Re: traceroute

From: Derek Pocoroba (dpocoroba@gmail.com)
Date: Sun Jul 01 2007 - 17:54:16 ART

• Next message: Gregory Gombas: "Re: Wacky Regular Expression"
• Previous message: Mike Kraus \(mikraus\): "RE: traceroute"
• Maybe in reply to: Bhaskar Sivanesan: "traceroute"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This also works but I like Antonio's shorter config option =)

R3
!
interface Loopback0
 ip address 150.1.3.3 255.255.255.0
 ip nat outside
!
interface Loopback1
 ip address 3.3.3.3 255.255.255.255
 ip nat inside
 ip policy route-map POL1
!
ip local policy route-map POL
ip nat inside source list 101 interface Loopback0 overload
!
access-list 101 permit icmp any any port-unreachable
access-list 101 permit icmp any any time-exceeded
i
route-map POL permit 10
 match ip address 101
 set interface Loopback1
!
route-map POL1 permit 10
 set interface Loopback0
!
!
====================

Rack1R2#tra 156.1.3.3

Type escape sequence to abort.
Tracing the route to 156.1.3.3

  1 150.1.3.3 16 msec * 20 msec
Rack1R2#
Rack1R2#
Rack1R2#tra 150.1.8.8

Type escape sequence to abort.
Tracing the route to 150.1.8.8

  1 150.1.3.3 16 msec 16 msec 20 msec
  2 156.1.35.5 48 msec 44 msec 44 msec
  3 156.1.58.8 60 msec * 44 msec
Rack1R2#

Could have also sworn I have seen an example using only 1x loopback and
local PBR.

On 7/1/07, Mike Kraus (mikraus) <mikraus@cisco.com> wrote:
>
> Ah yes, working for me too. Very nice Antonio!
>
> -----Original Message-----
> From: Antonio Soares [mailto:amsoares@netcabo.pt]
> Sent: Sunday, July 01, 2007 3:20 PM
> To: 'Filyurin, Yan'; Mike Kraus (mikraus); 'Bhaskar Sivanesan'; 'ccie
> forum'
> Subject: RE: traceroute
>
> It works without PBR. See configs, outputs and debugs:
>
> ++++++++++++++++++++++++++
> R1:
> !
> interface Ethernet1/0
> ip address 12.12.12.1 255.255.255.0
> !
> ++++++++++++++++++++++++++
> R2:
> !
> interface Loopback0
> ip address 2.2.2.2 255.255.255.0
> !
> interface Ethernet1/0
> ip address 12.12.12.2 255.255.255.0
> ip nat outside
> !
> ip nat inside source list 102 interface Loopback0 overload !
> access-list 102 permit icmp any any port-unreachable access-list 102
> permit icmp any any ttl-exceeded !
> ++++++++++++++++++++++++++
> R1#trace 12.12.12.2
>
> Type escape sequence to abort.
> Tracing the route to 12.12.12.2
>
> 1 2.2.2.2 0 msec * 4 msec
> R1#
> ++++++++++++++++++++++++++
> R2#deb ip nat
> IP NAT debugging is on
> R2#clear ip nat translation *
> R2#sh ip nat translations
>
> R2#
> *Mar 1 02:07:58.033: NAT: s=12.12.12.2->2.2.2.2, d=12.12.12.1 [127] R2#
> *Mar 1 02:08:01.034: NAT: s=12.12.12.2->2.2.2.2, d=12.12.12.1 [128] R2#
> ++++++++++++++++++++++++++
> R2#sh ip nat trans
> Pro Inside global Inside local Outside local Outside
> global
> icmp 2.2.2.2:33434 12.12.12.2:33434 12.12.12.1:40476
> 12.12.12.1:40476
> icmp 2.2.2.2:33436 12.12.12.2:33436 12.12.12.1:36978
> 12.12.12.1:36978
> R2#
> ++++++++++++++++++++++++++
> R2#sh ip access-lists
> Extended IP access list 102
> 10 permit icmp any any port-unreachable (2 matches)
> 20 permit icmp any any ttl-exceeded
> R2#
> ++++++++++++++++++++++++++
>
> -----Original Message-----
> From: Filyurin, Yan [mailto:yan.filyurin@eds.com]
> Sent: domingo, 1 de Julho de 2007 20:59
> To: Mike Kraus (mikraus); Antonio Soares; Bhaskar Sivanesan; ccie forum
> Subject: RE: traceroute
>
> Wouldn't you also need ip local policy routing command, to send locally
> originated traffic through Loopback? In fact would we even need NAT at
> all?
> In other words, traffic is originated locally, it gets policy routed to
> next-hop of Loopback interface and it would come sourced from that. I
> am still not sure about the last part. I will have to lab it up.
>
>
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> Mike Kraus (mikraus)
> Sent: Sunday, July 01, 2007 3:45 PM
> To: Antonio Soares; Bhaskar Sivanesan; ccie forum
> Subject: RE: traceroute
>
> I just tried this, source is still physical... Tried just doing ip nat
> enable (with NVI) to see if router would magically figure it out too,
> but to no avail.
>
> Have you gotten this to work?
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> Antonio Soares
> Sent: Sunday, July 01, 2007 2:30 PM
> To: 'Bhaskar Sivanesan'; 'ccie forum'
> Subject: RE: traceroute
>
> None since the traffic is sourced from the router itself.
>
> _____
>
> From: Bhaskar Sivanesan [mailto:bas_bharath@yahoo.com]
> Sent: domingo, 1 de Julho de 2007 20:25
> To: Antonio Soares; ccie forum
> Subject: Re: traceroute
>
>
> Thanks Antonio, which will be the "ip nat inside" interface in this
> case.
>
> cheers
>
>
>
> ----- Original Message ----
> From: Antonio Soares <amsoares@netcabo.pt>
> To: Bhaskar Sivanesan <bas_bharath@yahoo.com>; ccie forum
> <ccielab@groupstudy.com>
> Sent: Sunday, July 1, 2007 8:19:13 PM
> Subject: RE: traceroute
>
>
> The answer is NAT:
>
> Example config:
>
> !
> access-list 102 permit icmp any any port-unreachable access-list 102
> permit icmp any any ttl-exceeded !
> ip nat inside source list 102 interface Loopback0 overload !
> !
> interface Ethernet1/0
> ip nat outside
> !
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> Bhaskar Sivanesan
> Sent: domingo, 1 de Julho de 2007 19:58
> To: ccie forum
> Subject: traceroute
>
> Hi group
>
> How do we change the source IP address in the ICMP TTL exceeded reply
> messages.
>
> Like, when I am doing a traceroute, I want the reply to be sourced from
> the respective router's loopback ip address rather than the interface
> address?
>
> is there any way to do it?
>
> thanks
>
>
>
> ________________________________________________________________________
> ____
> ________
> Building a website is a piece of cake. Yahoo! Small Business gives you
> all the tools to get online.
> http://smallbusiness.yahoo.com/webhosting
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
> _____
>
> TV dinner still cooling?
> Check out <http://us.rd.yahoo.com/evt=49979/*http://tv.yahoo.com/>
> "Tonight's Picks" on Yahoo! TV.
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: Gregory Gombas: "Re: Wacky Regular Expression"
• Previous message: Mike Kraus \(mikraus\): "RE: traceroute"
• Maybe in reply to: Bhaskar Sivanesan: "traceroute"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Aug 18 2007 - 08:17:39 ART