Looking Out To Sea

When you send any kind of message on a network it gets shunted from place to place until it finally arrives at its destination, or is discarded. I’ll cover the successful case at some point in future, but for now we can look at why a message (a ‘packet’) might be ‘dropped’.

A network is a series of interconnecting machines which all have a small, possibly erroneous, view of the world. They have an idea of which machine is connected to which other machine but since networks are inherently unreliable this internal map is never accurate for very long.

Occasionally a group of machines will be convinced that someone else in the group is the “next step” when delivering a packet. So A will transmit to B will transmit to C will transmit back to A again. This would ordinarily constitute an infinite loop, where these packets will continue being shunted round forever (or at least until someone accidentally pulls out a power cable and kills one of the machines…).

This can be prevented by giving each packet a “lifetime”, known as its Time To Live (TTL). Rather than being measured in seconds the TTL is measured in hops — whenever it is transmitted from one machine to another this number is decremented. If a machine receives a packet which has a TTL of zero, but that machine is not the ultimate destination, then the packet is discarded. This prevents immortal packets from roaming the network forever, undelivered and lost.

The TTL also gives us a nifty tool to find out where packets are disappearing. When a router discards a packet for being too old, it’s supposed to send back a message saying what happened (ie, “too old”) and who discarded it. A packet with a TTL of zero should be discarded at the first machine it meets; a packet with TTL of one at the second machine; and so on down the line. So we can send out little packets with gradually increasing TTLs to see where they go.

This is an example: me tracing the hops to reach www.google.com. The first line is the default gateway for my ISP, which all our home traffic goes through, and the last line is a machine belonging to Google.

dougal@cuttlefish ~ $ traceroute www.google.com
traceroute to www.google.com (64.233.183.104), 30 hops max, 40 byte packets
 1  10.123.104.1 (10.123.104.1)  18.965 ms  19.484 ms  20.071 ms
 2  77-96-1-2.cable.ubr01.azte.blueyonder.co.uk (77.96.1.2)  20.959 ms  21.532 ms  22.123 ms
 3  * * *
 4  pop-bb-a-so-300-0.inet.ntl.com (213.105.175.130)  126.573 ms  127.143 ms  130.025 ms
 5  pop-bb-b-ae0-0.inet.ntl.com (213.105.174.230)  130.604 ms  131.190 ms  131.766 ms
 6  * * *
 7  212.250.14.138 (212.250.14.138)  118.341 ms  120.692 ms  163.523 ms
 8  209.85.252.76 (209.85.252.76)  118.807 ms  124.392 ms  123.757 ms
 9  72.14.232.149 (72.14.232.149)  132.502 ms  133.543 ms  133.671 ms
10  209.85.255.137 (209.85.255.137)  139.149 ms 209.85.255.13 (209.85.255.13)  137.904 ms  138.661 ms
11  72.14.233.77 (72.14.233.77)  143.339 ms 72.14.233.79 (72.14.233.79)  161.037 ms 72.14.233.77 (72.14.233.77)  124.609 ms
12  216.239.43.34 (216.239.43.34)  132.107 ms 209.85.249.129 (209.85.249.129)  132.696 ms 209.85.249.133 (209.85.249.133)  131.462 ms
13  nf-in-f104.google.com (64.233.183.104)  130.411 ms  127.656 ms  132.048 ms

The numbers in the left-hand column are TTL values. So it basically took 13 hops to get into the Google heartland. On each line there is an IP address and sometimes a host name for the machine that discarded the packet. Each packet is sent three times, so there are three times at the end of each line showing how long it took to get there and back. (You’ll notice from about line ten onwards there are several IP addresses and several times per line. This suggests that the packets with identical TTL values were going through different routes. I would guess this points to load-balanced routers which share the incoming packets.)

The asterisks which appear on lines 3 and 6 are where the packet was discarded but no error message was received within 5 seconds. And since most of these messages have a round-trip time of about 200 milliseconds, that’s considered time enough to abandon hope.