TRACEROUTE QUESTION

Answered Question
Mar 23rd, 2007

Got a traceroute question? When you see output from a traceroute that has ip?s from multiple interfaces on the same device, like the one below, can you tell me what would cause that? In the case below the first and third address under each hop is the same ip?

I am suspecting that each probe took a different route, but am confused by what the effect would be on subsequent hops. Thanks.

Success rate is 100 percent (5/5), round-trip min/avg/max = 64/65/68 ms

RT852CR01#trace 10.111.1.5

Type escape sequence to abort.

Tracing the route to 10.111.1.5

1 10.112.2.141 0 msec

10.112.2.10 0 msec

10.112.2.141 4 msec

2 10.112.2.148 0 msec

10.112.2.17 0 msec

10.112.2.148 4 msec

3 10.119.250.113 [AS 64512] 0 msec 0 msec 0 msec

4 10.119.250.101 [AS 64512] 68 msec 64 msec 64 msec

5 10.119.250.98 [AS 64512] 64 msec 64 msec 64 msec

6 10.111.2.245 [AS 65132] 64 msec 64 msec 64 msec

I have this problem too.
0 votes
Correct Answer by Richard Burts about 9 years 8 months ago

Steve

I have read your follow-up posts and will attempt to answer them.

Let me start by emphasizing that traceroute packets are regular routed IP packets (if it of interest traceroute from *nix boxes and Cisco boxes are UDP packets and tracert from Windows is ICMP packets) and a lot of the answers to your questions depend on the behavior of regular routed IP packets.

So, yes if you see multiple paths in traceroute that is because the ip routing table had multiple entries of how to get to the destination. And if the routing table has multiple entries of how to get to the destination then that means that they were equal cost.

I am less sure of how to answer your next question about how what is actually printed determined by the router. So let me review what happens and hopefully that will be an adequate answer. Your router sends packets toward the destination and manipulates the TTL. As the packets go through the network (processed by normal routing logic) they get to a router where the TTL expires. The router at which they expire will discard your packet and send back an ICMP packet indicating the error. Your router is able to determine the path through the network hop by hop from these ICMP error messages. The source address of the error packet will be the interface address of the router which discarded your packet. So what your router prints is the hop count, the address of the router generating the ICMP error, if it can resolve it the name of the router, and the time that it took to receive the error message.

I believe that the other part of your question here is how your router chooses the path when there are multiple paths possible. Packets generated by the router are inherently process switched. And when the router is process switching it will take turns over all the available paths. After your router makes the decision about how to route to the first hop, then it becomes a routing decision for the next router how to route the second hop, and so forth.

And for the last part of your question: in your example the multiple path responses may have come from a singular device, but it is quite possible that the responses could come from multiple devices.

HTH

Rick

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (4 ratings)
Loading.
Richard Burts Fri, 03/23/2007 - 13:44

Steve

To answer your question lets start with a brief review about traceroute. The normal traceroute sends 3 probes with TTL of 1. It gets to the first hop and expires and sends back the expired message and we know what was the second hop. Increment the TTL by one and do it again. Keep doing the 3 probes, increment the TTL until either you get the response that you reached the destination (which is actually a port unreachable error) or till you get to max hops.

So you did a traceroute to 10.111.1.5. Your router has two paths in the routing table to that destination. The router is going to send 3 probes with TTL of 1 (indicated by 1 in the listing). The first packet went out one interface and got a response from 10.112.2.141. The second packet went out the other interface and got a response from 10.112.2.10. The third packet went out the first interface and got a response from 10.112.2.141. Then a similar thing happened with TTL of 2. A packet went out one interface and got a response from 10.112.2.148. The second packet went out the other interface and got a response from 10.112.2.17. The third packet went out one interface and got a response like the first one did. After TTL of 2 it looks like the paths through the network converged because you are no longer getting different response addresses with each increment of TTL.

HTH

Rick

stevennowell Sat, 03/24/2007 - 06:34

Thanks for the well exlained response! That was great.

I still have a couple additional questions, and its possible you exlained it above and I just didnt get it.

When I have multiple paths given, can I assume that they are equal cost, by virtue of it being displayed?

Also, when I see multiple divergent paths that transit different devices and eventually reconverge at my target IP, how is what is actually printed to the screen in the traceroute output determined by the router? Is the shortest, or least cost path shown (guessing here). When my router saw multiple paths to my target in the example I put in my original post, how was the next hop path determined when there was multiple options shown?

stevennowell Sat, 03/24/2007 - 06:38

I should also add that in my example all ip's given at each hop are interfaces in a singular device. Would it be possible to display multiple egress options at a given hop and have them be on separate devices?

(when i say how was the path determined above, i didnt mean from a routing perspective, i meant from the perspective of what traceroute output that would be chosen to print to the screen)

Correct Answer
Richard Burts Sat, 03/24/2007 - 10:22

Steve

I have read your follow-up posts and will attempt to answer them.

Let me start by emphasizing that traceroute packets are regular routed IP packets (if it of interest traceroute from *nix boxes and Cisco boxes are UDP packets and tracert from Windows is ICMP packets) and a lot of the answers to your questions depend on the behavior of regular routed IP packets.

So, yes if you see multiple paths in traceroute that is because the ip routing table had multiple entries of how to get to the destination. And if the routing table has multiple entries of how to get to the destination then that means that they were equal cost.

I am less sure of how to answer your next question about how what is actually printed determined by the router. So let me review what happens and hopefully that will be an adequate answer. Your router sends packets toward the destination and manipulates the TTL. As the packets go through the network (processed by normal routing logic) they get to a router where the TTL expires. The router at which they expire will discard your packet and send back an ICMP packet indicating the error. Your router is able to determine the path through the network hop by hop from these ICMP error messages. The source address of the error packet will be the interface address of the router which discarded your packet. So what your router prints is the hop count, the address of the router generating the ICMP error, if it can resolve it the name of the router, and the time that it took to receive the error message.

I believe that the other part of your question here is how your router chooses the path when there are multiple paths possible. Packets generated by the router are inherently process switched. And when the router is process switching it will take turns over all the available paths. After your router makes the decision about how to route to the first hop, then it becomes a routing decision for the next router how to route the second hop, and so forth.

And for the last part of your question: in your example the multiple path responses may have come from a singular device, but it is quite possible that the responses could come from multiple devices.

HTH

Rick

stevennowell Mon, 03/26/2007 - 04:26

Rick, thanks a million for the time you invested in helping me. You thoroughly covered my questions and I very much appreciate it. Take care.

Richard Burts Mon, 03/26/2007 - 08:51

Steve

I am glad that my answers were helpful. Thanks for using the rating system to indicate that your issue was resolved. (and thannks for the rating) It makes the forum more useful when people can read questions and know that they will find answers that successfully answered the question. I encourage you to continue your participation in the forum.

HTH

Rick

harindhafdo Wed, 04/04/2007 - 05:16

Hi All,

Is there a way to configure a Cisco Router to reply to the TTL message only with its loopback ip rather than the interface ip? if yes, can you provide the configuration to acheive it?

Thanks & Rgds

Harin

Actions

This Discussion