| Internet-Draft | Traceroute Framework | November 2025 |
| Zhang, et al. | Expires 2 June 2026 | [Page] |
This draft introduces the development and latest situation of Traceroute, which is beneficial for network operators and users to understand the latest capabilities of traceroute, enabling them to utilize traceroute effectively.¶
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.¶
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.¶
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."¶
This Internet-Draft will expire on 2 June 2026.¶
Copyright (c) 2025 IETF Trust and the persons identified as the document authors. All rights reserved.¶
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License.¶
As described in [RFC2151], Traceroute is a common TCP/IP tool, which allos users to learn about the route that packets take from their local host to a remote host. It is often used by network and system managers to learn something about the ever-changing structure of the Internet.¶
Traceroute collects the route's information based on the ICMP Time Exceeded Message (TEM). ICMP TEM has been extended by several RFCs and drafts, however, there is no drafts nor RFCs summarize the current situation and development of Traceroute.¶
This draft introduces the development and latest situation of Traceroute, which is beneficial for network operators and users to understand the latest capabilities of traceroute, enabling them to utilize traceroute effectively.¶
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here.¶
The abbreviations used in this document are:¶
ICMP: Internet Control Message Protocol¶
[RFC2151] gives a general description on Traceroute. The original version of Traceroute works by sending a sequence of User Datagram Protocol (UDP) datagrams to an invalid port address at the remote host. Using the default settings, three datagrams are sent, each with a Time-To-Live (TTL) field value set to one. The TTL value of 1 causes the datagram to "timeout" as soon as it hits the first router in the path; this router will then respond with an ICMP Time Exceeded Message (TEM)[RFC792] indicating that the datagram has expired. Another three UDP messages are now sent, each with the TTL value set to 2, which causes the second router to return ICMP TEMs. This process continues until the packets actually reach the other destination. Since these datagrams are trying to access an invalid port at the destination host, ICMP Destination Unreachable Messages are returned indicating an unreachable port; this event signals the Traceroute program that it is finished! The Traceroute program displays the round-trip delay associated with each of the attempts. (Some implementations of Traceroute use the Record-Route option in IP rather than the method described above.)¶
The original Traceroute just allows users to get the IP address information of the router that packets go through from the source address of TEMs.¶
However, with the enhancment of ICMP, the Traceroute also can provides more richful information.¶
[RFC4884] extends the ICMP Time Exceeded Message with a length attribute and an Extension Structure, making it more flexiable to carry more information by one or more objects.¶
Based on [RFC4884], [RFC5837] defines the Interface Information Object to carry the ifIndex, IPv4 address, IPv6 address, name, and MTU information. With this extension, Traceroute is enhanced. It can explicitly identify the following at each node:¶
Although [RFC5837] extends ICMP to carry the interface information, however, for the node along the route, it still can only get the IP address information and can't adapt to the case where each node may not have a unique IP address. In order to solve this problem, [I-D.ietf-intarea-extended-icmp-nodeid] introduces a ICMP extension for Node Identification. It defines the Node Identification Object, which allows providing a unique IP address and/or a textual name for the node.¶
There are two different pieces of information that can appear in a Node Identification Object:¶
An IP Address Sub-Object MAY be included, containing an address of sufficient scope to identify the node within the domain.¶
A Name Sub-Object MAY be included, containing up to 63 octets of the YANG sys:hostname ([RFC7317]) or another appropriate name uniquely identifying the node.¶
The detailed description on Node Identification Ob can be found in Section 3 of [I-D.ietf-intarea-extended-icmp-nodeid].¶
Although Traceroute has been enhanced a lot, it still have some limitations. On the one hand, it is typically used to collect the information of one path, when using Traceroute in a multi-path topology (there are multiple paths from the source node to the destination node and ECMP, UCMP or other multi-path routing strategy is used.), the Traceroute can only get information of one of the avaialbe paths once. It can’t collect all the path’s information from source node to destination node at once. On the other hand, having a next hop and an outgoing interface does not mean that the next hop and outgoing interface are reachable, the ARP table or Neighbor Cache entry associated with the interface also need to be completed and reachable.¶
Therefore, [I-D.draft-many-intarea-icmp-mp] extends the ICMP message with an Multi-path Interface Information object to carry the egress interface, next hop, and the corresponding ARP or ND information of each multi-path interface of nodes along the route.¶
This document does not introduce any changes to the existing proctols, nor does it introduce new security risks.¶
This document has no IANA actions.¶