>Many routers deprioritize or drop ICMP to save CPU.

Not exactly.

Most big routers have ASICs (custom silicon) that can handle the bulk of routing decisions, like an interface card will have a chip that can directly determine where a packet needs to go and forwards it there. These are extremely fast, but limited, and are called "fast path".

Aside: Too many ACLs is a common way that packets fall off the fast path, and is why routers on the public Internet will happily forward along bogon traffic that by it's very nature is just wasting bits on the pipes.

There are some things that the fast path cannot handle, and generating ICMP TTL exceeded messages is one of them. Those go over to the router CPU, which historically has been insanely underpowered. Back when I was doing more routing it was common to have host CPUs in the multi-GHz range with multiple cores, but routers of a similar class would have a 100MHz MIPS CPU.

That's why, as the article goes on to explain, "*"s in the traceroute may not indicate a problem. It's not necessarily a literal deprioritization of ICMP.

If you ever see packet loss in a trace at one step but the steps after it aren't showing it, you can ignore that packet loss, it's likely a CPU limitation on a busy router.

I prefer to use mtr these days.

homepage: https://www.bitwizard.nl/mtr/

excellent article on using mtr: https://www.cloudflare.com/learning/network-layer/what-is-mt...

Also see, Traceroute isn't real, or: Whoops! Everyone Was Wrong Forever: https://gekk.info/articles/traceroute.htm

This is the only document you need to understand traceroute:

https://archive.nanog.org/meetings/nanog47/presentations/Sun...

Try running traceroute against the bad.horse address for a chuckle.

EDIT: You probably to increase the maximum hop count for it to fully work.

ICMP echo request/reply is handy for determining if a route exists at all ...

(reads article - I've got a five digit /. ID and that was after lurking for several years - respond first, ask questions/read article later)

Oh. You now fail to understand networks in Rust instead of C/Python/nicker elastic. sighs in policy based routing tables.

A modern mtr (traceroute is so 90's) should do things like run up and down the stack for each point along a route. It will still probably need to use the TTL field to find each point (IP) but then use ICMP/TCP/UDP/etc to measure that point in some way or perhaps interpolate it from points either side.

When I want to really get to grips with latency and stuff, I start off with a small dedicated box on a customer network and "smoke ping" with all points measurable on the path. I also have several running from our datacentre and a fair few RIPE Atlas probes too.

traceroute is handy but you must be able to decipher what it is telling you. Wearing a stethoscope does not make you a doctor.

Once upon a time (early 90s) I read a very funny story on traceroute featuring parrots, one named Polly, and shotguns. But I can’t find it. It might have been in a Usenet group. I would love to find it again.

Funny timing of this, just last night I experimented with AI building an "ip intelligence" tool that includes a fast traceroute function and a bunch of IP information (ASN, organization, geolocation, CIDR info, DNSBL, reverse IP... mtr is my go-to for network traces, but (given root permissions) the trace it'll run in less than a second.

https://github.com/linsomniac/ipq

tracepath on Linux does not need the CAP_NET_RAW capability (or full root capabilities) during network data processing because it relies on the Linux socket error queue behavior. I assume traceroute on OpenBSD opens all required sockets and immediately drops privileges.

Dude had to rewrite traceroute to discover what the first line of the man page description says.

> traceroute tracks the route packets taken from an IP network on their way to a given host. It utilizes the IP protocol's time to live (TTL) field and attempts to elicit an ICMP TIME_EXCEEDED response from each gateway along the path to the host.

[dead]