Traceroute through a tunnel interface

Answered Question
Aug 6th, 2010

Hi,

Just wish to ask the below.

1. If i do a traceroute from a workstation directly connected to a router, to a destination that goes through the tunnel interface L0 of that same router, will the tunnel interface IP show on the traceroute results?

2. If the destination workstation is directly connected to another router where the tunnel terminates, will the tunnel endpoint IP appear in the traceroute results?

Thanks.

I have this problem too.
0 votes
Correct Answer by milan.kulik about 6 years 5 months ago

Hi Giuseppe,

it's even a little more complicated.

The tunnel endpoint IP address should  be visible twice in the traceroute output.

See https://supportforums.cisco.com/message/3143453#3143453

for details.

BR,

Milan

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Giuseppe Larosa Sat, 08/07/2010 - 04:17

Hello Mark,

if we think of a GRE point to point tunnel it works like an envelope that inside carries the user packets.

traceroute works by sending UDP packets with destination = traceroute destination using an high UDP port.

First series of packets are sent out with TTL=1 PC default gateway answers with an ICMP unreachable (TTL expired) as the packet cannot be delivered to intended destination.

Second series of traceroute probe packets are sent out with TTL=2, sender PC default gateway decrease TTL to 1 recomputes IPv4 header and sends the packet encapsulated in a GRE header to the tunnel endpoint router.

The tunnel endpoint router decapsulates the packet detects TTL=1 and so it knows that it cannot deliver the packet to the intended destination.

The tunnel endpoiint router prepares an ICMP unreachable (TTL expired) packet to be sent back to traceroute probe sender and consulting its own IP routing table discovers that it has to send the packet over a GRE tunnel this allows to choice the source address of the ICMP unreachable message that should be the one in direction to original source.

So the PC that has sent the traceroute probes  should see:

its own default gateway

IP address of the tunnel endpoint (remote router) on the GRE tunnel towards sender PC default gateway

the IP address of destination PC

the destination PC will send back an ICMP packet with a different code (protocol unreachable) when probe TTL=3

if no ip unreachable is configured on any interface used as a source for sending ICMP unreachables on the path you will see a * for that next-hop meaning no answer has been received

Hope to help

Giuseppe

Giuseppe Larosa Sat, 08/07/2010 - 11:06

Hello Milan,

thanks for your correction

that thread is interesting as it shows exactly what the original poster of this thread was asking and provides explanation for the observed behaviour

rated as it deserves

Best Regards

Giuseppe

Actions

This Discussion