Trace Hits Destination Multiple times

ccie.7861 · ‎08-21-2013

Hi,

I am tracing 2-3 US sites from our MPLS link (to US) and getting below results. Destination is repeating multiple times. What could be the issue and how can it effect the performanse of the site.

Tracing route to 12.195.6.15 over a maximum of 30 hops

1     3 ms     1 ms     1 ms 10.164.X.1
2    <1 ms    <1 ms    <1 ms 10.164.X.37
3     4 ms     3 ms     3 ms 10.164.X.129
4   216 ms   218 ms   216 ms 10.255.140.45
5   223 ms   223 ms   223 ms 10.255.140.46
6   223 ms   223 ms   223 ms 10.255.128.67
7   226 ms   225 ms   224 ms 12.195.6.15------Destination
8   225 ms   225 ms   224 ms 12.195.6.15
9   225 ms   226 ms   225 ms 12.195.6.15
10   226 ms   225 ms   229 ms 12.195.6.15
11   270 ms   273 ms   270 ms 12.195.6.15
12   275 ms   274 ms   288 ms 12.195.6.15
13   269 ms   269 ms   269 ms 12.195.6.15

Trace complete.

Tracing route to 10.120.168.15 over a maximum of 30 hops

1    <1 ms    <1 ms    <1 ms 10.164.x.1
2    <1 ms    <1 ms    <1 ms 10.164.x.37
3     6 ms     3 ms     4 ms 10.164.x.129
4   216 ms   215 ms   217 ms 10.255.140.45
5   223 ms   223 ms   223 ms 10.255.140.46
6   224 ms   224 ms   224 ms 10.255.128.66
7   226 ms   225 ms   228 ms 10.120.168.15----Destination
8   228 ms   226 ms   226 ms 10.120.168.15
9   226 ms   230 ms   225 ms 10.120.168.15
10   225 ms   226 ms   228 ms 10.120.168.15

Trace complete.

Vignesh Rajendran Praveen · ‎08-24-2013

Hi Manoj,

I do not see this as a problem nor do I feel that it would affect any performance. The explanation for the seeing the same IP multiple hops till the trace is completed as below.

The first time you see the IP 10.120.168.15 in the trace route is when the firwall is hit. And the number of hops that you see the same IP is the number of hops the actual server is away from the firewall.

You are seeing the same IP address as all the return echo replies from each device between the firewall & the actual server are being translated due to the overload of the outside interface on the firewall.

So this is something normal & nothing to be worried about.

***********Plz do rate this post if you found it helpful*************************

Thanks & Regards,

Vignesh R P

kahmed7780 · ‎03-15-2018

I have the similar problem. My destination address is about 1 or 2 hop away from the Firewall. I am getting about 20 or more same destination address until it completes 30 hopes. If this is correct, How could you explain that?

chrihussey · ‎03-16-2018

Could it be that the destination is not sending the proper "ICMP Echo Reply" message to indicate the destination has been reached? Two possible suggestions to help identify what is going on:

1- Trace route from a different location to the same IP to see if the results are consistent.

2- Sniff the traceroute and look at the ICMP reply from the destination. Is it a time exceeded message or is it the proper echo reply to indicate it has reached the destination?

From wikileaks:

The time-to-live (TTL) value, also known as hop limit, is used in determining the intermediate routers being traversed towards the destination. Traceroute sends packets with TTL values that gradually increase from packet to packet, starting with TTL value of one. Routers decrement TTL values of packets by one when routing and discard packets whose TTL value has reached zero, returning the ICMP error message ICMP Time Exceeded.^[6] For the first set of packets, the first router receives the packet, decrements the TTL value and drops the packet because it then has TTL value zero. The router sends an ICMP Time Exceeded message back to the source. The next set of packets are given a TTL value of two, so the first router forwards the packets, but the second router drops them and replies with ICMP Time Exceeded. Proceeding in this way, traceroute uses the returned ICMP Time Exceeded messages to build a list of routers that packets traverse, until the destination is reached and returns an ICMP Echo Reply message.

Hope this helps