarding all the traffic from the mobile broadband to a US DoD server?

XRaySpeX · ‎31-10-2022

What is the full traceroute?

If you think I helped please feel free to hit the "Thumbs Up" button below.

To phone EE CS: Dial Freephone +44 800 079 8586 - Option 1 for Mobile Phone & Mobile Broadband or Option 2 for Home Broadband & Home Phone

ISPs: 1999: Freeserve 48K Dial-Up => 2005: Wanadoo 1 Meg BB => 2007: Orange 2 Meg BB => 2008: Orange 8 Meg LLU => 2010: Orange 16 Meg LLU => 2011: Orange 20 Meg WBC => 2014: EE 20 Meg WBC => 2020: EE 40 Meg FTTC => 2022: EE 80 Meg FTTC (no landline number)

dave_101 · ‎31-10-2022

So the beginning of the trace (the tail is not problematic) is

1  192.168.60.101 (192.168.60.101)  0.987 ms  0.248 ms  0.214 ms
2  10.10.20.101 (10.10.20.101)  1.246 ms  0.847 ms  0.907 ms
3  11.1.6.254 (11.1.6.254)  58.483 ms  31.277 ms  40.039 ms
4  * * *
5  * * *
6  * * *
7  109.249.132.36 (109.249.132.36)  41.972 ms  43.030 ms
   109.249.132.6 (109.249.132.6)  40.138 ms
8  peer2-et4-0-6.slough.ukcore.bt.net (62.172.103.151)  52.624 ms
   peer8-et-0-1-4.telehouse.ukcore.bt.net (109.159.252.106)  26.451 ms
   peer3-et3-1-4.slough.ukcore.bt.net (62.172.103.232)  23.324 ms

It is hop 3 that is definitely the problem child, and somewhat bizarre. The external IP address that my router has is in the private 10.157.x.x address space (I'm somewhat surprised it's not in the CGNAT range), so I'm intrigued that the next hop is to 11.1.6.254, especially as this is a public address apparently hosted in the 'States.

BTW, don't be concerned about the two private address at the start of the trace. The first is my internal firewall, and the second is the 4G router. NAT only occurs on the 4G router.

XRaySpeX · ‎31-10-2022

I would agree with your findings but am puzzled how a US DoD hop can come before an EE/Orange node & other UK sites. As it comes logically (as opposed to timewise) nearer to you than them I wonder if it's to do with your setup. It's like it's leaving you to go to the US DoD before coming back to the EE network & thence onto the BT infrastructure (BT Customer Loopbacks). Are you running some sort of VPN?

Or are you being spied on by the CIA or US Military 😉?

If you think I helped please feel free to hit the "Thumbs Up" button below.

To phone EE CS: Dial Freephone +44 800 079 8586 - Option 1 for Mobile Phone & Mobile Broadband or Option 2 for Home Broadband & Home Phone

ISPs: 1999: Freeserve 48K Dial-Up => 2005: Wanadoo 1 Meg BB => 2007: Orange 2 Meg BB => 2008: Orange 8 Meg LLU => 2010: Orange 16 Meg LLU => 2011: Orange 20 Meg WBC => 2014: EE 20 Meg WBC => 2020: EE 40 Meg FTTC => 2022: EE 80 Meg FTTC (no landline number)

Mustrum · ‎31-10-2022

Is the test being done from an apple device?

dave_101 · ‎01-11-2022

I see the same behaviour when running tracert on Windows.

dave_101 · ‎01-11-2022

No VPN involved.

I noticed another post or two on the forums where people where showing things related to this 11.1.6.254 address, so I don't believe it's just me.

Just to add that I also have Starlink, and when I run a traceroute from the same devices, but through the Starlink route, I don't see any illogical behaviour. That is, the hops are all logical up from my firewall, to the Starlink router, through the Starlink CGNAT and then out to the public internet.

It is only with EE that the problem exists.

I have to say that it feels like a router configuration issue within the EE network, as though someone has set something up incorrectly in a routing table.

XRaySpeX · ‎01-11-2022

Does your router tell you what the Gateway IP to the Internet is?

If you think I helped please feel free to hit the "Thumbs Up" button below.

To phone EE CS: Dial Freephone +44 800 079 8586 - Option 1 for Mobile Phone & Mobile Broadband or Option 2 for Home Broadband & Home Phone

ISPs: 1999: Freeserve 48K Dial-Up => 2005: Wanadoo 1 Meg BB => 2007: Orange 2 Meg BB => 2008: Orange 8 Meg LLU => 2010: Orange 16 Meg LLU => 2011: Orange 20 Meg WBC => 2014: EE 20 Meg WBC => 2020: EE 40 Meg FTTC => 2022: EE 80 Meg FTTC (no landline number)

dave_101 · ‎01-11-2022

The routing table shows me that the gateway for my router is in a 10.x.x.x network (it changes, because the router is set to reboot each night). So the next hop should not be 11.1.6.254, unless somewhere in the EE network, something strange is going on.

dave_101 · ‎08-12-2022

I just want to draw a line under this topic, at least from my perspective.

For the last three days, the EE mast in the Taunton area would appear to have been offline, as there's been no service.

It has just come back online.

I tried the traceroute again, and voila!, it no longer goes via a US DoD server. Throughput and general performance is back where it was prior to the sudden introduction of this rogue 11.1.6.254 address.

I'd love to know what was actually going on. It is easy to imagine some wonderful conspiracy theories - for example, was there a rogue terror cell operating in Somerset, which were being tracked by the CIA and who in turn had hacked into the mast?

Personally, I'm sticking with a simpler answer. Either some dodgy/failing kit, or some misconfiguration, which has now been fixed. But (and I know this will never happen) it would be nice for EE to come clean and actually say what went wrong.