AIX tracroute source IP selection

Hello,

When we do traceroute how does traceroute pick up the source  IP address.  Does it uses the physical IP or alias IP or does it pick randomly ?
mokkanAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

woolmilkporcCommented:
traceroute selects a source interface/address according to the routing tables.
If the destination (net or host) is explicitly listed there then the corresponding interface will be used, otherwise the "default" interface will be chosen. "Physical" or "Virtual" or "Alias" doesn't make a difference here.
Run "netstat -r" for info about the routing paths of your machine.

The information about this source address is contained in the  traceroute packets and can be changed using the "-s" flag of traceroute.
Please note that this does not force a different interface to be used, it just "fakes" (in a way) the transmitted information.

This flag is useful if the chosen interface can well send packets over the next hop but cannot receive answer packets from there due to the router configuration or due to something like a firewall inbetween.

Unlike in Linux we don't have a "-i" flag in AIX which actually changes the interface through which the packets should be sent. One would have to change the routing table to achieve this.
mokkanAuthor Commented:
The  problem is that  we opened the firwall using physical  IP address,  but  output traffic are going through alias IP as source IP. How can I make sure it sends through physical Ip ?
mokkanAuthor Commented:
What does it mean?

"If the destination (net or host) is explicitly listed there then the corresponding interface will be used,"
Active Protection takes the fight to cryptojacking

While there were several headline-grabbing ransomware attacks during in 2017, another big threat started appearing at the same time that didn’t get the same coverage – illicit cryptomining.

woolmilkporcCommented:
>> What does it mean? <<

"there" means the routing table as shown with "netstat -r"

If your traceroute uses a certain interface for sending then this is due to a privileged route over this interface between your machine and the target machine's gateway.

Please run "netstat -r" and look for the next hop to your destination (or "default" if your destination doesn't show up). Which interface is mentioned there in the "If" column?

If it's the "alias" address you will have to change the route to use the physical address, but please - mind all implications this might have!
mokkanAuthor Commented:
Thank  you for providing explanation.  I have a question about routing table now.  Here is the routing table below.

IF I want to send a package to  10.65.6.67,  it will choose the default path right? in this case if I have two IP addresses  such as  10.65.7.190 and 10.65.6.70,  which interface will be used? From my understanding it will use 10.65.6.70.


# netstat -rn
Routing tables
Destination        Gateway           Flags   Refs     Use  If   Exp  Groups

Route tree for Protocol Family 2 (Internet):
default            10.65.6.1         UG       15     57060 en0      -      -
10.65.6.0          10.65.7.190       UHSb      0         0 en0      -      -   =>
10.65.6/23         10.65.7.190       U         2       911 en0      -      -
10.65.7.190        127.0.0.1         UGHS     41    822714 lo0      -      -
10.65.7.255        10.65.7.190       UHSb      2     11196 en0      -      -
127/8              127.0.0.1         U        66   2246217 lo0      -      -

Route tree for Protocol Family 24 (Internet v6):
woolmilkporcCommented:
Your routing table says that the next hop for 10.65.6.67 should be 10.65.7.190 which is one of your host addresses. So I strongly assume that this address 10.65.7.190 of en0 will become the interface for traceroute's outgoing packets.
It might well be that traceroute decides to take 10.65.6.70 as the advertised source because of the shorter backward route.

10.65.6/23         10.65.7.190       U         2       911 en0

10.65.6/23 comprises host addresses from 10.65.6.1 to 10.65.7.254,
so you won't need any external gateway. The trace should be rather short.

What does "traceroute -v 10.65.6.67" tell you about the originating address ("from ...") and the advertised source ("source should be ...")?
mokkanAuthor Commented:
Thank  you very much for your info.  Most of the time it takes  physical IP address source  IP, but time to time it takes source IP as alias ip.  How can we make sure it takes physical IP address source IP? Can be control in OS level? Or do we need to work with networking team.

Selecting  diffrent IP as soruce is a  normal behaviour?
woolmilkporcCommented:
>> Selecting  different IP as source is a  normal behaviour?  <<

This depends on the destination and the routing cost (number of hops) requred to reach it.

Which of the addresses 10.65.6.70 and 10.65.7.190 is "physical", which one is the alias?

I assume 10.65.7.190 is "physical" because AIX has created the broadcast routes to the network address 10.65.6.0  and to the broadcast address 10.65.7.255 of your subnet to go via this address 10.65.7.190.
Packets meant for a destination in your own subnet should thus always originate from 10.65.7.190, packets meant for outside destinations should go over the default gateway 10.65.6.1 and thus originate from the first interface found during autoconfiguration (firstboot) which is also the "physical" address, but I think that's not guaranteed.
Is 10.65.6.1 in fact a physical gateway in your network? If it isn't you should consider changing the default route to point to such a gateway, if present, or to also point to 10.65.7.190 if you don't use any gateway.

Attention: Please discuss all changes to your local routing table with your network team beforehand!
There might be implications you are (and of course I am) not aware of.
mokkanAuthor Commented:
Thank  you very much.  As usual you are very helpful.  From the  OS routing table can we find out  number of hops  ?
woolmilkporcCommented:
netstat -Cn

displays additional info, such as "Cost" and "Config_Cost"

route get <destination>
for example
route get 172.16/16

will show the stored information for a route, such as the hopcount.

You can see which gateway and which interface is/has been used to reach a particular destination with

pmtu display


I don't think we have a cost problem here.
Except for the default gateway your system has just the standard routes created by AIX.
Cost and hopcount should everywhere be "0".
Actually, I cannot see from the routing table that there is an alias address defined on your machine. Did you remove any info?
mokkanAuthor Commented:
Thank  you very much.  Before I close this thread  last question.  In normal work environment how do they open the firewall port from source IP to destination IP ? How do they choose the source IP, if they have multiple IP addresses?
woolmilkporcCommented:
It' basically no problem to allow connections between several source IPs and a single target IP/port.
In fact that's kind of routine business for a firewall admin.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
mokkanAuthor Commented:
well explained. Thank you very much.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Unix OS

From novice to tech pro — start learning today.