Equal-Cost Multi-Path (ECMP) is a forwarding mechanism for routing packets along multiple paths of equal cost with the goal to achieve almost equally distributed link load sharing. This, of course, significantly impacts a router’s next-hop (path) decision.
So how can we detect if ECMP is in play in the network your traffic is traversing? The answer is we need a special version of Traceroute that can figure out if ECMP is in play.
There are two solutions: Paris Traceroute and Dublin Traceroute.
The initial version of traceroute was implemented by Van Jacobson based on a suggestion by Steve Deering (the inventor or Multicast and what is now IPv6).
Paris traceroute was implemented by Xavier Cuvellier. Debugged and enhanced by Brice Augustin. The current version is available at: https://www.paris-traceroute.net
Dublin Traceroute was built on top of Paris Traceroute and is written by Andrea Barberio from, you guessed it, Dublin. You can find Dublin Traceroute at https://dublin-traceroute.net/README.md
What is the difference? Dublin Traceroute uses the techniques invented by the authors of Paris-traceroute to enumerate the paths of ECMP flow-based load balancing, but introduces a new technique for NAT detection.
Let’s look at Paris Traceroute first.
To check and see if you have this: simply type:
I did not have it, so I followed the instructions to install it on my Ubuntu Linux box.
sudo apt install paris-traceroute
Once done, I now get the proper response:
All is good. You can use the following command to see what all the command line options are:
Now let’s see if we have Dublin Traceroute installed:
Install it with:
sudo apt-get install dublin-traceroute
To get the help type:
Let’s run them both to see what happens when we traceroute to Google’s public DNS at 126.96.36.199. First, here is a normal, regular traceroute:
Now, let’s use Paris Traceroute:
Now Dublin Traceroute (you will note I add the ‘-n 3’ parameter as this limits Dublin Traceroute to 3 probes which is the same as the Paris Traceroute default):
To be fair, I am doing this from behind my home router which is a NAT. So Dublin is successful as advertised in seeing there is some ECMP going on. Look at the 8th hop. We see there are two different IP addresses, and we see them toggling. Same thing in the 12th hop.
If you want to dig a bit deeper, I have also enclosed a Wireshark packet capture of the three traceroutes for your perusal and deeper dissection. Traceroute Comparison Capture pcapng for Wireshark
So cool! I hope, like me, this is the last time you ever use regular traceroute!
I hope you find this article and its content helpful. Comments are welcomed below. If you would like to see more articles like this, please support us by clicking the patron link where you will receive free bonus access to courses and more, or simply buying us a cup of coffee!, and all comments are welcome!