AI, ML, Development + Cisco Learning Blog Learning about Machine Learning, Artificial Intelligence, related devlopment topics and formerly Routing and Switching, Datacenter, Security and other topics, CCIE #23664, Frank Wagner

26. Mai 2006

traceroute and icmp rate-limit unreachable

Filed under: IP and IOS Features — ocsic @ 06:33

I had this problem, that every second packet of a traceroute from a cisco router to another was lost. I could reproduce this easyly. It doesn’t matter, how many other router’s had been in between. So i thought this might be an IOS bug. But i found out it isn’t. It’s a feature. 🙂 As you can see, the second packet is always missing.

Here an example:

r1#traceroute 192.168.2.1

Type escape sequence to abort.
Tracing the route to 192.168.2.1

1 172.20.44.2 16 msec 16 msec 16 msec
2 172.10.144.2 16 msec * 16 msec

r1#traceroute 192.168.2.1

Type escape sequence to abort.
Tracing the route to 192.168.2.1

1 172.20.44.2 16 msec 16 msec 16 msec
2 172.10.144.2 20 msec * 16 msec

To limit the rate of ICMP unreachable, there is an limit to 500 ms. This is a protection for denial of service attacks.

If you want to turn it of, you can use the

“ no ip icmp rate-limit unreachable“ command.

There is a quite good description of the traceroute command on the ciscowbsite. Cisco site info on traceroute

I found this quite interesting.

Keine Kommentare »

No comments yet.

RSS feed for comments on this post. TrackBack URL

Leave a comment

Powered by WordPress