[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 665
  • Last Modified:

Cisco Traceroute returning unexpected IP source

Hi i just wanted to clear up some confusion. I have the following setup in GNS3:

Diagram
Loopback interface off of R4 has two paths to loop back interface on router 1. Source 5.5.5.1 destination 65.0.0.1.

When i setup a traceroute with ONE probe count to 65.0.0.1 from interface lo1 on R4 it returns the following:
 1 4.4.4.1 28 msec
  2 1.1.1.1 52 msec

I understand why 4.4.4.1 would be returned but not sure why 1.1.1.1 is returned for the following hop? I would expect 2.2.2.1? Is R1 load balancing in reverse? I tried changing bandwidth on fa0/0 and fa0/1 on R1 so that fa0/1 is preferred.

Also when i issue the command where it sends 3 probes instead of one i get the following:

  1 4.4.4.1 28 msec
    3.3.3.1 28 msec
    4.4.4.1 20 msec
  2 1.1.1.1 48 msec
    2.2.2.1 48 msec
    1.1.1.1 36 msec

I believe traceroute is sending out multiple icmp ping paths due to multiple route paths in FIB. I am pretty sure that in the following 1a is the first hop and 2a is the second hop? Then 1b was second alternative path first hop and 2b is the second alternate path second hop? But again they return the opposite of what i would expect in both cases on the second hop?

 1 a.4.4.4.1 28 msec
    b. 3.3.3.1 28 msec
    c. 4.4.4.1 20 msec
  2 a. 1.1.1.1 48 msec
    b. 2.2.2.1 48 msec
    c. 1.1.1.1 36 msec

Thank you!
Cory
0
Psy4HA
Asked:
Psy4HA
  • 5
1 Solution
 
Psy4HAAuthor Commented:
Also, i did a debug ip packet and it seems the the icmp/trace packet route is coming back on the same link it came in but is just sourcing another interfaces ip address on the return?

in this example i pinged from 65.0.0.1 to 5.5.5.1 and got:
 1 2.2.2.2 24 msec
  2 3.3.3.2 48 msec

here is debug packet from r4:

*Mar  1 01:19:12.823: IP: s=2.2.2.1 (FastEthernet0/1), d=5.5.5.1, len 28, rcvd 0
*Mar  1 01:19:12.827:     UDP src=49232, dst=33435
*Mar  1 01:19:12.827: IP: tableid=0, s=3.3.3.2 (local), d=2.2.2.1 (FastEthernet0/0), routed via FIB
*Mar  1 01:19:12.831: IP: s=3.3.3.2 (local), d=2.2.2.1 (FastEthernet0/0), len 56, sending
*Mar  1 01:19:12.839:     ICMP type=3, code=3
0
 
giltjrCommented:
Do you have multiple default routes in any of the routers?
0
 
Psy4HAAuthor Commented:
None of the routers have any manual routes set. All using eigrp.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
Psy4HAAuthor Commented:
here's r4 route table:
Gateway of last resort is not set

     1.0.0.0/24 is subnetted, 1 subnets
D       1.1.1.0 [90/307200] via 3.3.3.1, 00:28:37, FastEthernet0/1
     2.0.0.0/24 is subnetted, 1 subnets
D       2.2.2.0 [90/307200] via 4.4.4.1, 00:32:39, FastEthernet0/0
     3.0.0.0/24 is subnetted, 1 subnets
C       3.3.3.0 is directly connected, FastEthernet0/1
     4.0.0.0/24 is subnetted, 1 subnets
C       4.4.4.0 is directly connected, FastEthernet0/0
     65.0.0.0/24 is subnetted, 1 subnets
D       65.0.0.0 [90/435200] via 4.4.4.1, 00:32:39, FastEthernet0/0
                 [90/435200] via 3.3.3.1, 00:32:41, FastEthernet0/1
     5.0.0.0/24 is subnetted, 1 subnets
C       5.5.5.0 is directly connected, Loopback1



AND R1:
Gateway of last resort is not set

     1.0.0.0/24 is subnetted, 1 subnets
C       1.1.1.0 is directly connected, FastEthernet0/0
     2.0.0.0/24 is subnetted, 1 subnets
C       2.2.2.0 is directly connected, FastEthernet0/1
     3.0.0.0/24 is subnetted, 1 subnets
D       3.3.3.0 [90/307200] via 1.1.1.2, 00:28:55, FastEthernet0/0
     4.0.0.0/24 is subnetted, 1 subnets
D       4.4.4.0 [90/307200] via 2.2.2.2, 00:28:55, FastEthernet0/1
     65.0.0.0/24 is subnetted, 1 subnets
C       65.0.0.0 is directly connected, Loopback1
     5.0.0.0/24 is subnetted, 1 subnets
D       5.5.5.0 [90/435200] via 2.2.2.2, 00:28:56, FastEthernet0/1
                [90/435200] via 1.1.1.2, 00:28:56, FastEthernet0/0
0
 
Psy4HAAuthor Commented:
I understand now. read a good article about traceroute and how it works. It was sending 3 probes with ttl of 1. each time it went a different direction. Then on next hop sets ttl2 to and sends 3 probles,

http://blog.ine.com/2013/09/06/modifying-traceroute-replies/
0
 
Psy4HAAuthor Commented:
Article answers the question.
0

Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

  • 5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now