Routing Question

All,

I have a router that has a 10.0.0.0/8 route pointing at a firewall.

The same router has a connection to another router on one of it's interfaces. When I do a route lookup to a remote subnet say 10.1.10 /

24 the restult is:

#sh ip route 10.1.1.0 Routing entry for 10.0.0.0/8 Known via "static", distance 1, metric 0 Routing Descriptor Blocks: * 192.168.1.254 (the firewall) Route metric is 0, traffic share count is

The route to the remote subnet shoudl follow the above static route. However, when I traceroute to the above subnets router, it follow a path via the attached router.

#trace 10.1.1.254

Type escape sequence to abort.

Tracing the route to 10.3.25.254

1 10.0.1.11 0 msec 0 msec 0 msec 2 10.1.1.254 40 msec * 40 msec

Is this beacause of ICMP redirects ?

I can't understand how it can find the path when only the 10/8 exists.

Regards

Darren

Note that this command shows you the routing table entry that would be in effect for traffic to 10.1.1.0/32 only.

A more specific route that applies to 10.1.1.254 would not be displayed.

If you want to see the route that applies to 10.1.1.254 then you would want to use: # show ip route 10.1.1.254

[If you do a "show ip route" for the all zeroes host of a classful network (e.g. 10.0.0.0, 172.16.0.0, 192.168.1.0, etc) IOS will tell you about all subnet routes within the classful network. But doing a "show ip route" for something other than the all zeroes host will just show you the single most specific matching route. Since 10.1.1.0 is not the all zeroes host on a classful network, the displayed output will show a single route only]

As above, not neccessarily.

That seems highly unlikely. An ICMP redirect generated by a gateway in the 192.168.1 subnet would create a host route through a different gateway in the 192.168.1 subnet.

[An ICMP redirect is sent if the source IP, the first hop gateway and the first hop's next hop gateway are all on the same IP subnet and will result in the source skipping the first hop and going straight for the second on all subsequent traffic]

What is somewhat plausible is that the 192.168.1.254 firewall interface has a secondary IP address of 10.0.1.11 on the same NIC and that it uses this for replies to hosts in the 192.168.1 space.

It is also possible that the 192.168.1.x interface on your router is a secondary IP address and that your primary interface address is in the 10.0.1.11 subnet. This would better explain why the first hop gateway used a 10.0.1.11 address when generating its response to you. And that could, in turn, make it possible for an ICMP redirect to actually work.

If you source your traceroute from the router's 192.168.1.x address, does anything change? (just type "trace" without an IP to bring up prompts for things like source address). Does the firewall have a 10.0.1.11 address? Does your router have a 10.0.1.x address? Does any other piece of equipment on your 192.168.1 segment have a 10.0.1.11 address? Does your router have a route more specific than a /8 for 10.0.1.11? Does your router have a route more specific than a /8 for 10.1.1.254?