mokkan
asked on
AIX tracroute source IP selection
Hello,
When we do traceroute how does traceroute pick up the source IP address. Does it uses the physical IP or alias IP or does it pick randomly ?
When we do traceroute how does traceroute pick up the source IP address. Does it uses the physical IP or alias IP or does it pick randomly ?
ASKER
The problem is that we opened the firwall using physical IP address, but output traffic are going through alias IP as source IP. How can I make sure it sends through physical Ip ?
ASKER
What does it mean?
"If the destination (net or host) is explicitly listed there then the corresponding interface will be used,"
"If the destination (net or host) is explicitly listed there then the corresponding interface will be used,"
>> What does it mean? <<
"there" means the routing table as shown with "netstat -r"
If your traceroute uses a certain interface for sending then this is due to a privileged route over this interface between your machine and the target machine's gateway.
Please run "netstat -r" and look for the next hop to your destination (or "default" if your destination doesn't show up). Which interface is mentioned there in the "If" column?
If it's the "alias" address you will have to change the route to use the physical address, but please - mind all implications this might have!
"there" means the routing table as shown with "netstat -r"
If your traceroute uses a certain interface for sending then this is due to a privileged route over this interface between your machine and the target machine's gateway.
Please run "netstat -r" and look for the next hop to your destination (or "default" if your destination doesn't show up). Which interface is mentioned there in the "If" column?
If it's the "alias" address you will have to change the route to use the physical address, but please - mind all implications this might have!
ASKER
Thank you for providing explanation. I have a question about routing table now. Here is the routing table below.
IF I want to send a package to 10.65.6.67, it will choose the default path right? in this case if I have two IP addresses such as 10.65.7.190 and 10.65.6.70, which interface will be used? From my understanding it will use 10.65.6.70.
# netstat -rn
Routing tables
Destination Gateway Flags Refs Use If Exp Groups
Route tree for Protocol Family 2 (Internet):
default 10.65.6.1 UG 15 57060 en0 - -
10.65.6.0 10.65.7.190 UHSb 0 0 en0 - - =>
10.65.6/23 10.65.7.190 U 2 911 en0 - -
10.65.7.190 127.0.0.1 UGHS 41 822714 lo0 - -
10.65.7.255 10.65.7.190 UHSb 2 11196 en0 - -
127/8 127.0.0.1 U 66 2246217 lo0 - -
Route tree for Protocol Family 24 (Internet v6):
IF I want to send a package to 10.65.6.67, it will choose the default path right? in this case if I have two IP addresses such as 10.65.7.190 and 10.65.6.70, which interface will be used? From my understanding it will use 10.65.6.70.
# netstat -rn
Routing tables
Destination Gateway Flags Refs Use If Exp Groups
Route tree for Protocol Family 2 (Internet):
default 10.65.6.1 UG 15 57060 en0 - -
10.65.6.0 10.65.7.190 UHSb 0 0 en0 - - =>
10.65.6/23 10.65.7.190 U 2 911 en0 - -
10.65.7.190 127.0.0.1 UGHS 41 822714 lo0 - -
10.65.7.255 10.65.7.190 UHSb 2 11196 en0 - -
127/8 127.0.0.1 U 66 2246217 lo0 - -
Route tree for Protocol Family 24 (Internet v6):
Your routing table says that the next hop for 10.65.6.67 should be 10.65.7.190 which is one of your host addresses. So I strongly assume that this address 10.65.7.190 of en0 will become the interface for traceroute's outgoing packets.
It might well be that traceroute decides to take 10.65.6.70 as the advertised source because of the shorter backward route.
10.65.6/23 10.65.7.190 U 2 911 en0
10.65.6/23 comprises host addresses from 10.65.6.1 to 10.65.7.254,
so you won't need any external gateway. The trace should be rather short.
What does "traceroute -v 10.65.6.67" tell you about the originating address ("from ...") and the advertised source ("source should be ...")?
It might well be that traceroute decides to take 10.65.6.70 as the advertised source because of the shorter backward route.
10.65.6/23 10.65.7.190 U 2 911 en0
10.65.6/23 comprises host addresses from 10.65.6.1 to 10.65.7.254,
so you won't need any external gateway. The trace should be rather short.
What does "traceroute -v 10.65.6.67" tell you about the originating address ("from ...") and the advertised source ("source should be ...")?
ASKER
Thank you very much for your info. Most of the time it takes physical IP address source IP, but time to time it takes source IP as alias ip. How can we make sure it takes physical IP address source IP? Can be control in OS level? Or do we need to work with networking team.
Selecting diffrent IP as soruce is a normal behaviour?
Selecting diffrent IP as soruce is a normal behaviour?
>> Selecting different IP as source is a normal behaviour? <<
This depends on the destination and the routing cost (number of hops) requred to reach it.
Which of the addresses 10.65.6.70 and 10.65.7.190 is "physical", which one is the alias?
I assume 10.65.7.190 is "physical" because AIX has created the broadcast routes to the network address 10.65.6.0 and to the broadcast address 10.65.7.255 of your subnet to go via this address 10.65.7.190.
Packets meant for a destination in your own subnet should thus always originate from 10.65.7.190, packets meant for outside destinations should go over the default gateway 10.65.6.1 and thus originate from the first interface found during autoconfiguration (firstboot) which is also the "physical" address, but I think that's not guaranteed.
Is 10.65.6.1 in fact a physical gateway in your network? If it isn't you should consider changing the default route to point to such a gateway, if present, or to also point to 10.65.7.190 if you don't use any gateway.
Attention: Please discuss all changes to your local routing table with your network team beforehand!
There might be implications you are (and of course I am) not aware of.
This depends on the destination and the routing cost (number of hops) requred to reach it.
Which of the addresses 10.65.6.70 and 10.65.7.190 is "physical", which one is the alias?
I assume 10.65.7.190 is "physical" because AIX has created the broadcast routes to the network address 10.65.6.0 and to the broadcast address 10.65.7.255 of your subnet to go via this address 10.65.7.190.
Packets meant for a destination in your own subnet should thus always originate from 10.65.7.190, packets meant for outside destinations should go over the default gateway 10.65.6.1 and thus originate from the first interface found during autoconfiguration (firstboot) which is also the "physical" address, but I think that's not guaranteed.
Is 10.65.6.1 in fact a physical gateway in your network? If it isn't you should consider changing the default route to point to such a gateway, if present, or to also point to 10.65.7.190 if you don't use any gateway.
Attention: Please discuss all changes to your local routing table with your network team beforehand!
There might be implications you are (and of course I am) not aware of.
ASKER
Thank you very much. As usual you are very helpful. From the OS routing table can we find out number of hops ?
netstat -Cn
displays additional info, such as "Cost" and "Config_Cost"
route get <destination>
for example
route get 172.16/16
will show the stored information for a route, such as the hopcount.
You can see which gateway and which interface is/has been used to reach a particular destination with
pmtu display
I don't think we have a cost problem here.
Except for the default gateway your system has just the standard routes created by AIX.
Cost and hopcount should everywhere be "0".
Actually, I cannot see from the routing table that there is an alias address defined on your machine. Did you remove any info?
displays additional info, such as "Cost" and "Config_Cost"
route get <destination>
for example
route get 172.16/16
will show the stored information for a route, such as the hopcount.
You can see which gateway and which interface is/has been used to reach a particular destination with
pmtu display
I don't think we have a cost problem here.
Except for the default gateway your system has just the standard routes created by AIX.
Cost and hopcount should everywhere be "0".
Actually, I cannot see from the routing table that there is an alias address defined on your machine. Did you remove any info?
ASKER
Thank you very much. Before I close this thread last question. In normal work environment how do they open the firewall port from source IP to destination IP ? How do they choose the source IP, if they have multiple IP addresses?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
well explained. Thank you very much.
If the destination (net or host) is explicitly listed there then the corresponding interface will be used, otherwise the "default" interface will be chosen. "Physical" or "Virtual" or "Alias" doesn't make a difference here.
Run "netstat -r" for info about the routing paths of your machine.
The information about this source address is contained in the traceroute packets and can be changed using the "-s" flag of traceroute.
Please note that this does not force a different interface to be used, it just "fakes" (in a way) the transmitted information.
This flag is useful if the chosen interface can well send packets over the next hop but cannot receive answer packets from there due to the router configuration or due to something like a firewall inbetween.
Unlike in Linux we don't have a "-i" flag in AIX which actually changes the interface through which the packets should be sent. One would have to change the routing table to achieve this.