Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
415
Views
0
Helpful
1
Replies

Mystery Packets

michaelhernandez
Level 1
Level 1

‎10-13-2005 12:18 PM - edited ‎03-03-2019 10:43 AM

Scenario: NOTE ALL IPs HAVE BEEN CHANGED TO PROTECT THE IGNORANT

Pinging from private WAN 172.16.0.0:

PING 10.26.64.1 Router 2664

REPLY FROM 10.43.5.0 Router 4305

Router 2664 has bad Ethernet port (LAN side) and errors every packet

Router 2664 NAT’s 10.26.64.1 to 100.100.101.1 before trying to sending it to the LAN side

A “show ip route” on 2664 does not display a route to the 100.100.101.0 network, presumably because the Ethernet port is showing errors.

ICMP does not reply with an error, but replies from a different WAN router – hmmm

So, why did a different router reply to the pings? Since the 10.26.64.1 has been translated to 100.100.101.1, did the router “bounce” the packet back out the outside interface? That does not make sense; it should have sent an ICMP error.

To troubleshoot, I reloaded router 4305 that was responding to the pings for the 10.26.64.1 host on router 2664 and ran a continuous ping on 10.26.64.1. The pings stopped briefly, and then a different WAN router 4358 began respond to the pings to 10.26.64.1.!!!

Ok, Telnet to 2664 was no problem and the router was configured with the correct IP addresses and NAT statements, but again, a show ip route displayed no route to 100.100.101.0.

Replaced switch that was connected to router 2664 presto! issue resolved, but……

How/why did other routers respond to a ping for a host that is not on their network? I can only assume that either the routing table on 2664 was corrupted and tried to forward the packet back out the incoming interface with the 100.100.101.1 address. At that point the neighbor router on the MCI network made a best-guess forward to a different router.

I am still puzzling on this.

Labels:
0 Helpful
1 Reply 1

pradeepde
Level 5
Level 5

‎10-19-2005 01:19 PM

Routes learned via BGP do not have outgoing interface associated with them in the routing table.

Recursive lookup is performed to forward IP packets toward external destinations

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card