[j-nsp] network engineering

Matthias Gelbhardt matthias at commy.de
Mon Mar 2 06:36:40 EST 2009


Hi!

To clarify my problem, I have found another example: www.snom.de

Trace from our core:

HOST: lyta.local                  Loss%   Snt   Last   Avg  Best  Wrst  
StDev
   1. 192.168.6.1                   0.0%    10    0.3   0.4   0.3    
0.6   0.1
   2. ge-00.cr1.ems.dlrz.net        0.0%    10   20.2  54.9   4.2  
371.3 111.4
   3. fe-00-508.ms.dlrz.net         0.0%    10    2.2   2.0   1.8    
2.6   0.2
   4. ulm1ip1-s-5-6-0.versatel.de   0.0%    10   29.4  17.3   2.2   
89.1  28.1
   5. 62.214.108.141                0.0%    10  155.7  42.5   1.8  
155.7  61.7
   6. 62.214.108.153                0.0%    10    3.7   3.8   3.3    
4.3   0.3
   7. 10g-8-1.dor002isp006.versate  0.0%    10    3.4   3.7   3.2    
4.6   0.5
   8. 10g-7-1.fra020isp006.versate  0.0%    10    7.8   9.3   7.5   
19.7   3.7
   9. ???                          100.0    10    0.0   0.0   0.0    
0.0   0.0
  10. ???                          100.0    10    0.0   0.0   0.0    
0.0   0.0
  11. ???                          100.0    10    0.0   0.0   0.0    
0.0   0.0
  12. w08.rzone.de                  0.0%    10   13.2  13.1  12.3   
13.8   0.4

 From home-dsl:

   1. ???                          100.0    10    0.0   0.0   0.0    
0.0   0.0
   2. bsn2.mun.qsc.de               0.0%    10  319.2 211.2  24.7  
320.7 110.3
   3. core1.mun.qsc.de              0.0%    10  328.4 211.4  23.9  
328.4 115.0
   4. core4.dus.qsc.de              0.0%    10  330.5 219.5  32.2  
330.5 111.0
   5. core1.dus.qsc.de              0.0%    10  365.3 232.1  32.3  
365.3 118.6
   6. core1.fra.qsc.de              0.0%    10  331.2 224.5  33.4  
337.7 110.3
   7. core2.fra.qsc.de              0.0%    10  330.1 237.1  33.5  
330.1 113.7
   8. atuin.rzone.de                0.0%    10  324.7 247.3  33.6  
324.7  86.4
   9. 85.214.1.249                 10.0%    10  338.5 261.2 183.0  
338.5  49.6
  10. 81.169.146.66                10.0%    10  333.0 263.5 177.2  
333.0  52.1
  11. w08.rzone.de                 10.0%    10  319.1 255.5 165.3  
338.9  60.2

And the trace, that lets me suspect, this has something to to with  
asymmetric routing:

 From Telecity 2 in Amsterdam, where the packets use a different  
carrier to be sent out:

   1. ge-1-0.3406.core3.ams1.nl.in  0.0%    10    1.1   1.7   0.7    
3.1   0.8
   2. tge-2-1.bbr1.fra3.de.inetbon  0.0%    10    8.4  10.2   8.1   
20.2   3.6
   3. atuin.rzone.de                0.0%    10    9.1   9.6   9.1   
11.3   0.9
   4. 85.214.1.249                  0.0%    10   10.2  13.4  10.2   
30.4   6.2
   5. 81.169.146.70                 0.0%    10   10.2  10.8  10.1   
11.2   0.5
   6. w08.rzone.de                  0.0%    10   11.3  11.6  11.2   
15.2   1.2

There seems to be a black hole on the way to the target, when I am  
tracing from the office...

I never had experienced something like that on my home-dsl line or  
when using only one upstream.

Regards,

Matthias





Am 28.02.2009 um 08:42 schrieb Richard A Steenbergen:

> On Sat, Feb 28, 2009 at 12:21:26AM +0100, Matthias Gelbhardt wrote:
>> Hi!
>>
>> Sorry for bringing this up again, but something bothers me.
>>
>> On several targets the traceroute or mtr is not going through clean,
>> whereas on my home dsl line it is. I thought about, that every target
>> where we have asymmetric routing is behaving like this, but if you
>> say, asymmetric routing is something completely normal, than the
>> reason, why the mtr is not going through clean, has to be something
>> different?
>
> In your first example (I don't see any other working vs non-working
> comparisons of the same path), the dropped hop is a RFC1918 address.  
> In
> all likelihood someone has a packet filter blocking the RFC1918  
> sourced
> return packet from making it back to you, thus breaking your  
> traceroute
> on this hop. This is a common side effect of uRPF loose filtering,  
> which
> can also block public exchange points (which use IP blocks that are
> typically not found in the global routing table), but it could just be
> some paranoid person with an unnecessary hatred for RFC1918 packets.  
> In
> practice it is typically a better idea to rate limit these packets
> rather than block them completely, so as not to disturb traceroute  
> (and
> thus incite people to send a lot of annoying emails about it).
>
> -- 
> Richard A Steenbergen <ras at e-gerbil.net>       http://www.e-gerbil.net/ras
> GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1  
> 2CBC)



More information about the juniper-nsp mailing list