Networks Training

You are here: Home / General Networking / What is Asymmetric Routing – Causes and Problems in Networks

What is Asymmetric Routing – Causes and Problems in Networks

Written By

Asymmetric routing refers to a situation in which the path taken by data packets between two points in a network is not the same in both directions.

In other words, the route that the packets follow from the source to the destination is different from the route they take when traveling back from the destination to the source.

In this article, we’ll take a deeper look into this phenomenon.  We’ll discover why it may occur, we’ll examine situations in which it is desirable, and also circumstances under which it can be catastrophic. 

Anatomy of Asymmetric Routing

One of the fundamental principles that we network engineers learn early when it comes to IP network routing is that successful routing in one direction does not guarantee successful routing in the other direction

A corollary to this principle is that the routing path in one direction is not guaranteed to be the same as that in the opposite direction.  And this is why asymmetric routing may occur.  The following diagram shows an example of asymmetric routing:

asymmetric routing example

Remember, routing, whether dynamic or static, is a process by which each individual router decides what exit interface to use for a packet with a particular destination IP. 

This means that there are many different parameters that can affect routing in each direction, making asymmetric routing a real possibility in many cases.

Some Causes of Asymmetric Routing

Various factors can cause asymmetric routing.  Some of the most common are listed below:

Unequal cost paths

When the network has multiple paths between the source and destination, with different costs or metrics, routing protocols like OSPF, EIGRP, or BGP may choose different paths to forward and return traffic. 

This could be due to manually modified metrics on particular interfaces, or it could result from the cost calculations performed by the employed dynamic routing protocols.

MORE READING:  Comparison of Static vs Dynamic Routing in TCP/IP Networks

Policy-based routing

Network administrators may configure specific policies to route traffic based on criteria such as source IP, destination IP, or application type. These policies can cause traffic to take different paths in each direction.

Load balancing

Some routing protocols perform equal-cost multi-path routing or even unequal-cost multi-path routing, resulting in traffic load balancing via multiple paths. Depending on the algorithm employed and the dynamic traffic conditions, traffic might be sent over different paths in each direction.

Changes in the network topology

Routing protocols will update their routing tables to reflect the new topology if the network topology changes due to link failures or new connections. During the convergence process, forward and return traffic may take different paths.

Static routes

Manually configured static routes can also cause asymmetric routing if they don’t have corresponding return routes or are not updated to reflect changes in network topology.

Multiple ISP connections

When an enterprise network is connected to the Internet via two or more ISPs, the routing policies of the ISPs, those of the enterprise network, and the configured BGP routing at the network edge can lead to asymmetric routing.

Is Asymmetric Routing Good or Bad?

The short answer is neither… and both!  Asymmetric routing is not inherently problematic in and of itself.  In some situations, it may be desirable, while in others, it can cause problems. 

Network administrators need to be aware of potential asymmetric routing scenarios and design their networks to mitigate any issues that may arise as a result.

When is Asymmetric Routing Desirable?

In some situations, asymmetric routing is either purposefully employed or is simply a side effect of a desirable feature.  Some of these scenarios are included below:

Redundancy and fault tolerance

When designing redundancy and fault tolerance into a network, you unavoidably create multiple paths to forward traffic. 

In some cases, having different paths for forward and return traffic can increase redundancy and fault tolerance, as a failure in one direction does not necessarily impact the other direction. This can help maintain network availability during link or device failures.

Employing network policies

Asymmetric routing might be desirable if specific policies need to be applied to traffic in one direction but not the other.

For example, a network administrator might want to route traffic from a particular source or to a specific destination through a network security device, like a traffic monitoring system or an intrusion detection system (IDS), without affecting the reverse traffic.

MORE READING:  Comparison of TCP/IP vs OSI Models in Networking

Traffic engineering

Network administrators can use asymmetric routing to optimize traffic flow, reduce latency, or meet quality of service (QoS) requirements by selecting different paths based on the performance characteristics or constraints of the network.

Cost optimization

Asymmetric routing can be used to minimize costs associated with transit traffic or peering agreements. For example, an organization might use a more expensive, high-performance link for critical outbound traffic and a lower-cost, lower-performance link for inbound traffic.

When is Asymmetric Routing Undesirable?

There are circumstances in which asymmetric routing is undesirable, and network administrators must be aware of these situations.  The most common problems with asymmetric routing arise in the following situations:

Stateful firewalls

Stateful firewalls keep track of connections and their states. Asymmetric routing may cause issues since such a firewall may see only one side of the connection and mistakenly consider the return traffic as a new connection, resulting in dropped packets or connection failures. 

The following diagram shows how outgoing communication from Host A traverses FW2, but returns via FW1.  Because FW1, which is a stateful firewall, does not have any record of a corresponding outgoing session, the return traffic is dropped.

firewall in asymmetric routing flow

Network Address Translation (NAT)

NAT devices modify the source or destination IP addresses and ports of packets as they pass through. Asymmetric routing can cause issues with NAT, as return traffic may not pass through the same NAT device, leading to address translation inconsistencies and broken connections.

Quality of Service (QoS) and traffic shaping

Asymmetric routing can make it challenging to implement QoS policies and traffic shaping consistently. Traffic in one direction may follow a different path with different performance characteristics or congestion levels compared to traffic in the opposite direction.

Applications relying on symmetric traffic flows

Some applications or protocols may require symmetric traffic flows for proper functionality or performance.

Asymmetric routing can cause issues with these applications or protocols, leading to connection failures, degraded performance, or unexpected behavior. 

Such applications include Voice over IP (VoIP), video conferencing, file transfer protocol (FTP), and Virtual Private Networks (VPNs), to name a few.

Conclusion

Asymmetric routing can provide benefits such as load balancing, fault tolerance, and traffic engineering, but it can also lead to challenges with stateful devices and certain applications that rely on symmetric traffic flows.

To harness the advantages of asymmetric routing while avoiding potential pitfalls, network administrators must carefully design and monitor their networks, implementing appropriate measures to ensure compatibility with devices and applications.

By striking the right balance, network performance, reliability, and security can be optimized while still accommodating the dynamic nature of modern networks.

Related Posts

Filed Under: General Networking

Download Free Cisco Commands Cheat Sheets

Enter your Email below to Download our Free Cisco Commands Cheat Sheets for Routers, Switches and ASA Firewalls.

We use Elastic Email as our marketing automation service. By submitting this form, you agree that the information you provide will be transferred to Elastic Email for processing in accordance with their Terms of Use and Privacy Policy. Also, you allow me to send you informational and marketing emails from time-to-time.

About Lazaros Agapidis

Lazaros Agapidis is a Telecommunications and Networking Specialist with over twenty years of experience.
He works primarily with IP networks, VoIP, Wi-Fi, and 5G, has extensive experience in training professionals for Cisco certifications, and his expertise extends into telecommunications services and infrastructure from both an enterprise and a service provider perspective.
In addition to his numerous vendor certifications, Lazaros has a solid online presence as an expert in his field, having worked in both public and private sectors within North America and in Europe.
He has enjoyed sharing his practical experiences in writing as well as through engaging online training.
LinkedIn: Lazaros Agapides

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

About Networks Training

We Provide Technical Tutorials and Configuration Examples about TCP/IP Networks with focus on Cisco Products and Technologies. This blog entails my own thoughts and ideas, which may not represent the thoughts of Cisco Systems Inc. This blog is NOT affiliated or endorsed by Cisco Systems Inc. All product names, logos and artwork are copyrights/trademarks of their respective owners.

Amazon Disclosure

As an Amazon Associate I earn from qualifying purchases.
Amazon and the Amazon logo are trademarks of Amazon.com, Inc. or its affiliates.

BLOGROLL

Tech21Century
Firewall.cx