[j-nsp] network engineering

Richard A Steenbergen ras at e-gerbil.net
Sat Feb 28 02:42:50 EST 2009


On Sat, Feb 28, 2009 at 12:21:26AM +0100, Matthias Gelbhardt wrote:
> Hi!
> 
> Sorry for bringing this up again, but something bothers me.
> 
> On several targets the traceroute or mtr is not going through clean,  
> whereas on my home dsl line it is. I thought about, that every target  
> where we have asymmetric routing is behaving like this, but if you  
> say, asymmetric routing is something completely normal, than the  
> reason, why the mtr is not going through clean, has to be something  
> different?

In your first example (I don't see any other working vs non-working
comparisons of the same path), the dropped hop is a RFC1918 address. In
all likelihood someone has a packet filter blocking the RFC1918 sourced
return packet from making it back to you, thus breaking your traceroute
on this hop. This is a common side effect of uRPF loose filtering, which
can also block public exchange points (which use IP blocks that are
typically not found in the global routing table), but it could just be
some paranoid person with an unnecessary hatred for RFC1918 packets. In
practice it is typically a better idea to rate limit these packets
rather than block them completely, so as not to disturb traceroute (and
thus incite people to send a lot of annoying emails about it).

-- 
Richard A Steenbergen <ras at e-gerbil.net>       http://www.e-gerbil.net/ras
GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)


More information about the juniper-nsp mailing list