Avatar of cs2009
cs2009Flag for United States of America

asked on 

TTL expired in transit switch issue

Attached is a switching layout that is in production. I'm having an issue with ttl expired responses that terminate at 2 newly installed Dell 8024s. When I ping an offline device with a  valid ip address from my workstation I get ttl expired errors coming from these switches. The switch/router is the default gateway for the network so I'm curious to why the error is not originating from the router. The first response will come from the .18 switch and then the final 3 from the .17????
EE8024SwitchConfig.pdf
Switches / HubsNetworkingDell

Avatar of undefined
Last Comment
mat1458
Avatar of Don Johnston
Don Johnston
Flag of United States of America image

What is the source IP address and destination IP address of the pings?
Avatar of cs2009
cs2009
Flag of United States of America image

ASKER

both in same subnet:

Host 10.10.1.100
destination 10.10.12.33
SM 255.255.0.0
Avatar of Don Johnston
Don Johnston
Flag of United States of America image

If what you're describing is correct then the behavior is not really possible. The TTL field is only decremented by a router (layer 3 device). If the source is 10.10.1.100/16 and the destination is 10.10.12.33/16, they hosts are on the same network and no router is needed. Which means the TTL isn't being decremented so there could be no TTL expired.

Unless the sending host is transmitting with a TTL of zero which isn't likely either.

I suspect there's more to your network than meets the eye. Can you provide configs of the network devices and indicate which ports the 10.10.1.100 and 10.10.12.33 hosts are connected to.
Avatar of cs2009
cs2009
Flag of United States of America image

ASKER

exactly my thought... there is no hop on the same subnet. Both hosts are connected to ports on Vlan 10 on separate switches. I expected to get a request timed out but not so. All switches have routing on Vlan 10 enabled. The dell 8024 is a new, different animal to me compared to the HPs. The previous image shows the basic topology. 8024 startconfig attached.
startup-config
Avatar of Don Johnston
Don Johnston
Flag of United States of America image

I have no idea why a switch (or router) would respond with a ICMP TTL exceeded message for a device on the same network as the sender.
Avatar of cs2009
cs2009
Flag of United States of America image

ASKER

now you know my pain. I can't find anything......
Avatar of Don Johnston
Don Johnston
Flag of United States of America image

What happens when you do a traceroute? (with the destination on and off)
Avatar of cs2009
cs2009
Flag of United States of America image

ASKER

The device is now online. Tracert has the device going thru the .17 switch?


Tracing route to ricohmpc5502-boe.test.org [10.10.12.33]
over a maximum of 30 hops:

  1    <1 ms    <1 ms    <1 ms  10.10.0.17
  2    <1 ms    <1 ms    <1 ms  ricohmpc5502-boe.test.org [10.10.12.33]
Avatar of giltjr
giltjr
Flag of United States of America image

I would double check that HP2910 and 10.10.12.33 both have the subnet mask 255.255.0.0.

Can you also do:

     ping -r 9 ricohmpc5502-boe.test.org

I've seen some weird stuff when not everything has the correct subnet mask
Avatar of cs2009
cs2009
Flag of United States of America image

ASKER

both devices /16


C:\Users\samuels>ping -r 9 ricohmpc5502-boe.test.org

Pinging ricohmpc5502-boe.test.org [10.10.12.33] with 32 bytes of data:
Reply from 10.10.12.33: bytes=32 time<1ms TTL=255
    Route: 10.10.12.33
Reply from 10.10.12.33: bytes=32 time=24ms TTL=255
    Route: 10.10.0.17 ->
           10.10.12.33
Reply from 10.10.12.33: bytes=32 time=1ms TTL=255
    Route: 10.10.0.17 ->
           10.10.12.33
Reply from 10.10.12.33: bytes=32 time=116ms TTL=255
    Route: 10.10.0.17 ->
           10.10.12.33
Avatar of Don Johnston
Don Johnston
Flag of United States of America image

Could you post the output of an ipconfig (or O/S similar command) from the source host.
Avatar of cs2009
cs2009
Flag of United States of America image

ASKER

Ethernet adapter vEthernet (Virtual Switch):

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Hyper-V Virtual Ethernet Adapter #2
   Physical Address. . . . . . . . . : 18-03-73-4F-82-C9
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 10.10.1.100(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.0.0
   Default Gateway . . . . . . . . . : 10.10.0.1
   DNS Servers . . . . . . . . . . . : 10.10.1.35
                                       10.10.1.36
   NetBIOS over Tcpip. . . . . . . . : Enabled
Avatar of giltjr
giltjr
Flag of United States of America image

Also from the target host.  To me it looks like one of them may have a subnet mask other than 255.255.0.0.
Avatar of giltjr
giltjr
Flag of United States of America image

You may also want to look at all the routing tables in all of the devices.  There may be a device with a entry for 10.10.0.0/24 or 10.10.1.0/24.  Which could also cause weird results.
ASKER CERTIFIED SOLUTION
Avatar of mat1458
mat1458
Flag of Switzerland image

Blurred text
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
Avatar of cs2009
cs2009
Flag of United States of America image

ASKER

The printer is connected to a switch down stream. I cleared cache on both switches. After I ping host an entry is written back to the cache. As before the ping request will go to the .17 switch on the first attempt and then .18 for the final 3 attempts?
Avatar of giltjr
giltjr
Flag of United States of America image

Did you check the routing tables on everything?
Avatar of cs2009
cs2009
Flag of United States of America image

ASKER

I did. I'm only routing one vlan at this point in time.
SOLUTION
Avatar of giltjr
giltjr
Flag of United States of America image

Blurred text
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
Avatar of cs2009
cs2009
Flag of United States of America image

ASKER

I found parameters on routing interface and proxy arp and local proxy arp are indeed checked. If I uncheck and ping host I now get ttl timeout on last resort gateway on the actual router, which is where I thought it should be.

On the dell 8024, the 2 arp settings are enabled by default. Should I just keep the defaults and go with lesson learned? Thanks guys.
Avatar of giltjr
giltjr
Flag of United States of America image

Weird.  I personally would not use proxy arp.  Since so many network monitoring products use ping as one way to see if a device is up and to measure latency issues, I would leave it off.

Otherwise your monitoring software will show the device is up when in fact it may not be.
Avatar of cs2009
cs2009
Flag of United States of America image

ASKER

thanks giltjr
Avatar of mat1458
mat1458
Flag of Switzerland image

To be clear: this seems to be a bug of Dell. The switches must never proxy ARP for a request in the same subnet. Proxy ARP is only useful across subnet boundaries.
Networking
Networking

Networking is the process of connecting computing devices, peripherals and terminals together through a system that uses wiring, cabling or radio waves that enable their users to communicate, share information and interact over distances. Often associated are issues regarding operating systems, hardware and equipment, cloud and virtual networking, protocols, architecture, storage and management.

102K
Questions
--
Followers
--
Top Experts
Get a personalized solution from industry experts
Ask the experts
Read over 600 more reviews

TRUSTED BY

IBM logoIntel logoMicrosoft logoUbisoft logoSAP logo
Qualcomm logoCitrix Systems logoWorkday logoErnst & Young logo
High performer badgeUsers love us badge
LinkedIn logoFacebook logoX logoInstagram logoTikTok logoYouTube logo