Asymmetrical routing

Unanswered Question
Feb 20th, 2007

We are running OSPF, we have asymmetrical routing in our network. We do not have any securtity devices. The asymmetrical routing is causing a problem. So we can not ping, telnet or reach any device if there's asymmetrical routing, is there any way to reach these devices while the asymmetrical routing exists..Thanks in advance..

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Richard Burts Tue, 02/20/2007 - 08:57


I have not see situations where asymmetrical routing prevented connectivity other than when there were security devices/firewalls doing stateful inspection or when the routers were doing Reverse Path Forwarding checks. Are you using RPF on your routers/switches?

If not then perhaps you can clarify the aspects of your problem a bit more.



Ahmede Tue, 02/20/2007 - 09:11

Rick, thanks for your response.. We do not have RFP configured any where, I checked that as well... Any other idea

Richard Burts Tue, 02/20/2007 - 09:47


Are you sure that it is asymetric routing that is causing the problem?

Perhaps you can give us some detail about your environment, what is the topology, what devices are located where, what is in the routing table? Perhaps a traceroute from a source toward a destination will show us something useful.



Ahmede Tue, 02/20/2007 - 09:57

I can say that 100% the asymetric routing is the problem.

We have 3 sites, each site has two routers where ther are connected to each other.

Site 1 Router 1 os connected to Site 2 router1, and site 1 router 2 is connected to site 2 router2. Site 3 router 1 is connected to Site 2 router 1, same with site 3 and site 2 router 2

All devices are running OSPF. We have a switch connected to R1 and R2 in site 1, the switch is using HSRP address as its defulat gateway. R1 is the active router for HSRP.

You can ping the switch from R1 at all sites, but not from R2's, when you trace route from R2's to the switch, the traffic flows throuh R2's, but from the switch back to any R2, the traffic flows through R1's till it reaches the site then it jumps to R2..

sundar.palaniappan Tue, 02/20/2007 - 11:30

Try configuring 'ip redirects' on R1 & R2's interface connected to the switch. The routers may be sending ICMP redirects to the switch for packets that has the preferred path via the other router. This could create problems as the default route may be pointing to one device whereas the preferred path for that destination may be pointing to the alternate device.



Ahmede Tue, 02/20/2007 - 11:38

Thanks for your response.. IP redirect may address the ICMP only, but we still can not access the switch via telent..

sundar.palaniappan Tue, 02/20/2007 - 11:43

That's not correct. IP redirects, is a mechanism, that's used by Cisco routers to advise the source to forward traffic to a different gateway for a particular destination when the route via that gateway is shorter/optimal. It's applicable to all traffic and not just ICMP. Have a look at this link;




This Discussion