In Forward Networks' path search feature, the two queries “from IP with Destination IP” and “from IP To IP” may look similar, but perform very different kinds of searches with possibly different results. Here's a breakdown of their differences:

1. From IP A with Destination IP B

• Purpose: shows path results that start from location of A, and the packet’s destination IP is set to B, at source (i.e. at location of A). Shows both dropped (e.g. by firewall) and delivered traffic.
• Behavior: The path search begins from the source and considers the destination IP as part of the packet header. It does not explicitly locate the destination as a physical or logical endpoint; instead, it treats the destination IP as an attribute of the packet.
• Use Case: Ideal when you want to trace how a packet with a specific source and destination IP address moves through the network, even if the destination location is unknown or incomplete in the model. Also useful when troubleshooting an issue from the point of view of the sender: a sender tries to send traffic to an address, but you are not sure if traffic reaches the destination, or whether at destination a DNAT changes the destination address.
• Limitations: May show packets delivered to incorrect location for B (due to routing issues, or missing devices in snapshot)
• Gotchas: this may include dropped paths, or paths that do not make it all the way to the actual location of B. If you create an “exist check” based on this kind of query, any delivered traffic (even to the wrong location) will cause the check to pass because there is no filter for delivery of packet to the location of B.

2. From IP A To IP B

• Purpose: Show traffic originating from location of A, with source IP=A at the location of A, delivered to location of B, with dest IP=B at the location of B.
• Behavior: The path search resolves the To IP to a specific network location (e.g., a device interface, host, or edge point) and traces the path from the source to that resolved location. It considers the destination IP B, as both an endpoint and an attribute of the traffic at the exit point.
• Use Case: Ideal for ensuring traffic reaches a specific device, interface, or host whose address is B. Useful for creating “exist checks” to ensure traffic reaches a particular destination. .
• Limitations: If the destination IP cannot be resolved to a specific location in the model, the search will fail to return results.
• Gotchas: if traffic is dropped before reaching location of B, the path search returns no results. If the drop is due to a firewall drop, use the “permit-all” keyword in path search to see the path.

If there is DNAT or load balancing in the network, IP address B should be the post-NAT address for the destination. 

Key Difference:

While Destination IP focuses on filtering based on the IP address in the packet, To ensures the traffic reaches a specific, resolved endpoint in the network with that address as destination at the exit point. 

Have questions? Ask below!