HELPME: BGP + Route Map + Next Hop.

by David Sudjiman ~ January 23rd, 2007. Filed under: Cisco, helpme.

I have two routers that connected back-to-back using two serials. I also have each e0 on each router (R1 and R2) configured. both routers are using BGP AS 1 and BGP as 2, respectively. What I’m trying to do next is to make any ICMP packets from R1’s e0 going to path R1E0-R1S1-R2S1-R2E0. I’m using route-map and next hop to achieve this.

The problem is why can’t I use ip policy route-map on the interface yet I have to use ip LOCAL policy route-map to do this?

These are the configurations for both routers.

R1#sh run
!
hostname R1
!
interface Ethernet0
 ip address 10.10.10.1 255.255.255.0
 ip policy route-map FROM-10.10.10.1-TO-20.20.20.1
!
interface Serial0
 ip address 131.108.1.1 255.255.255.252
 no fair-queue
 clockrate 56000
!
interface Serial1
 ip address 131.108.1.5 255.255.255.252
 clockrate 56000
!
router bgp 1
 bgp log-neighbor-changes
 network 10.10.10.0 mask 255.255.255.0
 neighbor 131.108.1.2 remote-as 2
 neighbor 131.108.1.6 remote-as 2
!
access-list 100 permit icmp host 10.10.10.1 host 20.20.20.1
route-map FROM-10.10.10.1-TO-20.20.20.1 permit 10
 match ip address 100
 set ip next-hop 131.108.1.6
!
end

R2#sh run
!
hostname R2
!
interface Ethernet0
 ip address 20.20.20.1 255.255.255.0
 ip policy route-map FROM-20.20.20.1-TO-10.10.10.1
!
interface Serial0
 ip address 131.108.1.2 255.255.255.252
 no fair-queue
!
interface Serial1
 ip address 131.108.1.6 255.255.255.252
!
router bgp 2
 bgp log-neighbor-changes
 network 20.20.20.0 mask 255.255.255.0
 neighbor 131.108.1.1 remote-as 1
 neighbor 131.108.1.5 remote-as 1
!
access-list 100 permit icmp host 20.20.20.1 host 10.10.10.1
route-map FROM-20.20.20.1-TO-10.10.10.1 permit 10
 match ip address 100
 set ip next-hop 131.108.1.4
!
end

Based on the above configuration I’m expecting whether I can have my icmp packets go through R1E0-R1S1-R2S1-R2E0.

R1#sh ip bgp
BGP table version is 3, local router ID is 10.10.10.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
*> 10.10.10.0/24    0.0.0.0                  0         32768 i
*  20.20.20.0/24    131.108.1.6              0             0 2 i
*>                  131.108.1.2              0             0 2 i

R1#sh access-list 100
Extended IP access list 100
    permit icmp host 10.10.10.1 host 20.20.20.1

R1#sh ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     20.0.0.0/24 is subnetted, 1 subnets
B       20.20.20.0 [20/0] via 131.108.1.2, 00:06:12
     10.0.0.0/24 is subnetted, 1 subnets
C       10.10.10.0 is directly connected, Ethernet0
     131.108.0.0/30 is subnetted, 2 subnets
C       131.108.1.4 is directly connected, Serial1
C       131.108.1.0 is directly connected, Serial0

R1#debug ip policy
Policy routing debugging is on

R1#ping
Protocol [ip]:
Target IP address: 20.20.20.1
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands [n]: y
Source address or interface: 10.10.10.1
Type of service [0]:
Set DF bit in IP header? [no]:
Validate reply data? [no]:
Data pattern [0xABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Sweep range of sizes [n]:
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 20.20.20.1, timeout is 2 seconds:
Packet sent with a source address of 10.10.10.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 36/37/40 ms

R1#u all
All possible debugging has been turned off

R1#debug ip packet
IP packet debugging is on

R1#ping
Protocol [ip]:
Target IP address: 20.20.20.1
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands [n]: y
Source address or interface: 10.10.10.1
Type of service [0]:
Set DF bit in IP header? [no]:
Validate reply data? [no]:
Data pattern [0xABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Sweep range of sizes [n]:
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 20.20.20.1, timeout is 2 seconds:
Packet sent with a source address of 10.10.10.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 52/52/52 ms

00:18:41: IP: tableid=0, s=10.10.10.1 (local), d=20.20.20.1 (Serial0), routed via RIB
00:18:41: IP: s=10.10.10.1 (local), d=20.20.20.1 (Serial0), len 100, sending
00:18:41: IP: tableid=0, s=20.20.20.1 (Serial0), d=10.10.10.1 (Ethernet0), routed via RIB
00:18:41: IP: s=20.20.20.1 (Serial0), d=10.10.10.1, len 100, rcvd 4
00:18:41: IP: tableid=0, s=10.10.10.1 (local), d=20.20.20.1 (Serial0), routed via RIB
00:18:41: IP: s=10.10.10.1 (local), d=20.20.20.1 (Serial0), len 100, sending
00:18:41: IP: tableid=0, s=20.20.20.1 (Serial0), d=10.10.10.1 (Ethernet0), routed via RIB
00:18:41: IP: s=20.20.20.1 (Serial0), d=10.10.10.1, len 100, rcvd 4
00:18:41: IP: tableid=0, s=10.10.10.1 (local), d=20.20.20.1 (Serial0), routed via RIB
00:18:41: IP: s=10.10.10.1 (local), d=20.20.20.1 (Serial0), len 100, sending
00:18:41: IP: tableid=0, s=20.20.20.1 (Serial0), d=10.10.10.1 (Ethernet0), routed via RIB
00:18:41: IP: s=20.20.20.1 (Serial0), d=10.10.10.1, len 100, rcvd 4
00:18:41: IP: tableid=0, s=10.10.10.1 (local), d=20.20.20.1 (Serial0), routed via RIB
00:18:41: IP: s=10.10.10.1 (local), d=20.20.20.1 (Serial0), len 100, sending
00:18:41: IP: tableid=0, s=20.20.20.1 (Serial0), d=10.10.10.1 (Ethernet0), routed via RIB
00:18:41: IP: s=20.20.20.1 (Serial0), d=10.10.10.1, len 100, rcvd 4
00:18:41: IP: tableid=0, s=10.10.10.1 (local), d=20.20.20.1 (Serial0), routed via RIB
00:18:41: IP: s=10.10.10.1 (local), d=20.20.20.1 (Serial0), len 100, sending
00:18:41: IP: tableid=0, s=20.20.20.1 (Serial0), d=10.10.10.1 (Ethernet0), routed via RIB
00:18:41: IP: s=20.20.20.1 (Serial0), d=10.10.10.1, len 100, rcvd 4

R1#u all
All possible debugging has been turned off

R1#traceroute 20.20.20.1

Type escape sequence to abort.
Tracing the route to 20.20.20.1

  1 131.108.1.2 16 msec 16 msec *

Is there something wrong with the configuration?

Here’s another clue. I remove the ip policy route-map from the Ethernet0 and put ip local policy route-map globally.

R1#sh run
!
hostname R1
!
interface Ethernet0
 ip address 10.10.10.1 255.255.255.0
!
interface Serial0
 ip address 131.108.1.1 255.255.255.252
 no fair-queue
 clockrate 56000
!
interface Serial1
 ip address 131.108.1.5 255.255.255.252
 clockrate 56000
!
router bgp 1
 bgp log-neighbor-changes
 network 10.10.10.0 mask 255.255.255.0
 neighbor 131.108.1.2 remote-as 2
 neighbor 131.108.1.6 remote-as 2
!
ip local policy route-map FROM-10.10.10.1-TO-20.20.20.1
!
access-list 100 permit icmp host 10.10.10.1 host 20.20.20.1
route-map FROM-10.10.10.1-TO-20.20.20.1 permit 10
 match ip address 100
 set ip next-hop 131.108.1.6
!
end

R2#sh run
!
hostname R2
!
interface Ethernet0
 ip address 20.20.20.1 255.255.255.0
!
interface Serial0
 ip address 131.108.1.2 255.255.255.252
 no fair-queue
!
interface Serial1
 ip address 131.108.1.6 255.255.255.252
!
router bgp 2
 bgp log-neighbor-changes
 network 20.20.20.0 mask 255.255.255.0
 neighbor 131.108.1.1 remote-as 1
 neighbor 131.108.1.5 remote-as 1
!
ip local policy route-map FROM-20.20.20.1-TO-10.10.10.1
!
access-list 100 permit icmp host 20.20.20.1 host 10.10.10.1
route-map FROM-20.20.20.1-TO-10.10.10.1 permit 10
 match ip address 100
 set ip next-hop 131.108.1.4
!
end

Now the ICMP packet can be routed through R1E0-R1S1-R2S1-R2E0.

R1#debug ip policy
Policy routing debugging is on

R1#ping
Protocol [ip]:
Target IP address: 20.20.20.1
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands [n]: y
Source address or interface: 10.10.10.1
Type of service [0]:
Set DF bit in IP header? [no]:
Validate reply data? [no]:
Data pattern [0xABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Sweep range of sizes [n]:
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 20.20.20.1, timeout is 2 seconds:
Packet sent with a source address of 10.10.10.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 52/52/52 ms

00:43:18: IP: s=10.10.10.1 (local), d=20.20.20.1, len 100, policy match
00:43:18: IP: route map FROM-10.10.10.1-TO-20.20.20.1, item 10, permit
00:43:18: IP: s=10.10.10.1 (local), d=20.20.20.1 (Serial1), len 100, policy routed
00:43:18: IP: local to Serial1 131.108.1.6
00:43:18: IP: s=10.10.10.1 (local), d=20.20.20.1, len 100, policy match
00:43:18: IP: route map FROM-10.10.10.1-TO-20.20.20.1, item 10, permit
00:43:18: IP: s=10.10.10.1 (local), d=20.20.20.1 (Serial1), len 100, policy routed
00:43:18: IP: local to Serial1 131.108.1.6
00:43:18: IP: s=10.10.10.1 (local), d=20.20.20.1, len 100, policy match
00:43:18: IP: route map FROM-10.10.10.1-TO-20.20.20.1, item 10, permit
00:43:18: IP: s=10.10.10.1 (local), d=20.20.20.1 (Serial1), len 100, policy routed
00:43:18: IP: local to Serial1 131.108.1.6
00:43:18: IP: s=10.10.10.1 (local), d=20.20.20.1, len 100, policy match
00:43:18: IP: route map FROM-10.10.10.1-TO-20.20.20.1, item 10, permit
00:43:18: IP: s=10.10.10.1 (local), d=20.20.20.1 (Serial1), len 100, policy routed
00:43:18: IP: local to Serial1 131.108.1.6
00:43:18: IP: s=10.10.10.1 (local), d=20.20.20.1, len 100, policy match
00:43:18: IP: route map FROM-10.10.10.1-TO-20.20.20.1, item 10, permit
00:43:18: IP: s=10.10.10.1 (local), d=20.20.20.1 (Serial1), len 100, policy routed
00:43:18: IP: local to Serial1 131.108.1.6

R1#u all
All possible debugging has been turned off

R1#debug ip packet
IP packet debugging is on

R1#ping
Protocol [ip]:
Target IP address: 20.20.20.1
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands [n]: y
Source address or interface: 10.10.10.1
Type of service [0]:
Set DF bit in IP header? [no]:
Validate reply data? [no]:
Data pattern [0xABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Sweep range of sizes [n]:
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 20.20.20.1, timeout is 2 seconds:
Packet sent with a source address of 10.10.10.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 44/44/44 ms

00:43:49: IP: tableid=0, s=20.20.20.1 (Serial1), d=10.10.10.1 (Ethernet0), routed via RIB
00:43:49: IP: s=20.20.20.1 (Serial1), d=10.10.10.1, len 100, rcvd 4
00:43:49: IP: tableid=0, s=20.20.20.1 (Serial1), d=10.10.10.1 (Ethernet0), routed via RIB
00:43:49: IP: s=20.20.20.1 (Serial1), d=10.10.10.1, len 100, rcvd 4
00:43:49: IP: tableid=0, s=20.20.20.1 (Serial1), d=10.10.10.1 (Ethernet0), routed via RIB
00:43:49: IP: s=20.20.20.1 (Serial1), d=10.10.10.1, len 100, rcvd 4
00:43:49: IP: tableid=0, s=20.20.20.1 (Serial1), d=10.10.10.1 (Ethernet0), routed via RIB
00:43:49: IP: s=20.20.20.1 (Serial1), d=10.10.10.1, len 100, rcvd 4
00:43:50: IP: tableid=0, s=20.20.20.1 (Serial1), d=10.10.10.1 (Ethernet0), routed via RIB
00:43:50: IP: s=20.20.20.1 (Serial1), d=10.10.10.1, len 100, rcvd 4
00:43:52: IP: s=131.108.1.2 (Serial0), d=131.108.1.1, len 59, rcvd 0
00:43:52: IP: tableid=0, s=131.108.1.1 (local), d=131.108.1.2 (Serial0), routed via RIB
00:43:52: IP: s=131.108.1.2 (Serial0), d=131.108.1.1, len 40, rcvd 0
00:43:55: IP: tableid=0, s=131.108.1.5 (local), d=131.108.1.6 (Serial1), routed via RIB
00:43:55: IP: s=131.108.1.6 (Serial1), d=131.108.1.5, len 59, rcvd 0
00:43:55: IP: tableid=0, s=131.108.1.5 (local), d=131.108.1.6 (Serial1), routed via RIB

Why can’t I use ip policy route-map on the interface yet I have to use ip LOCAL policy route-map to do this?

Can somebody help me? All comments will be much appreciated.

7 Responses to HELPME: BGP + Route Map + Next Hop.

tripleH
January 23rd, 2007 at 9:01 pm
ip local policy = for traffic generated by the router itself, in your test you tried to ping from the router and not from the client…
the ip policy route-map will work for all traffic from the clients behind the router

David Sudjiman
January 23rd, 2007 at 9:15 pm

[tripleH] Tried that using a host connected to R1E0. No Luck.

davids@nebuchadnezzar:~$ ping 10.10.10.1
PING 10.10.10.1 (10.10.10.1) 56(84) bytes of data.
64 bytes from 10.10.10.1: icmp_seq=1 ttl=255 time=7.85 ms
64 bytes from 10.10.10.1: icmp_seq=2 ttl=255 time=3.01 ms

--- 10.10.10.1 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 999ms
rtt min/avg/max/mdev = 3.016/5.436/7.856/2.420 ms
davids@nebuchadnezzar:~$ ping 131.108.1.1
PING 131.108.1.1 (131.108.1.1) 56(84) bytes of data.
64 bytes from 131.108.1.1: icmp_seq=1 ttl=255 time=3.25 ms
64 bytes from 131.108.1.1: icmp_seq=2 ttl=255 time=3.17 ms
64 bytes from 131.108.1.1: icmp_seq=3 ttl=255 time=3.14 ms

--- 131.108.1.1 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 1999ms
rtt min/avg/max/mdev = 3.141/3.190/3.256/0.081 ms
davids@nebuchadnezzar:~$ ping 131.108.1.2
PING 131.108.1.2 (131.108.1.2) 56(84) bytes of data.
64 bytes from 131.108.1.2: icmp_seq=1 ttl=254 time=35.8 ms
64 bytes from 131.108.1.2: icmp_seq=2 ttl=254 time=32.0 ms

--- 131.108.1.2 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 999ms
rtt min/avg/max/mdev = 32.064/33.977/35.891/1.922 ms
davids@nebuchadnezzar:~$ ping 20.20.20.1
PING 20.20.20.1 (20.20.20.1) 56(84) bytes of data.
64 bytes from 20.20.20.1: icmp_seq=1 ttl=254 time=33.1 ms
64 bytes from 20.20.20.1: icmp_seq=2 ttl=254 time=32.3 ms
64 bytes from 20.20.20.1: icmp_seq=3 ttl=254 time=32.3 ms

--- 20.20.20.1 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2001ms
rtt min/avg/max/mdev = 32.302/32.613/33.162/0.416 ms

davids@nebuchadnezzar:~$ traceroute 20.20.20.1
traceroute to 20.20.20.1 (20.20.20.1), 30 hops max, 40 byte packets
 1  10.10.10.1 (10.10.10.1)  3.028 ms  2.651 ms  2.906 ms
 2  131.108.1.2 (131.108.1.2)  24.913 ms  22.618 ms *

Rick
January 23rd, 2007 at 10:50 pm
There is no significant configuration error.
The route map did not take effect in the first configuration.
Reason: The policy only works on the router interface where it is applied to. The ping test was condected in R1 and the traffic did not pass that interface. So the policy did not work in your test run.
In the second configuration, the local policy works for the whole route, not the certain interface (Global command). That was why you could see it did work.
Also, don’t forget use sh access-list to verify the access-list and check whether the route-map is working.

David Sudjiman
January 24th, 2007 at 12:04 am

Ricky and TripleH were right.

IP LOCAL POLICY matches any packets doesn’t matter where it was originated.
IP POLICY matched any packets particularly to the applied interface and NOT from the router itself.

Basically what I tried was attaching another router to R1E0 and did ping 20.20.20.1. From the R1, I got these matched packets.

Oh, BTW, I need to change the access-list on R1 to access-list 100 permit icmp 10.10.10.0 0.0.0.255 host 20.20.20.1. You can change the access-list on R2 as well.


00:13:20: IP: s=10.10.10.2 (Ethernet0), d=20.20.20.1, len 100, policy match
00:13:20: IP: route map FROM-10.10.10.1-TO-20.20.20.1, item 10, permit
00:13:20: IP: s=10.10.10.2 (Ethernet0), d=20.20.20.1 (Serial1), len 100, policy routed
00:13:20: IP: Ethernet0 to Serial1 131.108.1.6
00:13:20: IP: s=10.10.10.2 (Ethernet0), d=20.20.20.1, len 100, policy match
00:13:20: IP: route map FROM-10.10.10.1-TO-20.20.20.1, item 10, permit
00:13:20: IP: s=10.10.10.2 (Ethernet0), d=20.20.20.1 (Serial1), len 100, policy routed
00:13:20: IP: Ethernet0 to Serial1 131.108.1.6
00:13:20: IP: s=10.10.10.2 (Ethernet0), d=20.20.20.1, len 100, policy match
00:13:20: IP: route map FROM-10.10.10.1-TO-20.20.20.1, item 10, permit
00:13:20: IP: s=10.10.10.2 (Ethernet0), d=20.20.20.1 (Serial1), len 100, policy routed
00:13:20: IP: Ethernet0 to Serial1 131.108.1.6
00:13:20: IP: s=10.10.10.2 (Ethernet0), d=20.20.20.1, len 100, policy match
00:13:20: IP: route map FROM-10.10.10.1-TO-20.20.20.1, item 10, permit
00:13:20: IP: s=10.10.10.2 (Ethernet0), d=20.20.20.1 (Serial1), len 100, policy routed
00:13:20: IP: Ethernet0 to Serial1 131.108.1.6
00:13:20: IP: s=10.10.10.2 (Ethernet0), d=20.20.20.1, len 100, policy match
00:13:20: IP: route map FROM-10.10.10.1-TO-20.20.20.1, item 10, permit
00:13:20: IP: s=10.10.10.2 (Ethernet0), d=20.20.20.1 (Serial1), len 100, policy routed
00:13:20: IP: Ethernet0 to Serial1 131.108.1.6

However, when I checked the using traceroute. It was still using path 131.108.1.1-131.108.1.2.

R3#traceroute 20.20.20.1

Type escape sequence to abort.
Tracing the route to 20.20.20.1

  1 10.10.10.1 4 msec 4 msec 8 msec
  2 131.108.1.2 32 msec 28 msec *

Before, I thought that traceroute was only using ICMP packet to determine path. Richard Stevens, on his book, TCP/IP Illustrated, Volume 1, page 98, explained that:

We can now guess the operation of Traceroute. It sends an IP datagram with a TTL of 1 to the destination host. The first router to handle the datagram decrements the TTL, discards the datagram, and sends back the ICMP time exceeded. This identifies the first router in the path. Traceroute then sends a datagram with a TTL of 2, and we find the IP address of the second router. This continues until the datagram reaches the destination host. But even though the arriving IP datagram has a TTL of 1, the destination host won’t throw it away and generate the ICMP time exceeded, since the datagram has reached its final destination. How can we determine when we’ve reached the destination?

Traceroute sends UDP datagrams to the destination host, but it chooses the destination UDP port number to be an unlikely value (larger than 30,000), making it improbable that an application at the destination is using that port. This causes the destination host’s UDP module to generate an ICMP “port unreachable” error (Section 6.5) when the datagram arrives. All Traceroute needs to do is differentiate between the received ICMP messages-time exceeded versus port unreachable-to know when it’s done.

So, basically he was trying to say that traceroute program uses the combination of ICMP and UDP to reach its destination.

Knowing it also uses UDP, we need to ammend the access-list to permit UDP packets as well.

R1(config)#access-list 100 permit icmp 10.10.10.0 0.0.0.255  host 20.20.20.1
R1(config)#access-list 100 permit udp 10.10.10.0 0.0.0.255  host 20.20.20.1

R2(config)#access-list 100 permit icmp host 20.20.20.1 10.10.10.0 0.0.0.255
R2(config)#access-list 100 permit udp host 20.20.20.1 10.10.10.0 0.0.0.255

Now test the traceroute again.

fr_switch#traceroute 20.20.20.1

Type escape sequence to abort.
Tracing the route to 20.20.20.1

  1 10.10.10.1 4 msec 4 msec 8 msec
  2 131.108.1.6 40 msec 36 msec *

Voila!, it is now using 131.108.1.6. Looking at R1 debug ip policy gives more assurance.

00:17:50: IP: s=10.10.10.2 (Ethernet0), d=20.20.20.1, len 28, policy match
00:17:50: IP: route map FROM-10.10.10.1-TO-20.20.20.1, item 10, permit
00:17:50: IP: s=10.10.10.2 (Ethernet0), d=20.20.20.1 (Serial1), len 28, policy routed
00:17:50: IP: Ethernet0 to Serial1 131.108.1.6
00:17:59: IP: s=10.10.10.2 (Ethernet0), d=20.20.20.1, len 28, policy match
00:17:59: IP: route map FROM-10.10.10.1-TO-20.20.20.1, item 10, permit
00:17:59: IP: s=10.10.10.2 (Ethernet0), d=20.20.20.1 (Serial1), len 28, policy routed
00:17:59: IP: Ethernet0 to Serial1 131.108.1.6
00:17:59: IP: s=10.10.10.2 (Ethernet0), d=20.20.20.1, len 28, policy match
00:17:59: IP: route map FROM-10.10.10.1-TO-20.20.20.1, item 10, permit
00:17:59: IP: s=10.10.10.2 (Ethernet0), d=20.20.20.1 (Serial1), len 28, policy routed
00:17:59: IP: Ethernet0 to Serial1 131.108.1.6

Thanks to TripleH and Rick!

CASE CLOSED

Sam Wilson
January 24th, 2007 at 1:14 am
“… he [Richard Stevens] was trying to say that traceroute program uses the combination of ICMP and UDP to reach its destination”

That’s true for the original Unix-y version of traceroute. The later Windows-y version (aka tracert) uses ICMP echo requests (pings) as the probe packets rather than UDP packets.
Anthony Fajri
January 29th, 2007 at 12:45 pm
I’m not master in cisco, but I will try to explain about traceroute. Yes, correct! Most of the traceroute programs are using UDP to check each hop status instead of ICMP. But the tracert command in windows is still using ICMP. You also can use -I option in unix to do a traceroute by using ICMP. For traceroute command under cisco IOS, I dont know how to set it using ICMP.

I blog this stuff last week. please check my blog http://fajri.freebsd.or.id/index.php/2007/01/26/traceroute/
nunya
August 8th, 2008 at 8:43 am
“IP LOCAL POLICY matches any packets doesn’t matter where it was originated.”

This is actually not true. The local policy only matches on traffic that is generated by the local router.

David Sudjiman

“Being different is hard, but not being different is harder.”

Shots

Recent Posts

Categories

Archives

Blogroll

HELPME: BGP + Route Map + Next Hop.

7 Responses to HELPME: BGP + Route Map + Next Hop.

Leave a Reply