Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
94713
Views
19
Helpful
6
Replies

ICMP: TTL time exceeded?? What does this mean

NPT_2
Level 2
Level 2

‎01-12-2006 11:24 AM - edited ‎03-03-2019 11:26 AM

Does anyone have any idea why only certain hosts on the internet would be unable to ping or trace to a certain ip address with the ICMP time exceeded message coming up in a debug ip icmp on the 7206 router at the destination? Debug output is below, any thoughts?

13w1d: ICMP: time exceeded (time to live) sent to ******(dest was 66.62.******)

2 people had this problem
Labels:
0 Helpful
6 Replies 6

pkhatri
Level 11
Level 11

‎01-12-2006 12:02 PM

Hi,

The TTL time exceeded ICMP message is sent when the TTL value of an IP packet reaches zero. In normal operation, a network should not have a diameter so great that the TTL gets reduced to zero. The most common occurrence of this is when there is a routing loop. In this case, as the packet is sent back and forth between the looping points, the TTL keeps getting decremented until it reaches zero. That's when this message is sent.

So these locations you are unable to get to are most likely looping somewhere.

Hope that helps - pls rate the post if it does.

Regards,

Paresh

mheusinger
Level 10
Level 10
In response to pkhatri

‎01-12-2006 04:15 PM

Hello,

in addition to te post of Paresh I would like to add, that in an operational network the most likely occurence is because of packets created by a traceroute. There the mechanism is used to detect the routers transporting IP packets towards a certain destination.

The traceroute (or tracert) command first creates three IP packets with TTL set to 1. The first router on the path will then remove TTL by 1, and drop the packet because TTL reached zero. To inform the sender of the IP packet about this event an ICMP message is sent (TTL exceeded) by the router. This is exactly what the traceroute program is looking for. it will display the routers IP (source IP in ICMP packet).

Then a packet with TTL 2 will besent to find out the address of the second router on the path to the destination. This will be repeated until the destination host answers.

Hope this helps! Please rate all posts

NPT_2
Level 2
Level 2
In response to mheusinger

‎01-13-2006 08:08 AM

The problem is not only do the traces and pings timeout at the last hop, no other traffic seems to work when this error exists, telnet, www, etc doesn't work either when the TTL is exceeded.

0 Helpful

mheusinger
Level 10
Level 10
In response to NPT_2

‎01-13-2006 08:41 AM

Hello,

when this is happening for all traffic, then you most likely have a routing loop. This means your IP routing is messed up in a way that all packets are sent in a loop between different routers until TTL reaches zero.

So you have to investigate your IP routing setup to understand how this can happen.

To locate the routers involved in the loop do a traceroute and watch out for routers repeatedly showing up in the path.

Hope this helps! Please rate all posts.

Regards, Martin

0 Helpful

NPT_2
Level 2
Level 2
In response to mheusinger

‎01-13-2006 10:47 AM

I'm looking into that now, so far I am not seeing that, but we are running bgp4 with 3 separate providers.

0 Helpful

clyde.a.huffman.ctr@mail.mil
Level 3
Level 3
In response to mheusinger

‎09-20-2019 08:15 AM

I had this happen with a syslog server.  Apparently north-bound syslog interface use ICMP, perhaps for discovery...  see https://community.cisco.com/t5/routing/routing-loop-icmp-time-exceeded-time-to-live/m-p/3927281/highlight/false#M321922

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card