Why do i get timeout tracerouting to a connected interface, it seems to me once i send the 1st traceroute packet probe with TTL 1 the router at xx.xx.71.2 should decrement the TTL to 0 and send back an icmp unreacheable however sometimes i get one or two * and sometimes it even times outs to hops 2 or 3. this only happens on udp traceroute and not on icmp. I don't understand why this would happen, there is not ACL's on the interfaces. This is a cisco 6500 no really sure if some hardware rate limit is doing this but this behavior happens all the time.
core.frv.ma#sh ip route xx.xx.71.1 Routing entry for xx.xx.71.0/30 Known via "connected", distance 0, metric 0 (connected, via interface) Redistributing via eigrp 1, ospf 1 Routing Descriptor Blocks: * directly connected, via Vlan777 Route metric is 0, traffic share count is 1
Found my issue it seems that starting in version os IOS 12.x that the rate limit for all icmp unreachable is one packet in 500ms. disabling this fixed the time out issues i was seeing. The odd thing is on the 6500 there is no command to see icmp unreachable stats, "show ip icmp rate-limit" doesn't work but this seems to take precedence over the hardware mls rate-limit command.
Hope this is useful for someone else.
Using the ICMP Rate-Limiting Feature
Starting in 12.0 of the Cisco IOS, Cisco implemented a default rate limit of one ICMP unreachable packet that a router would generate in a 500-millisecond (ms) interval. This prevents a router from responding to thousands of packets with unreachable destinations with a separate ICMP message for each of these access requests.
In Cisco IOS 12.1, you can tune this operation manually with the following command:
Router(config)# ip icmp rate-limit unreachable [df] milliseconds
First, notice that this is a global configuration mode command: it applies to any ICMP unreachable message responses on anyinterface. Second, the df parameter is used to restrict the number of ICMP unreachable messages generated by the router when the fragmentation of the packet is needed and the DF bit in the IP packet header is set. Third, you can specify only the time interval for ICMP unreachable messages (in milliseconds). This can range from 1 to 4,294,967,295. During the specified interval, the Cisco IOS generates only one ICMP unreachable message for the first packet that requires one; for other unreachable events, the router ignores them until the configured time period expires.
Here is a simple example:
Router(config)# ip icmp rate-limit unreachable 1000
In this example, only one ICMP unreachable message is generated each second.
We are pleased to announce availability of Beta software for 16.6.3.
16.6.3 will be the second rebuild on the 16.6 release train targeted
towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are
looking for early feedback from customers befor...
Introduction Featured Speakers Luis Espejel is the Telecommunications
Manager of IENova, an Oil & Gas company. Currently he works with Cisco
IOS® and Cisco IOS XE platforms, and NX to some extent. He has also
worked as a Senior Engineer with the Routing P...
In this session you can learn more about Layer 3 multicast and the best
practices to identify possible threats and take security measures. It
provides an overview of basic multicast, the best security practices for
use of this technology, and recommendati...