Let’s talk about trace utilities and directionality. First, be aware that in general tracing from H1 to H2 gives you no reliable information whatsoever about what you will see if you trace from H2 to H1. In fact, since the per-hop forwarding behavior of a router is controlled by its routing table, even the paths taken by a particular trace probe packet and its corresponding ICMP TTL Exceeded message (TEM) may not be the same (but this shouldn’t have an adverse impact on the hop-by-hop results of the trace).
If the trace packets traverse the same physical path in both directions (if there’s only one path, for example), then the inbound interfaces in one direction are the outbound when going in the other direction. Thus, what you’d expect to see if you trace in the reverse direction on the same path are the same routers (in reverse order), but not the same interface addresses. Refer to Figure 1:
Tracing from H1 to H2 gives:
Hop 1 – 188.8.131.52 (R1’s Fa0/0)
Hop 2 – 184.108.40.206 (R2’s Fa0/1)
Hop 3 – 220.127.116.11 (R3’s Fa0/0)
Hop 4 – 18.104.22.168 (H2)
But tracing from H2 to H1 would display this:
Hop 1 – 22.214.171.124 (R3’s Fa0/1)
Hop 2 – 126.96.36.199 (R2’s Fa0/0)
Hop 3 – 188.8.131.52 (R1’s Fa0/1)
Hop 4 – 184.108.40.206 (H1)
See how the addresses are different, but the routers are the same (in reverse order)? Another interesting effect is observed if there are multiple equal-metric paths between the source and destination, with per-packet load sharing. In this case, a particular hop could show multiple IP addresses, each belonging to the router involved at that hop. Take a look at Figure 2:
For brevity’s sake, we’ll abbreviate the IP addresses as H1, H2, and the letters near the router interfaces. Now, let’s suppose that H1 traces the path to H2, with three probe packets at each hop. What we would expect to see is something like this:
Hop 1 – A A A (R1)
Hop 2 – D (R2)
Hop 3 – J (R4)
Hop 4 – H2
See how the trace is bouncing between R2 and R3 at the second hop? This shows that R1 is doing “per-packet” load-sharing. A fine point is that the ICMP TEMs coming back at the third hop are under the control of R4’s routing table and switching algorithm, and the latter may not be the same as R1’s. As you can imagine, more complex topologies involving multiple points of load sharing could yield very interesting results.
The bottom line is that the paths to and from a particular host may not be the same (this is referred to as “asymmetric routing”) and can vary over time, depending on the physical and logical paths available and the routing protocols in use.
Next time, we’ll look at what happens when things go wrong during a trace.