cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
748
Views
0
Helpful
8
Replies

traceroute

korbenda11as
Level 1
Level 1

pls. see attachment...

The question is, im just wondering why if I do a traceroute say from client B to Client A loopback address, it stops at R1? though my tunnel connection is UP.

I dont have access with FW and VPN, so I dont know what is happening there. But is it true that using the normal traceroute command will give the results that it will stop at R1? What is the difference bet. detailed traceroute and normal traceroute? Do I need to specify always the source for my traceroute? thanks.

8 Replies 8

connect2world
Level 1
Level 1

A few things could be the cause like missing routes for loopback from point B to A, blocking of icmp echo reply at devices from point B to A.All these will give traceroute results with the path it took mask off by asterisk.

So, once the tunnel is UP that will mean my connection is working fine between two endpoints? and that I should not worry if my trace will stop at a certain point?

If say no rules applied to certain device, will that mean, I can trace/ping thru and thru? thanks!

Yes, you can assume this is the case. To test if the tunnel is ok, you should only ping directly between devices in point A to devices in point B, traceroute anything in between would most like block by firewalls, vpn end points, router access-list etc.

Joseph W. Doherty
Hall of Fame
Hall of Fame

"The question is, im just wondering why if I do a traceroute say from client B to Client A loopback address, it stops at R1?"

If the traceroute was intended to flow through a GRE tunnel, I wouldn't expect for it to "see" any of the routers between the tunnel endpoints. Would expect the tunnel to "see" just one hop.

Since you now have two logical paths between clients A and B, how does traffic decide which to use?

"though my tunnel connection is UP."

Unsure about VPN devices, but on many routers, a GRE tunnel that's UP doesn't always indicate a valid tunnel.

Usually if you have multiple routes, the one with the least metric is used.It depends on how you set up the GRE tunnel, even if the tunnel is up, you can pass selective traffic through it.

it looks you are saying that a tunnel which is UP in status say point A and B is not a guarantee that it is a valid tunnel. what thus this mean?

if i do traceroute bet point A and B, is the traffice flows at GRE tunnel that was created, I presumed. can you help me in elaborating this situation. thanks

What I am saying is that the tunnel that is up may not necessary be the tunnel your traffic is passing, You can have multiple tunnels to different end points, each can pass selective traffic depending on how you configure it.

If I remember correctly, at least on Cisco routers, a "typical" GRE tunnel (w/o tunnel keepalives) will shown an "UP" status as soon as it's defined; including even before it's defined on the other end. If so, "UP" alone, may not indicate a valid tunnel.

I also recall, when traceroute transits a tunnel, it doesn't echo off any of the transit hops since the traceroute is encapsulated within a GRE packet. If you're are seeing any tunnel transit hop trace results, the trace is likely not using the GRE tunnel.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco