Re: impossible circuit

North American Network Operators Group

Re: impossible circuit

From: Jon Lewis
Date: Sun Aug 17 02:08:25 2008

List-archive: <http://mailman.nanog.org/pipermail/nanog>
List-help: <mailto:[email protected]?subject=help>
List-id: North American Network Operators Group <nanog.nanog.org>
List-post: <mailto:[email protected]>
List-subscribe: <http://mailman.nanog.org/mailman/listinfo/nanog>, <mailto:[email protected]?subject=subscribe>
List-unsubscribe: <http://mailman.nanog.org/mailman/listinfo/nanog>, <mailto:[email protected]?subject=unsubscribe>

On Tue, 12 Aug 2008, Jon Lewis wrote:

What would happen if you pinged the Ocala router such that the TTL was 1 when travelling over the DS3? From your traceroute it seems it travelled two IP hops that did not send ICMP error messages, but it might just be that the ICMP errors from the Ocala router are arriving first.
Based on where the dupes are coming from, I assume pinging across the DS3 with TTL tuned to expire at the Ocala side would result in TTL exceeded messages from both Ocala and the Sprint router where the packets are injected into Sprint's network. It doesn't look as if IOS gives the option to set TTL on ping...so I'd try this from a Linux machine in our data center.

I just went ahead and "re-broke" the circuit for a bit by turning it back to hdlc to see if the issue is still there and to run some additional tests. Someone is still cross connecting our Orlando->Ocala traffic over to Sprint.

I did your suggested ping with short TTL and the result was close to what I expected.

$ traceroute ocalflxa-br-1 traceroute to ocalflxa-br-1.atlantic.net (209.208.6.229), 30 hops max, 38 byte packets 1 209.208.25.165 (209.208.25.165) 0.539 ms 0.426 ms 0.388 ms 2 69.28.72.162 (69.28.72.162) 0.246 ms 0.351 ms 0.223 ms 3 andc-br-3-f2-0 (209.208.9.138) 0.559 ms 0.435 ms 0.471 ms 4 ocalflxa-br-1-s1-0 (209.208.112.98) 2.735 ms * 2.656 ms

So, I need a TTL of 4 to get there from this machine.

$ ping -t4 ocalflxa-br-1
PING ocalflxa-br-1.atlantic.net (209.208.6.229) 56(84) bytes of data.
64 bytes from ocalflxa-br-1.atlantic.net (209.208.6.229): icmp_seq=0 ttl=252 time=2.68 ms
64 bytes from ocalflxa-br-1.atlantic.net (209.208.6.229): icmp_seq=1 ttl=252 time=2.72 ms
64 bytes from ocalflxa-br-1.atlantic.net (209.208.6.229): icmp_seq=2 ttl=252 time=2.88 ms

Decrease ttl by one, and I get the expected ttl exceeded from the Orlando side of the circuit.

$ ping -t 3 ocalflxa-br-1
PING ocalflxa-br-1.atlantic.net (209.208.6.229) 56(84) bytes of data.

From andc-br-3-f2-0.atlantic.net (209.208.9.138) icmp_seq=0 Time to live

exceeded

Now, here's a mild surprise. You'll notice that in the above -t4 trace, I didn't hear back from Sprint.

$ ping -t 5 ocalflxa-br-1
PING ocalflxa-br-1.atlantic.net (209.208.6.229) 56(84) bytes of data.
64 bytes from ocalflxa-br-1.atlantic.net (209.208.6.229): icmp_seq=0 ttl=252 time=2.89 ms
64 bytes from ocalflxa-br-1.atlantic.net (209.208.6.229): icmp_seq=1 ttl=252 time=3.10 ms
64 bytes from ocalflxa-br-1.atlantic.net (209.208.6.229): icmp_seq=2 ttl=252 time=2.97 ms
hmm...still no ttl exceeded from Sprint?

$ ping -t 6 ocalflxa-br-1
PING ocalflxa-br-1.atlantic.net (209.208.6.229) 56(84) bytes of data.
64 bytes from ocalflxa-br-1.atlantic.net (209.208.6.229): icmp_seq=0 ttl=252 time=2.95 ms

From sl-crs2-dc-0-5-3-0.sprintlink.net (144.232.19.93) icmp_seq=0 Time to live exceeded

64 bytes from ocalflxa-br-1.atlantic.net (209.208.6.229): icmp_seq=1 ttl=252 time=2.78 ms

From sl-crs2-dc-0-5-3-0.sprintlink.net (144.232.19.93) icmp_seq=1 Time to live exceeded


$ ping -t 7 ocalflxa-br-1
PING ocalflxa-br-1.atlantic.net (209.208.6.229) 56(84) bytes of data.
64 bytes from ocalflxa-br-1.atlantic.net (209.208.6.229): icmp_seq=0 ttl=252 time=2.88 ms

From sl-st20-ash-9-0-0.sprintlink.net (144.232.18.228) icmp_seq=0 Time to live exceeded

64 bytes from ocalflxa-br-1.atlantic.net (209.208.6.229): icmp_seq=1 ttl=252 time=2.84 ms

From sl-st20-ash-9-0-0.sprintlink.net (144.232.18.228) icmp_seq=1 Time to live exceeded

Is it just coincidence that there are 2 private IP hops in some traceroutes between us and Sprint? i.e. Look at this trace from cogent:

Tracing the route to 209.208.33.1

  1 fa0-8.na01.b005944-0.dca01.atlas.cogentco.com (66.250.56.189) 0 msec 4 msec 4 msec
  2 gi3-9.3507.core01.dca01.atlas.cogentco.com (66.28.67.225) 160 msec 4 msec 8 msec
  3 te3-1.ccr02.dca01.atlas.cogentco.com (154.54.3.158) 0 msec 0 msec 4 msec
  4 vl3493.mpd01.dca02.atlas.cogentco.com (154.54.7.230) 28 msec 4 msec
    te4-1.mpd01.dca02.atlas.cogentco.com (154.54.2.182) 52 msec
  5 vl3494.mpd01.iad01.atlas.cogentco.com (154.54.5.42) 4 msec 4 msec
    vl3497.mpd01.iad01.atlas.cogentco.com (154.54.5.66) 4 msec
  6 timewarner.iad01.atlas.cogentco.com (154.54.13.250) 4 msec
    peer-01-ge-3-1-2-13.asbn.twtelecom.net (66.192.252.217) 4 msec 12 msec
  7 66-194-200-202.static.twtelecom.net (66.194.200.202) 28 msec 28 msec 32 msec
  8 66-194-200-202.static.twtelecom.net (66.194.200.202) 32 msec 32 msec 28 msec
  9 andc-br-3-f2-0.atlantic.net (209.208.9.138) 32 msec 32 msec 32 msec
 10 172.22.122.1 32 msec 32 msec 32 msec
 11 10.247.28.205 32 msec 32 msec 32 msec
 12 sl-crs2-dc-0-5-3-0.sprintlink.net (144.232.19.93) 32 msec 32 msec 28 msec
 13 sl-st20-ash-9-0-0.sprintlink.net (144.232.18.228) 28 msec 32 msec 32 msec
 14 te-10-1-0.edge2.Washington4.level3.net (4.68.63.209) 32 msec 32 msec 28 msec
 15 vlan79.csw2.Washington1.Level3.net (4.68.17.126) 28 msec
    vlan89.csw3.Washington1.Level3.net (4.68.17.190) 32 msec
    vlan79.csw2.Washington1.Level3.net (4.68.17.126) 40 msec
 16 ae-81-81.ebr1.Washington1.Level3.net (4.69.134.137) 28 msec
    ae-61-61.ebr1.Washington1.Level3.net (4.69.134.129) 28 msec
    ae-71-71.ebr1.Washington1.Level3.net (4.69.134.133) 32 msec
 17 ae-2.ebr3.Atlanta2.Level3.net (4.69.132.85) 48 msec 48 msec 56 msec
 18 ae-61-60.ebr1.Atlanta2.Level3.net (4.69.138.2) 44 msec 48 msec
    ae-71-70.ebr1.Atlanta2.Level3.net (4.69.138.18) 52 msec
 19 ae-1-8.bar1.Orlando1.Level3.net (4.69.137.149) 56 msec 104 msec 56 msec
 20 ae-6-6.car1.Orlando1.Level3.net (4.69.133.77) 52 msec 52 msec 56 msec
 21 unknown.Level3.net (63.209.98.66) 52 msec 52 msec 56 msec
 22 andc-br-3-f2-0.atlantic.net (209.208.9.138) 52 msec 52 msec 56 msec
 23 172.22.122.1 52 msec 56 msec 52 msec
 24 10.247.28.205 52 msec 52 msec 56 msec
 25 sl-crs2-dc-0-5-3-0.sprintlink.net (144.232.19.93) 52 msec 56 msec 52 msec
 26 sl-st20-ash-9-0-0.sprintlink.net (144.232.18.228) 56 msec 56 msec 56 msec
 27 te-10-1-0.edge2.Washington4.level3.net (4.68.63.209) 52 msec 52 msec 52 msec
 28 vlan99.csw4.Washington1.Level3.net (4.68.17.254) 52 msec
    vlan69.csw1.Washington1.Level3.net (4.68.17.62) 56 msec
    vlan89.csw3.Washington1.Level3.net (4.68.17.190) 56 msec
 29 ae-71-71.ebr1.Washington1.Level3.net (4.69.134.133) 64 msec
    ae-61-61.ebr1.Washington1.Level3.net (4.69.134.129) 52 msec 56 msec
 30 ae-2.ebr3.Atlanta2.Level3.net (4.69.132.85) 76 msec 72 msec 72 msec

I've seen the 172.22.122.1 & 10.247.28.205 hops before.  They occasionally
show up in traces when the traffic is jumping over to Sprint.  Sometimes
they don't show up though. i.e. Tracing from my house:

traceroute to 209.208.33.1 (209.208.33.1), 30 hops max, 40 byte packets
 1  172.31.0.1 (172.31.0.1)  0.336 ms  0.272 ms  0.268 ms
 2  10.210.160.1 (10.210.160.1)  10.109 ms  11.719 ms  14.265 ms
 3  gig7-0-4-101.orldflaabv-rtr1.cfl.rr.com (24.95.232.100)  15.302 ms  15.324 ms  16.687 ms
 4  198.228.95.24.cfl.res.rr.com (24.95.228.198)  16.688 ms  18.812 ms  18.816 ms
 5  te-3-3.car1.Orlando1.Level3.net (4.79.116.145)  20.084 ms  19.946 ms te-3-1.car1.Orlando1.Level3.net (4.79.116.137)  21.328 ms
 6  unknown.Level3.net (63.209.98.66)  19.900 ms  14.714 ms  14.689 ms
 7  andc-br-3-f2-0.atlantic.net (209.208.9.138)  104.058 ms  11.932 ms  13.584 ms
 8  ocalflxa-br-1-s1-0.atlantic.net (209.208.112.98)  15.872 ms  15.886 ms  17.238 ms
 9  * * *
10  sl-bb20-dc-6-0-0.sprintlink.net (144.232.8.174)  41.277 ms  41.964 ms  41.955 ms
11  sl-st20-ash-10-0.sprintlink.net (144.232.20.152)  43.360 ms  44.578 ms  35.635 ms
12  te-10-1-0.edge2.Washington4.level3.net (4.68.63.209)  37.035 ms  37.062 ms  33.185 ms
13  vlan89.csw3.Washington1.Level3.net (4.68.17.190)  44.060 ms  44.057 ms vlan99.csw4.Washington1.Level3.net (4.68.17.254)  39.603 ms
14  ae-81-81.ebr1.Washington1.Level3.net (4.69.134.137)  38.123 ms ae-91-91.ebr1.Washington1.Level3.net (4.69.134.141)  39.546 ms ae-71-71.ebr1.Washington1.Level3.net (4.69.134.133)  38.115 ms
15  ae-2.ebr3.Atlanta2.Level3.net (4.69.132.85)  46.284 ms  46.275 ms  46.274 ms
16  ae-71-70.ebr1.Atlanta2.Level3.net (4.69.138.18)  52.523 ms ae-61-60.ebr1.Atlanta2.Level3.net (4.69.138.2)  53.338 ms ae-71-70.ebr1.Atlanta2.Level3.net (4.69.138.18)  53.299 ms
17  ae-1-8.bar1.Orlando1.Level3.net (4.69.137.149)  34.964 ms  39.582 ms  38.088 ms
18  ae-6-6.car1.Orlando1.Level3.net (4.69.133.77)  36.701 ms  38.144 ms  36.949 ms
19  unknown.Level3.net (63.209.98.66)  36.902 ms  37.750 ms  37.717 ms
20  andc-br-3-f2-0.atlantic.net (209.208.9.138)  37.729 ms  35.812 ms  35.048 ms
21  ocalflxa-br-1-s1-0.atlantic.net (209.208.112.98)  37.485 ms  37.601 ms  36.495 ms
22  * * *
23  sl-bb20-dc-6-0-0.sprintlink.net (144.232.8.174)  56.459 ms  56.449 ms  57.709 ms
24  sl-st20-ash-10-0.sprintlink.net (144.232.20.152)  57.694 ms  57.692 ms  60.243 ms
25  te-10-1-0.edge2.Washington4.level3.net (4.68.63.209)  103.257 ms  100.829 ms  82.571 ms
26  vlan99.csw4.Washington1.Level3.net (4.68.17.254)  70.401 ms vlan89.csw3.Washington1.Level3.net (4.68.17.190)  69.262 ms vlan99.csw4.Washington1.Level3.net (4.68.17.254)  82.700 ms
27  ae-81-81.ebr1.Washington1.Level3.net (4.69.134.137)  74.132 ms ae-61-61.ebr1.Washington1.Level3.net (4.69.134.129)  74.135 ms ae-81-81.ebr1.Washington1.Level3.net (4.69.134.137)  75.540 ms
28  ae-2.ebr3.Atlanta2.Level3.net (4.69.132.85)  58.656 ms  60.838 ms  54.346 ms
29  ae-71-70.ebr1.Atlanta2.Level3.net (4.69.138.18)  59.323 ms ae-61-60.ebr1.Atlanta2.Level3.net (4.69.138.2)  59.336 ms ae-71-70.ebr1.Atlanta2.Level3.net (4.69.138.18)  63.323 ms
30  ae-1-8.bar1.Orlando1.Level3.net (4.69.137.149)  127.652 ms  57.884 ms  57.851 ms

From the traces I've seen, it seems if the first Sprint hop is sl-bb20-dc,

the private IP hops don't show up. If the first Sprint hop is sl-crs2-dc, then the private IP hops are there. I wonder if anyone from Sprint can shed some light on that?

Unfortunately, the Sprint engineer I intitially made contact with who was helpful and seemed curious about the issue seems to have vanished and isn't returning my calls or emails. Anyone else from Sprintlink care to play?

----------------------------------------------------------------------
 Jon Lewis                   |  I route
 Senior Network Engineer     |  therefore you are
 Atlantic Net                |
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________

Follow-Ups:
- Re: impossible circuit Paul Wall
- Re: impossible circuit list-nanog

References:
- impossible circuit Jon Lewis
- Re: impossible circuit list-nanog
- Re: impossible circuit Jon Lewis

Prev by Date: Re: Is it time to abandon bogon prefix filters?
Next by Date: Re: impossible circuit
Date Index
Thread Index
Author Index
Historical