cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
663
Views
5
Helpful
11
Replies

Routing loops

George Thomas
Level 10
Level 10

I have a network with static routing enabled. We have remote offices that are connected to the central office via ethernet which is plugged directly into a 6509. There is a WAN VLAN and the port that the ethernet is plugged into is assigned to this VLAN. We have static routes to get to all of our branch offices. The issue I am having is when I try to ping a network that has not been configured in the remote branches, I get a routing loop rather than a timeout. Please let me know how to get rid of this.

Thanks

Please rate useful posts.
11 Replies 11

Jon Marshall
Hall of Fame
Hall of Fame

George

Sounds like the destination you are trying to ping is a part of a larger routing table entry.

Can you provide an example ie.

1) sh ip route from the 6509

2) traceroute to looped subnet

Jon

Hi Jon,

I have attached the outputs here

Thanks

Please rate useful posts.

Sorry, here it is:

George

Please rate useful posts.

George

The problem you have is that in your routing table you have -

S 172.24.0.0/16 [1/0] via 172.26.0.4

so when you traceroute to 172.24.4.1 then it uses the above entry from your routing table.

If you don't want it to do this you have 2 choices

1) make your static routes more specific ie. only add static routes for the networks that actually exist. This could however get rather tiresome depending on how many networks you have

OR

2) the far more preferable way to do this is to run a dynamic routing protocol between your branch and HQ sites

I would recommend going with option 2.

Jon

Jon,

This was where I was getting at but I would like to have an immediate fix for it. Running a dynamic routing protocol will happen only later.

I have added the ip verify unicast source to get rid of the routing loops but at one location I have a network that is being reached via two different paths. As a result of me adding that command, I am not able to ping or ssh into the devices, even though traffic passes through it. Do you have any other ideas?

Thanks,

George

Please rate useful posts.

George

Think we might disagree on this one :-), but then it may be because you have a more complicated setup than you have described.

Turning on a dynamic routing protocol such as EIGRP is relatively straightforward and is probably no more complex than having to configure "ip verify unicast ..." on devices. Also if i came to a device configured this way it would not occur to me that you have added this config to avoid a routing loop to be honest.

Jon

Jon,

I totally agree with you but my issue is that I have turned on ip verify.. only on the WAN interface. Its a band aid, not a perfect solution.

- George

Please rate useful posts.

George

"Its a band aid, not a perfect solution."

Agreed, and if you read the vast majority of my posts you'll see that i will always try to fit in with what the poster needs.

It's just that in this case you have added a band aid which kind of works but not totally. So you are now looking to make it even more complex by another band aid.

I can understand your reluctance to just enable a dynamic routing protocol although it would almost certainly work without having band aids.

I'm also slightly confused as to why you are doing this ie. does it really matter that you get routing loop, it will time out when the TTL dies. Most of your clients/servers should not be trying to contact non-existent subnets so routing loop traffic should be minimal.

Not trying to create an argument just trying to give good advice :-)

Jon

Hi Jon,

I totally agree with you on this and I guess I will live with it. Is it possible to reduce the TTL on just a VLAN? Are there any caveats to it? Thanks a lot for your help.

-George

Please rate useful posts.

George

"Is it possible to reduce the TTL on just a VLAN?"

Unfortunately none that i am aware of. Unless you are seeing a large amount of traffic due to these loops i would just live with it as you say, with a view to upgrading to a dynamic routing protocol as soon as possible.

"Thanks a lot for your help."

No problem and appreciate this may not have been exactly what you wanted to hear :-)

Jon

Geez. Yes.. :)

Have a good day Jon!!

Please rate useful posts.
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: