no ip source-route question

Unanswered Question
Sep 5th, 2004


I was reading about the

ip source-route command and that it should only be used with CEF. Quick question, if I use the

no ip source-route, will that affect my policy routing that I'm applying with my Route Map????


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (7 ratings)
Richard Burts Sun, 09/05/2004 - 20:12

I wonder what you were reading that seems to suggest a relationship of cef with ip source-route. I do not remember reading anything that suggests any relationship.

Almost all routers that I configure for customers include the no ip source-route command. It is very rare to find any situation where that functionality is needed and the security implications of it are negative.

I have configured policy routing on a number of customer routers and have never had the no ip source-route command have any effect on it.



Kevin Dorrell Sun, 09/05/2004 - 20:55

ip source-route is a completely different thing to policy routing.

Policy routing allows you to route according to various parameters, not just destination IP address. It is often used for routing by IP source address.

IP source-route is a little-used option that allows the originator of a packet to decide which routers he should go through to get to his destination. He does this by supplying the full path of routers on the options header of the IP packet.

IP source routing is extremely dangerous, and most NetAdmins disable it in live networks.

Hope this helps.

Kevin Dorrell


Kevin Dorrell Mon, 09/06/2004 - 08:00

I think ip source-route and policy routing very often get confused, but they are two very distinct things.

Policy routing is a way of specifying routes to depend on various parameters, including perhaps the source IP address of a packet. It is a local policy applied at a router.

ip source-route is something entirely different. It is a feature where the originator of an IP packet specifies, in that packet, which routers the packet must go through to reach its destination. The path is tagged onto the options field of the IP packet. The feature is very dangerous, and most NetAdmins disable it.

I think the confusion comes about because of the words "source" and "route".

Kevin Dorrell


jain.manish94 Thu, 02/04/2016 - 23:02

Hello Kevin, 

please can you tell me why this feature is very dangerous.....

ip source-route


This Discussion