Help with a Loop in an IP WAN

jmiguel.garcia · ‎11-21-2014

HI,

I'm facing a peculiar situation, the trace below can be completed until 190.90.15.3 (destination IP address) but at the same time, I don't have HTTP (80) access to this.

C:/cmd>tracert s.yimg.com
Trace to fo-coa-s.aycs.b.yahoodns.net [190.90.15.3]

1 94 ms 90 ms 87 ms 201.x.x.x
2 92 ms 92 ms 85 ms 172.x.x.x
3 83 ms 76 ms 75 ms 10.x.x.x
4 60 ms 64 ms 64 ms 10.x.x.x
5 110 ms 80 ms 80 ms 10.x.x.x
6 135 ms 141 ms 146 ms 213.248.89.153
7 226 ms 167 ms 138 ms 213.155.130.240
8 142 ms 146 ms 144 ms 62.115.138.25
9 165 ms 165 ms 157 ms 62.115.141.71
10 164 ms 167 ms 173 ms 62.115.33.22
11 202 ms 208 ms 215 ms 200.16.69.61
12 209 ms 196 ms 205 ms 200.16.70.174
13 * * * Request timed out.
14 * 189 ms * 190.90.11.134
15 * * * Request timed out.
16 * * * Request timed out.
17 * * * Request timed out.
18 238 ms 236 ms * 190.90.15.3
19 * * * Request timed out.
20 * * * Request timed out.
21 239 ms * * 190.90.15.3
22 * * * Request timed out.
23 * * * Request timed out.
24 216 ms * 199 ms 190.90.15.3
Trace complete.

What I see (and the reason why I'm asking here) is a kind of loop behavior in the last jump, as is visible the destination IP address is bounding 3 times.

I'm not passing through a firewall or any kind of restriction in my way to the router, so I wondering why this behavior and if it is due the routing tables outside my network.

I'm using a cisco 12406 IOS v12, is it possible to test [ip.dest:80] inside the router, to check if this port is reachable from the router or at least packets are leaving on a interface, So how can I do it?

C:/cmd>nc -vv 190.90.15.3 80 ... (9 sec) Connection timeout

Any help/opinion/light will be welcome.

Tagir Temirgaliyev · ‎11-21-2014

C:\Users\tt>tracert s.yimg.com

Трассировка маршрута к s.gycs.b.yahoodns.net [188.125.93.156]
с максимальным числом прыжков 30:

1 1 ms 3 ms 1 ms 192.168.1.1
2 2 ms 2 ms 2 ms 147.30.20.1
3 25 ms 25 ms 25 ms 82.200.243.6
4 25 ms 25 ms 27 ms 82.200.243.9
5 25 ms 26 ms 54 ms 82.200.243.114
6 * 33 ms 26 ms 95.59.172.17
7 62 ms 61 ms 70 ms msk04.transtelecom.net [217.150.36.58]
8 * * * Превышен интервал ожидания для запроса.
9 103 ms 123 ms 103 ms ge-1-3-0.pat1.dee.yahoo.com [80.81.192.115]
10 103 ms 103 ms 103 ms UNKNOWN-188-125-95-X.yahoo.com [188.125.95.35]
11 104 ms 104 ms 104 ms l1.ycs.vip.dea.yahoo.com [188.125.93.156]

Трассировка завершена.

C:\Users\tt>

Bilal Nawaz · ‎11-23-2014

Hello, you can try telnet on port 80 from your router. You can also create extended ACL on your ingress or egress depending where you want to see traffic going towards this destination. Remember permit ip an any on end of ACL.

Please rate useful posts & remember to mark any solved questions as answered. Thank you.

paul driver · ‎11-23-2014

Hello

your can use an access-list without applying it to any interface to test be it via the IP stack or by a defined port such as port 80

access-list 101 permit ip host x.x.x.x host y.y.y.y

access-list 101 permit IP host y.y.y.y host x.x.x.x

or

ccess-list 101 permit tcp host x.x.x.x eq 80 host y.y.y.y

access-list 101 permit tcp host y.y.y.y eq 80 host x.x.x.x

And make sure you enable debug ONLY on the ACL otherwise you may cause the router high utilisation

debug ip packet detail 101

Res

Paul

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul