[TriLUG] OT: Traceroute / routing question

Wed Mar 2 12:46:07 EST 2011

On Wed, 2 Mar 2011, Brian Henning wrote:

> Hi,
>
> Someone who knows more about routing might be able to answer this for me.
>
> At my office, our local LAN is on a subnet, let's call it 192.168.A.0/24.
> At our parent office far away, their LAN is on a subnet let's call
> 192.168.B.0/24.
> We have a hardware VPN (SonicWall endpoints) configured between the two.
> The SonicWall devices are also our gateways.
>
> What confuses me is that tracert tells me my .A machine can reach a .B
> machine in one hop:
>
> C:\Users\bhenning
> Yes? tracert 192.168.B.xxx
>
> Tracing route to 192.168.B.xxx
> over a maximum of 30 hops:
>
>  1    46 ms    46 ms    46 ms  192.168.B.xxx
>
> Trace complete.
>
> ...but my local routing table does not seem to include specific routing for
> .B:
>
> IPv4 Route Table
> ===========================================================================
> Active Routes:
> Network Destination        Netmask          Gateway       Interface  Metric
>          0.0.0.0          0.0.0.0   192.168.A.yyy     192.168.A.xxx     20
>        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
>        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
>  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
>      192.168.A.0    255.255.255.0         On-link     192.168.A.xxx    276
>    192.168.A.xxx  255.255.255.255         On-link     192.168.A.xxx    276
>    192.168.A.255  255.255.255.255         On-link     192.168.A.xxx    276
>        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
>        224.0.0.0        240.0.0.0         On-link     192.168.A.xxx    276
>  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
>  255.255.255.255  255.255.255.255         On-link     192.168.A.xxx    276
> ===========================================================================
>
> What I don't understand is why doesn't tracert show the router (at
> 192.168.A.yyy) as a hop between me and the .B machine?  (If our netmask were
> /16, I'd understand, but it's /24...)

This just means that the SonicWalls are not decrementing IP TTL for 
traffic they pass over the VPN, so a packet with a TTL of 1 can make it 
all the way to the destination.

> For comparison, I just got an AT&T 3G MicroCell at home.  I put it on a
> (logically but not physically) separate subnet from the rest of my LAN so
> that I could firewall it off and lessen the possibility of AT&T snooping
> around my network (a little paranoia never hurt anyone!).  I haven't set up
> the firewall rules yet, so I can ping it from the rest of my LAN.  When I
> tracert it, the router[1] DOES show up as a hop:
>
> C:\Documents and Settings\brian>tracert 10.32.4.103
>
> Tracing route to 10.32.4.103 over a maximum of 30 hops
>
>  1   160 ms     1 ms     1 ms  192.168.0.80
>  2     3 ms     3 ms     3 ms  10.32.4.103
>
> Trace complete.
>
> Why's there a difference?

In this case, the router is decrementing the TTL and returning an error 
when it reaches 0. Since you say the router is running linux, this is not 
surprising. The difference is due to the different behavior of linux's 
routing code VS the SonicWall software.

 			Alexey