Reset Search
 

 

Article

Missing tracert hops in VRF Other than Global

« Go Back

Information

 
TitleMissing tracert hops in VRF Other than Global
Symptoms
  • NAT client  on non Global VRF sees different traceroute output than Client on Global VRf
  • Static NAT entry will resolve the issue
  • Using NATP to access the internet, and notice missing hops when using tracert.  
  • It works if the NAT is done by a firewall.
  • The difference between the two is that the firewall is replacing the inner packet in the ICMP error message with the original values.  
Environment
  • S-Series
  • NAT 
  • Tracert
Cause
It does appear that NAT is not handling  an ICMP Time-to-live exceeded message.We should be natting back the address in the inner packet. 

If an ICMP error packet matches a NAT list rule the inner packet may not be properly natted back to the original source.
Resolution
Upgrade to Firmware 8.62.01
Additional notes

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255