09-24-2009 11:08 AM - edited 03-04-2019 06:09 AM
I have a network with static routing enabled. We have remote offices that are connected to the central office via ethernet which is plugged directly into a 6509. There is a WAN VLAN and the port that the ethernet is plugged into is assigned to this VLAN. We have static routes to get to all of our branch offices. The issue I am having is when I try to ping a network that has not been configured in the remote branches, I get a routing loop rather than a timeout. Please let me know how to get rid of this.
Thanks
09-24-2009 11:29 AM
George
Sounds like the destination you are trying to ping is a part of a larger routing table entry.
Can you provide an example ie.
1) sh ip route from the 6509
2) traceroute to looped subnet
Jon
09-24-2009 11:35 AM
Hi Jon,
I have attached the outputs here
Thanks
09-24-2009 11:38 AM
09-24-2009 11:44 AM
George
The problem you have is that in your routing table you have -
S 172.24.0.0/16 [1/0] via 172.26.0.4
so when you traceroute to 172.24.4.1 then it uses the above entry from your routing table.
If you don't want it to do this you have 2 choices
1) make your static routes more specific ie. only add static routes for the networks that actually exist. This could however get rather tiresome depending on how many networks you have
OR
2) the far more preferable way to do this is to run a dynamic routing protocol between your branch and HQ sites
I would recommend going with option 2.
Jon
09-24-2009 11:48 AM
Jon,
This was where I was getting at but I would like to have an immediate fix for it. Running a dynamic routing protocol will happen only later.
I have added the ip verify unicast source to get rid of the routing loops but at one location I have a network that is being reached via two different paths. As a result of me adding that command, I am not able to ping or ssh into the devices, even though traffic passes through it. Do you have any other ideas?
Thanks,
George
09-24-2009 11:59 AM
George
Think we might disagree on this one :-), but then it may be because you have a more complicated setup than you have described.
Turning on a dynamic routing protocol such as EIGRP is relatively straightforward and is probably no more complex than having to configure "ip verify unicast ..." on devices. Also if i came to a device configured this way it would not occur to me that you have added this config to avoid a routing loop to be honest.
Jon
09-24-2009 12:01 PM
Jon,
I totally agree with you but my issue is that I have turned on ip verify.. only on the WAN interface. Its a band aid, not a perfect solution.
- George
09-24-2009 12:17 PM
George
"Its a band aid, not a perfect solution."
Agreed, and if you read the vast majority of my posts you'll see that i will always try to fit in with what the poster needs.
It's just that in this case you have added a band aid which kind of works but not totally. So you are now looking to make it even more complex by another band aid.
I can understand your reluctance to just enable a dynamic routing protocol although it would almost certainly work without having band aids.
I'm also slightly confused as to why you are doing this ie. does it really matter that you get routing loop, it will time out when the TTL dies. Most of your clients/servers should not be trying to contact non-existent subnets so routing loop traffic should be minimal.
Not trying to create an argument just trying to give good advice :-)
Jon
09-24-2009 12:23 PM
Hi Jon,
I totally agree with you on this and I guess I will live with it. Is it possible to reduce the TTL on just a VLAN? Are there any caveats to it? Thanks a lot for your help.
-George
09-24-2009 12:43 PM
George
"Is it possible to reduce the TTL on just a VLAN?"
Unfortunately none that i am aware of. Unless you are seeing a large amount of traffic due to these loops i would just live with it as you say, with a view to upgrading to a dynamic routing protocol as soon as possible.
"Thanks a lot for your help."
No problem and appreciate this may not have been exactly what you wanted to hear :-)
Jon
09-24-2009 12:44 PM
Geez. Yes.. :)
Have a good day Jon!!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide