why tracert does not show the same gateway address as in ipconfig

networking route

I am confused by the following:

C:\>ipconfig
....
        Connection-specific DNS Suffix  . : some address here
        IP Address. . . . . . . . . . . . : 10.77.121.54
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . : 10.77.121.1

From the above, the gateway for my pc is 10.77.121.1. But when I use the tracert, the first IP address is different as you can see from the following. It is 10.77.121.3. Why?

C:\tracert 10.75.89.100

Tracing route to 10.75.89.100
over a maximum of 30 hops:

  1    29 ms    <1 ms    <1 ms  10.77.121.3
  2    <1 ms    <1 ms    <1 ms  10.77.0.34
  3     1 ms    <1 ms    <1 ms  10.77.0.45
  4    <1 ms    <1 ms    <1 ms  10.75.89.100

It looks like the gateway you're using may be using VRRP or HSRP. 10.77.121.1 is a virtual/logical address, which you use as your gateway, but when you trace route one of the physical routers responds. (10.77.121.3)


Your default gateway isn't always the next hop. In fact it is generally the router of last resort. Your computer will parse the routing table and will only use the default gateway if no other more specific routes match. So do a route print and see what you find there.


From the above, the gateway for my pc is 10.77.121.1. But when I use the tracert, the first IP address is different as you can see from the following. It is 10.77.121.3. Why?

It is rare, but perhaps 10.77.121.1 no longer has a connection to the next hop, but it still has forwarding enabled. If this is the case, with some operating systems, when you attempt to send a packet you will contact 10.77.121.1, but 10.77.121.1 will return an ICMP redirect with 10.77.121.3 as the address your system be using as a gateway. Since your packet is not actually being forwarded by 10.77.121.1 it wouldn't show up in a trace route.

A quick capture with your favorite sniffer on your client would confirm that this is happening.

ICMP redirects are mostly discouraged these days for security reasons, so having a setup like this is uncommon.

Network Diagram


In my enterprise, the gateways are all redundant. From host side we set gateway to be 192.168.0.1, but that's a load-balanced IP managed by two routers who are actually 192.168.0.2 and 192.168.0.3. When you traceroute, the outbound packet goes to destination x.x.x.1, but the IGMP reply packet comes from x.x.x.2 or x.x.x.3 depending on which router is active. traceroute shows the IGMP originating address.

Related

How do I setup multiple DHCP ranges for a single office?
Moving server room to another part of the building
Is there a Apache or Nginx equivalent to the IIS "drain stop"?
Is SSH and remote server config safe on public wifi?
Apache responding with Request Entity Too Large
Raid build taking ages (60hours and counting) - PERC H200
How to build missing PHP 5.3 extensions on CentOS 5.6
apache multiviews, how to disable it
Portable way to get list of all active network interfaces
On Solaris, how can I tell what processes are doing disk i/o on a particular device?
"Chop lines" in `less` isn't working
Linux: routing traffic between two networks with iptables