I have a situation that I'm not sure if it's a device issue or a Cisco issue. I have a Netgate appliance which creates a tunnel into our provider via cellular connection. This tunnel is always up. My router has a floating route to fall over to this appliance if the serial side is down. I get my default route from our provider via bgp.
This is what my router looks like:
*B 0.0.0.0 via 18.104.22.168
ip route 0.0.0.0 0.0.0.0 192.168.1.2 254 name Netgate
This works as intended, but I'm having weird issues sometimes with internal devices latching onto the Netgate as their route for only certain routes. For instance, we have all Cisco APs which have a redirect cache on them but no routing table. If I have a host at 192.168.30.50, the AP may find it like:
But the APs default gateway is 192.168.1.1 (my router). This is not just happening on APs though. It's happening on 3Com switches as well. I'm not sure how it's happening either. The serial side has never went down at this location. I could understand if the router had to fail over to this device and then traffic had to pass over it and kept it in cache at that point, but that's not the case. Is there something else I should be looking at on the router side? At this point, I think it's the Netgate that's causing my problem. Before I can get in touch with the provider, I wanted to make sure that it wasn't a configuration problem on my end because I'm sure that's what they'll focus on.
The kernel is configured to send redirects. (By default, Cisco routers send ICMP redirects. The interface subcommand no ip redirects can be used to disable ICMP redirects.)
The site that I was referring to was an AP that it's redirect was set to go out the Netgate to get to something on the other side of the WAN. The statement above makes it sound like if the packet is received on the inside interface and then routed back out the inside interface, it would then send a redirect. If the packet is received on the inside interface, but then the router has to route out the serial side, should it still be sending a redirect to the Netgate, or is this because the router's serial side may have went down at the moment one of the other devices tried to get to a far-side network? At that point, I could see the redirect happening.
Also, redirects are enabled by default on the routers. Is it a bad thing to disable them completely?
How much do redirects tie in with floating routes? I'm assuming that the device will always go to it's default gateway which would then in turn forward to the appropriate route, but it wouldn't allow the device to add the "direct" entry to its cache.
How much do redirects tie in with floating routes?
Don't think they do really. ICMP redirects are really about suboptimal paths in your network ie. traffic is not taking the most efficient route. Your floating static will only kick in if the primary route is removed from the routing table.
I'm assuming that the device will always go to it's default gateway which would then in turn forward to the appropriate route, but it wouldn't allow the device to add the "direct" entry to its cache.
Not sure how the cache thing works to be honest. Certainly any device that consults a routing table, and even a PC does this, can install an ICMP redirect into it's routing table.
ICMP redirects, as i say, are really about traffic not using the most efficient path through the network so disabling them should not cause major problems unless of course your network relies on them for traffic forwarding which it really shouldn't.
>> How much do redirects tie in with floating routes? I'm assuming that the device will always go to it's default gateway which would then in turn forward to the appropriate route, but it wouldn't allow the device to add the "direct" entry to its cache.
As Jon has noted, if the default gateway knows that its best path to the packet destination is via an IP next-hop, that is in the same IP subnet of the packet sender, it can send out an ICMP redirect to inform the client that next packets for the same destination can be sent directly to that IP address (that of the in same subnet next-hop).
So the end user device knows nothing about static routes or floating static routes, but it can have its ARP table populated of entries that are created during primary link failure as a result of ICMP redirects messages sent by the router.
Now, if the IP next-hop in LAN = "appliance to connect to cellular network" does not do the same when primary link is up, that is it does not send out ICMP redirects to inform client(s) that best path is now via the router, the clients may still use the secondary path in outgoing direction as a result of these ARP entries until these ARP entries will expire.
For this reason I have written that or both the router and the appliance send out ICMP redirect messages or both should have it disabled.
This is my understanding, of course if the appliance is not in the same IP subnet as the clients, all this will not happen and clients would not get any indirect sign of a change in routing.
This is actually a pretty cool feature, i didn't even know it existed until I was looking for a solution to advertise a subnet (prefix in BGP talk), only if a certain condition existed. This is exactly what conditional advertisements does
j ai une question j ai achete un routeur cisco 887VA-k9 , je le configuré avec la configuration ci- dessous
si je le lier avec mon pc portable sur l un de ses ports directement ça marche toute est bien ( la connexion internet + m...
Attached policy provides CLI access to the Cisco 4G router over text messaging. Two files are in the attached .tar file:
2. PDF with instructions on how to load and use the .tcl file.