RE: Source Address Selection

From: Daniel Kutchin (daniel@kutchin.com)
Date: Sun Nov 02 2008 - 21:34:27 ARST

• Next message: Hobbs: "Re: I am getting a K-value mismatch & retry limit exceeded"
• Previous message: Hobbs: "Re: I am getting a K-value mismatch & retry limit exceeded"
• Maybe in reply to: Jason Madsen: "Source Address Selection"
• Next in thread: Jason Madsen: "Re: Source Address Selection"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Jason ---

> The question I have is related to local policy routing in which the
> destination address is NOT in the local router's routing table.

Of course. When we do policy routing, we "ignore" the routing table,
if there is a match. So if the destination-ID isn't in the routing table,
that's fine.

> access-list 100 permit 10.10.10.0 0.0.0.255 21.21.21.21 0.0.0.255
>
> route-map NEXT
> match ip add 100
> set ip next-hop 10.10.10.11
>
> ip local policy route-map NEXT

The above lines will be interpreted as:

On R0, use the local policy-map to match _INCOMING_ traffic from either
R0-f0/0 or R1-f0/0 towards R0-Lo0, and set the next-hop to R1-f0/0. Right?

If yes, then the outcome is unpredictable, just as you observed below

> I had different results every time. It seemed completely random too. Some
> random addresses (all above 10.10.10.10) seemed to be chosen as the source
> address while others didn't and 10.10.10.10 ended up being the source
> address.

The _LOCAL_ policy-map is used for _OUTGOING_ local traffic only.

Daniel

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Jason Madsen
Sent: Sonntag, 2. November 2008 20:15
To: Cisco certification
Subject: Source Address Selection

Hello,

I have a question about source address selection. Obviously when pinging
another device, a router will use a source address of either the interface
that's directly connected to the destination or else the source address of
the exit interface that the router uses if it has a route in its routing
table. The question I have is related to local policy routing in which the
destination address is NOT in the local router's routing table.

I've tested using a bunch of different address space and have found that I
get different results without an obvious pattern. For example I had 3
routers connected as such:

         R0
      . .
    . .
R1 R2

I setup local policy routing on R0 and specified that when it tries to reach
R1's loopback address it should use a next-hop address of R1's directly
connected interface address.

If I don't match an address and simply set "ip next-hop x.x.x.x" it works
just fine, however, if I choose to "match" an address whether or not it
works depends entirely on what address space i use on the R0--R2 link even
though the address I'm trying to reach is the loopback on R1. Here are some
config's to help illustrate what I'm trying to say:

(21.21.21.21 is R1's loopback address)
R0

int f0/0
description link to R1
ip add 10.10.10.10 255.255.255.0

int fa1/0
desc link to R2
ip add 20.20.20.20 255.255.255.0

access-list 100 permit 10.10.10.0 0.0.0.255 21.21.21.21 0.0.0.255

route-map NEXT
match ip add 100
set ip next-hop 10.10.10.11

ip local policy route-map NEXT

even though there is NO route to 21.21.21.21 in my routing table, when I try
to ping it my router always chooses to source from it's 20.20.20.20 f1/0
interface rather than the f0/0 interface that is needed for local policy
routing to function properly in this scenario. I know that I can easily NOT
use a match statement referencing the 10 address or modify the existing
access-list etc, but the purpose of me doing this scenario is for me to try
and determine why the router chooses to source from one address or another
when the destination address is NOT in the routing table and it is not
directly connected.

so anyway, the router always seemed to source from the 20 address, which
lead me to believe that if a router doesn't have a route in its routing
table, it chooses to source it's traffic from an interface with the highest
IP. so I tried changing the address space of interface f1/0 to something
else besides 20.20.20.20, but still higher than the 10.10.10.10 address and
I had different results every time. It seemed completely random too. Some
random addresses (all above 10.10.10.10) seemed to be chosen as the source
address while others didn't and 10.10.10.10 ended up being the source
address. For example, I think when I used 30.30.30.30 as the f1/0 address
it ended up being the source address when trying to ping to 21.21.21.21, but
when I used 100.100.100.10 as f1/0's address, the 10.10.10.10 ended up being
the source address and when i set f1/0 to 11.11.11.11.10, 10.10.10.10 was
still the source. I tried about 5 different subnets on f1/0 and whether
f1/0 or f0/0 ended up being the source address seemed completely random.

Sorry this is such a long post and that it's probably difficult to
understand my point. This issue is kind of difficult for me to put into
words, although it would probably only take my 10 seconds to explain
verbally to someone.

Again, the point of this lab scenario is NOT to make local policy routing
work...that would be easy for this scenario. It was just for me to
determine what makes a router choose its "source" address when the
destination address is not directly connected and it's not in the routing
table. From what I've seen it's just plain old random. Hopefully, someone
has a better answer if that's not the case.

Thanks,
Jason

Blogs and organic groups at http://www.ccie.net

• Next message: Hobbs: "Re: I am getting a K-value mismatch & retry limit exceeded"
• Previous message: Hobbs: "Re: I am getting a K-value mismatch & retry limit exceeded"
• Maybe in reply to: Jason Madsen: "Source Address Selection"
• Next in thread: Jason Madsen: "Re: Source Address Selection"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon Dec 01 2008 - 08:18:28 ARST