[vox-tech] Why I'll Never Be a Network Admin Guy

[Ted Deppner]

On Tue, Oct 22, 2002 at 12:22:56PM -0700, Richard Crawford wrote:
> >From dist2-vlan10.scrm01.pbi.net (64.171.152.3): Time to live exceeded
> >From dist2-vlan10.scrm01.pbi.net (64.171.152.3): Time to live exceeded
> >From dist2-vlan10.scrm01.pbi.net (64.171.152.3): Time to live exceeded
> 
> So what does "Time to live exceeded" mean?

packets have a TTL value assigned to them by the originating computer (ie
where you did the ping from).  Different machines have different ttl
values, most commonly being 64 but can be as high as 127 or 255 I believe.
Each router that forwards the packet decrements the TTL by 1, and when it
reaches zero, that router returns an ICMP packet with a TTL exceeded
error.

This specific error usually means a link or router is down, and your
packet is being ping-ponged back and forth between the two routers just
before that downed link or downed router.  This can most easily be seen by
a traceroute, where the packet hits rtr A, then rtr B, then A, then B,
etc.

This problem of ping-pong is *always* a misconfiguration on the farthest
out reachable router, regardless of why the link or other router is down.
It indicates sloppiness on the part of the person configuring that
farthest out reachable router... in other words, he/she isn't a good
network admin guy.

That said, the correct behavior is an ICMP "destination unreachable",
which is far more informative.

To illustrate:

You -> routerA -> routerB -> routerC -> Destination
this link goes down       ^

routerB looses the knowledge that the Destination is reachable through
routerC, but doesn't tell routerA that it can no longer reach Destination.
routerB's default behavior takes over, which is to send traffic to
routerA.

routerA, still believing routerB can reach Destination sends the packet to
routerB.  routerB, not knowing better, sends the traffic to routerA.
rinse and repeat.

-- 
Ted Deppner
http://www.psyber.com/~ted/