Re: [44net] N1URO and traceroute. Was: Iperf server for public use - 44net

26 Jul 2015

...
  Subject:
 Re: [44net] N1URO and traceroute. Was: Iperf server for public use
 From:
 Brian Kantor &lt;Brian(a)UCSD.Edu&gt;
 Date:
 07/26/2015 05:06 AM

 To:
 AMPRNet working group &lt;44net(a)hamradio.ucsd.edu&gt;

 On Sat, Jul 25, 2015 at 09:55:32PM -0500, Steve L wrote:
  >To traceroute over a tunnel, you may have to
change the TTL to 64 like so:  Strange advice, considering how traceroute works,
which is to send packets
 with very low TTLs (starting with a TTL of 1 and working up to 30 in most
 implementations).  If it really makes a difference to set the tunnel TTL
 to 64 in order to get traceroute to work, something very strange is going on. 
The problem is that the default setting of the ipip tunnel in Linux is to copy the TTL of
the
packet being encapsulated into the outer IP header.  When you traceroute, the packet sent
to the
public IP of the tunnel endpoint will have the low TTL that traceroute is using, and so
that
packet will not make it to the destination over the internet until that TTL is
sufficiently
high, can be something like 10-15 these days.   So you will see many lines of * * *
before
finally something comes back, and often you will have interrupted the traceroute by then.

When the fixed TTL of 64 is set as shown with ip tunnel change ttl 64 ..., the
encapulation
will put a fixed TTL of 64 in the outer IP header, so it makes it through the other end
of
the IP tunnel in one traceroute hop, and you can traceroute without problem.  Of course
you
cannot see the hops the encapsulated packet takes over the internet, but with a standard
traceroute you cannot see those anyway.

For normal traffic there is no difference, as long as sufficient TTL remains in the inner
IP
packet at the moment it is copied to the outer header for that packet to make it over the
internet.   So when the source sets a TTL of 64 or 255, it will be fine.

Rob