RE: Traceroute and policy based routing

From: Arun Kumar Arumuganainar (aarumuga@hotmail.com)
Date: Sun Jul 10 2005 - 09:06:28 GMT-3

• Next message: Varthis Vassilantonakis: "ospf - isdn no peer neighbor route"
• Previous message: Arun Kumar Arumuganainar: "Re: IE Lab15 Task 5.21"
• Maybe in reply to: Varthis Vassilantonakis: "Traceroute and policy based routing"
• Next in thread: rosy bird: "Re: Traceroute and policy based routing"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi Varthis ,

I see that you have created access list for ICMP ( ttl-exeeded and port
unreachable ) .

I would suggest you to create an access list for UDP packets instead and
Apply the policy on the interface facing R1 . Let me explain in Detail .

Your Task Description : R2 has 2 possible ways to reach R5. These are R3
and R4. But I want this traceroute to go through R4 and not through R3.

Solution :

How Trace Route Functions : Trace Route Functions sends series of UDP
packet with arbitary port number to the destnaltion address . It begins
with TTL 1 and increments by 1 on ever next try till it recives a
response from Destination address.

Each intermediate router responds with TTL-Expired message and
destination responds with port unreachable message .

Now coming to the solution . Here what you have attempted is to rediredt
responses which are actually ICMP packets of type ( TTL-Expired or Port
Unreachable ) . This is not we want . We actually want to redirect UDP
packet which is atually trace-route Probe . May be you should try
modifying your access list . I would suggest you to use the following
configuration .

 route-map test permit 10
 match ip address 100
 set ip next-hop <R4-address connected to R2>
 !
access-list 100 permit udp host <R1's IP address > Host <R5's
IP address >

Pls. Note : Pls. try applying this on R2 on its interface facing R1

Let me know if this works for you .

Thanks and Regards

Arun

>From: "Varthis Vassilantonakis" <vvas@altec.gr>
>Reply-To: "Varthis Vassilantonakis" <vvas@altec.gr>
>To: "Sila Moni" <silamoni@yahoo.com>, <ccielab@groupstudy.com>
>Subject: RE: Traceroute and policy based routing
>Date: Sat, 9 Jul 2005 16:30:16 +0300
>
>Hi Sila,
>
>I have already tried to apply policy routing in the incoming interface
but it doesn't work. This is because with the traceroute command the
packet is originated locally from the router (on every router in the
path).
>The packets generated locally by the router can be policy routed!!! This
is the use of the command ip local policy.
>Am I right?
>I also tried sending i to the Loopback interface and then setting the
interface to be the desired one of the two.
>But again, it didn't work.
>
>Any other suggestions?
>
>Does anybody have seen any documents describing a situation like this
with traceroute and policy routing? Or any other useful document
regarding traceroute in general.
>
>Thanks again,
>
>Varthis
>
>________________________________
>
>Ap|: Sila Moni [mailto:silamoni@yahoo.com]
>Apostok^: Sab 9/7/2005 3:28 ll
>Pqor: Varthis Vassilantonakis; ccielab@groupstudy.com
>H]la: Re: Traceroute and policy based routing
>
>
>
>I think you should apply policy routing on the
>incoming interface, not in the global config. Note
>that packets generated locally by the router are not
>policy routed. One way is to send it to the loopback
>interface.
>
>--- Varthis Vassilantonakis <vvas@altec.gr> wrote:
>
> > Hello group,
> >
> > One quite tricky question.
> >
> > In the IEWB Lab 18 Q12.1 there is an example on how
> > we should configure a router to response with its
> > Loopback address when any other router issue a
> > traceroute to it.
> >
> > What if we want to do something slightly different.
> > What I want is to traceroute from R1 to R5.
> > R2 has 2 possible ways to reach R5. These are R3 and
> > R4. See the diagram below:
> >
> > R1 ------- R2 ------------------R3-----------------
> > |
> > |
> > |
> > |
> > |
> > |
> >
> > R4--------------------------------------R5
> >
> > I want this traceroute to go through R4 and not
> > through R3.
> >
> > My configuration is the following:
> >
> > R2:
> >
> > ip local policy route-map test
> > !
> > route-map test permit 10
> > match ip address 100
> > set ip next-hop <R4-address connected to R2>
> > !
> > access-list 100 permit icmp any any time-exceeded
> > access-list 100 permit icmp any any port-unreachable
> >
> > Local policy routing is configured because
> > traceroute is locally generated by the router each
> > time.
> >
> > However, I can not get this to work.
> >
> > Any ideas ?
> >
> > TIA
> >
> > Varthis
> >
> >
>_______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
> >
>
>
>
>
>____________________________________________________
>Sell on Yahoo! Auctions - no fees. Bid on great items.
>http://auctions.yahoo.com/
>
>_______________________________________________________________________
>Subscription information may be found at:
>http://www.groupstudy.com/list/CCIELab.html

------------------------------------------------------------------------

Millions of marriage proposals. Find your match on BharatMatrimony.com

• Next message: Varthis Vassilantonakis: "ospf - isdn no peer neighbor route"
• Previous message: Arun Kumar Arumuganainar: "Re: IE Lab15 Task 5.21"
• Maybe in reply to: Varthis Vassilantonakis: "Traceroute and policy based routing"
• Next in thread: rosy bird: "Re: Traceroute and policy based routing"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sun Sep 04 2005 - 17:00:29 GMT-3