Why is my pfSense WAN to Comcast going via 100.99.197.221 which appears to be in Belarus?

tetranz asked:

We are having internet problems today. We use a Comcast business connection. We have a /29 network from Comcast. We have these IP address:

50.x.x.249, 50.x.x.250, 50.x.x.251, 50.x.x.252, 50.x.x.253

The gateway is 50.x.x.254.

The Comcast modem is on the WAN side of pfSense. Our LAN is on 192.168.1.x. It’s been working fine for months.

Today it is slow and intermittent. I tried some traceroutes to google.com.

Here’s what I think is a “normal” traceroute.

ross@saturn:~$ traceroute 74.125.226.166
traceroute to 74.125.226.166 (74.125.226.166), 30 hops max, 60 byte packets
 1  192.168.1.1 (192.168.1.1)  0.348 ms  0.312 ms  0.275 ms
 2  ourname.com (50.x.x.254)  485.721 ms  486.209 ms  486.645 ms
 3  * * *
 4  * * *
 5  * * *
 6  * * *
 7  * he-2-5-0-0-cr01.newyork.ny.ibone.comcast.net (68.86.94.201)  497.526 ms  497.503 ms
 8  he-0-12-0-0-pe03.111eighthave.ny.ibone.comcast.net (68.86.83.106)  497.049 ms * *
 9  * as15169-2-c.111eighthave.ny.ibone.comcast.net (23.30.206.126)  427.788 ms  459.177 ms
10  216.239.50.108 (216.239.50.108)  459.310 ms  459.365 ms  459.326 ms
11  209.85.245.183 (209.85.245.183)  458.997 ms  459.951 ms  459.858 ms
12  lga15s45-in-f6.1e100.net (74.125.226.166)  459.541 ms  459.338 ms  459.485 ms

I think that looks okay although it’s slow. Here to Google is usually about 40 ms.

Then it gets weird. Sometimes a traceroute to the same IP address gives this:

ross@saturn:~$ traceroute 74.125.226.166
traceroute to 74.125.226.166 (74.125.226.166), 30 hops max, 60 byte packets
 1  192.168.1.1 (192.168.1.1)  0.313 ms  0.292 ms  0.258 ms
 2  100.99.197.221 (100.99.197.221)  334.391 ms  334.715 ms  334.832 ms
 3  * * *
 4  * * *
 5  * * *
 6  * * *
 7  * he-2-5-0-0-cr01.newyork.ny.ibone.comcast.net (68.86.94.201)  373.861 ms  374.827 ms
 8  he-0-12-0-0-pe03.111eighthave.ny.ibone.comcast.net (68.86.83.106)  374.509 ms * *
 9  * as15169-2-c.111eighthave.ny.ibone.comcast.net (23.30.206.126)  701.375 ms  699.541 ms
10  216.239.50.108 (216.239.50.108)  700.174 ms  700.083 ms  700.355 ms
11  209.85.245.183 (209.85.245.183)  700.070 ms  700.462 ms  701.599 ms
12  lga15s45-in-f6.1e100.net (74.125.226.166)  701.384 ms  701.225 ms  701.685 ms

Why on earth is that 100.99.197.221 showing up? It seems like pfSense went there as the first hop instead of our gateway. According to http://whois.domaintools.com/100.99.197.221 that is in Belarus but I’ve read RFC6598 and I don’t think it is supposed to be publicly routable. If I do a traceroute to 100.99.197.221 from a different connection, it really does go to Belarus (.by) and takes quite a few hops to get there so the one hope from my LAN to that address doesn’t seem real.

We haven’t changed anything recently and everything has been working well until now. Does this look like a problem with the ISP (Comcast) or something at our end? We’ve been through the initial “reboot the modem” thing with Comcast but I’m at a bit of a loss to know what to do next.

It seems to go reasonably well speed wise after a modem reboot but slows down when we push any significant traffic from our LAN. It seems to stay slow even after that traffic stops.

Could someone please confirm the following test setup in case I’m missing something obvious. I disconnect the modem from the pfSense WAN and connect the modem to a Windows laptop. I set the laptop IP address to 50.x.x.249, the mask to 255.255.255.248 and gateway to 50.x.x.254. If I do that, I can’t get to anywhere, not even the gateway. Everything is “not reachable”. I’ve tried two different computers. I’m sure the cable between the computer and modem is okay so I don’t know why that doesn’t work or why pfSense does work, at least somewhat.

Thanks for any help.

My answer:


It’s not in Belarus. And the website you used has outdated information.

That IP address space really is shared-use private nonroutable address space. But some or all of it was previously assigned, and some routers might still know old routes for it.

As for why you’re seeing it in traceroutes, I could not say for sure. It is Comcast, after all, and only they can give you a concrete answer. But since the whole point of that address space is so that ISP networks can give their routing infrastructure private addresses, freeing up some IPv4 addresses, it stands to reason that Comcast is slowly but surely renumbering their infrastructure to use the RFC 6598 addresses.


View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.