I am upgrading a network to OSPF. I have a multilayered switch environment using 6500's, 4500's and 3560's.
I have a VLAN which is configured on all of the switches. Each switch has this VLAN configured it is used as the OSPF area 0.
Also, I have other OSPF areas. The next area I configured is OSPF area 1 (which advertised a VLAN which is different from the Area 0 VLAN). I have a host on Area 0 and one on Area 1. They are both Redhat systems. Both systems are on different subnets.
When I attempt to ping from the host in Area 0 to the host in Area 1. It responds to ICMP redirect messages. I did some searching and found the by placing the no ip redirect on the VLAN interfaces I can get rid of the icmp redirect messages.
The problem is that as soon as I use no ip redirect ping no longer responds.
Why would this occur and does anyone have an idea of how to resolve this? Ideally, I would like to omit the redirect messages from the hosts output from the ping request but still actually get responses from the ping request.
The ICMP redirect messages are sent when a router receives a packet that needs to be forwarded out the same interface it was first received on. Usually, this suggests that there is a problem with the contents of routing tables on routers, or the sender of the original packet is using an inappropriate gateway to reach a particular network, and the gateway tells it to use a better route using the ICMP redirect message. It may be that the station from which you are sending pings is located in a VLAN with multiple routers, and for a default gateway, it is using a router that does not lie on the shortest path between these two stations. That would explain the redirect messages.
What puzzles me is that the deactivation of ICMP redirects breaks connectivity. It should not behave like that. Hmmm... How did you learn in the first place that you are getting the ICMP redirect messages?
Can you post a diagram of your network including the addressing information and the location of the hosts you are performing pings between?
"The ICMP redirect messages are sent whe n a router recieves a packet that needs to be forwarded out the same interface it was first recieved on."
This makes a lot of sense. I have two core switches each with VLAN10 (10.34.10.0/24) on it that are in Area 0. The next layer is my distribution layer which is also kind of an access layer as well. On those switches (these are the switches the hosts are connected to), I have a VLAN 10 and a VLAN 20 (which is for area 1, 10.34.20.0/24).
The hosts are on two separate switches however they share the common VLAN 10 interface albeit with different IP addresses. So, when my core switch (which is also the DR) recieves the packet for VLAN 20 from the VLAN 10 host it forwards the packet out of VLAN 10 again to the switch advertising the route for VLAN 20. That makes a lot of sense.
My question is how to resolve it.
I learned of the ICMP redirect messages when I initiated a PING from the host in VLAN 10 to a host in VLAN 20. They are both Redhat systems and on the PING output it stated that the packet had been redirected and noted the new next hop.
I agree it is puzzling that when I applied no ip redirects on the VLAN 10 interface that it stopped routing traffic.
This document gives several answers on frequently asked questions for PFRv3 channel state behavior.
Q1: What are all the channel operational states from a BR (border role) perspective and what are the rules/conditions to be in each st...
The need was to reach an host inside a LAN through a VPN connection managed by the LAN gateway (Cisco 1921).
The LAN gateway performs NAT and there was a dedicate nat rule for the host i wanted to reach through VPN.
I couldn't connect to the hos...