Re: Source Address Selection

From: Jason Madsen (madsen.jason@gmail.com)
Date: Sun Nov 02 2008 - 22:24:50 ARST

• Next message: Piotr: "Re: I am getting a K-value mismatch & retry limit exceeded"
• Previous message: Bob Sinclair: "Re: I am getting a K-value mismatch & retry limit exceeded"
• Maybe in reply to: Jason Madsen: "Source Address Selection"
• Next in thread: Marko Milivojevic: "Re: Source Address Selection"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Thanks for your response Daniel. I completely understand the way policy and
local policy routing work however and that wasn't what my inquiry to the
group was based upon. I was trying to determine what method if any routers
use to determine the source address used if/when the destination address is
not directly connected or in the routing table.

I know that with policy routing the destination address does not have to be
in the routing table. Actually, you aren't quite right with your assumption
that the routing table is "ignored". With "set ip next-hop" the routing
table is not considered first, but with "set ip default next-hop" the
routing table is first checked and if no route is present policy routing
takes place. Anyway, the point I was shooting for was an explanation of a
router choosing one interface to source from over another when the
destination address is not directly connected and it is not in the routing
table.

Jason

On Sun, Nov 2, 2008 at 4:34 PM, Daniel Kutchin <daniel@kutchin.com> wrote:

> Jason ---
>
> > The question I have is related to local policy routing in which the
> > destination address is NOT in the local router's routing table.
>
> Of course. When we do policy routing, we "ignore" the routing table,
> if there is a match. So if the destination-ID isn't in the routing table,
> that's fine.
>
>
> > access-list 100 permit 10.10.10.0 0.0.0.255 21.21.21.21 0.0.0.255
> >
> > route-map NEXT
> > match ip add 100
> > set ip next-hop 10.10.10.11
> >
> > ip local policy route-map NEXT
>
>
> The above lines will be interpreted as:
>
> On R0, use the local policy-map to match _INCOMING_ traffic from either
> R0-f0/0 or R1-f0/0 towards R0-Lo0, and set the next-hop to R1-f0/0. Right?
>
> If yes, then the outcome is unpredictable, just as you observed below
>
> > I had different results every time. It seemed completely random too.
> Some
> > random addresses (all above 10.10.10.10) seemed to be chosen as the
> source
> > address while others didn't and 10.10.10.10 ended up being the source
> > address.
>
> The _LOCAL_ policy-map is used for _OUTGOING_ local traffic only.
>
>
> Daniel
>
>
>
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> Jason Madsen
> Sent: Sonntag, 2. November 2008 20:15
> To: Cisco certification
> Subject: Source Address Selection
>
> Hello,
>
> I have a question about source address selection. Obviously when pinging
> another device, a router will use a source address of either the interface
> that's directly connected to the destination or else the source address of
> the exit interface that the router uses if it has a route in its routing
> table. The question I have is related to local policy routing in which the
> destination address is NOT in the local router's routing table.
>
> I've tested using a bunch of different address space and have found that I
> get different results without an obvious pattern. For example I had 3
> routers connected as such:
>
> R0
> . .
> . .
> R1 R2
>
> I setup local policy routing on R0 and specified that when it tries to
> reach
> R1's loopback address it should use a next-hop address of R1's directly
> connected interface address.
>
> If I don't match an address and simply set "ip next-hop x.x.x.x" it works
> just fine, however, if I choose to "match" an address whether or not it
> works depends entirely on what address space i use on the R0--R2 link even
> though the address I'm trying to reach is the loopback on R1. Here are
> some
> config's to help illustrate what I'm trying to say:
>
> (21.21.21.21 is R1's loopback address)
> R0
>
> int f0/0
> description link to R1
> ip add 10.10.10.10 255.255.255.0
>
> int fa1/0
> desc link to R2
> ip add 20.20.20.20 255.255.255.0
>
> access-list 100 permit 10.10.10.0 0.0.0.255 21.21.21.21 0.0.0.255
>
> route-map NEXT
> match ip add 100
> set ip next-hop 10.10.10.11
>
> ip local policy route-map NEXT
>
> even though there is NO route to 21.21.21.21 in my routing table, when I
> try
> to ping it my router always chooses to source from it's 20.20.20.20 f1/0
> interface rather than the f0/0 interface that is needed for local policy
> routing to function properly in this scenario. I know that I can easily
> NOT
> use a match statement referencing the 10 address or modify the existing
> access-list etc, but the purpose of me doing this scenario is for me to try
> and determine why the router chooses to source from one address or another
> when the destination address is NOT in the routing table and it is not
> directly connected.
>
> so anyway, the router always seemed to source from the 20 address, which
> lead me to believe that if a router doesn't have a route in its routing
> table, it chooses to source it's traffic from an interface with the highest
> IP. so I tried changing the address space of interface f1/0 to something
> else besides 20.20.20.20, but still higher than the 10.10.10.10 address
> and
> I had different results every time. It seemed completely random too. Some
> random addresses (all above 10.10.10.10) seemed to be chosen as the source
> address while others didn't and 10.10.10.10 ended up being the source
> address. For example, I think when I used 30.30.30.30 as the f1/0 address
> it ended up being the source address when trying to ping to 21.21.21.21,
> but
> when I used 100.100.100.10 as f1/0's address, the 10.10.10.10 ended up
> being
> the source address and when i set f1/0 to 11.11.11.11.10, 10.10.10.10 was
> still the source. I tried about 5 different subnets on f1/0 and whether
> f1/0 or f0/0 ended up being the source address seemed completely random.
>
> Sorry this is such a long post and that it's probably difficult to
> understand my point. This issue is kind of difficult for me to put into
> words, although it would probably only take my 10 seconds to explain
> verbally to someone.
>
> Again, the point of this lab scenario is NOT to make local policy routing
> work...that would be easy for this scenario. It was just for me to
> determine what makes a router choose its "source" address when the
> destination address is not directly connected and it's not in the routing
> table. From what I've seen it's just plain old random. Hopefully, someone
> has a better answer if that's not the case.
>
> Thanks,
> Jason
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net

• Next message: Piotr: "Re: I am getting a K-value mismatch & retry limit exceeded"
• Previous message: Bob Sinclair: "Re: I am getting a K-value mismatch & retry limit exceeded"
• Maybe in reply to: Jason Madsen: "Source Address Selection"
• Next in thread: Marko Milivojevic: "Re: Source Address Selection"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon Dec 01 2008 - 08:18:28 ARST