Time to live (TTL) refers to the amount of time or “hops” that a packet is set to live inside a network before it is removed by a router. It is an 8-bit field in the Internet Protocol. The maximum TTL value is 255. TTL is mostly used in systems where endless loops are possible or updates must be forced in certain intervals.
It is a value in an Internet Protocol (IP) packet that tells a network router whether or not the packet has been in the network for too long and should be discarded. In IPv6, TTL field has been changed to hop limit.
TTL value is set initially by the Source system which is sending the packet. Its value can be anything between 1 and 255. Different operating systems set different defaults. Each router that receives the packet subtracts 1 from the count. If the count remains greater than 0, the router forwards the packet, otherwise it discards it and sends an Internet Control Message Protocol (ICMP) message (11 – Time Exceeded) back to the Source system, which may trigger a resend.
Related – What is ICMP?
Below is an example where Host A wants to communicate with Host B through ping packet. Host A sets TTL of 255 in the ping and sends it towards its gateway i.e. Router A. Router A, seeing the packet destined for a layer 3 hop towards Router B, decrements the TTL by 255 – 1 = 254 and sends it towards Router B. In the same way, Router B and Router C also decrement the TTL (Router B decrements TTL in packet from 254 to 253 and Router C decrements the TTL from 253 to 252). On reaching Host B, the ping packet TTL is reduced to 252.
Network commands like ping and traceroute utilize TTL. When using the traceroute command, a stream of packets are sent to the destination using an ever increasing TTL, starting with a value of one. On receipt of a packet with a TTL of one, the first hop will decrement the TTL by one resulting in a value of zero. This will cause the router to discard the packet and send an ICMP Time Exceeded error message to the source.
Packets are then sent with a TTL of two and so on until the packets eventually make it to the destination host. The ICMP error messages and the source addresses of the hosts that sent them reveal which routers are used along the path to deliver packets to the destination. The traceroute tool then presents this information to the user in a logical way.
In IP multicast, TTL controls the scope or range in which a packet may be forwarded.
- 0 is restricted to the same host
- 1 is restricted to the same subnet
- 32 is restricted to the same site
- 64 is restricted to the same region
- 128 is restricted to the same continent
- 255 is unrestricted
TTL is also used in Content Delivery Network (CDN) caching and Domain Name System (DNS) caching. CDNs commonly use a TTL to determine how long cached content should be served from a CDN edge server before a new copy will be fetched from an origin server. By properly setting the amount of time between origin server pulls, a CDN is able to serve updated content without requests continuously propagating back to the origin. This accumulation allows a CDN to efficiently serve content closer to a user while reducing the bandwidth required from the origin.
In the context of a DNS record, TTL is a numerical value that determines how long a DNS cache server can serve a DNS record before reaching out to the authoritative DNS server and getting a new copy of the record.
Related – UNDERSTANDING TTL SECURITY IN BGP