09-13-2010 06:39 AM - edited 03-06-2019 12:56 PM
All,
I'm revisiting a redirect problem that I had in the past and I'm starting to disable across all interfaces in our environment. I have a question though. Redirects were originally disabled in earlier versions of the IOS if HSRP was configured on that interface, but as of 12.1 (I know, still old) it enables redirects by default.
"
Previously, if the Hot Standby Router Protocol (HSRP) was configured on an interface, ICMP redirect messages were disabled by default for the interface. With Cisco IOS Release 12.1(3)T, ICMP redirect messages are enabled by default if HSRP is configured."
I've disabled redirects on my hsrp interfaces, but I'm wondering what type of an impact this is going to have should I need to failover? I know it shouldn't have "anything" to do with it, but my concern is that Cisco chose to enable by default for some reason. Does anyone know why?
Thanks,
John
Solved! Go to Solution.
09-13-2010 06:49 AM
j.blakley wrote:
All,
I'm revisiting a redirect problem that I had in the past and I'm starting to disable across all interfaces in our environment. I have a question though. Redirects were originally disabled in earlier versions of the IOS if HSRP was configured on that interface, but as of 12.1 (I know, still old) it enables redirects by default.
"
Usage Guidelines
#Previously, if the Hot Standby Router Protocol (HSRP) was configured on an interface, ICMP redirect messages were disabled by default for the interface. With Cisco IOS Release 12.1(3)T, ICMP redirect messages are enabled by default if HSRP is configured."
I've disabled redirects on my hsrp interfaces, but I'm wondering what type of an impact this is going to have should I need to failover? I know it shouldn't have "anything" to do with it, but my concern is that Cisco chose to enable by default for some reason. Does anyone know why?
Thanks,
John
John
It won't affect failover between the routers using the same HSRP group because the end devices only see the VIP and virtual mac and so they will fail over correctly.
As for why it iwas disabled, bit isn't now have a read of the overview in this doc which explains it better than i can ! -
Jon
09-13-2010 06:49 AM
j.blakley wrote:
All,
I'm revisiting a redirect problem that I had in the past and I'm starting to disable across all interfaces in our environment. I have a question though. Redirects were originally disabled in earlier versions of the IOS if HSRP was configured on that interface, but as of 12.1 (I know, still old) it enables redirects by default.
"
Usage Guidelines
#Previously, if the Hot Standby Router Protocol (HSRP) was configured on an interface, ICMP redirect messages were disabled by default for the interface. With Cisco IOS Release 12.1(3)T, ICMP redirect messages are enabled by default if HSRP is configured."
I've disabled redirects on my hsrp interfaces, but I'm wondering what type of an impact this is going to have should I need to failover? I know it shouldn't have "anything" to do with it, but my concern is that Cisco chose to enable by default for some reason. Does anyone know why?
Thanks,
John
John
It won't affect failover between the routers using the same HSRP group because the end devices only see the VIP and virtual mac and so they will fail over correctly.
As for why it iwas disabled, bit isn't now have a read of the overview in this doc which explains it better than i can ! -
Jon
09-13-2010 06:51 AM
As always Jon, you're awesome! Thanks!
09-13-2010 06:53 AM
Hi John,
The IOS support for ICMP Redirects on HSRP-enabled interfaces has been significantly improved (and obfuscated as well, as could be expected ) which is the reason why the ICMP Redirect feature is enabled on HSRP-enabled interfaces.
You may want to read the following article:
It discusses the rationale behind the ICMP Redirects with HSRP and also the special handling of ICMP Redirect messages. I suggest reading this document first to see how the redirects are handled. Not exactly an easy reading, though.
Best regards,
Peter
09-13-2010 07:06 AM
Oops,
Sorry guys - I appear to be only repeating what Jon has already answered. I seem to have been late at hitting my "Post answer" button Anyway - Jon, great answer as always!
Best regards,
Peter
09-13-2010 07:07 AM
Thanks Peter!
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: