Speeding Up a Slow Traceroute in IOS

This article is just a quick tip regarding the traceroute process on Cisco devices and how to it may be streamlined. To be honest, I had been somewhat annoyed by the typical slowness and had assumed DNS lookups to be the problem. However, I must give credit to our friend @amyengineer for confirming my thoughts and sharing the solution. Amy included it at the end of a blog post she wrote about a day in Narbik’s CCIE Bootcamp.

The issue with traceroute performance is typically related to DNS PTR (reverse) lookups. Cisco devices are no exception to this process and try REALLY hard to figure out the names of the hops being traversed. Even if a Cisco device hasn’t been configured for a specific DNS server, it may send broadcasts in an attempt to resolve the PTR record for each IP address along a path. Let’s take a look.

 Slow Traceroute Topo

If we attempt a traceroute from R1 to the Loopback0 interface of R3, every thing is normal. However it takes more than 30 seconds for the process to complete. That’s a lot of time when you’re troubleshooting an issue (or taking the CCIE Lab).

R1#traceroute 1.1.1.1

Type escape sequence to abort.
Tracing the route to 1.1.1.1

  1 192.168.2.1 8 msec 24 msec 20 msec
  2 192.168.3.1 32 msec 40 msec 44 msec
  3 192.168.4.1 80 msec *  72 msec

If we look for DNS requests in Wireshark, the behavior becomes obvious.

Slow Traceroute Capt

The trick is to instruct the router not to request the DNS PTR record. One way to accomplish is adding the numeric keyword as a parameter for the traceroute command.

R1#traceroute 1.1.1.1 numeric

Type escape sequence to abort.
Tracing the route to 1.1.1.1

  1 192.168.2.1 16 msec 12 msec 16 msec
  2 192.168.3.1 20 msec 28 msec 40 msec
  3 192.168.4.1 80 msec 48 msec 52 msec

This time we receive the same basic traceroute output. However, the total time it took was only a few seconds.

There is another way to accomplish this. That method involves disabling DNS lookups in the global configuration of our IOS device. This is method uses the “no ip domain-lookup” command.

R1#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R1(config)#no ip domain-lookup

It is worth noting that devices created in GNS3 may use “no ip domain-lookup” by default. Additionally, production network devices may have other reasons for using DNS lookups. Therefore the applicability of the latter method should be assessed on a case by case basis.

No related content found.

About Paul Stewart, CCIE 26009 (Security)

Paul is a Network and Security Engineer, Trainer and Blogger who enjoys understanding how things really work. With over 15 years of experience in the technology industry, Paul has helped many organizations build, maintain and secure their networks and systems.
This entry was posted in How-To. Bookmark the permalink.