Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
1099
Views
0
Helpful
7
Replies

Strange behavior of traceroute output towards host behind L3 Switch.

NetworkingGeek1
Level 1
Level 1

‎01-21-2023 01:20 AM - edited ‎01-23-2023 09:10 AM

Hello Community,

I have a question regarding TTL and tracert. I noticed that when I tracert from the Windows machine towards not existed host, tracert always stops at the hop before Cisco L3 Core Switch which has directly connected network, where this destination IP belongs to. I checked on a lab environment. But when I check the same on lab network, it stops at the Router which is directly connected to the directly connected network. Let me explain what do I mean with example of my lab. For example, if I ping 192.168.44.65 which really doesn't exist, but it's network connected to R4 router:

R1#traceroute 192.168.44.65
Type escape sequence to abort.
Tracing the route to 192.168.44.65
VRF info: (vrf in name/id, vrf out name/id)
1 10.10.12.2 92 msec 64 msec 92 msec   -> Router
2 10.10.23.3 88 msec 48 msec 84 msec   -> Router
3 10.10.34.4 132 msec 88 msec 72 msec -> Router. Network 192.168.44.0/24 is connected to it.
4 * * *
5 * * *

But in production environment, it would be like this:

R1#traceroute 192.168.44.65
Type escape sequence to abort.
Tracing the route to 192.168.44.65
VRF info: (vrf in name/id, vrf out name/id)

1 10.10.12.2 92 msec 64 msec 92 msec   -> Router
2 10.10.23.3 88 msec 48 msec 84 msec   -> Router
3 * * *
4 * * *
5 * * *

So, my question is which behavior is correct and why? After I got the result from lab environment, I was very surprised and I was trying to explain it to myself like this: When Router received packet (destined to its directly connected network) with TTL=1, it first try to forward it, and since it doesn't have ARP entry for it, it ARP for the MAC and since it's failed, it doesn't decrement TTL to 0 and therefore doesn't send back ICMP message "TTL expired in transit". But when in a lab it looks differently and actually it gets reply from Router directly connected to the network, where packet was destined to.

Can you please clarify this? Maybe L3 Switches and Routers behave differently?

Thank you.

Labels:
0 Helpful
7 Replies 7

MHM Cisco World
VIP
VIP

‎01-21-2023 01:53 AM

but the lab still not work, why there are *** in end of traceroute ??

0 Helpful

NetworkingGeek1
Level 1
Level 1
In response to MHM Cisco World

‎01-21-2023 01:59 AM - edited ‎01-23-2023 09:10 AM

@MHM Cisco World  It's ok that ***. I'm pinging to the host which doesn't exist. My question is, why in lab environment tracert stops at Router which is before L3 Switch, which has directly connected network, where I was sending packets. But in lab environment it stops at the Router which has directly connected network, where I was sending packets.

0 Helpful

MHM Cisco World
VIP
VIP
In response to NetworkingGeek1

‎01-21-2023 02:05 AM

I think because in lab you use default route and in real there is static or dynamic routing, am I right  ?

0 Helpful

NetworkingGeek1
Level 1
Level 1
In response to MHM Cisco World

‎01-21-2023 02:17 AM

@MHM Cisco World  Yes, in real environment there is dynamic routing. In a lab, I use mix of default and static routes. For example, in a segment between the Router and Router (I'll call it Gateway Router) with directly attached network, from Router I use static router towards network which I'm pinging, but in Gateway Router, I'm using default route 0.0.0.0 towards Router. But can you please explain, how it matters? Also, in real environment, last hop is L3 Switch, maybe this somehow explains such behavior?

0 Helpful

MHM Cisco World
VIP
VIP
In response to NetworkingGeek1

‎01-21-2023 02:55 AM

Yes, 
the last router dont need exact route in routing table it can use default route. 
in real since you dont use default route and the route is missing in RIB then there is one hop disappear (last hop) from traceroute. 

0 Helpful

NetworkingGeek1
Level 1
Level 1
In response to MHM Cisco World

‎01-21-2023 03:46 AM - edited ‎01-23-2023 09:12 AM

@MHM Cisco World  Honestly I didn't get it

Let me explain again:

Lab environment: I have L3 Cisco Core Switch which have L3 Vlan's. There is some network, which is directly connected to it, let's say it's VLAN 20 and network 192.168.20.0/24. So, for L3 Switch it's directly connected network. I'm tracing some IP in 192.168.20.0/24, let's say 192.168.20.25 from remote location. This IP is not assigned to anything, it's not online. Core Switch is advertising this network with EIGRP to its neighbors - Cisco Routers. So, when I issue tracert 192.168.20.25 from some remote Windows machine, tracert stops at Router which is just before Core Switch. I do the same, except instead of Core Switch, I use Router. Tracert stops at Router which directly connected to the destination network.

 

0 Helpful

MHM Cisco World
VIP
VIP
In response to NetworkingGeek1

‎01-21-2023 02:12 PM

Screenshot (232).png

I do lab and same result when traceroute non exit ip connect to L3SW and router. 
in my lab all routers and L3Sw run eigrp. 

now return to your issue, I mention you if run default route and you confirm that then you mention that all run eigrp!! can you more elaborate, and in my lab can you point me where you config the default route ?

0 Helpful
Top