When discarding a packet with a TTL or Hop Limit of one or zero the router in question may (it’s not mandatory) send an ICMP error message to the source as follows: IPv4: type 11: ‘Time Exceeded’, code 0: ‘time to live exceeded in transit’ IPv6: type 3: ‘Time Exceeded’, code 0: ‘Hop limit exceeded in transit’
The TTL behavior of labeled packets described here refers to the TTL operation in Cisco IOS. When a labeled packet is received with a TTL of 1, the receiving LSR drops the packet and sends an ICMP message "time exceeded" (type 11, code 0) to the originator of the IP packet.
As you can see, the TTL or Hop Limit seen in packets from a host could, in part, be used to identify the operating system in use on that host.
In the IP header is a field of 8 bits that signifies the time that a packet still has before its life ends and is dropped. When an IP packet is sent, its TTL is usually 255 and is then decremented by 1 at each hop. If the TTL reaches 0, the packet is dropped.
Time To Live (TTL) is a well-known mechanism thanks to IP. In the IP header is a field of 8 bits that signifies the time that a packet still has before its life ends and is dropped. When an IP packet is sent, its TTL is usually 255 and is then decremented by 1 at each hop. If the TTL reaches 0, the packet is dropped. In such a case, the router that dropped the IP packet for which the TTL reached 0 sends an Internet Control Message Protocol (ICMP) message type 11 and code 0 (time exceeded) to the originator of the IP packet.
When a labeled packet is received with a TTL of 1, the receiving LSR drops the packet and sends an ICMP message "time exceeded" (type 11, code 0) to the originator of the IP packet. This is the same behavior that a router would exhibit with an IP packet that had an expiring TTL. However, the ICMP message is not immediately sent back to the originator of the packet because an interim LSR might not have an IP path toward the source of the packet. The ICMP message is forwarded along the LSP the original packet was following.
The MPLS payload in the case of AToM is a Layer 2 frame and not an IP packet. Hence, if the TTL in the top label of an AToM packet expires at a P router, the only action that the P router can undertake is to drop the packet, because an IP lookup is not possible. The packet is also dropped if the payload is an IPv6 packet.
In the case of MPLS VPN, the ICMP message is returned by the egress PE or the CE that is attached to that PE, because these routers certainly have the route to correctly return the packet. It is important that the P router—where the TTL expires—notes what the MPLS payload is.
One such case is a network with MPLS VPN. In this scenario, the P router does not have the knowledge to send back the ICMP messages to the originator of the VPN packet, because the P router does not have a route to directly return the ICMP message.
The intermediate LSR does not change the TTL field in underlying labels or the TTL field in the IP header. An LSR only looks at or only changes the top label in the label stack of a packet.
In Cisco IOS, however, a safeguard guards against possible routing loops by not copying the MPLS TTL to the IP TTL if the MPLS TTL is greater than the IP TTL of the received labeled packet. If the MPLS TTL would be copied to the IP header, the smaller IP TLL value would be overwritten by a newer but higher value.
The Linux traceroute and Windows tracert tools (and others) rely upon the TTL or Hop Limit field for their operation. These tools send packets to the destination using an ever increasing TTL, starting with a value of one. On receipt of a packet with a TTL of one, the first hop router (likely the default gateway for the source host) will decrement the TTL by one resulting in a value of zero. This will cause the router to discard the packet and send an ICMP Time Exceeded error message to the source (hopefully).
To ensure IP packets have a limited lifetime on the network all IP packets have an 8 bit Time to Live (IPv4) or Hop Limit (IPv6) header field and value which specifies the maximum number of layer three hops (typically routers) that can be traversed on the path to their destination. Each time the packet arrives at a layer three network device (a hop) the value is reduced by one before it is routed onward. When the value eventually reaches one the packet is discarded by the device that receives it (as the value will be reduced to zero). Whilst this won’t prevent network issues caused by a routing loop or similar, it reduces their impact and may help avoid router failures. As it is an 8 bit field, the maximum possible value is 255 (11111111 in binary).
If the cause of the TTL expiring is a routing loop , this will likely exacerbate the problem.
Most likely it will retransmit more quicky than if it had not (no waiting for an acknowledgement first, it knows the packet has not arrived).
To permanently change the value to 128 even if the host is rebooted you have a number of options: 1 Edit the /etc/sysctl.conf file 2 Create a new file with a .conf extension in the /etc/sysctl.d/ directory 3 Edit an existing file in the /etc/sysctl.d/ directory
The ping tool should not be used directly to confirm your host’s TTL or Hop Limit. The tool’s output displays the TTL or Hop Limit of the incoming IP packets used to deliver the ICMP Echo Response messages, not the the value used when sending the ICMP Echo Requests.