Trace route giving asterisk alone
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-10-2017 05:43 AM - edited 03-08-2019 11:15 AM
HI All,
when i am trying to do trace-route from one location to Data center its giving asterisk alone but when i try to do the same from HQ to Location am getting expected result. Kindly help me understanding this better. I googled as well but didn't get any answer.
Loaction01#traceroute x.x.x.x
Type escape sequence to abort.
Tracing the route to x.x.x.x
VRF info: (vrf in name/id, vrf out name/id)
1 * * *
2 * * *
3 * * *
4 * * *
5 *
- Labels:
-
Other Switching
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-10-2017 06:10 AM
Hi
Your ISP may block it if its going through a firewall or mpls network , they may not want you to see the path , ask them to open it up so you can see all hops from source to destination , give them the source and destination ip and example of what your seeing
we have same issue with one of global ISPs they have their MPLS paths blocked when tracing through their network we had to get them to open it up , it actually happened after they upgraded there core alcatel boxes
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-10-2017 07:24 AM
Thanks for your reply .if that is a case then my reverse path i.e from my HQ to that location is providing clear expected trace route till end . How it is this is working then . Kindly share your input.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-10-2017 07:30 AM
Then it may not be the MPLS provider , there maybe a device in path firewall / IDS that's only blocking icmp trace routes one way , could even be the router with an ACL in place not allowing it out
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-10-2017 10:00 AM
Though i know , but not sure sofor confirmation i have posted this.. Excuse i didnt give much infor. Its a VPN IPSEC link.
So from HQ side all working fine as expected . I am sure that ACL is not blocking because am the one who manages both sides . in branch side VPN router then Internet router . in between there might be a firewall .so Not sure with the Firewall . Let me work on that and update ..Any how thanks for your reply. So nice of you.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-11-2017 06:26 AM
ok but if your tracing through the IPsec tunnel you would need to allow icmp through in the ACL which allows the interesting traffic through the tunnel or it will be blocked by default , only traffic that's specifically set including ICMP needs to be allowed if your trying to trace through the tunnel itself , aswell the pc your tracing from would need to be in that subnet too or else the traffic wont go through the IPsec and will show *** as its encrypted so it wont show the actual hops
