Re: Traceroute and policy based routing

From: rosy bird (rosybird@gmail.com)
Date: Fri Jul 15 2005 - 02:27:06 GMT-3

Do it a bit differently..:-)...

Instead of set ip next-hop,use set interface<interface>...This should work....

Regards
Sunil.

On 7/10/05, Arun Kumar Arumuganainar <aarumuga@hotmail.com> wrote:
> Hi Varthis ,
>
> I see that you have created access list for ICMP ( ttl-exeeded and port
> unreachable ) .
>
> I would suggest you to create an access list for UDP packets instead and
> Apply the policy on the interface facing R1 . Let me explain in Detail .
>
> Your Task Description : R2 has 2 possible ways to reach R5. These are R3
> and R4. But I want this traceroute to go through R4 and not through R3.
>
> Solution :
>
> How Trace Route Functions : Trace Route Functions sends series of UDP
> packet with arbitary port number to the destnaltion address . It begins
> with TTL 1 and increments by 1 on ever next try till it recives a
> response from Destination address.
>
> Each intermediate router responds with TTL-Expired message and
> destination responds with port unreachable message .
>
> Now coming to the solution . Here what you have attempted is to rediredt
> responses which are actually ICMP packets of type ( TTL-Expired or Port
> Unreachable ) . This is not we want . We actually want to redirect UDP
> packet which is atually trace-route Probe . May be you should try
> modifying your access list . I would suggest you to use the following
> configuration .
>
> route-map test permit 10
> match ip address 100
> set ip next-hop <R4-address connected to R2>
> !
> access-list 100 permit udp host <R1's IP address > Host <R5's
> IP address >
>
> Pls. Note : Pls. try applying this on R2 on its interface facing R1
>
> Let me know if this works for you .
>
> Thanks and Regards
>
> Arun
>
> >From: "Varthis Vassilantonakis" <vvas@altec.gr>
> >Reply-To: "Varthis Vassilantonakis" <vvas@altec.gr>
> >To: "Sila Moni" <silamoni@yahoo.com>, <ccielab@groupstudy.com>
> >Subject: RE: Traceroute and policy based routing
> >Date: Sat, 9 Jul 2005 16:30:16 +0300
> >
> >Hi Sila,
> >
> >I have already tried to apply policy routing in the incoming interface
> but it doesn't work. This is because with the traceroute command the
> packet is originated locally from the router (on every router in the
> path).
> >The packets generated locally by the router can be policy routed!!! This
> is the use of the command ip local policy.
> >Am I right?
> >I also tried sending i to the Loopback interface and then setting the
> interface to be the desired one of the two.
> >But again, it didn't work.
> >
> >Any other suggestions?
> >
> >Does anybody have seen any documents describing a situation like this
> with traceroute and policy routing? Or any other useful document
> regarding traceroute in general.
> >
> >Thanks again,
> >
> >Varthis
> >
> >________________________________
> >
> >Ap|: Sila Moni [mailto:silamoni@yahoo.com]
> >Apostok^: Sab 9/7/2005 3:28 ll
> >Pqor: Varthis Vassilantonakis; ccielab@groupstudy.com
> >H]la: Re: Traceroute and policy based routing
> >
> >
> >
> >I think you should apply policy routing on the
> >incoming interface, not in the global config. Note
> >that packets generated locally by the router are not
> >policy routed. One way is to send it to the loopback
> >interface.
> >
> >--- Varthis Vassilantonakis <vvas@altec.gr> wrote:
> >
> > > Hello group,
> > >
> > > One quite tricky question.
> > >
> > > In the IEWB Lab 18 Q12.1 there is an example on how
> > > we should configure a router to response with its
> > > Loopback address when any other router issue a
> > > traceroute to it.
> > >
> > > What if we want to do something slightly different.
> > > What I want is to traceroute from R1 to R5.
> > > R2 has 2 possible ways to reach R5. These are R3 and
> > > R4. See the diagram below:
> > >
> > > R1 ------- R2 ------------------R3-----------------
> > > |
> > > |
> > > |
> > > |
> > > |
> > > |
> > >
> > > R4--------------------------------------R5
> > >
> > > I want this traceroute to go through R4 and not
> > > through R3.
> > >
> > > My configuration is the following:
> > >
> > > R2:
> > >
> > > ip local policy route-map test
> > > !
> > > route-map test permit 10
> > > match ip address 100
> > > set ip next-hop <R4-address connected to R2>
> > > !
> > > access-list 100 permit icmp any any time-exceeded
> > > access-list 100 permit icmp any any port-unreachable
> > >
> > > Local policy routing is configured because
> > > traceroute is locally generated by the router each
> > > time.
> > >
> > > However, I can not get this to work.
> > >
> > > Any ideas ?
> > >
> > > TIA
> > >
> > > Varthis
> > >
> > >
> >_______________________________________________________________________
> > > Subscription information may be found at:
> > > http://www.groupstudy.com/list/CCIELab.html
> > >
> >
> >
> >
> >
> >____________________________________________________
> >Sell on Yahoo! Auctions - no fees. Bid on great items.
> >http://auctions.yahoo.com/
> >
> >_______________________________________________________________________
> >Subscription information may be found at:
> >http://www.groupstudy.com/list/CCIELab.html
>
> ------------------------------------------------------------------------
>
> Millions of marriage proposals. Find your match on BharatMatrimony.com
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

This archive was generated by hypermail 2.1.4 : Sun Sep 04 2005 - 17:00:30 GMT-3