no ip source-route question

Unanswered Question
Sep 5th, 2004

Hi,

I was reading about the

ip source-route command and that it should only be used with CEF. Quick question, if I use the

no ip source-route, will that affect my policy routing that I'm applying with my Route Map????

Thanks

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (7 ratings)
Richard Burts Sun, 09/05/2004 - 20:12

I wonder what you were reading that seems to suggest a relationship of cef with ip source-route. I do not remember reading anything that suggests any relationship.

Almost all routers that I configure for customers include the no ip source-route command. It is very rare to find any situation where that functionality is needed and the security implications of it are negative.

I have configured policy routing on a number of customer routers and have never had the no ip source-route command have any effect on it.

HTH

Rick

Kevin Dorrell Sun, 09/05/2004 - 20:55

ip source-route is a completely different thing to policy routing.

Policy routing allows you to route according to various parameters, not just destination IP address. It is often used for routing by IP source address.

IP source-route is a little-used option that allows the originator of a packet to decide which routers he should go through to get to his destination. He does this by supplying the full path of routers on the options header of the IP packet.

IP source routing is extremely dangerous, and most NetAdmins disable it in live networks.

Hope this helps.

Kevin Dorrell

Luxembourg

Kevin Dorrell Mon, 09/06/2004 - 08:00

I think ip source-route and policy routing very often get confused, but they are two very distinct things.

Policy routing is a way of specifying routes to depend on various parameters, including perhaps the source IP address of a packet. It is a local policy applied at a router.

ip source-route is something entirely different. It is a feature where the originator of an IP packet specifies, in that packet, which routers the packet must go through to reach its destination. The path is tagged onto the options field of the IP packet. The feature is very dangerous, and most NetAdmins disable it.

I think the confusion comes about because of the words "source" and "route".

Kevin Dorrell

Luxembourg

jain.manish94 Thu, 02/04/2016 - 23:02

Hello Kevin, 

please can you tell me why this feature is very dangerous.....


ip source-route

david.pierson3 Mon, 04/11/2016 - 08:44

Jain,

When you route by the source address,your gateway or first router will place a header that tells every router along the way which route to take, if a route goes down, the original router may not know the route went down, and continue sending traffic into a black hole.

jain.manish94 Tue, 04/12/2016 - 00:23

but when source-route get down in this case why original router may not know that the route went down...

Joseph W. Doherty Thu, 04/14/2016 - 08:20

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages wha2tsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

The concern of source routing is it overrides "natural" routing.

As security rules often expect packets to route as "expected" , but source routing might defeat such rules by routing in "unexpected" ways.  For example, you might be able to route around a device with security rules, or enter a security device, via a link, that's doesn't have the same rules.

Additionally, as topology bandwidths are generally built for expected load levels, source routing can disrupt them too.

As example of the latter - suppose you have a T1 p2p link between sites, and an ISDN backup.  By "design" the ISDN link should only route traffic while/if the T1 link goes down.  However, someone clever notices that often the T1 is congested and they can obtain better performance by using the ISDN link while the T1 is still up.  This might be accomplished by using source routing to direct the packet to use the ISDN hop.

Actions

This Discussion