Re: Linux tunnels inherit TTL by default

To: debian-ipv6@lists.debian.org
Subject: Re: Linux tunnels inherit TTL by default
From: horape@tinuviel.compendium.net.ar
Date: Mon, 5 Nov 2001 20:33:27 -0300
Message-id: <[🔎] 20011105203327.A4531@tinuviel.compendium.net.ar>
In-reply-to: <20011023122709.B15803@eye-net.com.au>
Hola!

Sorry, short answer, i´m at class...

Yes, you should recommend using 64 (or some less arbitrary value based in
ipv4 network topology) as ttl in tunnels.

Not doing that break traceroutes and (lots more important, imho), BGP sessions.

(And it´s very unfunny debugging a BGP session when one side has the ttl 64
set and the other doesn´t...)

Saludos,
				HoraPe

On Tue, Oct 23, 2001 at 12:27:09PM +1000, Craig Small wrote:
> Hello,
>   I got this wierd problem where traceroutes would not work once I sent
> packets through my IPv6 tunnel.  I would get back ICMP ttl expired
> messages, but they were IPv4 icmp messages.
> 
> It seems that the tunnel packets were inheriting the TTL of the IPv6
> payload.  This meant the IPv4 routers carrying my tunnel packets dropped
> them on the floor.
> 
> Finally I tracked it down to a tunnel paramter, it seems that the
> inherit ttl is something that is on by default.  I think this is
> incorrect though.
> 
> rowlf:/home/csmall# ip tunnel show trumpet
> trumpet: ipv6/ip  remote 203.5.119.58  local 203.41.228.22  ttl inherit
> rowlf:/home/csmall# ip tunnel change trumpet ttl 64
> rowlf:/home/csmall# ip tunnel show trumpet
> trumpet: ipv6/ip  remote 203.5.119.58  local 203.41.228.22  ttl 64
> 
> Traceroute now works as it should.  Should I be recommending people set
> this ttl?
> 
>  - Craig
> 
> 
> Here is the "before" trace, nortice the TTL 
> 
> 08:39:19.759053 203.41.228.22 > 203.5.119.58: v6-in-v4
>                  3ffe:8001:6:10:201:3ff:fe40:a029 > 3ffe:501:4819:2000:280:adff:fe71:81fc  (v0, priority 8, flow 1196328, len 32, hop 1) 3ffe:8001:6:10:201:3ff:fe40:a029.40496 > 3ffe:501:4819:2000:280:adff:fe71:81fc.33434: udp 24 (DF) [ttl 1] (id 0)
> 08:39:24.757631 203.41.228.22 > 203.5.119.58: v6-in-v4
>                  3ffe:8001:6:10:201:3ff:fe40:a029 > 3ffe:501:4819:2000:280:adff:fe71:81fc  (v0, priority 8, flow 1196328, len 32, hop 1) 3ffe:8001:6:10:201:3ff:fe40:a029.40496 > 3ffe:501:4819:2000:280:adff:fe71:81fc.33434: udp 24 (DF) [ttl 1] (id 0)
> 08:39:24.917585 139.130.45.1 > 203.41.228.22: icmp: time exceeded in-transit [tos 0xc0] (ttl 255, id 30635)
> 08:39:29.756208 203.41.228.22 > 203.5.119.58: v6-in-v4
>                  3ffe:8001:6:10:201:3ff:fe40:a029 > 3ffe:501:4819:2000:280:adff:fe71:81fc  (v0, priority 8, flow 1196328, len 32, hop 1) 3ffe:8001:6:10:201:3ff:fe40:a029.40496 > 3ffe:501:4819:2000:280:adff:fe71:81fc.33434: udp 24 (DF) [ttl 1] (id 0)
> 08:39:29.906165 139.130.45.1 > 203.41.228.22: icmp: time exceeded in-transit [tos 0xc0] (ttl 255, id 30667)
> 08:39:34.754785 203.41.228.22 > 203.5.119.58: v6-in-v4
>                  3ffe:8001:6:10:201:3ff:fe40:a029 > 3ffe:501:4819:2000:280:adff:fe71:81fc  (v0, priority 8, flow 1196328, len 32, hop 2) 3ffe:8001:6:10:201:3ff:fe40:a029.40496 > 3ffe:501:4819:2000:280:adff:fe71:81fc.33434: udp 24 (DF) (ttl 2, id 0)
> 08:39:34.914740 203.50.15.195 > 203.41.228.22: icmp: time exceeded in-transit [tos 0xc0] (ttl 254, id 18731)
> 08:39:39.763359 203.41.228.22 > 203.5.119.58: v6-in-v4
>                  3ffe:8001:6:10:201:3ff:fe40:a029 > 3ffe:501:4819:2000:280:adff:fe71:81fc  (v0, priority 8, flow 1196328, len 32, hop 2) 3ffe:8001:6:10:201:3ff:fe40:a029.40496 > 3ffe:501:4819:2000:280:adff:fe71:81fc.33434: udp 24 (DF) (ttl 2, id 0)
> 08:39:39.923314 203.50.15.195 > 203.41.228.22: icmp: time exceeded in-transit [tos 0xc0] (ttl 254, id 18741)
> 08:39:44.761937 203.41.228.22 > 203.5.119.58: v6-in-v4
>                  3ffe:8001:6:10:201:3ff:fe40:a029 > 3ffe:501:4819:2000:280:adff:fe71:81fc  (v0, priority 8, flow 1196328, len 32, hop 2) 3ffe:8001:6:10:201:3ff:fe40:a029.40496 > 3ffe:501:4819:2000:280:adff:fe71:81fc.33434: udp 24 (DF) (ttl 2, id 0)
> 08:39:44.921891 203.50.15.195 > 203.41.228.22: icmp: time exceeded in-transit [tos 0xc0] (ttl 254, id 18759)
> 08:39:49.760514 203.41.228.22 > 203.5.119.58: v6-in-v4
>                  3ffe:8001:6:10:201:3ff:fe40:a029 > 3ffe:501:4819:2000:280:adff:fe71:81fc  (v0, priority 8, flow 1196328, len 32, hop 3) 3ffe:8001:6:10:201:3ff:fe40:a029.40496 > 3ffe:501:4819:2000:280:adff:fe71:81fc.33434: udp 24 (DF) (ttl 3, id 0)
> 08:39:49.940463 203.50.12.181 > 203.41.228.22: icmp: time exceeded in-transit [tos 0xc0] (ttl 253, id 56462)
> 08:39:54.769089 203.41.228.22 > 203.5.119.58: v6-in-v4
>                  3ffe:8001:6:10:201:3ff:fe40:a029 > 3ffe:501:4819:2000:280:adff:fe71:81fc  (v0, priority 8, flow 1196328, len 32, hop 3) 3ffe:8001:6:10:201:3ff:fe40:a029.40496 > 3ffe:501:4819:2000:280:adff:fe71:81fc.33434: udp 24 (DF) (ttl 3, id 0)
> 08:39:54.989026 203.50.12.181 > 203.41.228.22: icmp: time exceeded in-transit [tos 0xc0] (ttl 253, id 56508)
> -- 
> Craig Small VK2XLZ  GnuPG:1C1B D893 1418 2AF4 45EE  95CB C76C E5AC 12CA DFA5
> Eye-Net Consulting http://www.eye-net.com.au/        <csmall@eye-net.com.au>
> MIEEE <csmall@ieee.org>                 Debian developer <csmall@debian.org>
> 
> 
> -- 
> To UNSUBSCRIBE, email to debian-ipv6-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

-- 
					HoraPe
---
Horacio J. Peña
horape@compendium.com.ar
horape@uninet.edu
bofh@puntoar.net.ar
horape@hcdn.gov.ar
Reply to:
Prev by Date: Re: rsync ipv6 patch merge?
Next by Date: Newbie help / Project status query
Previous by thread: Re: rsync ipv6 patch merge?
Next by thread: Newbie help / Project status query
Index(es):
- Date
- Thread