One of those that you see happening for years but never really bother to
find out. I was on TAC support one day when a customer asked the same so I
had to go and find out:
The answer is:
On Cisco routers, there is a rate limit on replies of ICMP port unreachable
of 500ms for prevention of DOS attacks.
So basically this is what happens with a sequence of 3 packets to the last
hop:
CiscoA sends a UDP packet to CiscoB with destination port 33434 and gets a
response, so immediately sends another UDP packet with destination port
33435.
This time there is no response because the final router will not respond
with another ICMP port unreachable for at least 500ms. Router A will wait
for 3 seconds for a reply, just in case.
CiscoA then sends the third UDP packet with destination port 33436 and gets
a response, because router B's 500ms timeout has expired.
The reason that this only happens on the last hop is because all other
responses along the way are TTL expired, as opposed to the last hop which is
an ICMP port unreachable.
If you've got an IOS of 12.1 or after you can control the timeout with:
ip icmp rate-limit unreachable
no ip icmp rate-limit unreachable
A little bit of useless (or maybe not) information, but amazing how often
the question crops up.
Hope this helps,
Gareth
""Tay Chee Yong"" wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hi,
>
> May I know why is it that whenever we do a traceroute to a destination,
the
> last hop will sometimes have a "!X" instead of the TTL value returned?
> Sometimes it will also have an "*" at the last TTL value, why is this so??
>
> Is there any document on the net that explains the above mentioned issue.
> Would appreciate some guidance. Thanks.
>
> Regards,
> Cheeyong
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=18507&t=18347
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
