Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
733
Views
10
Helpful
4
Replies

STRANGE IP RESPONSE IN NETWORK

Vishal Kolamkar
Level 1
Level 1

‎12-17-2018 11:50 AM - edited ‎03-08-2019 04:50 PM

We are observing issue of unknown hosts responding in the network with below symptoms

!

> IP address is pingable from system even if hosts IP doesn't learnt in arp table of SVI in thew network
> When trace is initiated for IP, strange dns names are observed like MLP, GREFFARE, LAETACE etc
> Example of one trace from system shown below, trace started with SSI nut when completed ended with LAPOS
!
C:\xxx>tracert 10.x.127.57
Tracing route to MLP [10.231.137.57] over a maximum of 30 hops:
1 3 ms 3 ms 2 ms vl-x1[10.x.x.254]
2 1 ms 1 ms 1 ms vl-x2 [10.x.x.2]
3 --------
4 --------
5 254 ms 232 ms 230 ms LAPOS [10.x.127.57]
!
> Traces are sometimes being completed on random hop switch, those switches are not having end host nexthop SVIs, Interfaces
> There is no proxy devices in network, we get different hostname when we trace these non live IPs

Have we seen such behaviour in network anywhere else,what could be the reason?

Labels:
0 Helpful
4 Replies 4

Georg Pauwen
VIP
VIP

‎12-17-2018 01:28 PM

Hello,

 

hard to say without knowing your topology...do you have something you can upload so we can see what is in your network ?

balaji.bandi
Hall of Fame
Hall of Fame

‎12-17-2018 01:48 PM

As @Georg Pauwen mentioned we need to know your network.

 

Are you able to recognise the next hops IP address and devices ? what is your IP address range and what is your network devices connected.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Vishal Kolamkar
Level 1
Level 1
In response to balaji.bandi

‎12-17-2018 10:51 PM

Hi,

 

I do recognize the devices in the tracert path, below is the topology i can show, also subnet in the path are known  in our network.

 

System----> System SVI on 3850 Stack Switch<-- EIGRP p2p---> ISR Router Local(Location1)<-----GRE/IPSEC Tunnel with EIGRP--->(Location2)ISR Router Remote<--EIGRP p2p--->6500 External Switch<---EIGRPp2p--->6500 Core<---EIGRPp2p--->6500 Distribution<--EIGRP p2p--->4500 Switch<--Destination Subnet SVI(10.x.127.x)

 

Considering above topology behavior with p2p eigrp routing between nexthop routers

> when i do trace from system for Ip 10.x.127.x which is not live trace would get completed sometime on mentioned switch 6500Core sometimes on 6500Distribution however logically subnet do exist on 4500 access switch it should show completed after 4500.

> Sometimes trace gets completed after 4500 as expected, however host still doest exist on destination SVI.

 

I do believe this is strange anyway further inputs will help to track the issues.

0 Helpful

paul driver
VIP
VIP

‎12-17-2018 04:42 PM - edited ‎12-17-2018 04:43 PM

Hello

Traceroute is returning a reverse dns query performed on the network hop it is reaching I would agree with @balaji.bandi that do you recognise the subsets being returned and not the dns name.

Lastly you could do a couple of things to negate dns resolution:
1) no ip domain lookup on the router/L3switch
2) tunn off resolving dns in your tracert or traceroute
tracert -d x.x.x.x
traceroute x.x.x.x numeric


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
Customers Also Viewed These Support Documents