Just as a FYI TTL is nothing to do with Hops its to do with DNS caching time i believe
I would like to sanity check my and everybody in my offices thought process on this one. We have a client who intermittently see's the internet connection drop, We are always able to see the router on its internal and external addresses (both public). What we are not able to see is the Watchguard firewall on the other side of the router. (see attached image - IPS are not correct but just examples).
During a period of outage the connection between the Cisco and the Watchguard goes down - a duplex mismatch maybe... no both set to 100 Full (already tried that). EDIT: The Watchguard is set to 100 Full, the Cisco auto as when set to 100 full too we got TTL expired in transit
But what I have noticed is that if from my office I ping the cisco on both its external and internal public IP I get a TTL of 246 (which is correct as 9 router hops to the Cisco), from my office to the Watchguard the TTL is 54! So between the Cisco and the Watchguard which is a direct connection they are losing 192 hops somewhere.
The other strange thing is to bring the line back up you can either reset the Watchguard OR the rad unit. Both of these devices bring the line up.
Now in my head I am pointing at the Cisco being at fault for some bizarre reason. The ISP have gone away to look as to what could be causing the issue, but the guy i've been speaking with thinks it could be the firmware on the Rad unit.
For anybody not familiar with the Rad unit its this EFM DSL Network Termination Unit LA-210 essentially a termination unit for the EFM line which basicly provides the facility to bond the (in this case) 4 pairs.
Any body any ideas what else it could be? Am I right in thinking this is an issue with the cisco router? (model unknown).
EDIT: could a mod change the title to Sanity check my thought process - Internet Connection Cisco Issue
Last edited by glennda; 12th April 2013 at 05:49 PM.
as it says its there to stop a packet floating round the internet space for ever if it cannot be routed to its destination.The time-to-live value can be thought of as an upper bound on the time that an IP datagram can exist in an Internet system. The TTL field is set by the sender of the datagram, and reduced by every router on the route to its destination. If the TTL field reaches zero before the datagram arrives at its destination, then the datagram is discarded and an ICMP error datagram (11 - Time Exceeded) is sent back to the sender. The purpose of the TTL field is to avoid a situation in which an undeliverable datagram keeps circulating on an Internet system, and such a system eventually becoming swamped by such "immortals".
Last edited by glennda; 12th April 2013 at 06:03 PM.
So what about a trace route to find the hops?
TTL on a Ping result is exactly as @glennda describes.
IGNORE(what cisco is it?) re-read model unknown!
Last edited by ConradJones; 12th April 2013 at 09:18 PM.
yeah its not my Cisco but i'm trying to make sure i don't look a fool to my client!
its difficult to say with out looking at it, it could be the cisco or it could be something as simple as an iffy cable. you need to go thing each thing methodically (not always easy, you don't always have an indentically configured everything lying aroung)
Can you post a traceroute to both the router and firewall?
Also, have you compare the routing tables on both?
Do a "show interfaces counters errors" on the Cisco device, and look for CRC or Frame errors.
I'm not sure if it is the config they have on there cisco's but I have just checked one of the others and it does exactly the same. Ping to router directly TTL=246 ping to firewall behind it TTL=54!
Bizarre - the traces don't show anything out of the ordinary (not even any time outs).
Sounds like a routing issue, unlikely to be a loop between the router and the FW as the packet gets there eventually. You will need some output from the ISP to determine the issue. At the very least ask for a show ip int brief | ex unass and also a show ip route and show int counters errors.
Yip link flapping that would do it ! :-) Glad it's sorted.
There are currently 1 users browsing this thread. (0 members and 1 guests)