Unanswered Question
Apr 14th, 2009
User Badges:

pls. see attachment...

The question is, im just wondering why if I do a traceroute say from client B to Client A loopback address, it stops at R1? though my tunnel connection is UP.

I dont have access with FW and VPN, so I dont know what is happening there. But is it true that using the normal traceroute command will give the results that it will stop at R1? What is the difference bet. detailed traceroute and normal traceroute? Do I need to specify always the source for my traceroute? thanks.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
connect2world Tue, 04/14/2009 - 22:12
User Badges:

A few things could be the cause like missing routes for loopback from point B to A, blocking of icmp echo reply at devices from point B to A.All these will give traceroute results with the path it took mask off by asterisk.

korbenda11as Tue, 04/14/2009 - 22:53
User Badges:

So, once the tunnel is UP that will mean my connection is working fine between two endpoints? and that I should not worry if my trace will stop at a certain point?

If say no rules applied to certain device, will that mean, I can trace/ping thru and thru? thanks!

connect2world Tue, 04/14/2009 - 23:00
User Badges:

Yes, you can assume this is the case. To test if the tunnel is ok, you should only ping directly between devices in point A to devices in point B, traceroute anything in between would most like block by firewalls, vpn end points, router access-list etc.

Joseph W. Doherty Wed, 04/15/2009 - 03:34
User Badges:
  • Super Bronze, 10000 points or more

"The question is, im just wondering why if I do a traceroute say from client B to Client A loopback address, it stops at R1?"

If the traceroute was intended to flow through a GRE tunnel, I wouldn't expect for it to "see" any of the routers between the tunnel endpoints. Would expect the tunnel to "see" just one hop.

Since you now have two logical paths between clients A and B, how does traffic decide which to use?

"though my tunnel connection is UP."

Unsure about VPN devices, but on many routers, a GRE tunnel that's UP doesn't always indicate a valid tunnel.

connect2world Wed, 04/15/2009 - 16:21
User Badges:

Usually if you have multiple routes, the one with the least metric is used.It depends on how you set up the GRE tunnel, even if the tunnel is up, you can pass selective traffic through it.

korbenda11as Thu, 04/16/2009 - 17:55
User Badges:

it looks you are saying that a tunnel which is UP in status say point A and B is not a guarantee that it is a valid tunnel. what thus this mean?

if i do traceroute bet point A and B, is the traffice flows at GRE tunnel that was created, I presumed. can you help me in elaborating this situation. thanks

connect2world Thu, 04/16/2009 - 18:00
User Badges:

What I am saying is that the tunnel that is up may not necessary be the tunnel your traffic is passing, You can have multiple tunnels to different end points, each can pass selective traffic depending on how you configure it.

Joseph W. Doherty Fri, 04/17/2009 - 03:11
User Badges:
  • Super Bronze, 10000 points or more

If I remember correctly, at least on Cisco routers, a "typical" GRE tunnel (w/o tunnel keepalives) will shown an "UP" status as soon as it's defined; including even before it's defined on the other end. If so, "UP" alone, may not indicate a valid tunnel.

I also recall, when traceroute transits a tunnel, it doesn't echo off any of the transit hops since the traceroute is encapsulated within a GRE packet. If you're are seeing any tunnel transit hop trace results, the trace is likely not using the GRE tunnel.


This Discussion