DiagnosticsEXEC

traceroute [ip]

Traces the route packets take to a destination IP address, showing each hop and round-trip time.

Overview

The traceroute command is a fundamental network diagnostic tool that maps the path packets take from a source to a destination across an IP network. It works by sending packets with incrementally increasing Time-To-Live (TTL) values. Each router along the path decrements the TTL; when the TTL reaches zero, the router discards the packet and sends an ICMP Time Exceeded message back to the source. By recording the source IP of these ICMP messages, traceroute builds a list of hops. On Cisco IOS-XR, traceroute defaults to using ICMP echo requests (type 8) as probe packets, unlike classic IOS which uses UDP. This is important for firewall considerations. The command is used to verify network connectivity, identify routing loops, pinpoint high-latency links, and detect packet loss. It fits into troubleshooting workflows as a first step after ping failures, helping to isolate where in the path the issue occurs. IOS-XR supports advanced options like specifying source IP, VRF, timeout, number of probes, and TTL range. Understanding traceroute output is critical for CCNP-level troubleshooting scenarios.

Syntax·EXEC
traceroute [ip-address | hostname] [source source-ip] [numeric] [timeout seconds] [probes number] [ttl min max] [vrf vrf-name]

When to Use This Command

  • Verify the path between two networks after a new circuit installation.
  • Identify where packet loss or high latency occurs in a multi-hop network.
  • Troubleshoot asymmetric routing by comparing forward and reverse traceroutes.
  • Validate that traffic is following the expected path through MPLS or VPN environments.

Parameters

ParameterSyntaxDescription
ip-address | hostnameA.B.C.D or hostnameThe destination IP address or hostname to trace. Hostname requires DNS resolution.
sourcesource A.B.C.DSpecifies the source IP address for the probe packets. Useful when multiple interfaces exist.
numericnumericDisplays IP addresses numerically without performing DNS lookups for hostnames.
timeouttimeout secondsSets the time in seconds to wait for a response from each probe. Default is 3 seconds.
probesprobes numberNumber of probes sent per TTL value. Default is 3. More probes increase accuracy.
ttlttl min maxSets the minimum and maximum TTL values. Useful to skip initial hops or limit the trace.
vrfvrf vrf-nameSpecifies the VRF (VPN Routing and Forwarding) instance to use for the trace.

Command Examples

Basic traceroute to a remote host

traceroute 10.1.1.1
Type escape sequence to abort.
Tracing the route to 10.1.1.1
VRF info: (vrf in name/id, vrf out name/id)
  1 192.168.1.1 1 msec 1 msec 1 msec
  2 10.0.0.2 5 msec 5 msec 5 msec
  3 10.1.1.1 10 msec 10 msec 10 msec

Each line shows a hop number, the IP address of the router at that hop, and three round-trip times in milliseconds. 'msec' indicates milliseconds. The first hop is the default gateway, the second is an intermediate router, and the third is the destination.

Traceroute with source IP and numeric display

traceroute 10.2.2.2 source 192.168.1.1 numeric
Type escape sequence to abort.
Tracing the route to 10.2.2.2
VRF info: (vrf in name/id, vrf out name/id)
  1 10.0.0.1 2 msec 2 msec 2 msec
  2 10.0.0.5 4 msec 4 msec 4 msec
  3 10.2.2.2 8 msec 8 msec 8 msec

The 'source 192.168.1.1' option forces the source IP of the probe packets to be 192.168.1.1. The 'numeric' option displays IP addresses without DNS resolution. Output shows three successful hops with low latency.

Understanding the Output

The traceroute output displays each hop along the path to the destination. The first column is the hop number (TTL value). The second column is the IP address of the router that responded. If DNS is enabled, the hostname may appear instead. Following the IP are three round-trip time (RTT) measurements in milliseconds. An asterisk (*) indicates a timeout (no response). Healthy values show consistent low RTTs (e.g., <10 ms on LAN, <100 ms on WAN). Problematic values include high RTTs (latency), timeouts (packet loss or firewall blocking), or sudden jumps in RTT (congestion). If a hop shows '!' or 'H', it indicates an unreachable destination or host unreachable. The 'VRF info' line shows VRF context if applicable.

Configuration Scenarios

Traceroute across an MPLS VPN

A customer needs to verify connectivity from a CE router to a remote site across an MPLS provider network.

Topology

CE1 --- PE1 --- P --- PE2 --- CE2

Steps

  1. 1.Enter EXEC mode on CE1.
  2. 2.Run traceroute with VRF and source IP.
Configuration
! No configuration needed; command is run in EXEC mode.
traceroute vrf CUSTOMER 10.2.2.2 source 10.1.1.1

Verify: Check that the first hop is the PE router, then provider core routers, then the remote CE. Ensure all hops respond with low latency.

Watch out: If VRF is not specified, the traceroute uses the global routing table and may fail or take a different path.

Troubleshooting with This Command

When troubleshooting connectivity issues, traceroute helps isolate where packets are dropped or delayed. Start with a basic traceroute to the destination. If the first hop responds but subsequent hops show asterisks, a firewall may be blocking ICMP Time Exceeded messages. Use the 'numeric' option to avoid DNS delays. If a hop shows high latency consistently, investigate that link for congestion or errors. If the path changes between runs, asymmetric routing may be present. In MPLS environments, use 'traceroute mpls' for more detailed LSP tracing. On IOS-XR, note that the default probe type is ICMP; if ICMP is filtered, use 'traceroute udp' to send UDP probes. Also, the 'vrf' keyword is essential when tracing through VPNs. For persistent issues, combine traceroute with 'ping' and 'show ip route' to correlate path information.

CCNA Exam Tips

1.

Remember that traceroute uses ICMP echo requests by default on IOS-XR, but can use UDP with the 'udp' keyword.

2.

Know that '!' in output means 'administratively prohibited' (ACL blocking).

3.

Be able to interpret asymmetric routing: if forward and reverse paths differ, traceroute may show unexpected hops.

Common Mistakes

Forgetting to specify VRF when tracing through a VPN; results in incorrect path or failure.

Assuming all hops must respond; firewalls may drop probes, causing asterisks.

Misinterpreting high latency as a problem when it's due to satellite links or long distances.

Platform Notes

Cisco IOS-XR traceroute differs from classic IOS in several ways. First, the default probe type is ICMP echo instead of UDP. Second, the syntax uses keywords like 'source' and 'numeric' without dashes. Third, IOS-XR supports VRF-aware tracing natively. On IOS, the equivalent command is 'traceroute' with similar options but different defaults. On Juniper Junos, the command is 'traceroute' with a different syntax. On Linux, it's 'traceroute' using UDP by default. In IOS-XR versions prior to 6.0, the command was 'traceroute' but with limited options; newer versions added more flexibility. Always check the specific IOS-XR version documentation for exact syntax.

Related Commands

Practice for the CCNA 200-301

Test your knowledge with hundreds of CCNA practice questions covering all exam domains.

Practice CCNA Questions