Source IP address

Discussion in 'Cisco' started by Igor Mamuzic, Dec 9, 2008.

  1. Igor Mamuzic

    Igor Mamuzic Guest

    When my router A routes locally generated icmp packets (local PBR) it always
    puts ip address of it's interface fa1 as the source address for those PBR
    routed packets. Traffic is policy routed trough tunnel interface 0 using
    next hop of router's B tunnel interface 0. This is what I want to accomplish
    and it works, but I noticed that router A always generates packets with
    source IP address of its fa1 interface. Now, I'm curious why is that so...

    Router A:
    int fa1
    ip add 10.0.0.2
    !
    int vlan 2
    description GRE tunnel source
    ip add 10.0.0.10
    crypto-map vpn
    !
    int tunnel 0
    description GRE with router B
    ip add 172.168.1.1
    tunnel-source vlan 2
    tunnel-destination 10.0.0.14
    !
    ip route 0.0.0.0 0.0.0.0 fa1
    ip local policy route-map tracker
    !
    route-map tracker permit
    match ip add 171
    set ip next-hop 172.168.1.2 - this is IP of tunnel interface on router B
    !
    access-list 171 permit icmp any host 195.29.150.3 echo

    Router B config is irrelevant because debug ip policy on router A shows that
    there is always fa1 ip address used as the source for locally generated
    traffic. Now if I want to be able to ping 195.29.150.3 from router A I need
    to put static route to router's A fa1 interface address on router B which is
    something that I would like to avoid.

    Regards,
    Igor
     
    Igor Mamuzic, Dec 9, 2008
    #1
    1. Advertising

  2. Igor Mamuzic

    Thrill5 Guest

    The router will use as the source ip address, the interface that the router
    will use to send the packet. I don't know how PBR affects this. This is
    true for any packets or TCP connections initiated by the router. For some
    connections, you can specify the source IP (TACACs, SNMP, NTP, etc), for
    others you can't (TFTP, telnet)

    You can specify the source IP used by pings. Enter "ping" without any
    arguments and answer the prompts. When it asks "Extended commads [n]" enter
    "y". The next prompt will be for the source address. You can specify an
    interface name or an interface ip address.


    "Igor Mamuzic" <-com.hr> wrote in message
    news:ghlg1h$13f$-com.hr...
    > When my router A routes locally generated icmp packets (local PBR) it
    > always puts ip address of it's interface fa1 as the source address for
    > those PBR routed packets. Traffic is policy routed trough tunnel interface
    > 0 using next hop of router's B tunnel interface 0. This is what I want to
    > accomplish and it works, but I noticed that router A always generates
    > packets with source IP address of its fa1 interface. Now, I'm curious why
    > is that so...
    >
    > Router A:
    > int fa1
    > ip add 10.0.0.2
    > !
    > int vlan 2
    > description GRE tunnel source
    > ip add 10.0.0.10
    > crypto-map vpn
    > !
    > int tunnel 0
    > description GRE with router B
    > ip add 172.168.1.1
    > tunnel-source vlan 2
    > tunnel-destination 10.0.0.14
    > !
    > ip route 0.0.0.0 0.0.0.0 fa1
    > ip local policy route-map tracker
    > !
    > route-map tracker permit
    > match ip add 171
    > set ip next-hop 172.168.1.2 - this is IP of tunnel interface on router B
    > !
    > access-list 171 permit icmp any host 195.29.150.3 echo
    >
    > Router B config is irrelevant because debug ip policy on router A shows
    > that there is always fa1 ip address used as the source for locally
    > generated traffic. Now if I want to be able to ping 195.29.150.3 from
    > router A I need to put static route to router's A fa1 interface address on
    > router B which is something that I would like to avoid.
    >
    > Regards,
    > Igor
    >
     
    Thrill5, Dec 10, 2008
    #2
    1. Advertising

  3. ok I discovered that it always uses IP address of the interface with default
    route as source IP address for locally generated packets;) Until now I
    thought that router will always use IP address of egress interface as a
    source ip until configured to not do so. Is there any logical explanation
    about this?

    Igor
     
    Igor Mamuzic aka Pseto, Dec 11, 2008
    #3
  4. Igor Mamuzic

    Dan Lanciani Guest

    In article <ghr9eu$p9g$-com.hr>, -com.hr (Igor Mamuzic aka Pseto) writes:

    | ok I discovered that it always uses IP address of the interface with default
    | route as source IP address for locally generated packets;) Until now I
    | thought that router will always use IP address of egress interface as a
    | source ip until configured to not do so. Is there any logical explanation
    | about this?

    I believe the router typically uses as a source address the primary address
    of the interface that would hypothetically be the egress interface under
    normal routing rules. It does not "pre run" any other code (e.g., route
    maps) that could result in a different egress interface. Even in some
    simple cases you can get undesirable effects. For example, if the interface
    is chosen because of the route installed for a secondary address the router
    still uses the primary address as source. In many cases where it matters
    at all this is not the address you want...

    Dan Lanciani
    ddl@danlan.*com
     
    Dan Lanciani, Dec 11, 2008
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Author Tarun Tyagi
    Replies:
    0
    Views:
    768
    Author Tarun Tyagi
    Dec 29, 2004
  2. Replies:
    4
    Views:
    1,108
  3. Lawrence D'Oliveiro

    Open-Source Good, Closed-Source Bad

    Lawrence D'Oliveiro, Oct 16, 2005, in forum: NZ Computing
    Replies:
    1
    Views:
    514
    Gordon
    Oct 16, 2005
  4. Lawrence D'Oliveiro

    Closed-Source vs Open-Source Drivers

    Lawrence D'Oliveiro, May 4, 2009, in forum: NZ Computing
    Replies:
    2
    Views:
    555
    Lawrence D'Oliveiro
    May 5, 2009
  5. Lawrence D'Oliveiro

    Open Source vs Closed Source Security

    Lawrence D'Oliveiro, Mar 3, 2010, in forum: NZ Computing
    Replies:
    1
    Views:
    1,047
    Gordon
    Mar 4, 2010
Loading...

Share This Page