IP Redirect fluke?

Unanswered Question
Aug 18th, 2010


We use Orion for a monitoring server and I had a situation this morning. One of my routers stopped responding, at least from the monitoring servers perspective. I could ping the router's inside interface from my laptop, but I couldn't get to it from the monitoring server itself. I checked the routing table on the server and everything looked normal. I could ping devices behind the router (APs/switches) and I could ping the serial side interface from the monitoring server, and I could ping the inside interface from my laptop. I removed "no ip redirects" from the inside interface and I could then ping from the monitoring server.

Here's the way it would look:

Orion ----> <site Serial side><Inside IF> ---> other devices.

I could ping serial from orion, but not inside IF. Any ideas? I'm about to disable redirects on all serial side and inside interfaces, but I wanted to make sure this was just a fluke and not a cause of having redirects configured on that router.



I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Peter Paluch Wed, 08/18/2010 - 08:34


You have an interesting issue here. Personally, I don't see how ICMP redirects would affect your reachability. I do not even see how and when would ICMP redirects be sent in your case (but then again, I do not know your network so well). Would you kindly have a look at the following URL and see whether the conditions for sending ICMP redirects apply to you?


Also, it should be noted that Cisco routers, as far as I know, ignore received ICMP redirects.

What I would probably go for would be a glitch in CEF. I have ecountered a problem with CEF a couple of times with IOS 12.4, I believe, on 1800/2800 series routers. In some cases, the CEF and the routing table became de-synchronized, with the CEF pointing to a different next hop for the default route than the routing table. I believe that it happened with some funny combination of NAT and outside interface being assigned an IP address via DHCP, or with defining a static default route using only an egress interface - I don't remember for sure. I was not able to replicate this on demand but I have ecountered that problem multiple times.

It is somehow possible that modifying the redirect behavior somehow affected the CEF structure as well.

Anyway, does the problem return when you put the redirect configuration to its original setting?

Best regards,


John Blakley Wed, 08/18/2010 - 08:41


Thanks for the response. It didn't come back and I can't recreate it unfortunately. There's not a way that redirects should have ever modified anything in this case. I only have one entry/exit point from that site, and the subnet that's monitoring is different from the subnet that's being monitored. I didn't look at the CEF table, but I definitely will next time. That may be from the monitoring side though on my switch, but for now all paths are pointing to the correct location.




This Discussion