When the router locally generates a packet, the source address it uses in the IP header is the address of the outgoing interface in the routing table. This means when you traceroute through the router, the address in the reply is based on that router's route back to the source.
For example below, R1 traces to the destination 121.9.9.9. R15 in the middle replies back to R1 using the address 12.121.152.15. This means that from R15's perspective, R1 is reachable out the interface that has the address 12.121.152.15 assigned.
Rack121R1#traceroute 121.9.9.9
Type escape sequence to abort.
Tracing the route to 121.9.9.9
1 12.121.121.21 [MPLS: Label 16024 Exp 0] 4 msec 4 msec 4 msec
2 12.121.152.15 [MPLS: Label 40 Exp 0] 0 msec 4 msec 0 msec
3 173.121.91.9 4 msec * 0 msec
There's no command in IOS to tell the router which address to reply to the traceroute from. You can force it to reply with a different address with basically a stupid router trick that involves policy routing and NAT. The config would look like the below one:
Rack121R15:
!
interface Loopback0
ip address 121.15.15.15 255.255.255.255
ip nat inside
!
interface GigabitEthernet1.1521
encapsulation dot1Q 1521
ip address 12.121.152.15 255.255.255.0
ip nat outside
!
ip local policy route-map TRACE_REPLIES
ip nat inside source list 100 interface Loopback0 overload
!
access-list 100 permit icmp any any port-unreachable
access-list 100 permit icmp any any time-exceeded
!
route-map TRACE_REPLIES permit 10
match ip address 100
set interface Loopback0
!
R15 says that when it locally generates an ICMP port-unreachable or ICMP time-exceeded (i.e. traceroute replies), the traffic is policy routed to the Loopback0 per the "ip local policy route-map TRACE_REPLIES". The Loopback0 is then a NAT Inside interface, and the source address is translated the router's Loopback0 address. The end result is now when R15 replies to a traceroute, it comes from its Loopback0 address 121.15.15.15 instead of the interface address 12.121.152.15 that R1 is reachable out:
Rack121R1#traceroute 121.9.9.9
Type escape sequence to abort.
Tracing the route to 121.9.9.9
1 12.121.121.21 [MPLS: Label 16024 Exp 0] 4 msec 4 msec 4 msec
2 121.15.15.15 [MPLS: Label 40 Exp 0] 0 msec 0 msec 0 msec
3 173.121.91.9 0 msec * 0 msec
One valid design that you might want to do this in is if you don't advertise your transit links. For example you could use RFC1918 addresses on the transit links, and have a public address assigned to the Loopback. Normally traffic isn't destined *to* the router, only *through* the router, so this is fine. Traceroute is an exception though because it's going to the router's control plane itself. In this case it wouldn't make sense for someone to trace through an Internet router and then have it reply back with an address like 192.168.1.100. Assuming the router has at least one public address you could use the local policy route to change the address.
Make sense?
Brian McGahan, 4 x CCIE #8593 (R&S/SP/SC/DC), CCDE #2013::13
bmcgahan_at_INE.com
Internetwork Expert, Inc.
http://www.INE.com
-----Original Message-----
From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of M Adnan
Sent: Thursday, September 05, 2013 11:08 PM
To: amin
Cc: ccielab_at_groupstudy.com
Subject: Re: the IP address that replay to the tracert
sorry i miss understand the question.
On Thu, Sep 5, 2013 at 5:28 PM, Brian McGahan <bmcgahan_at_ine.com> wrote:
> You could do this with local policy routing and NAT. It's not as
> simple as saying something like "ip traceroute source-interface".
> Basically you'd need to policy route ICMP port-unreachable and
> time-exceeded messages to the interface that you want to reply from
> and then NAT the traffic to change the source address to that IP.
>
>
>
> Brian McGahan, 4 x CCIE #8593 (R&S/SP/SC/DC), CCDE #2013::13
> bmcgahan_at_INE.com
>
> Internetwork Expert, Inc.
> http://www.INE.com
>
>
> -----Original Message-----
> From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf
> Of amin
> Sent: Thursday, September 05, 2013 4:43 PM
> To: ccielab_at_groupstudy.com
> Subject: the IP address that replay to the tracert
>
> Hi experts,
>
> Can I enforce my router to replay on a tracert from the IP of certain
> interfaces? I mean not the usual that reply to the tracert with the
> IP address of the entrance interface.
>
> Regards,
>
> Amin
>
>
> Blogs and organic groups at http://www.ccie.net
>
> ______________________________________________________________________
> _ Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
> Blogs and organic groups at http://www.ccie.net
>
> ______________________________________________________________________
> _ Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
Received on Fri Sep 06 2013 - 09:13:31 ART
This archive was generated by hypermail 2.2.0 : Tue Oct 01 2013 - 06:36:35 ART