[c-nsp] Weird Traceroute Issue to Specific Destination

Paul Stewart paul at paulstewart.org
Tue Sep 21 14:39:59 EDT 2010


Thanks to everyone... yeah, this is a very strange issue.  We've tested
about 150 destinations through that path so far and only one of the
destination IP's has given us the weird timeouts in the traceroute (which
results in the traffic not passing specific to that destination).

Last night, we had the opportunity to do a maintenance window and rebooted
the 6500 and 7206VXR closest to the customer - no change.  They had been up
for about a year...

No, there isn't any security related devices sitting along there - we have
them, just not in that part of the network.  They are not inline neither...

We'll keep poking away - appreciate it..

Paul


-----Original Message-----
From: Heath Jones [mailto:hj1980 at gmail.com] 
Sent: September-21-10 12:59 PM
To: Paul Stewart
Cc: Gert Doering; cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] Weird Traceroute Issue to Specific Destination

So far, it's got me stumped! Put some port mirroring and capture from
that 6500 perhaps..
My mind is hovering somewhere around ttl / forward path being ok, but
return broken for some reason.. but I don't think it will have any
success.
Its worth checking (as Brian said) 'show ip cef exact-route' (it's not
mpls specific). Based on the info so far, the forward path seems ok.

Some people have 'passive' security related devices sitting in the
middle that they don't tell anyone about - is that a possibility in
your network?

I'll let you know if I have further thoughts, but good luck with it!!



> No, pure co-incidence ... the first couple of octets are significantly
> difference but good catch ;)
>
> If nobody can find anything obvious here (appreciate all the input and
> troubleshooting ideas) then we'll keep poking away and take this back
> offlist on my side....




More information about the cisco-nsp mailing list