Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

odd traceroute behavior

I know how UDP traceroute works however I can't figure out why this behavior happens.

 

 

traceroute xx.xx.71.2 source xx.xx.71.1


Tracing the route to fa2-27.core.xxx.net (xx.xx.71.2)

  1  *  *
    fa2-27.core.frv.ma.xx.nett (xx.xx.71.2) 4 msec
 

Why do i get timeout tracerouting to a connected interface, it seems to me once i send the 1st traceroute packet probe with TTL 1 the router at xx.xx.71.2 should decrement the TTL to 0 and send back an icmp unreacheable however sometimes i get one or two * and sometimes it even times outs to hops 2 or 3. this only happens on udp traceroute and not on icmp. I don't understand why this would happen, there is not ACL's on the interfaces. This is a cisco 6500 no really sure if some hardware rate limit is doing this but this behavior happens all the time.

 

core.frv.ma#sh ip route xx.xx.71.1
Routing entry for xx.xx.71.0/30
  Known via "connected", distance 0, metric 0 (connected, via interface)
  Redistributing via eigrp 1, ospf 1
  Routing Descriptor Blocks:
  * directly connected, via Vlan777
      Route metric is 0, traffic share count is 1

 

 

thanks, Paul

 

1 REPLY
New Member

I'm assuming it has to be a

Found my issue it seems that starting in version os IOS 12.x that the rate limit for all icmp unreachable is one packet in 500ms. disabling this fixed the time out issues i was seeing. The odd thing is on the 6500 there is no command to see icmp unreachable stats, "show ip icmp rate-limit" doesn't work but this seems to take precedence over the hardware mls rate-limit command.

 

Hope this is useful for someone else.

 

paul

 

 

Using the ICMP Rate-Limiting Feature

Starting in 12.0 of the Cisco IOS, Cisco implemented a default rate limit of one ICMP unreachable packet that a router would generate in a 500-millisecond (ms) interval. This prevents a router from responding to thousands of packets with unreachable destinations with a separate ICMP message for each of these access requests.

In Cisco IOS 12.1, you can tune this operation manually with the following command:

Router(config)# ip icmp rate-limit unreachable [df] milliseconds

First, notice that this is a global configuration mode command: it applies to any ICMP unreachable message responses on any interface. Second, the df parameter is used to restrict the number of ICMP unreachable messages generated by the router when the fragmentation of the packet is needed and the DF bit in the IP packet header is set. Third, you can specify only the time interval for ICMP unreachable messages (in milliseconds). This can range from 1 to 4,294,967,295. During the specified interval, the Cisco IOS generates only one ICMP unreachable message for the first packet that requires one; for other unreachable events, the router ignores them until the configured time period expires.

Here is a simple example:

Router(config)# ip icmp rate-limit unreachable 1000

In this example, only one ICMP unreachable message is generated each second.

 

 

122
Views
0
Helpful
1
Replies
CreatePlease to create content