02-27-2024 01:30 PM
Hi,
Do Cisco ISR and ASR routers process IP packets with IP options for strict and loose source routing by default? For example, an external source to my network can send packets with loose source routing option and my router would actually route the traffic based on the values specified in that option's field?
If Cisco routers do process packets with these options by default, can we disable this routing feature?
And some other questions please:
1- Can we strip these IP options from packets?
2- How does this work with CEF? I would imagine that the router will not process switch packets, so it would most likely ignore the IP options fields and simply forward the packet based on the destination IP address field.
Note: I don't have access to a Cisco router to test this at the moment.
Thanks,
Riad.
Solved! Go to Solution.
02-27-2024 05:45 PM - last edited on 03-01-2024 07:50 PM by Translator
"Do Cisco ISR and ASR routers process IP packets with IP options for strict and loose source routing by default?"
I believe so, although it's the kind of option Cisco may eventually change the default.
"If Cisco routers do process packets with these options by default, can we disable this routing feature?"
Yes,
no ip source-route
(as also earlier noted by @Ruben Cocheno).
"1- Can we strip these IP options from packets?"
On a Cisco router or switch, don't believe so.
"2- How does this work with CEF? I would imagine that the router will not process switch packets, so it would most likely ignore the IP options fields and simply forward the packet based on the destination IP address field."
I've used source routing for some types of network performance analysis, it worked; believe Cisco routers it transited were CEF enabled. Cannot say whether routers had to process switch, but for my analysis, I was only doing one packet at a time, so no discernable impact to transit routers.
02-27-2024 03:45 PM
@riad1990new
Almost all routers that I've configured for customers have the Ip Source orute enabled by default, so i disable it. It is very rare to find any situation where that functionality is needed and the security implications of it are negative.
02-27-2024 05:45 PM - last edited on 03-01-2024 07:50 PM by Translator
"Do Cisco ISR and ASR routers process IP packets with IP options for strict and loose source routing by default?"
I believe so, although it's the kind of option Cisco may eventually change the default.
"If Cisco routers do process packets with these options by default, can we disable this routing feature?"
Yes,
no ip source-route
(as also earlier noted by @Ruben Cocheno).
"1- Can we strip these IP options from packets?"
On a Cisco router or switch, don't believe so.
"2- How does this work with CEF? I would imagine that the router will not process switch packets, so it would most likely ignore the IP options fields and simply forward the packet based on the destination IP address field."
I've used source routing for some types of network performance analysis, it worked; believe Cisco routers it transited were CEF enabled. Cannot say whether routers had to process switch, but for my analysis, I was only doing one packet at a time, so no discernable impact to transit routers.
02-27-2024 06:15 PM - last edited on 03-01-2024 07:47 PM by Translator
Hi @Joseph W. Doherty ,
As far as I know, IOS-XE has
ip source-route
disabled by default for a long time.
Regards,
02-27-2024 06:41 PM
Thank you. My (dated) experience was mostly pre-XE. Laugh, though, then default setting may have changed, as I thought it might.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide