1

I am building an integrated network operations portal that ties together information from a number of resources. One thing I would like to understand is the topology of the network, and I am trying to use MTR to do so. Unfortunately I don't think it is able to indeitfy the IP address of the Switches, Firewall, or Virtual (vSphere) switches.

I know there are a couple of hops to get to that end point. And this output is useful, as I would be able to get understand the numbner of jumps between endpoints and therefore with enough data I will be able co confirm what is on the same sengment (logical or virtual), however I want to be able to understand how those segments fit together. 

$ mtr --show-ips  --report-wide 10.8.100.12
Start: Sat Feb 27 12:00:05 2016
HOST: tbrown                         Loss%   Snt   Last   Avg  Best  Wrst StDev
  1.|-- ???                            100.0    10    0.0   0.0   0.0   0.0   0.0
  2.|-- ???                            100.0    10    0.0   0.0   0.0   0.0   0.0
  3.|-- drblah02.xyz.com (10.8.100.12)  0.0%    10   76.2  76.1  73.7  80.7   2.3

Do these devices need to be enabled to provide this information somehow?

akaphenom
  • 143
  • 1
  • 7
  • 1
    mtr won't see the switches as they work at layer 2. – user9517 Feb 27 '16 at 17:25
  • hmm ok then. So does the above look indicative of layer 2 hops? My switches are Layer 3, but i are functioning most at layer 2 right now. – akaphenom Feb 27 '16 at 18:07
  • 2
    There's no such thing as a Layer 2 hop. If your switches are functioning as switches (as opposed to routers) then they won't show up in your trace. Hop count is a metric of how many routers the traffic passes through. – joeqwerty Feb 27 '16 at 18:21
  • OK thanks I am staring to undertsand a bit more. I need the right vocabulary to research and communicate. I will dig into the traceroute documentation, I get that only devides that decrement the TTL will get recorded. Why do some of those devices not report back the host - instead I am getting a *. – akaphenom Feb 27 '16 at 18:50
  • Oh man, don't take it personal but before starting an "integrated network mgmt portal" why not get accustomed with the basics first? *sigh* – Marki Feb 28 '16 at 14:54
  • Because I dig in and figure out what I don't know, then fill the gaps. – akaphenom Feb 29 '16 at 21:38

1 Answers1

1

The number of lines in the trace output will indicate how many times the hop limit (also called time to live) has been decreased on the path from you towards your peer. Thus a device which does not decrease the hop limit, will be invisible to the trace. For example switches will not be seen in the trace, because they operate at a lower layer than IP.

What also matters is how the device behaves once the hop limit goes to zero. If the device silently drops the packet, you will see a blank line. If the device produce an ICMP packet with a proper error code, you will see the source IP (or hostname) of that ICMP packet.

There are multiple possible reasons for a router to show up as a blank line in the trace:

  • It may configured to rate limit the amount of ICMP packets it will produce or to not send them at all.
  • It may have bugs in the ICMP generation (one possible bug is to use the remaining hop limit from the original packet in the ICMP packet).
  • It may not have enough CPU capacity to respond to all packets.

If you see multiple blank lines just before the final target, it is possibly to a bug in the IP stack on the target itself. If the target copies the hop limit from the original packet to the response, the response will not come back unless the original hop limit was enough to cover the route both ways. This will usually lead to the path looking twice as long as it really is - with no responses from the second half of the path.

kasperd
  • 30,455
  • 17
  • 76
  • 124
  • I wonder if it is based around the vSphere interface to the network. Also (oddly) there are nodes equi distant away (yet on different subnets) that come back with completely different routes. BTW thans for the reponse, i am understanding peice by peice. – akaphenom Feb 27 '16 at 19:25
  • vSphere networking doesn't route traffic. a vSphere vSwitch and the host pNIC won't add hops to the path. – joeqwerty Feb 27 '16 at 20:36