[vox-tech] Why I'll Never Be a Network Admin Guy

vox-tech@lists.lugod.org vox-tech@lists.lugod.org
Tue, 22 Oct 2002 15:02:20 -0700 

On Tue, Oct 22, 2002 at 01:18:50PM -0700, Ted Deppner wrote:
> On Tue, Oct 22, 2002 at 12:22:56PM -0700, Richard Crawford wrote:
> > >From dist2-vlan10.scrm01.pbi.net (64.171.152.3): Time to live exceeded
> > >From dist2-vlan10.scrm01.pbi.net (64.171.152.3): Time to live exceeded
> > >From dist2-vlan10.scrm01.pbi.net (64.171.152.3): Time to live exceeded
> > 
> > So what does "Time to live exceeded" mean?
> 
> packets have a TTL value assigned to them by the originating computer (ie
> where you did the ping from).  Different machines have different ttl
> values, most commonly being 64 but can be as high as 127 or 255 I believe.
> Each router that forwards the packet decrements the TTL by 1, and when it
> reaches zero, that router returns an ICMP packet with a TTL exceeded
> error.

(Since everyone else has provided the answers to this, I'll just provide
some links and a comment...)

Yep. TTL is part of IP/Layer3 and is helpful with routing of packets.
Generally, the host that drops the packet after 0 is reaches sends the
ICMP response on TTL excession.

Since it is an 8 bit field, the max value represented (unsigned) is 255.
More info on IP fields and brief descriptions of what they mean/do:

http://mike.passwall.com/networking/ippacket.html#TTL

Some brief coverage of TCP, UDP and ICMP too if you like this kinda
stuff:
http://mike.passwall.com/networking/tcppacket.html
http://mike.passwall.com/networking/udppacket.html
http://mike.passwall.com/networking/icmppacket.html

> This specific error usually means a link or router is down, and your
> packet is being ping-ponged back and forth between the two routers just
> before that downed link or downed router.  This can most easily be seen by
> a traceroute, where the packet hits rtr A, then rtr B, then A, then B,
> etc.
> 
> This problem of ping-pong is *always* a misconfiguration on the farthest
> out reachable router, regardless of why the link or other router is down.
> It indicates sloppiness on the part of the person configuring that
> farthest out reachable router... in other words, he/she isn't a good
> network admin guy.
> 
> That said, the correct behavior is an ICMP "destination unreachable",
> which is far more informative.
> 
> To illustrate:
> 
> You -> routerA -> routerB -> routerC -> Destination
> this link goes down       ^
> 
> routerB looses the knowledge that the Destination is reachable through
> routerC, but doesn't tell routerA that it can no longer reach Destination.
> routerB's default behavior takes over, which is to send traffic to
> routerA.
> 
> routerA, still believing routerB can reach Destination sends the packet to
> routerB.  routerB, not knowing better, sends the traffic to routerA.
> rinse and repeat.
> 
> -- 
> Ted Deppner
> http://www.psyber.com/~ted/
> _______________________________________________
> vox-tech mailing list
> vox-tech@lists.lugod.org
> http://lists.lugod.org/mailman/listinfo/vox-tech

-- 
-----BEGIN GEEK CODE BLOCK-----
Version: 3.12
GCS/CM$/IT$/LS$/S/O$ !d--(++) !s !a+++(-----) C++$(++++) U++++$(+$) P+$>+++ 
L+++$(++) E W+++$(+) N+ o K w+$>++>+++ O-@ M+$ V-$>- !PS !PE Y+ PGP++
t@-(++) 5+@ X@ R- tv- b++ DI+++ D+ G--@ e+>++>++++ h(++)>+ r*>? z?
------END GEEK CODE BLOCK------
decode: http://www.ebb.org/ungeek/ about: http://www.geekcode.com/geek.html
  Campus IT(/OS Security): Operating Systems Support Specialist Assistant