Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 

How to configure HSRP to support ICMP redirects

Core Issue

Hot Standby Router Protocol (HSRP) provides redundancy for IP networks. It also provides redundancy for hosts to recover immediately and transparently from the first hop router failures. HSRP allows multiple routers on a single LAN to share a virtual IP and MAC address. This address is configured as the default gateway on the host. From the group of routers configured in a HSRP group, the one with the highest priority functions as the active router. The one with the second highest priority functions as the standby router. The active router forwards packets sent to the virtual IP address. If the active router fails, the standby router takes over as the new active router.

Internet Control Message Protocol (ICMP) provides many diagnostic functions for IP by sending control messages to hosts. ICMP redirect messages can be sent by the routers to the hosts. These messages redirect the hosts to send packets to another router (on the same segment on the optimal path toward the destination).

Earlier, ICMP redirects were disabled on a router interface configured for HSRP. This was done because redirecting the hosts to the real IP address of another router resulted in dropped packets. This occurred if the other router failed, which defeated the redundancy provided by HSRP.

Resolution

To enable ICMP redirects with HSRP on an interface, use the HSRP Support for ICMP Redirects feature.

This functionality filters outgoing ICMP redirect messages through HSRP, where the next-hop IP address can be changed to a HSRP virtual IP address. Each HSRP router snoops all HSRP packets on the network to maintain a list of active routers. The HSRP router also maintains a list of virtual IP addresses and their real IP addresses.

Usually when an ICMP redirect message is sent to a host, the next-hop IP address of the message is sent to the physical IP address of the router (where the packets are redirected). With this feature, the next-hop IP address is compared to the network's list of active HSRP routers. The active HSRP router forwards packets for a group by using the virtual IP address for that group. If a match is found, then the real next-hop IP address is replaced with a corresponding virtual IP address. This address is replaced in the ICMP redirect message that is sent.

Hosts do not redirect to passive HSRP routers (which are routers running HSRP) but are not active for any HSRP group on the interface, as redundancy could be lost if the hosts learn the real IP addresses of the HSRP routers. However, hosts can be redirected to a router not running HSRP, as redundancy is not implemented to reach the destinations through that router.

To enable ICMP redirect messages to be sent when the HSRP is configured on an interface, issue the standby redirects command under the interface configuration mode.

Note: The standby redirects command is enabled by default and can be disabled.

For more information on the HSRP Support for ICMP Redirects feature, refer to HSRP Support for ICMP Redirects.

Problem Type

Configure

HSRP issues

RP (Routing Protocol) Related Technologies

HSRP
Version history
Revision #:
1 of 1
Last update:
‎06-22-2009 06:17 PM
Updated by:
 
Labels (1)