Why can packets be lost at low ttl?

L

LAG_LAGbI42016-12-29 13:06:29

Computer networks

LAG_LAGbI4, 2016-12-29 13:06:29

Is kerio on one physical port of LAN ip 192.168.1.252/24 is configured, and also the additional address 10.11.0.1/16. DHCP issues ip addresses from the network 192.168.1.0/24.
There is a computer which received the address on DHCP.
From the computer the gateway 192.168.1.252 perfectly responds and other computer 10.11.0.2. No loss, 1ms latency.
But if you execute the tracert command, miracles begin.

Код:
C:\Users\user>tracert 10.11.0.2

Трассировка маршрута к 10.11.0.2 с максимальным числом прыжков 30

  1     1 ms    <1 мс     1 ms  control [192.168.1.252]
  2     5 ms     1 ms     2 ms  10.11.0.2

Трассировка завершена.

C:\Users\user>tracert 10.11.0.2

Трассировка маршрута к 10.11.0.2 с максимальным числом прыжков 30

  1     1 ms    <1 мс     *     control [192.168.1.252]
  2    <1 мс    <1 мс    <1 мс  10.11.0.2

Трассировка завершена.

C:\Users\user>tracert 10.11.0.2

Трассировка маршрута к 10.11.0.2 с максимальным числом прыжков 30

  1     *        *        1 ms  control [192.168.1.252]
  2    <1 мс    <1 мс    <1 мс  10.11.0.2

Трассировка завершена.

same when pinging

Код:
C:\Users\user>ping 10.11.0.2 -i 1 -n 100
Превышен интервал ожидания для запроса.
Ответ от 192.168.1.252: Превышен срок жизни (TTL) при передаче пакета.
...
Статистика Ping для 10.11.0.2:
    Пакетов: отправлено = 100, получено = 61, потеряно = 39
    (39% потерь)

Here I am tormented by the question: what can be happening here at all?

Reply

Answer the question

In order to leave comments, you need to log in

4 answer(s)

D

Dmitry Krymtsev, 2016-12-29
@krimtsev

well, that's logical.
-i 1 do you know what it is responsible for? TTL packet lifetime ( Time to live )
also read here

R

res2001, 2016-12-29
@res2001

The problem is probably not TTL.
Perhaps your kerio is very busy with something, which is why it does not have time to process packets.
Or maybe he is fighting DOS attacks via ICMP in this way. Look at settings kerio in this direction.
Also, for testing, try this:
ping 192.168.0.252 -t
I think that ping dips will begin to appear here as well.
If the rest of the performance suits, then you can score.

D

Dark Hole, 2016-12-29
@abyrkov

Question in response to the question: what is wrong here ?!

M

Mystray, 2016-12-30
@Mystray

Kerio is not obliged to respond to you with ttl exceeded for each transit packet.
What's the point of this?
The router will respond once per second / two / five that there is a problem, and this is enough to understand it.
Almost all network equipment has limits on the number of ICMP error reports generated.