Setting the Routers Source Address

Setting the Router s Source Address

Problem

All IP traffic that is sourced from the router includes a source address in the IP header. The address chosen for packets depends on the interface that is used to reach the destination when the connection is established. You want to configure the router to used a fixed address.

Solution

Use the following command to always uses lo0 loopback address as the source address in IP packets:

[edit] aviva@router1# set system default-address-selection

 

Discussion

When selecting an address to include in the source address field of IP packets, the JUNOS software chooses from among the addresses configured on the router. The first candidate to use is the first non-127.0.0.1 address configured on the lo0 interface. However, this means that the software usually, but not always, chooses the loopback address. To ensure that the software always uses the router's IP address, use the set system default-address-selection command. Including this command is considered good practice so that when other systems on the network receive traffic from the local router, the packets always have the same address in the IP packet's source address field. This command forces the router to use one specific address, the lo0 address, for most of the traffic that originates from the router. The source address never affects traffic that is forwarded by the router, only packets that are sourced from the router. If multiple addresses are configured for lo0, the software chooses the one with the lowest address. However, if you assign the parameter primary or preferred to a higher IP address, the software uses the higher IP address. The following command makes one of the loopback addresses the primary one:

[edit] aviva@RouterA# set interfaces lo0 unit 0 family inet address 192.168.16.1/32 primary

Figure 7-1 illustrates why you should set the router's source address. In this topology, if you ping 1.0.2.1 from Mars, Mars normally sends the packet out the so-0/0/0 interface and uses 1.0.2.2 as the source address for that ping packet. Venus receives the ping and sends a response back to 1.0.2.2 (the source address).

If Mars, Venus, and Earth have lo0 addresses 1.1.0.1/32, 1.1.0.2/32, and 1.1.0.3/32, and you have the default address selection configured on Mars, what happens is different. If you ping 1.0.2.1 from Mars, Mars uses 1.1.0.1 (its lo0 address) as the source address. It still sends the packet out so-0/0/0, and Venus still receives it and sends a response back to the source address of the ping, 1.1.0.1.

Figure 7-1. Topology for setting the router's source address

Venus needs to know how to get back to 1.1.0.1. Venus knows how to get to 1.0.2.2, because it's a connected network. It's going to need a route back to 1.1.0.1, however. You can set this up by distributing lo0 addresses with an IGP, such as OSPF. Let's say that all three routers are distributing their loopback addresses using OSPF on all the interfaces in the figure so that all three know how to reach all the loopback addresses of each other. Venus is still trying to send its echo response back to Mars and might send it out either so-0/0/0 or so-1/0/0. Either way, it gets to Mars, and the ping application sees the response.

Now, if you ping 1.1.0.2 (venus-lo0) from Mars, Mars sends it out either so-0/0/0 or so-1/0/0. Venus receives the ping and replies back, again over either link. If so-0/0/0 goes down for some unknown reason, the ping still works because there's still a path using so-1/0/0. However, pinging 1.0.2.1 does not work because that interface is down.

If both so-0/0/0 and so-1/0/0 go down, the ping still works, because Mars sends the packet to Earth, Earth forwards it to Venus, and Venus sees it and replies back, going through Earth. In other words, you can still get to Venus with the same IP address even if all your direct links to Venus are down.

In a large network with hundreds of routers and dozens of links per router (any number of which might be down or congested), figuring out which address to ping is a hassle you can avoid by setting the router's source address. One disadvantage of doing this, however, is that it tends to hide network outages.

There are some other side benefits to using the lo0 address as the router's source address. When you are stringing together IP addresses to use for DNS, it's often convenient to use some hostnameinterface name combination for it, such as Bellagio-ge-1-1-0-Gash2-link.jnpr.net or 0.so-1-0-0.XL2.SJC2.ALTER.NET. But if you just want to ping Bellagio, it's nice to have an lo0 address around to which to assign the ping request. Also, when you save system logfiles on a remote log server, syslog does a reverse lookup on the log's source address. If you don't use lo0 as the source address, the logfile entries would start with the interface name, such as venus-fe-0-0-0, instead of the router's name and would be much harder to read and interpret.

For some applications, including NTP and ping, you can explicitly set the source address to include in IP packet headers. For a router acting as an NTP time server, the set system ntp source-address command specifies the address to use in the router's responses to NTP client requests. The ping command source option includes a source address to be used by the ping responses.

See Also

Recipe 7.3

Категории