TitleTraceroutes, mtrs, pings, other ICMP to a IPA/SXL VIP contain misleading informationURL NameTraceroutes-mtrs-pings-other-ICMP-to-a-IPA-SXL-VIP-contain-misleading-information-1386938232802SummaryLast Published Date12/13/2013 4:37 AMQuestionWhy does a traceroute/mtr/ping to an IPA/SXL VIP show a very strange long route/ping time?Answer
A traceroute, or a ping, or other ICMP packet sent to an Akamai IPA/SXL VIP would not accurately represent the route between the user and the corresponding Akamai VIP. This is due to the way IPA/SXL operate. An IPA/SXL server is configured to pass through incoming packets to the corresponding origin server using the fastest route to it. The IPA/SXL server does not look at the packets or judge that they were meant to terminate at that server. Such servers are configured to be blind relays. As a result, any traceroute, ping, etc, would only pass through an IPA/SXL server, and then continue all the way to the corresponding origin server. Since the packets have no knowledge about that origin server hardcoded in them, the last hop of that traceroute would not contain the origin server IP, but the IPA/SXL VIP IP.
Here is a sample traceroute to VIP 18.104.22.168. Even though this is an Akamai VIP, the actual Akamai server taking this request is 22.214.171.124. The packets then continue to be forwarded all the way to the origin server, the IP of which will not show anywhere in the traceroute, but it will be represented by the VIP 126.96.36.199, which is where this traceroute ends.
traceroute to 188.8.131.52 (184.108.40.206), 30 hops max, 40 byte packets
1 a72-246-96-1.deploy.akamaitechnologies.com (220.127.116.11) 0.273 ms 0.215 ms 0.153 ms
8 63-216-54-69.static.pccwglobal.net> (18.104.22.168) 29.782 ms 29.999 ms 29.639 ms
13 63-216-55-164.static.pccwglobal.net (22.214.171.124) 56.741 ms * 196.103 ms
As a result, this traceroute is not representative of the route between the user and Akamai, since it also includes the path to the origin server. The same holds true for pings, mtrs, or other ICMP traffic.
For a more representative route, you may want to use tcptraceroute.
tcptraceroute -n 126.96.36.199 443
Selected device eth0, address 172.28.12.161, port 49455 for outgoing packets Tracing the path to 188.8.131.52 on TCP port 443 (https), 30 hops max
1 172.28.12.1 0.768 ms 0.253 ms 20.590 ms
11 184.108.40.206 30.294 ms 30.359 ms 30.101 ms
12 220.127.116.11 [open] 30.603 ms 30.788 ms 30.302 ms