02-20-2007 08:45 AM - edited 03-05-2019 02:28 PM
We are running OSPF, we have asymmetrical routing in our network. We do not have any securtity devices. The asymmetrical routing is causing a problem. So we can not ping, telnet or reach any device if there's asymmetrical routing, is there any way to reach these devices while the asymmetrical routing exists..Thanks in advance..
02-20-2007 08:57 AM
Ahmed
I have not see situations where asymmetrical routing prevented connectivity other than when there were security devices/firewalls doing stateful inspection or when the routers were doing Reverse Path Forwarding checks. Are you using RPF on your routers/switches?
If not then perhaps you can clarify the aspects of your problem a bit more.
HTH
Rick
02-20-2007 09:11 AM
Rick, thanks for your response.. We do not have RFP configured any where, I checked that as well... Any other idea
02-20-2007 09:47 AM
Ahmed
Are you sure that it is asymetric routing that is causing the problem?
Perhaps you can give us some detail about your environment, what is the topology, what devices are located where, what is in the routing table? Perhaps a traceroute from a source toward a destination will show us something useful.
HTH
Rick
02-20-2007 09:57 AM
I can say that 100% the asymetric routing is the problem.
We have 3 sites, each site has two routers where ther are connected to each other.
Site 1 Router 1 os connected to Site 2 router1, and site 1 router 2 is connected to site 2 router2. Site 3 router 1 is connected to Site 2 router 1, same with site 3 and site 2 router 2
All devices are running OSPF. We have a switch connected to R1 and R2 in site 1, the switch is using HSRP address as its defulat gateway. R1 is the active router for HSRP.
You can ping the switch from R1 at all sites, but not from R2's, when you trace route from R2's to the switch, the traffic flows throuh R2's, but from the switch back to any R2, the traffic flows through R1's till it reaches the site then it jumps to R2..
02-20-2007 11:30 AM
Try configuring 'ip redirects' on R1 & R2's interface connected to the switch. The routers may be sending ICMP redirects to the switch for packets that has the preferred path via the other router. This could create problems as the default route may be pointing to one device whereas the preferred path for that destination may be pointing to the alternate device.
HTH
Sundar
02-20-2007 11:38 AM
Thanks for your response.. IP redirect may address the ICMP only, but we still can not access the switch via telent..
02-20-2007 11:43 AM
That's not correct. IP redirects, is a mechanism, that's used by Cisco routers to advise the source to forward traffic to a different gateway for a particular destination when the route via that gateway is shorter/optimal. It's applicable to all traffic and not just ICMP. Have a look at this link;
http://cisco.com/en/US/tech/tk365/technologies_tech_note09186a0080094702.shtml
HTH
Sundar
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide