Time to Live =============== .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **What is IPv4 Time to Live (TTL)?** The Time to Live (TTL) is a field in the IPv4 header that specifies the maximum number of hops (routers) a packet can pass through before being discarded, preventing packets from circulating endlessly. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Why is IPv4 Time to Live (TTL) useful?** TTL prevents routing loops by limiting the lifespan of packets in the network, ensuring that undeliverable packets don’t congest the network indefinitely. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **How does IPv4 Time to Live (TTL) work?** Each router that forwards the packet decrements the TTL value by one. When TTL reaches zero, the packet is discarded and typically an ICMP "Time Exceeded" message is sent back to the sender. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Where is IPv4 Time to Live (TTL) used?** TTL is used in every IPv4 packet across all IP networks to control packet lifetime and avoid routing loops. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Which OSI layer does IPv4 Time to Live (TTL) belong to?** TTL is a feature of the **Network Layer (Layer 3)**, embedded in the IPv4 header. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Is IPv4 Time to Live (TTL) Windows specific?** No, TTL is a fundamental part of IPv4 implemented across all operating systems, including Windows. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Is IPv4 Time to Live (TTL) Linux specific?** No, Linux and other OSes implement TTL as part of the IPv4 protocol stack. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Which Transport Protocol is used by IPv4 Time to Live (TTL)?** TTL is independent of transport protocols; it applies to all IPv4 packets regardless of whether they carry TCP, UDP, or others. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Which Port is used by IPv4 Time to Live (TTL)?** TTL does not use ports as it functions at the network layer before transport layer processing. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Is IPv4 Time to Live (TTL) using client-server model?** TTL is a network mechanism and is independent of any application communication model like client-server. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **What is the default TTL value in IPv4 packets?** The default TTL value for many operating systems and devices is typically set to **64**, though it can vary depending on the OS and configuration. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **How does TTL prevent routing loops?** TTL prevents routing loops by limiting the number of hops a packet can make. If a packet circulates through the same routers indefinitely, the TTL value will eventually reach zero, causing the packet to be discarded. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Can TTL be set to zero?** Setting TTL to zero is not practical, as it would mean the packet would be discarded immediately. However, it can be set to a low value for testing purposes, such as in "traceroute" diagnostics. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **How can TTL be used for network diagnostics?** TTL is used in tools like **traceroute** or **ping** to identify the path taken by packets across the network. Traceroute sends packets with increasing TTL values, allowing the user to see each hop along the way. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **What happens when TTL reaches zero?** When the TTL reaches zero, the packet is discarded by the router. Typically, an **ICMP Time Exceeded** message is sent back to the sender, notifying them of the expired TTL. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Can TTL be changed during transmission?** TTL can be modified at each hop by the routers, but the sender can set the initial TTL value before transmission. Routers typically decrement TTL as they forward the packet. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Is TTL the same as packet lifetime?** TTL is a mechanism that limits the lifetime of a packet, but it is not an exact representation of the actual time a packet spends in transit. It measures hops rather than time in seconds. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Does TTL affect the speed of packet delivery?** No, TTL does not affect the speed of packet delivery. It only limits the number of hops a packet can make before being discarded. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Is TTL affected by the size of the packet?** No, TTL is independent of the packet size. It only refers to the number of hops a packet can take, not how much data it contains. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Can TTL be used to estimate network latency?** TTL itself does not measure latency. However, by using tools like **traceroute**, you can estimate latency by measuring the time it takes for each hop to respond. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **How do routers handle TTL?** Routers decrement the TTL by one each time they forward a packet. If TTL is zero before the packet reaches its destination, the router discards it and sends an ICMP "Time Exceeded" message back to the sender. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Does TTL impact routing decisions?** No, TTL is not involved in routing decisions. Routers make forwarding decisions based on destination IP addresses, not TTL values. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Can TTL values be customized for specific types of traffic?** Yes, TTL values can be customized for specific applications or traffic types, depending on the network configuration. Some protocols may require different TTL values based on performance or security needs. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Does TTL help with congestion control?** No, TTL does not directly contribute to congestion control. Its purpose is to prevent routing loops, not to manage network congestion. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Is TTL relevant in modern networking?** Yes, TTL is still relevant in modern networking as a mechanism to prevent packets from circulating endlessly due to routing loops. It is also helpful in troubleshooting network paths. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Can TTL values affect the effectiveness of network protocols?** While TTL itself doesn’t directly affect protocol operations, a low TTL could cause packets to expire before reaching their destination, impacting the success of time-sensitive protocols. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Is TTL used in IPv6?** Yes, IPv6 uses a similar field called **Hop Limit**, which functions in the same way as TTL in IPv4 to prevent packets from circulating indefinitely. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **What is the role of TTL in dynamic routing?** While TTL does not directly impact dynamic routing protocols (like OSPF or BGP), it helps to ensure that routing loops are avoided in large, complex networks that rely on these protocols. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow Topics in this section, * :ref:`Learnings in this section ` * :ref:`Terminology ` * :ref:`Version Info ` * :ref:`Time to Live Basic Setup on Ubuntu using IPv4 ` * :ref:`IPv4 Feature : TTL (Time to Live) ` * :ref:`Reference links ` .. _Time_to_Live_step1: .. tab-set:: .. tab-item:: Learnings in this section * In this section, you are going to learn .. _Time_to_Live_step2: .. tab-set:: .. tab-item:: Terminology * Terminology .. _Time_to_Live_step3: .. tab-set:: .. tab-item:: Version Info * Version Info .. _Time_to_Live_step18: .. tab-set:: .. tab-item:: Test case 1: TTL (Time to Live) **Objective** Validate that the IPv4 TTL (Time to Live) field prevents infinite packet looping by limiting the number of hops a packet can traverse. **Test Setup** * Identify a remote host more than two hops away. - Public DNS server (e.g., 8.8.8.8) or any major website can be used. .. code-block:: shell test:~$ traceroute google.com traceroute to google.com (142.251.220.46), 64 hops max 1 192.168.1.1 6.624ms 0.599ms 1.414ms 2 10.10.9.1 0.959ms 0.979ms 0.902ms 3 103.160.103.17 2.194ms 2.551ms 2.040ms ... 10 142.251.220.46 24.051ms 24.223ms 23.414ms .. note:: Each line in the traceroute output represents a single hop (router) along the path. **Procedure and Analysis** * Step 1: Send a Packet with Low TTL * Use the ``ping`` command with the ``-t`` option to set TTL = 2. * This ensures the packet cannot travel beyond two hops. .. code-block:: shell test:~$ ping -t 2 google.com PING google.com (142.251.220.46) 56(84) bytes of data. From 10.10.9.1 icmp_seq=1 Time to live exceeded From 10.10.9.1 icmp_seq=2 Time to live exceeded ... ^C --- google.com ping statistics --- 10 packets transmitted, 0 received, +10 errors, 100% packet loss, time 9012ms * Step 2: Observe the Ping Output - The ping fails to reach the destination. - Each response shows ``Time to live exceeded``, indicating the packet was dropped after exceeding TTL. * Step 3: Wireshark Analysis * Outgoing Packet (Echo Request) - IPv4 Header TTL field = 2 - Source IP = your laptop - Destination IP = remote host (e.g., google.com) * Incoming Packet (TTL Exceeded) - ICMP error message from the router - Source IP = router's IP (e.g., 10.10.9.1) - ICMP Type = 11 (Time Exceeded) - ICMP Code = 0 (TTL exceeded in transit) .. note:: * The TTL field prevents routing loops by decrementing at each hop and discarding packets with TTL = 0. * Routers generate ICMP Time Exceeded messages to notify the sender of packet drop. * This behavior is essential for network stability and efficient packet delivery. **Wireshark Capture** :download:`Download wireshark capture ` **Test Case 2: TTL Decrement by Each Router** **Objective** Validate that each router correctly decrements the Time to Live (TTL) field in an IPv4 packet by one at each hop. **Test Setup** This test uses three subnets and four virtual machines (VMs): a client, two routers, and a server. The packet will traverse from the client, through the two routers, to the server. * Network Diagram: * Subnet A (192.168.1.0/24): Client ↔ Router 1 * Subnet B (192.168.2.0/24): Router 1 ↔ Router 2 * Subnet C (192.168.3.0/24): Router 2 ↔ Server * VM Configuration: * Client VM: .. code-block:: shell test:~$ sudo ip addr add 192.168.1.10/24 dev enp0s8 test:~$ sudo ip link set enp0s8 up test:~$ sudo ip route add default via 192.168.1.1 * Router 1 VM: .. code-block:: shell test:~$ sudo ip addr add 192.168.1.1/24 dev enp0s3 test:~$ sudo ip addr add 192.168.2.1/24 dev enp0s8 test:~$ sudo ip link set enp0s3 up test:~$ sudo ip link set enp0s8 up test:~$ sudo sysctl -w net.ipv4.ip_forward=1 test:~$ sudo ip route add 192.168.3.0/24 via 192.168.2.2 .. note:: To make IP forwarding permanent, edit ``/etc/sysctl.conf`` and uncomment ``net.ipv4.ip_forward=1``. * Router 2 VM: .. code-block:: shell test:~$ sudo ip addr add 192.168.2.2/24 dev enp0s3 test:~$ sudo ip addr add 192.168.3.1/24 dev enp0s8 test:~$ sudo ip link set enp0s3 up test:~$ sudo ip link set enp0s8 up test:~$ sudo sysctl -w net.ipv4.ip_forward=1 test:~$ sudo ip route add 192.168.1.0/24 via 192.168.2.1 * Server VM: .. code-block:: shell test:~$ sudo ip addr add 192.168.3.10/24 dev enp0s8 test:~$ sudo ip link set enp0s8 up test:~$ sudo ip route add default via 192.168.3.1 **Procedure and Analysis** * Start Capture: Begin a Wireshark capture on the Server VM's interface. * Send Ping: From the Client VM, send a single ICMP echo request to the Server. .. code-block:: shell test:~$ ping -c 1 192.168.3.10 PING 192.168.3.10 (192.168.3.10) 56(84) bytes of data. 64 bytes from 192.168.3.10: icmp_seq=1 ttl=62 time=5.22 ms --- 192.168.3.10 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms * Trace Route: Optionally, use ``traceroute`` from the Client VM to visualize each hop. .. code-block:: shell test:~$ traceroute 192.168.3.10 .. note:: Traceroute should show three hops: 1. Router 1 (192.168.1.1) 2. Router 2 (192.168.2.2) 3. Server (192.168.3.10) **Wireshark Capture** * Server-side capture: :download:`Download wireshark capture ` * Client-side capture: :download:`Download wireshark capture ` .. note:: * Request Packet: TTL starts at 64. After passing through two routers, TTL = 62 at the server. * Reply Packet: TTL also starts at 64 from server, decremented by two hops to 62 when it reaches the client. * Wireshark analysis will confirm the decrement at each router by comparing the initial TTL with the final TTL. * This demonstrates correct TTL handling to prevent routing loops. .. _Time_to_Live_step4: .. tab-set:: .. tab-item:: IPv4 Feature : TTL (Time to Live) **TTL (Time to Live) - Testcases** .. csv-table:: :file: ./IPv4_Time_to_Live/IPv4_Feature10_TTL_Time_to_Live_TestCases.csv :widths: 10,10,30,20 :header-rows: 1 .. _Time_to_Live_step17: .. tab-set:: .. tab-item:: Reference links * Reference links