Here is the setting on server A:
iface serverA_gre0 inet tunnel
address 172.24.0.85
mode gre
endpoint x.x.x.x
dstaddr 172.24.0.86
netmask 255.255.255.252
ttl 255
Setting on server B:
iface serverB_gre0 inet tunnel
address 172.24.0.86
mode gre
endpoint x.x.x.x
dstaddr 172.24.0.85
netmask 255.255.255.252
ttl 255
Without "ttl 255":
traceroute to 172.24.0.86 (172.24.0.86), 30 hops max, 60 byte packets
1 * * *
2 * * *
3 * * *
4 * * *
5 * * *
6 172.24.0.86 54.507 ms 62.888 ms 51.369 ms
With "ttl 255":
traceroute to 172.24.0.86 (172.24.0.86), 30 hops max, 60 byte packets
1 172.24.0.86 51.123 ms 51.733 ms 51.943 ms
What exactly cause those "*" issue when TTL 255 isn't exists?
TTL stands for Time to Live. It is a field present in the IP packet header. The value is initially set by the sender, often to 64, and decremented by one by every router. When it reaches 0 without before reaching the final destination, the router drops the packet and sends an ICMP Time Exceeded message back to the original source. This TTL processing is important to prevent unroutable IP packets from being forwarded forever on an IP network, consuming resources.
Traceroute uses this TTL behavior to figure out what hops and how many hops (routers) there are on a path to a destination. It sends out probe IP packets with small TTLs in sequence: TTL=1, TTL=2, TTL=3. TTL=1 will be dropped by the first router, TTL=2 will be forwarded by the first and dropped by the second, and so on. If traceroute receives an ICMP Time Exceeded message from a router, it will display its IP address. If the probe times out, an asterisk is displayed.
To return to the effect you are seeing, it is because of how the GRE tunneling works with regards to TTL. For IPv4 GRE tunnels, the default is to copy the TTL from the tunneled packet to the IPv4 GRE packet. This can be overridden by the
ttl
option as you did. Relevant excerpt from the manual:So, when you do use
ttl 255
, a probe sent by traceroute with TTL=1 will be encapsulated into a GRE IPv4 packet with TTL=255. This will be forwarded by all the intermediate routers and reach the tunnel endpoint and be received and handled by the final destination. When you do not usettl 255
, the default isttl inherit
. This means that a traceroute probe with TTL=1 will be encapsulated in a GRE IPv4 packet with TTL=1. It will be dropped by the first router. However, it is the GRE packet that is dropped and if the router sends an ICMP time exceeded, then it will refer to the encapsulating packet (GRE) and not to the encapsulated traceroute probe. Therefore the traceroute process will not receive any ICMP error, the probe times out, and an asterisk (*) is displayed. When the TTL is large enough for the GRE encapsulated packet to reach the tunnel endpoint, then finally the probe also reaches the final destination and its IP address is displayed.So, to conclude, you really do not have an issue, but things work exactly as they should!