Understanding Internet Routes with Traceroute

1. Warmup

Traceroute sends UDP probes with a high port number to the destination IP address with TTLs incrementing from 1. Intermediate hosts send ICMP "time exceeded" errors because they will decrement the TTL to zero. These errors allow the sender to identify the nodes along the path. An ICMP "port unreachable" message is generated when the probe finally reaches the destination.

Note: The time-to-live (TTL) field is measured in terms of hops, not real time.

2. Routing Asymmetries
a) Sample output from 18.31.0.66 (machine on 5th floor of LCS):

% traceroute trojan.neta.com
traceroute to trojan.neta.com (206.124.164.10), 30 hops max, 40 byte packets
 1  lcs-5-floor.lcs.mit.edu (18.31.0.1)  0.899 ms  0.745 ms  0.986 ms
 2  third.lcs.mit.edu (18.24.11.2)  1.954 ms  2.035 ms  1.97 ms
 3  lcs-3h5.lcs.mit.edu (18.24.10.1)  3.322 ms  2.45 ms  2.733 ms
 4  radole.lcs.mit.edu (18.24.10.3)  3.466 ms  3.948 ms  2.621 ms
 5  B24-RTR-LCS-LINK.MIT.EDU (18.201.1.1)  3.247 ms  3.368 ms  3.306 ms
 6  EXTERNAL-RTR-FDDI.MIT.EDU (18.168.0.12)  4.755 ms  4.764 ms  3.978 ms
 7  f4-0.cambridge2-br1.bbnplanet.net (192.233.33.5)  8.1 ms  7.909 ms  4.231 m
s
 8  h3-0.boston1-br2.bbnplanet.net (4.0.1.185)  7.122 ms  9.344 ms  13.999 ms
 9  pos3-0-0.br1.bos1.alter.net (137.39.23.89)  7.595 ms  4.633 ms  4.899 ms
10  125.ATM3-0.XR1.BOS1.ALTER.NET (146.188.177.10)  5.523 ms  4.272 ms  10.153 
ms
11  291.ATM3-0.TR1.EWR1.ALTER.NET (146.188.179.126)  10.262 ms  8.852 ms  8.833
 ms
12  105.ATM6-0.TR1.LAX2.ALTER.NET (146.188.137.50)  88.079 ms  83.77 ms  85.534
 ms
13  299.ATM6-0.XR1.LAX2.ALTER.NET (146.188.248.121)  83.972 ms  82.338 ms  81.7
38 ms
14  195.ATM11-0-0.HR1.LAX2.ALTER.NET (146.188.248.41)  84.92 ms  83.139 ms  83.
794 ms
15  258.Hssi5-0-0.HR1.PHX1.Alter.Net (137.39.68.73)  114.879 ms  120.614 ms  12
6.707 ms
16  311.atm1-0-0.gw1.phx1.alter.net (137.39.22.150)  125.436 ms  96.925 ms  119
.719 ms
17  neta-gw.customer.ALTER.NET (157.130.224.70)  122.073 ms  112.527 ms  102.86
9 ms
18  trojan.neta.com (206.124.164.10)  104.319 ms *  125.788 ms

Output from www.getnet.com

FROM trojan.neta.com TO 18.31.0.66.
traceroute to 18.31.0.66 (18.31.0.66), 30 hops max, 40 byte packets
 1  phoenix-nap.neta.com (206.124.164.1)  2 ms  1 ms  1 ms
 2  Serial4-1-0.GW1.PHX1.ALTER.NET (157.130.224.69)  5 ms  5 ms  1 ms
 3  321.atm1-0-0.cr1.phx1.alter.net (137.39.22.149)  2 ms  5 ms  2 ms
 4  122.ATM8-0-0.HR1.LAX2.Alter.Net (137.39.68.74)  38 ms  37 ms  34 ms
 5  111.ATM3-0.XR2.LAX2.ALTER.NET (146.188.248.46)  33 ms  32 ms  29 ms
 6  194.ATM2-0.TR2.LAX2.ALTER.NET (146.188.248.130)  26 ms  26 ms  31 ms
 7  111.ATM7-0.TR2.SCL1.ALTER.NET (146.188.137.146)  38 ms  38 ms  36 ms
 8  198.ATM7-0.XR2.PAO1.ALTER.NET (146.188.147.133)  33 ms  37 ms  36 ms
 9  188.ATM5-0-0.BR1.PAO1.ALTER.NET (146.188.148.109)  36 ms  40 ms  42 ms
10  137.39.250.246 (137.39.250.246)  38 ms  41 ms  39 ms
11  p3-0.paloalto-nbr1.bbnplanet.net (4.0.1.49)  46 ms  48 ms  45 ms
12  p3-1.chicago1-nbr1.bbnplanet.net (4.0.3.165)  118 ms  118 ms  116 ms
13  p11-0-0.chicago1-br2.bbnplanet.net (4.0.5.57)  110 ms  113 ms  108 ms
14  h2-0.boston1-br1.bbnplanet.net (4.0.1.126)  121 ms  115 ms  111 ms
15  p11-0-0.boston1-br2.bbnplanet.net (4.0.2.250)  126 ms  167 ms  118 ms
16  h1-0.cambridge2-br1.bbnplanet.net (4.0.1.186)  129 ms  170 ms  110 ms
17  ihtfp.mit.edu (192.233.33.3)  117 ms  111 ms  103 ms
18  * B24-RTR-FDDI.MIT.EDU (18.168.0.14)  102 ms  102 ms
19  18.201.1.3 (18.201.1.3)  100 ms  100 ms  101 ms
20  third.lcs.mit.edu (18.24.10.5)  108 ms  109 ms  108 ms
21  lcs-5-floor.lcs.mit.edu (18.24.11.1)  109 ms  107 ms  130 ms
22  almond.lcs.mit.edu (18.31.0.66)  121 ms  111 ms  113 ms

b) Interestingly, the machines traversed in both directions are not the same! Routing table entries might not be symmetric. This is because routers choose the least cost link, and links may not have the same cost (e.g. bandwidth) in either direction. In many cases, router tables also have preconfigured default entries which can cause asymmetry. The real reason in this case is likely a phenomenon called "hot potato routing." ISPs would like to minimize use of their bandwidth by packets destined for other ISPs and want to get the packet out of their backbone as soon as possible. So they dump it to the destination ISP's backbone at the peering point closest to the sender. Notice that the traffic is carried by BBN across the country in one direction but by AlterNet in the other direction.

3. Blackholes
a) Sample output below:

traceroute to 18.31.0.200 (18.31.0.200), 30 hops max, 40 byte packets
 1  NW12-RTR-N42-ETHER.MIT.EDU (18.152.0.1)  1.250 ms  1.228 ms  0.963 ms
 2  B24-RTR-FDDI.MIT.EDU (18.168.0.14)  4.385 ms  4.744 ms  3.152 ms
 3  18.201.1.3 (18.201.1.3)  2.393 ms  1.689 ms  3.380 ms
 4  third.lcs.mit.edu (18.24.10.1)  2.933 ms  3.917 ms  5.614 ms
 5  * * *
 6  * * *
 7  * * *
 8  * * *
 9  * * *
10  * * *
11  * * *
12  * * *
13  * * *
14  * * *
15  * * *
16  * * *
17  * * *
18  * * *
19  * * *
20  * * *
21  * * *
22  * * *
23  * * *
24  * * *
25  * * *
26  * * *
27  * * *
28  * * *
29  * * *
30  * * *

b) There are many possible reasons for this (you'll learn more about them when they also come up when you do the ping assignment due after this one). The most likely possible reasons for this "black hole" are either that the machine does not send ICMP errors, or does not exist (the real reason).