To The Last Tribe Consulting

TTL stands for Time To Live and is an 8 bit field in the IP header of a IPv4 packet. The commonly accepted explanation of what TTL is that it is a number that is decremented by 1 every hop of it’s journey to the destination host. When this number decrements to 0, the current router drops it, and sends back an ICMP error (11-Time Exceeded) to the sender. This mitigates endless routing loops if there is errors in the network path, and, without the TTL field, routers would continue to pass the packet back and forth for all eternity.

What is interesting is that, depending on the firewall, you could see a packet with a TTL of 122 go into the firewall, and come out the other side with TTL of 120. How is this you ask? Well, let’s take a look at the RFC that defines the TTL field. (As a side note, RFC (Request for Comments) is a series of memorandums that engineers (or whoever!) publish for peer-review of their proposals for protocols. The IETF will take some of these RFC’s and make them an Internet Standard. All of the protocols of the underpinnings of the Internet, among many other things, are spelled out in RFCs. So let’s take a look at RFC 1122. (There are others that offer more detailed info as well)

RFC 1122 states that the TTL should be decremented between 60 seconds and 120 seconds–not every hop. Later RFC’s stated that the TTL had to be decremented by at least one every hop. As this was implemented in regards to routers, the manufactures of the routers found that it just could not be done very easily–whereas firewalls they could. So what we have is routers that decrement the TTL based on hops, and firewalls decrementing based on time (seconds). Not really a big deal at first glance, but make sure you take it into account when you use a utility like traceroute.

Josh

So as I was working through my classes last night, I stumbled upon something that I found quite interesting: The reason that we can get more bandwidth across a CAT6 cable compared to CAT5 or even CAT3/4, even though they all have the same amount of cables (4 pairs of 2), is that as we scale to higher bandwidth, we have tighter and tighter twists of the cable. Now this in and of itself is not so interesting, but the implications are: consider the fact that because CAT6 is so tightly twisted, that when a human goes to untwist a little bit to crimp, you lose quite a bit of the twists–The result? Bandwidth Degradation. The only way that you can get true CAT6 specs is through machine crimped cable. My instructor went on to relate about how a client of his had crimped all their own CAT6, expecting CAT6 spec throughput; but when it came down to it, they seemed to be having major degradation. Unfortunately, I wasnt able to find any statistics on how much of a degradation there might be, but it’s something to consider when we get ready to run CAT6; For some applications it may not be a big deal, but for others, it might just be the reason for that mysterious bandwidth issue that they just can’t seem to figure out.

Josh