I have a traceroute that goes through an SVI that seems to (9 times out of 10) provide request time outs. No packet loss is seen for pings to the end device, but the traceroute shows losses...
1 <1ms <1ms <1ms 10.5.61.253
2 * * * Request timed out.
3 <1ms <1ms <1ms 10.4.112.243
4 <1ms <1ms <1ms 10.5.3.190
5 <1ms <1ms <1ms 10.4.173.6
Between hop 1 and 2 is a firewall who's next hop points to a 3750 switch (10.4.112.254) which is hop 2 and shows the 'drops'. Its config that the firewall points to is:
interface Vlan900 description Firewall_Comms ip address 10.4.112.247 255.255.255.0 no ip redirects standby 4 ip 10.4.112.254 standby 4 priority 160 standby 4 preempt
the 3750 only has a single route to 10.4.173.6:
PPFX_X37_274#sh ip ro 10.4.173.6 Routing entry for 10.4.173.0/24 Known via "ospf 1", distance 110, metric 201, type inter area Last update from 10.4.112.243 on Vlan900, 2d00h ago Routing Descriptor Blocks: * 10.4.112.243, from 10.4.238.201, 2d00h ago, via Vlan900 Route metric is 201, traffic share count is 1
this doesn't seem to cause any problems, but I'm curious as to why this shows time outs...
The firewall is a security appliance and will not usually respond to a traceroute. This is to ensure that someone from the outside cannot find the address of the device and breech your network. This is disabled by default and if you want this to work you will need to enable it.
I hope this helps and please let us know if you have any further questions.
Thanks and Cheers!
Please remember to rate helpful posts.
Question We run asr9001 with XR 6.1.3, and we have a very long delay to
login w/ SSH 1 or 2 to the device compare to IOS device. After
investigation, the there is 1s delay between the client KEXDH_INIT and
the server (XR) KEXDH_REPLY. After debug ssh serv...
Introduction The purpose of this document is to demonstrate the Open
Shortest Path First (OSPF) behavior when the V-bit (Virtual-link bit) is
present in a non-backbone area. The V-bit is signaled in Type-1 LSA only
if the router is the endpoint of one or ...
Hi, I am seeing quite a few issues with patch install and wanted to
share my experience and workaround to this. Login to admin via CLI, then
access root with the “shell” command Issue “df –h” and you’ll probably
see the following directory full or nearly ...