Subject: Re: [44net] N1URO and traceroute. Was: Iperf server for public use From: Brian Kantor Brian@UCSD.Edu Date: 07/26/2015 05:06 AM
To: AMPRNet working group 44net@hamradio.ucsd.edu
On Sat, Jul 25, 2015 at 09:55:32PM -0500, Steve L wrote:
To traceroute over a tunnel, you may have to change the TTL to 64 like so:
Strange advice, considering how traceroute works, which is to send packets with very low TTLs (starting with a TTL of 1 and working up to 30 in most implementations). If it really makes a difference to set the tunnel TTL to 64 in order to get traceroute to work, something very strange is going on.
The problem is that the default setting of the ipip tunnel in Linux is to copy the TTL of the packet being encapsulated into the outer IP header. When you traceroute, the packet sent to the public IP of the tunnel endpoint will have the low TTL that traceroute is using, and so that packet will not make it to the destination over the internet until that TTL is sufficiently high, can be something like 10-15 these days. So you will see many lines of * * * before finally something comes back, and often you will have interrupted the traceroute by then.
When the fixed TTL of 64 is set as shown with ip tunnel change ttl 64 ..., the encapulation will put a fixed TTL of 64 in the outer IP header, so it makes it through the other end of the IP tunnel in one traceroute hop, and you can traceroute without problem. Of course you cannot see the hops the encapsulated packet takes over the internet, but with a standard traceroute you cannot see those anyway.
For normal traffic there is no difference, as long as sufficient TTL remains in the inner IP packet at the moment it is copied to the outer header for that packet to make it over the internet. So when the source sets a TTL of 64 or 255, it will be fine.
Rob