Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2160
Views
5
Helpful
5
Replies

Tracing a Route Through Tunnel

Go to solution
mahesh18
Level 6
Level 6

‎04-30-2013 12:06 PM - edited ‎03-07-2019 01:06 PM

Hi Everyone,

i am tracing a route via tunnel.

Switch shows

sh ip route  172.28.253.17

Routing entry for 172.28.0.0/16

  Known via "static", distance 1, metric 0

  Routing Descriptor Blocks:

  * 10.21.254.14

      Route metric is 0, traffic share count is 1

so on same switch i did

sh ip route 10.21.254.14

Routing entry for 10.21.254.14/30

  Known via "connected", distance 0, metric 0 (connected, via interface)

  Routing Descriptor Blocks:

  * directly connected, via Tunnel6

      Route metric is 0, traffic share count is 1

Switch has tunnel 6  with source and destination.

need to know  how can i proceed further on this?

Thanks

Labels:
0 Helpful
3 Accepted Solutions

Accepted Solutions

Go to solution
Richard Burts
Hall of Fame
Hall of Fame

‎04-30-2013 01:30 PM

Mahesh

I would like to tell you how to proceed but I am not clear what you are trying to do. It seems pretty simple but perhaps I am not getting part of what you are trying to do.  Perhaps you can clarify?

The title of your post describes tracing through a tunnel. That part is quite simple and plain. You  have configured a tunnel between two end devices and have assigned IP addresses to the subnet that extends through the tunnel. Then you have configured a static route that indicates that some destination is reached with the next hop being the address at the far end of the tunnel.

If you do trace 172.28.253.17 your switch will send the first set of probe packets with TTL equal 1 through the tunnel. It will receive a response from 10.21.254.14. Then it will send the second set of probe packets with TTL equal 2. It will receive a response from whatever is one hop beyond 10.21.254.14. It will continue to send probe packets incrementing the TTL until it reaches the destination.

Is there something else here that you are trying to figure out?

HTH

Rick

HTH

Rick

View solution in original post

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to mahesh18

‎04-30-2013 08:42 PM

Mahesh

Your additional explanation is helpful. Ping and Traceroute would be the easy and efficient tools to verify connectivity and what is the route. But if they are not allowed then the steps that you are using are the best that you can do.

Your statement of the objective is that you need to verify that site A has a route to the subnet at site B over the WAN. You correctly start by checking the routing table and verifying that there is a route for the subnet in the routing table. Then the next step is to identify the next hop for that route. Your show commands are clear that the next hop for the route is the address of the tunnel at site B.

At that point I believe that you could claim that you have satisfied the requirement of verifying that site A has a route to the subnet over the WAN. But you go a step further and verify the route for the tunnel destination. I believe that the steps that you have used are the correct way to demonstrate that the route does exist and does go over the WAN.

HTH

Rick

HTH

Rick

View solution in original post

0 Helpful

Go to solution
InayathUlla Sharieff
Cisco Employee
Cisco Employee
In response to mahesh18

‎04-30-2013 08:47 PM

Hi Mahesh,

I agree with your approach. sounds great when you dont have ping and traceroute facility to go with.

Usually if we want test the end to end then we do the traceroute this is explained by Rick neatly.

Now in case of yours yes get the route and login to the next hop and go on checking.

In your example:

you have default route configured hence when you do the how ip route 10.22.31.4 you get the route learn by 172.x hence loign to that device ad check the desitnation route you would see from were it has learned and go further.

HTH

Regards

Inayath

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Richard Burts
Hall of Fame
Hall of Fame

‎04-30-2013 01:30 PM

Mahesh

I would like to tell you how to proceed but I am not clear what you are trying to do. It seems pretty simple but perhaps I am not getting part of what you are trying to do.  Perhaps you can clarify?

The title of your post describes tracing through a tunnel. That part is quite simple and plain. You  have configured a tunnel between two end devices and have assigned IP addresses to the subnet that extends through the tunnel. Then you have configured a static route that indicates that some destination is reached with the next hop being the address at the far end of the tunnel.

If you do trace 172.28.253.17 your switch will send the first set of probe packets with TTL equal 1 through the tunnel. It will receive a response from 10.21.254.14. Then it will send the second set of probe packets with TTL equal 2. It will receive a response from whatever is one hop beyond 10.21.254.14. It will continue to send probe packets incrementing the TTL until it reaches the destination.

Is there something else here that you are trying to figure out?

HTH

Rick

HTH

Rick

Go to solution
mahesh18
Level 6
Level 6
In response to Richard Burts

‎04-30-2013 07:58 PM

Hi Rick,

I am trying to verify that from Site A  we have Route to subnet 172.28.253.17 at Site B over the Wan link.

From Site A i need to confirm that Switch A has route to subnet 172.28.253.17.

Switch A shows

sh ip route  172.28.253.17

Routing entry for 172.28.0.0/16

  Known via "static", distance 1, metric 0

  Routing Descriptor Blocks:

  * 10.21.254.14

      Route metric is 0, traffic share count is 1

So it shows that it learns the Route statically via 10.21.254.14.

On Switch A i have no interface with IP 10.21.254.14.

So next step i did was sh ip route 10.21.254.14 on Switch A

sh ip route 10.21.254.14

Routing entry for 10.21.254.14/30

  Known via "connected", distance 0, metric 0 (connected, via interface)

  Routing Descriptor Blocks:

  * directly connected, via Tunnel6

      Route metric is 0, traffic share count is 1

Here it shows that it learn that route from tunnel 6.

Now i went to tunnel 6 config it says that

int tunn6

ip address 10.21.254.13.255.255.255.252

tun source lo10

tunn destination 10.22.31.4

My problem is trace and ping is not allowed in current network.

So as per you the destination IP which i am tracing from switch A  is learned by the far end of tunnel?

If i need to know next step in traffic flow at layer 2 or layer 3 is this  right way

Basically now i need to next hop in Switch A for tunnel Destination

So to know that i did

sh ip route 10.22.31.4

Routing entry for 10.22.31.4/32

  Known via "static", distance 1, metric 0

  Routing Descriptor Blocks:

  * 172.18.103.19

      Route metric is 0, traffic share count is 1

So switch A has default route to 172.18.103.19 to all the destinations.

So i check the device 172 which is some firewall.

Need to  know is this the right  or efficient way to trace the IP?

Regards

Mahesh

0 Helpful

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to mahesh18

‎04-30-2013 08:42 PM

Mahesh

Your additional explanation is helpful. Ping and Traceroute would be the easy and efficient tools to verify connectivity and what is the route. But if they are not allowed then the steps that you are using are the best that you can do.

Your statement of the objective is that you need to verify that site A has a route to the subnet at site B over the WAN. You correctly start by checking the routing table and verifying that there is a route for the subnet in the routing table. Then the next step is to identify the next hop for that route. Your show commands are clear that the next hop for the route is the address of the tunnel at site B.

At that point I believe that you could claim that you have satisfied the requirement of verifying that site A has a route to the subnet over the WAN. But you go a step further and verify the route for the tunnel destination. I believe that the steps that you have used are the correct way to demonstrate that the route does exist and does go over the WAN.

HTH

Rick

HTH

Rick
0 Helpful

Go to solution
InayathUlla Sharieff
Cisco Employee
Cisco Employee
In response to mahesh18

‎04-30-2013 08:47 PM

Hi Mahesh,

I agree with your approach. sounds great when you dont have ping and traceroute facility to go with.

Usually if we want test the end to end then we do the traceroute this is explained by Rick neatly.

Now in case of yours yes get the route and login to the next hop and go on checking.

In your example:

you have default route configured hence when you do the how ip route 10.22.31.4 you get the route learn by 172.x hence loign to that device ad check the desitnation route you would see from were it has learned and go further.

HTH

Regards

Inayath

0 Helpful

Go to solution
mahesh18
Level 6
Level 6
In response to InayathUlla Sharieff

‎05-01-2013 10:30 AM

Hi Rick & Inayath,

Thanks for replying to my questions and confirming my steps are right.

Sometimes if you are not sure about your work or to know if other ways exists  it is good to confirm with more experienced people like you.

Best Regards

Mahesh

0 Helpful
Customers Also Viewed These Support Documents