Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations IamaSherpa on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Troubleshooting sudden drops in TTL

Status
Not open for further replies.
dozier

dozier

MIS
Apr 17, 2001
88
US
Hello,

I've been trying to troubleshoot a situation where a there is a TCP connection between point A (the client) and point B (the server) periodically failing. This connection traverses a variety of mediums including ethernet segments, point-to-point T1, internet VPN, and MPLS and spans the networks of three separate business entities (not including the internet path). One thing I'm seeing in packet captures is that everything is fine, and then all of the sudden the TTL drops on packets sourced from point A so much that they never make it all the way to point B. I'm trying to figure out why and where this is happening.

Here's a simple layer 3 diagram of the path.

[Point A]->[Cisco branch firewall]->[Cisco core firewall]->[Cisco VPN router]->[Cisco VPN headend]->[Cisco PPS firewall]->[Cisco MPLS router]->??->[Point B]

I have captures running at the 3 Cisco firewalls and it is between the core firewall and PPS firewall that the TTL on these packets suddenly plunges. There are no apparent communications issues, and while I understand the internet is a wildcard, I'm not seeing how anything on the internet could result in the TTL being lowered since they are encrypted IPSEC VPN tunnels for the duration of the internet trip.

Does anyone know how I can view the TTL of these packets on the Cisco routers? Packet debugging (even detailed) does not seem to display the TTL.

Thanks.
 
Sort by date Sort by votes
Assuming you are correct that TTL timeout is the issue, is it only in one direction when the problem occurs, or in both? Usually if TTL is changing it means the path is changing, such that more hops are taken. I'd run some trace routes before and during this problem (trace from both directions) to confirm layer 3 pathing. If it takes it to the point of TTL timeout, typically that would be a routing loop somewhere.

CCNP, CCDP, CCIP
 
Upvote 0 Downvote
This issue seems to happen very sporadically and does not last very long, which makes doing traceroutes while it is occurring very problematic.

So, no ideas on how to see the TTL info in a Cisco router IP debug or something similar?
 
Upvote 0 Downvote
You could run wireshark somewhere to see the TTL. The Cisco ASA/PIX firewalls also have a packet capturing feature that you can use to capture the packets as well.
 
Upvote 0 Downvote
Lets start from the beginning: what are you seeing that leads you to believe that TTL is hitting 0? When this happens, are there any logs inn any routers regarding routing convergence or link failures? TTL hitting 0 would mean a routing loop.

CCNP, CCDP, CCIP
Core Network Planner, ISP
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

PThomp3344
  • Locked
  • Question
Trying to connect to Cisco Unified Controller web interface: UC520W-16U-4FXO-K9
Replies
1
Views
257
bdk76
bdk76
stanlyn
  • Locked
  • Question
HowTo Install Multiple PAP2T ATA Devices on Same Lan
Replies
3
Views
252
iggsterman
iggsterman
Willi DB
  • Locked
  • Question
Polycom410 Forward an incoming call
Replies
0
Views
119
Willi DB
Willi DB
DrB0b
  • Locked
  • Question
Known issues or dangers in purchasing L3 switches that are used
Replies
3
Views
148
CASSBusinessSystems
CASSBusinessSystems
CDIV
  • Locked
  • Question
How do I enable SSH access in 2960x 1
Replies
4
Views
670
iggsterman
iggsterman

Part and Inventory Search

Sponsor

Back
Top