Get Unlimited Access to our 785 Cisco Lessons Now Get $1 Trial
You are here: Home » RIP

TTL 2 of EIGRP and RIP Packets Explained

If you ever looked at the Wireshark capture of EIGRP or RIP packets you might have seen that the TTL (Time to Live) value is 2. You would probably expect to see a TTL of 1 here since these multicast packets aren’t routed between subnets. In this lesson, I’ll show you why these packets have a TTL of 2. To demonstrate this, I will use the following frame-relay hub and spoke topology:

 

Frame-relay hub and spoke

We have one hub router and two spoke routers. First, I’ll configure frame-relay using the physical interfaces and a single subnet:

Hub(config)#interface serial 0/0  
Hub(config-if)#encapsulation frame-relay
Hub(config-if)#ip address 192.168.123.1 255.255.255.0
Hub(config-if)#no shutdown
Spoke1(config)#interface serial 0/0
Spoke1(config-if)#encapsulation frame-relay
Spoke1(config-if)#ip address 192.168.123.2 255.255.255.0
Spoke1(config-if)#no shutdown
Spoke2(config)#interface serial 0/0
Spoke2(config-if)#encapsulation frame-relay
Spoke2(config-if)#ip address 192.168.123.3 255.255.255.0
Spoke2(config-if)#no shutdown

We’ll configure EIGRP on all routers:

Hub, Spoke1 & Spoke2:
(config)#router eigrp 123
(config-router)#network 192.168.123.0

We now have a neighbor adjacency between Hub/Spoke1 and Hub/Spoke2. Let’s take a look at an EIGRP capture in wireshark to see what the TTL looks like:

EIGRP Multicast Packet TTL 2

As you can see the TTL is 2 but why? A TTL of 1 would be enough since these packets aren’t routed between subnets. The answer to this question is that we need it for communication between spoke routers.

To demonstrate this we will configure spoke1 and spoke2 to become EIGRP routers and take a look at the wireshark capture again. Before the spoke routers can become neighbors, they’ll require a frame-relay mapping:

Spoke1(config)#interface serial 0/0
Spoke1(config-if)#frame-relay map ip 192.168.123.3 201
Spoke2(config)#interface serial 0/0
Spoke2(config-if)#frame-relay map ip 192.168.123.2 301

Spoke1 and spoke2 are now able to reach each other. We will use the EIGRP neighbor command to make sure all routers become neighbors with each other:

Hub(config)#router eigrp 123
Hub(config-router)#neighbor 192.168.123.2 serial 0/0
Hub(config-router)#neighbor 192.168.123.3 serial 0/0
Spoke1(config)#router eigrp 123
Spoke1(config-router)#neighbor 192.168.123.1 serial 0/0
Spoke1(config-router)#neighbor 192.168.123.3 serial 0/0
Spoke2(config)#router eigrp 123
Spoke2(config-router)#neighbor 192.168.123.1 serial 0/0
Spoke2(config-router)#neighbor 192.168.123.2 serial 0/0

As you can see, the spoke routers have become neighbors:

Spoke1#
%DUAL-5-NBRCHANGE: IP-EIGRP(0) 123: Neighbor 192.168.123.1 (Serial0/0) is up: new adjacency
Spoke2#
%DUAL-5-NBRCHANGE: IP-EIGRP(0) 123: Neighbor 192.168.123.2 (Serial0/0) is up: new adjacency

Let’s get back to wireshark and look at an EIGRP packet from spoke1 to spoke2. The first capture is a hello packet that the Hub receives from spoke1:

EIGRP Spoke TTL 2

As you can see, this IP packet is sent from spoke1 to spoke2 and it has been received on DLCI 102 on the hub router, it has a TTL of 2. This packet will be forwarded by the hub router to spoke2 and it will look like this:

We're Sorry, Full Content Access is for Members Only...

If you like to keep on reading, Become a Member Now! Here is why:

  • Learn any CCNA, CCNP and CCIE R&S Topic. Explained As Simple As Possible.
  • Try for Just $1. The Best Dollar You’ve Ever Spent on Your Cisco Career!
  • Full Access to our 785 Lessons. More Lessons Added Every Week!
  • Content created by Rene Molenaar (CCIE #41726)

Give Membership a try - it's just $1 ►

1893 Sign Ups in the last 30 days

satisfaction-guaranteed
100% Satisfaction Guaranteed!
You may cancel your monthly membership at any time.
No Questions Asked!

Tags:

Forum Replies

  1. I’m sorry but i don’t really agree with what you say. Your example starts with a multicast link-local ip address as destination. It has to be with TTL1.

    When you establish static neighborship instead, your packet becomes a unicast.

    The answer to this i guess, is programmers laziness. Is easier to keep the packet as is and just change the destination ip address rather than changing ip address and ttl. From a “c” developer point of view, you will not need to define a “ttl variable” and “set up a “setsockopt” call” … less code, less errors can be made.

  2. Hi Andrea,

    Thanks for your message. I think it’s common practice to set the TTL of link local multicast packets to 1 but it’s not written down in any standard. Only thing I could find about this is a draft: http://mirror.physik-pool.tu-berlin.de/pub/ietf/ietf-tools.html/draft-asati-eckert-multicast-local-ttl-00.html.

    The TTL of eigrp packets (unicast or multicast) is 2 so the only thing I could think of was the spoke to spoke communication as the hub decrements the TTL by 2.

    Rene

  3. Rene is correct. Just because the neighbor statement is used with an IGP does not modify it’s TTL. Whether RIP or EIGRP are sending their hellos/updates via multicast or unicast, the TTL is 2 in both cases. For OSPF, PIM, and LDP, it’s always 1.

    If you used the neighbor statement with OSPF, the TTL remains 1. So, simply by modifying the behavior of the IGP does not modify the packet’s TTL.

    The reason behind this is to still maintain neighborships across NBMA networks, including DMVPN, for distance vector routing protocols WITHOUT having to disable split horizon

    ... Continue reading in our forum

  4. Rene and Nick

    This is really great information. Thanks for sharing.

  5. This is good info - never read about it before.

11 more replies! Ask a question or join the discussion by visiting our Community Forum