Firewalls: Looping TRACERT?

Firewalls
(November 1996)

Indexed By Thread: [Previous] [Next]

Subject:	Looping TRACERT?
From:	Russ <Russ . Cooper @ RC . on . ca>
Date:	Wed, 27 Nov 1996 04:01:43 -0500
To:	"'Firewalls Mailing List'" <firewalls @ GreatCircle . COM>

Sorry for the off-topic post...
*
I like to think of myself as someone who has a pretty good grasp on
routing, but tonight I came across something which I didn't understand.
I'd appreciate it if someone could explain this one to me.
*
I was trying to connect to www.CIAC.com, but the browser was just
sitting there hanging trying to connect and eventually reported the
operation timed out. So I did a tracert to it and around hop 15, the
tracert started looping between two routers.
*
15   130 ms   151 ms   140 ms  tpa-max.THOUGHTPORT.NET [206.41.176.10]
 16   130 ms   140 ms   140 ms  CHI-Cisco01.thoughtport.COM
[199.171.236.1]
 17   190 ms   140 ms   141 ms  tpa-max.THOUGHTPORT.NET [206.41.176.10]
 18   130 ms   140 ms   140 ms  CHI-Cisco01.thoughtport.COM
[199.171.236.1]
 19   150 ms   160 ms   150 ms  tpa-max.THOUGHTPORT.NET [206.41.176.10]
 20   140 ms   160 ms   140 ms  CHI-Cisco01.thoughtport.COM
[199.171.236.1]
 21   140 ms   150 ms   150 ms  tpa-max.THOUGHTPORT.NET [206.41.176.10]
 22   151 ms   160 ms   140 ms  CHI-Cisco01.thoughtport.COM
[199.171.236.1]
 23   141 ms   160 ms   160 ms  tpa-max.THOUGHTPORT.NET [206.41.176.10]
 24   140 ms   130 ms   150 ms  CHI-Cisco01.thoughtport.COM
[199.171.236.1]
 25   150 ms   161 ms   140 ms  tpa-max.THOUGHTPORT.NET [206.41.176.10]
 26   140 ms   181 ms   170 ms  CHI-Cisco01.thoughtport.COM
[199.171.236.1]
 27   160 ms   161 ms   180 ms  tpa-max.THOUGHTPORT.NET [206.41.176.10]
 28   200 ms   171 ms   150 ms  CHI-Cisco01.thoughtport.COM
[199.171.236.1]
 29   160 ms   181 ms   350 ms  tpa-max.THOUGHTPORT.NET [206.41.176.10]
 30   190 ms   251 ms   240 ms  CHI-Cisco01.thoughtport.COM
[199.171.236.1]
*
So I get the Thoughtport Tech Admin on the phone (4:00am and he's in
his office, and he's answering his phone???). I tell him what's up, and
he says that if CIAC is down, then this type of action would be
normal???
*
Normal? I don't understand, why would two routers be pointing to each
other just because a route is down? Maybe its something real basic that
I'm missing here because I figured there was a problem, but I just
can't figure out why they would be pointing to each other and not
simply timing out. Is this the type of stuff we can look forward to
when we have redundant routes and parallel Firewalls?
*

Cheers,
Russ
R.C. Consulting, Inc. - NT/Internet Security Consulting
mailto:Russ .
 Cooper @
 RC .
 on .
 ca <-- *note the new address*

Follow-Ups:

Re: Looping TRACERT?
From: blake @ security . com (Scott Blake)

Indexed By Date	Previous:	Re: PIX vs Others From: Denis Vella <dvella @ ptl . com . mt>
Indexed By Date	Next:	Any major concerns with Firewall-1? From: "Vos, Arjan" <Vos . Arjan @ kpmg . nl>
Indexed By Thread	Previous:	http PORT by high SERVICE number says what ? From: Kim <cgkim @ rara . kotel . co . kr>
Indexed By Thread	Next:	Re: Looping TRACERT? From: blake @ security . com (Scott Blake)