Forum Discussion

Gazi_Karakus's avatar
Gazi_Karakus
Icon for Nimbostratus rankNimbostratus
Oct 02, 2013

LTM 10.2.4 is not responding to UDP traceroute requests

Hi all,

 

Our virt ip(10.113.220.11) is not responding to traceroute requests, which are the UDP packets, from unix machine but correctly responds to windows machine becouse of icmp.

 

The LTM system will not respond to UDP traceroute requests, is this case normal?

 

192.168.43.17 traceroute 10.113.220.11

Type escape sequence to abort. Tracing the route to 10.113.220.11

 

1 192.168.43.2 0 msec 0 msec 0 msec ---> next hop 2 10.113.200.101 0 msec 0 msec 0 msec -----> self ip 3 10.113.200.1 0 msec 0 msec 0 msec -------> gateway ip 4 10.113.200.101 0 msec 0 msec 0 msec 5 10.113.200.1 0 msec 0 msec 0 msec 6 10.113.200.101 0 msec 0 msec 0 msec 7 10.113.200.1 0 msec 10 msec 0 msec 8 10.113.200.101 0 msec 0 msec 0 msec 9 10.113.200.1 0 msec 0 msec 0 msec 10 10.113.200.101 0 msec 0 msec 0 msec 11 10.113.200.1 10 msec 0 msec 0 msec

 

2 Replies

  • icmp will work on a virtual server, but BIG-IP is default-deny, so if you don't have a vip with the default ports opened (33434 to 33534) and an iRule to properly format a response you're not going to get the desired results. Why not use this format which uses icmp from traceroute:

     

    traceroute -I 10.113.220.11

     

  • Oddly, my 10.2.4 responds to the UDP traceroute with the expected ICMP unreachable, so the UDP traceroute works. Does the 'port-lockdown' option on the self-ip impact this in anyway?

    tcpdump from source. 10.0.0.1 is the source, 10.10.10.1 is the virtual ip.

    15:18:41.859667 IP 10.0.0.1.40590 > 10.10.10.1.33451: UDP, length 32
    15:18:41.860509 IP 10.10.10.1 > 10.0.0.1: ICMP 10.10.10.1 udp port 33451 unreachable, length 36