Hosts segment A -> FWSM -> ROUTER1 -> WAN Link -> ROUTER2 -> Host segment B
Suddenly, I am not able to ping hosts B from hosts A. I can see sync timeouts on the FWSM but nothing shows on the debug ip packet detail on ROUTER1. I can ping the ethernet of ROUTER1 but not beyond that. All the ethernet and serials links are up. I don't see any drops on the router as well. Router ethernets have been configured with GLBP. Routes are not changed. Would could be the problem. No new access-list added. VLANs are correct. Where should I start.
Where should I start.
From Router1, ping segment B while sourcing from the interface that is connected to the FWSM.
If fails, check the routing table in Router1 for segmentB and routing table in Router2 for segmentA.
If successful, from Router2 - ping segment A while source from the interface connected to segment B.
If fails, check the routing table in Router 2 for segment A and routing table in Router 1 for segment B.
If both have the right routes, the problem is at the FWSM device.
If you can ping the Ethernet of Router1 then ICMP is allowed through the FW.
Because you cant ping anything beyond R1, then its probably a routing issue On either R1 Or R2.
Check the routing table of R1 and make sure that R2 has valid route back to R1.
On the serial interface of ROUTERA, I had added 'ip verify unicast source reachable-via rx'. After removing it, the problem got resolved.
How could RPF cause this problem. Doesn't it only check whether the source address on receiving packet is in the FIB and has a route to it.
The routing table has a default route to the source address on the serial link.
RPF checks the routing table validate the route to the source of incoming packet.
RPF checks and applied ONLY inbound direction.
The best recommended way to implement RPF if the inbound packet of the incoming interface is also routed outbound through the same interface. (No Asymetrical routing), but its possible to be implemented either way.
RPF operates in two modes:
Could you clarify if you have any redundant link at your example.
RouterA <-> RouterB
RouterC <-> RouterD
The pair of routers on each side are configured with GLBP. And I configured RPF on ROUTERC only when it started causing connectivity problem. Does GLBP do Asymetric routing in the above topology or does it maintain statefulness. Was the RPF required on RouterA as well. Or is it required on all the routers to work bi-directionally.
I had configured RPF with rx meaning, strict mode.
GLBP is a High Availability method designed for Redundancy and loadbalancing Scheme in the LAN.
GLBP shouldnt be implemented on the WAN link but rather on the LAN If you have at least 2 Gateway routers for a particular LAN Network. The Loadbalancing in GLBP is done per HOST.
With RPF, If Router-A has Only single Outgoing Interface as an exit point, then RPF should be sufficent. RPF should not be considered where a possibility Of Asymetrical routing exist.(2 or More Exit points) in order to avoid IP Spoofing attacks.
Looking at ur example, RA has asingle Outbound WAN connection to RB, therfore RPF should suffice.
Between RA & RB there are two WAN links which I didn't mention above.
That's why RPF caused an issue I believe. I have configured GLBP over LAN only. Serial links are load balanced via static routes over each link due to multiple equal cost paths.
Can GLBP cause Asymetric routing, i.e. goes out thru one router and comes back thru the other. And can load balancing over serial links cause Asymetric routing.