Is the return traffic taking the same route path as it has traversed? Or the destination end router will change the path if there is a specific route entry in routing table that directs the packet to another path. Both end are using cisco router with static route set.
Forward and return traffic are 2 independent processes(mutually independent). The return packets can come along any path and it depends on the routing table of the routers along the path. If you want symmetrical routing (for security reasons) , there is something known as Unicast RPF.
What do you mean by an out of state packet ? Are you sure the routing is fine along the other path ? No bandwidth choking or route flapping ec. We do a lot of asymmetrical routing and they work fine. Can u paste ur config if possible
Thanks again for the reply :). I can only access the router at my end but not other sites, so I dun think if I paste the configuration here will be meaningful.
And I am sure the other path work just fine.
Because the scenario above gave me 'out of state packet' and therefore being blocked in my checkpoint firewall(stateful), and only after I remove the specific route entry in my routing table so that the packet destined for remote site will follow the same path as how remote site will come to my site, it would back to normal.
If i have a firewall, i would prefer always a symmetric path simply because unlike a router which looks at the routing table, a firewall would look at state ( flow). So i wudnt take any risks . I think it would be worth a try . Let me know the results if you do try it.
Question We run asr9001 with XR 6.1.3, and we have a very long delay to
login w/ SSH 1 or 2 to the device compare to IOS device. After
investigation, the there is 1s delay between the client KEXDH_INIT and
the server (XR) KEXDH_REPLY. After debug ssh serv...
Introduction The purpose of this document is to demonstrate the Open
Shortest Path First (OSPF) behavior when the V-bit (Virtual-link bit) is
present in a non-backbone area. The V-bit is signaled in Type-1 LSA only
if the router is the endpoint of one or ...
Hi, I am seeing quite a few issues with patch install and wanted to
share my experience and workaround to this. Login to admin via CLI, then
access root with the “shell” command Issue “df –h” and you’ll probably
see the following directory full or nearly ...