Asymmetric routing refers to a situation in which the path taken by data packets between two points in a network is not the same in both directions.
In other words, the route that the packets follow from the source to the destination is different from the route they take when traveling back from the destination to the source.
In this article, we’ll take a deeper look into this phenomenon. We’ll discover why it may occur, we’ll examine situations in which it is desirable, and also circumstances under which it can be catastrophic.
Anatomy of Asymmetric Routing
One of the fundamental principles that we network engineers learn early when it comes to IP network routing is that successful routing in one direction does not guarantee successful routing in the other direction.
A corollary to this principle is that the routing path in one direction is not guaranteed to be the same as that in the opposite direction. And this is why asymmetric routing may occur. The following diagram shows an example of asymmetric routing:
Remember, routing, whether dynamic or static, is a process by which each individual router decides what exit interface to use for a packet with a particular destination IP.
This means that there are many different parameters that can affect routing in each direction, making asymmetric routing a real possibility in many cases.
Some Causes of Asymmetric Routing
Various factors can cause asymmetric routing. Some of the most common are listed below:
Unequal cost paths
When the network has multiple paths between the source and destination, with different costs or metrics, routing protocols like OSPF, EIGRP, or BGP may choose different paths to forward and return traffic.
This could be due to manually modified metrics on particular interfaces, or it could result from the cost calculations performed by the employed dynamic routing protocols.
Network administrators may configure specific policies to route traffic based on criteria such as source IP, destination IP, or application type. These policies can cause traffic to take different paths in each direction.
Some routing protocols perform equal-cost multi-path routing or even unequal-cost multi-path routing, resulting in traffic load balancing via multiple paths. Depending on the algorithm employed and the dynamic traffic conditions, traffic might be sent over different paths in each direction.
Changes in the network topology
Routing protocols will update their routing tables to reflect the new topology if the network topology changes due to link failures or new connections. During the convergence process, forward and return traffic may take different paths.
Manually configured static routes can also cause asymmetric routing if they don’t have corresponding return routes or are not updated to reflect changes in network topology.
Multiple ISP connections
When an enterprise network is connected to the Internet via two or more ISPs, the routing policies of the ISPs, those of the enterprise network, and the configured BGP routing at the network edge can lead to asymmetric routing.
Is Asymmetric Routing Good or Bad?
The short answer is neither… and both! Asymmetric routing is not inherently problematic in and of itself. In some situations, it may be desirable, while in others, it can cause problems.
Network administrators need to be aware of potential asymmetric routing scenarios and design their networks to mitigate any issues that may arise as a result.
When is Asymmetric Routing Desirable?
In some situations, asymmetric routing is either purposefully employed or is simply a side effect of a desirable feature. Some of these scenarios are included below:
Redundancy and fault tolerance
When designing redundancy and fault tolerance into a network, you unavoidably create multiple paths to forward traffic.
In some cases, having different paths for forward and return traffic can increase redundancy and fault tolerance, as a failure in one direction does not necessarily impact the other direction. This can help maintain network availability during link or device failures.
Employing network policies
Asymmetric routing might be desirable if specific policies need to be applied to traffic in one direction but not the other.
For example, a network administrator might want to route traffic from a particular source or to a specific destination through a network security device, like a traffic monitoring system or an intrusion detection system (IDS), without affecting the reverse traffic.
Network administrators can use asymmetric routing to optimize traffic flow, reduce latency, or meet quality of service (QoS) requirements by selecting different paths based on the performance characteristics or constraints of the network.
Asymmetric routing can be used to minimize costs associated with transit traffic or peering agreements. For example, an organization might use a more expensive, high-performance link for critical outbound traffic and a lower-cost, lower-performance link for inbound traffic.
When is Asymmetric Routing Undesirable?
There are circumstances in which asymmetric routing is undesirable, and network administrators must be aware of these situations. The most common problems with asymmetric routing arise in the following situations:
Stateful firewalls keep track of connections and their states. Asymmetric routing may cause issues since such a firewall may see only one side of the connection and mistakenly consider the return traffic as a new connection, resulting in dropped packets or connection failures.
The following diagram shows how outgoing communication from Host A traverses FW2, but returns via FW1. Because FW1, which is a stateful firewall, does not have any record of a corresponding outgoing session, the return traffic is dropped.
Network Address Translation (NAT)
NAT devices modify the source or destination IP addresses and ports of packets as they pass through. Asymmetric routing can cause issues with NAT, as return traffic may not pass through the same NAT device, leading to address translation inconsistencies and broken connections.
Quality of Service (QoS) and traffic shaping
Asymmetric routing can make it challenging to implement QoS policies and traffic shaping consistently. Traffic in one direction may follow a different path with different performance characteristics or congestion levels compared to traffic in the opposite direction.
Applications relying on symmetric traffic flows
Some applications or protocols may require symmetric traffic flows for proper functionality or performance.
Asymmetric routing can cause issues with these applications or protocols, leading to connection failures, degraded performance, or unexpected behavior.
Such applications include Voice over IP (VoIP), video conferencing, file transfer protocol (FTP), and Virtual Private Networks (VPNs), to name a few.
Asymmetric routing can provide benefits such as load balancing, fault tolerance, and traffic engineering, but it can also lead to challenges with stateful devices and certain applications that rely on symmetric traffic flows.
To harness the advantages of asymmetric routing while avoiding potential pitfalls, network administrators must carefully design and monitor their networks, implementing appropriate measures to ensure compatibility with devices and applications.
By striking the right balance, network performance, reliability, and security can be optimized while still accommodating the dynamic nature of modern networks.
- What is Link Aggregation (LAG) in Networking?
- Unveiling the Significance of Network Automation in Contemporary Networking
- Comparison of Reported Distance vs Feasible Distance in EIGRP
- BGP Multihoming – Influencing Enterprise to ISP Routing Using BGP
- The Most Important Border Gateway Protocol (BGP) Timers Explained