On Sat, Feb 28, 2009 at 12:21:26AM +0100, Matthias Gelbhardt wrote: > Hi! > > Sorry for bringing this up again, but something bothers me. > > On several targets the traceroute or mtr is not going through clean, > whereas on my home dsl line it is. I thought about, that every target > where we have asymmetric routing is behaving like this, but if you > say, asymmetric routing is something completely normal, than the > reason, why the mtr is not going through clean, has to be something > different?
In your first example (I don't see any other working vs non-working comparisons of the same path), the dropped hop is a RFC1918 address. In all likelihood someone has a packet filter blocking the RFC1918 sourced return packet from making it back to you, thus breaking your traceroute on this hop. This is a common side effect of uRPF loose filtering, which can also block public exchange points (which use IP blocks that are typically not found in the global routing table), but it could just be some paranoid person with an unnecessary hatred for RFC1918 packets. In practice it is typically a better idea to rate limit these packets rather than block them completely, so as not to disturb traceroute (and thus incite people to send a lot of annoying emails about it). -- Richard A Steenbergen <r...@e-gerbil.net> http://www.e-gerbil.net/ras GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC) _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp