icmp redirect message

Answered Question
Apr 24th, 2010
User Badges:
  • Bronze, 100 points or more

Hi every body.


I have  a question about the icmp redirect message.


let say we have two routers( gateways), r1 and r2 on a lan.Host ,h1 is also connected to the same lan.  h1 is configured with r1 as default gateway.

Let say r2 sends a icmp  redirect message to h1 , asking the h1 to use r2 as default gateway. Will h1 use it  considering the fact h1 is statically configured to use r1 as default gateway?




thanks and have a good weekend.

Correct Answer by lamav about 7 years 2 months ago

Sarah:


You should realize that well-designed networks do not typically rely on the icmp redirects. ICMP redirects are useful but only in as much as they expose the inefficiecy of a network's traffic flow and design.


Let's take a simple example.


In most enterprise deployments, users on a LAN will point to a virtual default gateway. In other words, HSRP, VRRP or GLBP is being used to provide gateway redundancy and failover for hosts on a LAN. In that case, all the routers in the failover group should have the exact same routes in their routing tables. More specifically, those routes must never point to another router in the group.


Remember that, because the host is being configured to use any of those routers as its default gateway (it uses the virtual gateway address), there should be no adverse consequence to using any router in the group when it comes to route path efficiency, traffic load and reliability. If there is, and icmp rediects are being used, you have a bad design.


I wanted to write a lot more when I ran into this document that covers most of what I wanted to tell you anyway, so please have a read of it.


http://www.cymru.com/gillsr/documents/icmp-redirects-are-bad.pdf


HTH


Victor

Correct Answer by Jon Marshall about 7 years 2 months ago

sarahr202 wrote:


Thanks Jon for being patient.



This is what i understand.

  Al though h1 is configured  with r1 as default gateway, if host1 sends a packet say to host h3, and host1 receives the icmp redirect message from r1  asking h1 to use r2 as default gateway  to send packet  to h3 next time.  host1  will create a route  in its routing table for that specific destination. Next time if h1 has to send a packet to h3, it will look up its routing table and  use that more specific route"


In nutshell, host  can have routes  in its routing table.  routes can be added to its routing table using Add  command or it can be created dynamically as was  the case in our scenario  where h1 upon receiving icmp redirect message from r1, creates a more specific entry in its routing table.


Is my understanding correct?


Sarah


No problem, it's important to understand things properly


Your summary is spot on.


Jon

Correct Answer by Jon Marshall about 7 years 2 months ago

Sarah


Being host, h1 should not have any routing table or more specific route.  All it should have its own ip address, dns,default gateway etc.


Correct in normal circumstances a host will only have a default route or default-gateway if you like. But there is nothing stopping a host adding routes to it's routing table even if it's not running a dynamic routing protocol. For example you can add routes manually on a windows machine with the "route add ....." command from a DOS prompt.


So routes can be added to hosts, it's just that they normally only have a default-gateway. The ICMP redirect will only be for a specific destination route so in your example h1 will now have 2 routes, 1 specific host route pointing to R2 and one default route pointing to R1. The default route does not change from R1.


Jon

Correct Answer by Jon Marshall about 7 years 2 months ago

sarahr202 wrote:


Hi every body.


I have  a question about the icmp redirect message.


let say we have two routers( gateways), r1 and r2 on a lan.Host ,h1 is also connected to the same lan.  h1 is configured with r1 as default gateway.

Let say r2 sends a icmp  redirect message to h1 , asking the h1 to use r2 as default gateway. Will h1 use it  considering the fact h1 is statically configured to use r1 as default gateway?




thanks and have a good weekend.


Sarah


R2 won't send an ICMP redirect to h1. R1 could send an ICMP redirect to h1 to tell it that R2 is a better path. If R1 does send an ICMP redirect it will be for a specific host route so h1 will install a host specific route in it's routing table. And h1 will use this route because it is more specific than the default-route it has to R1.


Jon

Correct Answer by Giuseppe Larosa about 7 years 2 months ago

Hello Sarah,

nice to see you again

host H1 can receive an ICMP redirect for a specific destination only by its default gateway R1 for the following reason:

the message is sent by a router in reaction to receiving packets from an host with a destination that has a next-hop that is another router in the same subnet as the host.

H1 will never send a packet to R2 with a destination different then R2 ip address in the common subnet because it is not its default gateway.


if H1 is configured with a specific route with next-hop R2 and R2 uses R1 as next-hop for that destination, you can have an occurrence of the event you have described.


Hope to help

Giuseppe

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (5 ratings)
Loading.
Correct Answer
Giuseppe Larosa Sat, 04/24/2010 - 15:40
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Sarah,

nice to see you again

host H1 can receive an ICMP redirect for a specific destination only by its default gateway R1 for the following reason:

the message is sent by a router in reaction to receiving packets from an host with a destination that has a next-hop that is another router in the same subnet as the host.

H1 will never send a packet to R2 with a destination different then R2 ip address in the common subnet because it is not its default gateway.


if H1 is configured with a specific route with next-hop R2 and R2 uses R1 as next-hop for that destination, you can have an occurrence of the event you have described.


Hope to help

Giuseppe

sarahr202 Sat, 04/24/2010 - 16:50
User Badges:
  • Bronze, 100 points or more

Thanks Giuseppe.  I am still in training so still busy. But my weekends are devoted to cisco net pro , to learning  from you guys.

Correct Answer
Jon Marshall Sat, 04/24/2010 - 15:41
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

sarahr202 wrote:


Hi every body.


I have  a question about the icmp redirect message.


let say we have two routers( gateways), r1 and r2 on a lan.Host ,h1 is also connected to the same lan.  h1 is configured with r1 as default gateway.

Let say r2 sends a icmp  redirect message to h1 , asking the h1 to use r2 as default gateway. Will h1 use it  considering the fact h1 is statically configured to use r1 as default gateway?




thanks and have a good weekend.


Sarah


R2 won't send an ICMP redirect to h1. R1 could send an ICMP redirect to h1 to tell it that R2 is a better path. If R1 does send an ICMP redirect it will be for a specific host route so h1 will install a host specific route in it's routing table. And h1 will use this route because it is more specific than the default-route it has to R1.


Jon

sarahr202 Sat, 04/24/2010 - 16:46
User Badges:
  • Bronze, 100 points or more

Thanks Jon.


I still have few problems understanding icmp redirect message. I t was typo . i wrote" r2 sends icmp redirect message to h1 while h1 is configured with r1 as default gateway . Will h1 change its default gateway considering the fact h1 is configured with r1 as default gateway."     It should have been"   r1 sends the icmp redirect message to h1 while h1 is configured with with r1 as default gateway. . Will h1 change its default gateway to r2?



Here is my understanding.


host such as windows xp uses this logic to decide   whether to send packet to default gateway or not.  h1 first checks if the destination ip is on the same subnet/network like h1., if not  h1  concludes it has to send this packet to  default gateway.  Being host, h1 should not have any routing table or more specific route.  All it should have its own ip address, dns,default gateway etc.


I  am sorry for the confusion and greatly appreciate your help.But iam not going away without finding out if h1 will change its default gateway to r2 as in mentioned in the above case.  once again thanks a lot.

Correct Answer
Jon Marshall Sat, 04/24/2010 - 16:54
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Sarah


Being host, h1 should not have any routing table or more specific route.  All it should have its own ip address, dns,default gateway etc.


Correct in normal circumstances a host will only have a default route or default-gateway if you like. But there is nothing stopping a host adding routes to it's routing table even if it's not running a dynamic routing protocol. For example you can add routes manually on a windows machine with the "route add ....." command from a DOS prompt.


So routes can be added to hosts, it's just that they normally only have a default-gateway. The ICMP redirect will only be for a specific destination route so in your example h1 will now have 2 routes, 1 specific host route pointing to R2 and one default route pointing to R1. The default route does not change from R1.


Jon

sarahr202 Sat, 04/24/2010 - 17:39
User Badges:
  • Bronze, 100 points or more

Thanks Jon for being patient.



This is what i understand.

  Al though h1 is configured  with r1 as default gateway, if host1 sends a packet say to host h3, and host1 receives the icmp redirect message from r1  asking h1 to use r2 as default gateway  to send packet  to h3 next time.  host1  will create a route  in its routing table for that specific destination. Next time if h1 has to send a packet to h3, it will look up its routing table and  use that more specific route"


In nutshell, host  can have routes  in its routing table.  routes can be added to its routing table using Add  command or it can be created dynamically as was  the case in our scenario  where h1 upon receiving icmp redirect message from r1, creates a more specific entry in its routing table.


Is my understanding correct?

Correct Answer
Jon Marshall Sun, 04/25/2010 - 00:57
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

sarahr202 wrote:


Thanks Jon for being patient.



This is what i understand.

  Al though h1 is configured  with r1 as default gateway, if host1 sends a packet say to host h3, and host1 receives the icmp redirect message from r1  asking h1 to use r2 as default gateway  to send packet  to h3 next time.  host1  will create a route  in its routing table for that specific destination. Next time if h1 has to send a packet to h3, it will look up its routing table and  use that more specific route"


In nutshell, host  can have routes  in its routing table.  routes can be added to its routing table using Add  command or it can be created dynamically as was  the case in our scenario  where h1 upon receiving icmp redirect message from r1, creates a more specific entry in its routing table.


Is my understanding correct?


Sarah


No problem, it's important to understand things properly


Your summary is spot on.


Jon

sarahr202 Sun, 04/25/2010 - 06:18
User Badges:
  • Bronze, 100 points or more

Thanks  Jon.  Hope to see you again with   more questions on next weekend  for sure or during next week if time permits.

Correct Answer
lamav Sun, 04/25/2010 - 05:52
User Badges:
  • Blue, 1500 points or more

Sarah:


You should realize that well-designed networks do not typically rely on the icmp redirects. ICMP redirects are useful but only in as much as they expose the inefficiecy of a network's traffic flow and design.


Let's take a simple example.


In most enterprise deployments, users on a LAN will point to a virtual default gateway. In other words, HSRP, VRRP or GLBP is being used to provide gateway redundancy and failover for hosts on a LAN. In that case, all the routers in the failover group should have the exact same routes in their routing tables. More specifically, those routes must never point to another router in the group.


Remember that, because the host is being configured to use any of those routers as its default gateway (it uses the virtual gateway address), there should be no adverse consequence to using any router in the group when it comes to route path efficiency, traffic load and reliability. If there is, and icmp rediects are being used, you have a bad design.


I wanted to write a lot more when I ran into this document that covers most of what I wanted to tell you anyway, so please have a read of it.


http://www.cymru.com/gillsr/documents/icmp-redirects-are-bad.pdf


HTH


Victor

sarahr202 Sun, 04/25/2010 - 06:16
User Badges:
  • Bronze, 100 points or more

Thanks  Victor. It is nice seeing you again.

Jon Marshall Sun, 04/25/2010 - 07:29
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Victor


Nice post and congrats on the new star !!


Jon

lamav Sun, 04/25/2010 - 07:42
User Badges:
  • Blue, 1500 points or more

Sarah:


It's nice seeing you, too. I'm very happy that you're still so enthusiastic about learning. Excellent work. And I like your questions very much because they make me revisit and rethink a lot of things that I have learned to take for granted as time has gone by.


Jon:


Thanks, buddy. I didn't realize I had a new star until you mentioned it just now. I think it just happened with the points I got from you guys!


Victor

sarahr202 Sun, 04/25/2010 - 19:11
User Badges:
  • Bronze, 100 points or more

Thanks   victor.  I really appreciate   all of you guys going extra mile  to answer my questions.

Actions

This Discussion