Aruba & ProVision-based
1748180 Members
4222 Online
108759 Solutions
New Discussion

IP Routing Question

 
ABZ78
Advisor

IP Routing Question

I am confused why I can traceroute or ping 8.8.8.8 from any PC connected to a R2, but unable to do the same from the router itself. 

Firewall - 10.1.0.254/19

R1 - 10.1.0.1/19

R2 - 10.7.0.1 /19

R1 and R2 are using Vlan 100 via a metro e. Tagged 100.

10.100.1.1/16

10.107.7.1/16

R2 has 0.0.0.0 - 10.100.1.1

R1 has 0.0.0.0 - 10.1.0.254

 

 

 

 

ISP <-----> Fireall <-----> R1 <-----> R2  <------> PC1

 

Trace Route and ping from R1 to 8.8.8.8...no problem.

R1 - 10.100.1.1 # traceroute 8.8.8.8 traceroute to 8.8.8.8 ,
1 hop min, 30 hops max, 5 sec. timeout, 3 probes
1   10.1.0.254 ms 1 ms 0 ms   
2   97.x..x.1 ms 4 ms 4 ms
3   71.44.3.74 7 ms 6 ms 7 ms
4   71.44.3.35 7 ms71.44.1.211 7 ms71.44.3.35 6 ms
5   66.109.6.128 8 ms 10 ms 7 ms
6   66.109.1.72 16 ms66.109.1.32 17 ms66.109.1.72 111 ms
7   74.125.50.216 17 ms209.18.36.63 15 ms72.14.203.238 16 ms
8   Operation aborted.

TRCore5412zl2# ping 8.8.8.8 8.8.8.8 is alive, time = 15 ms
TRCore5412zl2#

-----------------------------------------------------------------------------------

Traceroute and ping from from R2 to 8.8.8.8 does not work

R2-10.107.1.1# traceroute 8.8.8.8 traceroute to 8.8.8.8 ,
1 hop min, 30 hops max, 5 sec. timeout, 3 probes
1 10.100.1.1 5 ms 1 ms 1 ms
2 * * *
3 * * *
4 * * *
5 * * *
6 * * *

R2# ping 8.8.8.8

Request timed out.

--------------------------------------------------------------------

Traceroute and ping from Firewall to R2

firewall # execute ping 10.100.7.1
PING 10.100.7.1 (10.100.7.1): 56 data bytes
64 bytes from 10.100.7.1: icmp_seq=0 ttl=254 time=0.3 ms
64 bytes from 10.100.7.1: icmp_seq=1 ttl=254 time=0.3 ms
64 bytes from 10.100.7.1: icmp_seq=2 ttl=254 time=0.3 ms
64 bytes from 10.100.7.1: icmp_seq=3 ttl=254 time=0.3 ms
64 bytes from 10.100.7.1: icmp_seq=4 ttl=254 time=0.3 ms

--- 10.100.7.1 ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max = 0.3/0.3/0.3 ms

firewall # execute traceroute 10.100.7.1
traceroute to 10.100.7.1 (10.100.7.1), 32 hops max, 3 probe packets per hop, 84 byte packets
1    10.1.0.1          0.191 ms 0.147 ms 0.107 ms
2   10.100.7.1      0.325 ms 0.291 ms 0.302 ms

 

2 REPLIES 2
parnassus
Honored Contributor

Re: IP Routing Question

I guess, on R2:

ping 8.8.8.8 source 10.100.7.1 ?

traceroute 8.8.8.8 source 10.100.7.1 ?

Not entirely clear the routing logic in your scenario: I mean, Firewall knows how to reach R1 via both 10.100.1.1/16 (directly connected) or via 10.1.0.1/19 (routed) and also R2 via 10.100.7.1...and 10.100.7.1 belongs to 10.100.1.1/16 subnet (Are R1 and R2 inter-routed together by using that /16 subnet as their transport VLAN id 100? so both have an IP belonging to that large range...10.100.1.1 for R1 and 10.100.7.1 for R2...correct?)...R1 knows that any network (not directly connected) could be found behind the Firewall 10.1.0.254/19...and R2 too knows a similar routing rule: any network not directly connected to it could be be found behind R1 10.100.1.1/16.

An host connected to R2 (having its D.G. on a SVI on that L3 switch) is routed by R2 for any non local network request to the L3 switch R1 (by the Route of Last Resort 0/0 via 10.100.1.1).


I'm not an HPE Employee
Kudos and Accepted Solution banner
ABZ78
Advisor

Re: IP Routing Question

R1  has the following:

ip route 0.0.0.00 10.1.0.254

ip route 10.7.0.1/19 - 10.100.7..1

Vlan 1 - 10.1.0.0/19         (DG 10.1.0.1)

Vlan 100 - 10.100.0.0/16   (DG 10.100.1.1)

 

Firewall is on Vlan 1 of R1 (10.1.0.254/19)

Firewall has ip route: 10.0.0.0/8 - 10.1.0.1 and 0.0.0.0 /0 - ISP DG

-------------------------------------------------------------

R2 has the follwing

R2 has ip route 0.0.0.0 / 10.100.1.1 

Vlan 1 - 10.7.0.0/19  (DG 10.7.0.1)

Vlan 100 - 10.100.7.1/16 (DG 10.100.7.1)