Forum Discussion
John_Butala
Nimbostratus
NimbostratusHow to avoid using traceroute -I option on servers behind BIGIPs
traceroute www.f5.com
traceroute to www.f5.com (65.61.115.222), 64 hops max, 52 byte packets
1 * * *
2 * * *
^C
traceroute -I www.f5.com
traceroute to www.f5.com (65.61.115.222), 64 hops max, 72 byte packets
1 206.196.142.92 (206.196.142.92) 0.272 ms 0.201 ms 0.228 ms
2 hlr-svcs-03-86 (206.196.142.204) 0.730 ms 0.435 ms 0.480 ms
3 hlr-core-01 (205.171.253.125) 0.475 ms 0.450 ms 0.463 ms
4 spk-core-02 (67.14.1.249) 24.595 ms 24.788 ms 24.560 ms
5 spk-edge-04 (205.171.153.58) 24.710 ms 24.692 ms 24.561 ms
6 63.149.216.130 (63.149.216.130) 25.122 ms 25.264 ms 25.207 ms
7 vss-20g-po6.spkn.tierpoint.com (65.61.96.118) 25.067 ms 25.246 ms 25.198 ms
8 www-llix.f5.com (65.61.115.222) 25.569 ms 25.262 ms 25.075 ms
9 www-llix.f5.com (65.61.115.222) 26.594 ms 25.570 ms 25.867 ms
ping www.f5.com
PING www.f5.com (65.61.115.222): 56 data bytes
64 bytes from 65.61.115.222: icmp_seq=0 ttl=246 time=26.166 ms
64 bytes from 65.61.115.222: icmp_seq=1 ttl=246 time=26.082 ms
64 bytes from 65.61.115.222: icmp_seq=2 ttl=246 time=26.260 ms
64 bytes from 65.61.115.222: icmp_seq=3 ttl=246 time=26.136 ms
64 bytes from 65.61.115.222: icmp_seq=4 ttl=246 time=26.470 ms
^C
--- www.f5.com ping statistics ---
5 packets transmitted, 5 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 26.082/26.223/26.470/0.136 ms
- Traceroute uses a UDP datagram packet by default. There is a possibility that Qwest may be blocking these packets destined for UDP ports 33434 to 33534. By using the '-I' flag you are telling traceroute to conduct the probe using ICMP echos. It doesn't appear that they are doing anything with ICMP echo requests, so that is why 'traceroute -I' and ping are working.
-George 
John_ButalaI work at Qwest and I'm doing the traceroute from our servers behind our BIGIPs. It seems that the BIGIP is doing something unexpected (from my perspective) with the UDP ICMP packets. I have a Standard UDP virtual server configured to forward all traffic and all ports. What is the best way for me to forward the UDP ICMP packets unfettered (and have the default traceroute report correctly) ?- Check your version of LTM against this known issue: http://support.f5.com/kb/en-us/solutions/public/7000/400/sol7459.html
-George - John_ButalaI don't think the known issue matchs my scenario since I'm running version 9.4.8 and not using SNAT. Although, the symptoms sound VERY similar.