ICMP redirect messages
Renato Moutinho Silva
I've came across a behaviour on a cisco 2500 which I found rather
amusing and wanted to know if it's ok to you all..
I have this router configured with some subnets (classes sub-C) using
alias for the ethernet port. When I try to send a packet from a subnet
to another which MUST go trhu the router it delivers the packet but
sends an ICMP redirect message back..
On IOS docs I read it does so because source and destination are
on the same interface.. Does that mean it simply ignores my
subnetting ?? I mean.. Speaking of IP routing a machine can't simply
send a packet directly just because it's on the same wire.. It must
calculate, based on netmask and on its own IP if the packet should
go directly to the wire or go thru some gateway...
Disable 'icmp redirects' certainly resolves, but still I think
decisions on best path should be based on IP routing techniques,
should't them ?
All the best,
--
Renato Moutinho Silva
rmo...@yahoo.com
Francois Labreque
No it means "you can reach this host faster if you send it directly to
[insert mac-address], so stop pestering me you nitwit!"
I can also be used on this case
| | |
|--- Ra ---|--- Rb---|
| | |
subnet subnet subnet
1 2 3
If a device on subnet 2 has Ra as its default gateway and wants to
access a device on subnet 3. It will send the first packet to Ra
because that's the only thing it knows how to do; however Ra should tell
it to send future packets to Rb
--
Francois Labreque | The surest sign of the existence of extra-
flabreque | terrestrial intelligence is that they never
@ | bothered to come down here and visit us!
videotron.ca | - Calvin
Barry Margolin
Francois Labreque <flab...@videotron.ca> wrote:
>
>
>Renato Moutinho Silva wrote:
>>
>> Hello people,
>>
>> I've came across a behaviour on a cisco 2500 which I found rather
>> amusing and wanted to know if it's ok to you all..
>> I have this router configured with some subnets (classes sub-C) using
>> alias for the ethernet port. When I try to send a packet from a subnet
>> to another which MUST go trhu the router it delivers the packet but
>> sends an ICMP redirect message back..
I've never heard of this. What does it put in the Gateway Address field of
these redirects, since it's not redirecting them to another router?
>> On IOS docs I read it does so because source and destination are
>> on the same interface.. Does that mean it simply ignores my
>> subnetting ?? I mean.. Speaking of IP routing a machine can't simply
>> send a packet directly just because it's on the same wire.. It must
>> calculate, based on netmask and on its own IP if the packet should
>> go directly to the wire or go thru some gateway...
Many OS's allow you to configure the routing table to send to other subnets
directly. Often this is done by creating a static route whose next-hop is
the machine's own address. On a Cisco you can do it by creating a static
route whose next-hop is the LAN interface, e.g.
ip route 1.2.3.0 255.255.255.0 Ethernet0
>> Disable 'icmp redirects' certainly resolves, but still I think
>> decisions on best path should be based on IP routing techniques,
>> should't them ?
>
>No it means "you can reach this host faster if you send it directly to
>[insert mac-address], so stop pestering me you nitwit!"
What do you mean by this? Since when do ICMP Redirect messages have a
mac-address in them?
--
Barry Margolin, bar...@genuity.net
Genuity, Burlington, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.
Machiel Appel
Hi,
Beware ICMP redirect messages are dropped by many OS's so despite the ICMP
redirect messages wich supplies the host with a faster way to get to it's
destination the host will keep sending the packets to the router which on
his turn will keep sending ICMP redirect messages.
--
Machiel Appel
http://www.the3rdlayer.com
MCSE, MCP+I and CCNA
"The hacker always rings twice"
"Francois Labreque" <flab...@videotron.ca> wrote in message
news:3AB80D86...@videotron.ca...
Hansang Bae
> >No it means "you can reach this host faster if you send it directly to
> >[insert mac-address], so stop pestering me you nitwit!"
In article <kw3u6.35$U4.2139@burlma1-snr2>, bar...@genuity.net says...
> What do you mean by this? Since when do ICMP Redirect messages have a
> mac-address in them?
I'm sure he meant to say "insert new gateway IP here"
--
"Somehow I imagined this experience would be more rewarding" Calvin
********************************************************************
Due to the volume of email that I receive, I may not not be able to
reply to emails sent to my account. Please post a followup instead.
********************************************************************
Barry Margolin
Hansang Bae <hbae_@_nyc.rr.com.REMOVE_> wrote:
>> Francois Labreque <flab...@videotron.ca> wrote:
>> >No it means "you can reach this host faster if you send it directly to
>> >[insert mac-address], so stop pestering me you nitwit!"
>
>
>In article <kw3u6.35$U4.2139@burlma1-snr2>, bar...@genuity.net says...
>> What do you mean by this? Since when do ICMP Redirect messages have a
>> mac-address in them?
>
>
>I'm sure he meant to say "insert new gateway IP here"
But since the destination is on the same physical LAN, there *is* no
gateway. The original question was about a LAN with two logical subnets,
and a machine on one subnet sending to the other subnet via the router.
This should *not* generate a redirect, since there's no gateway to redirect
to.
Hansang Bae
----- Original post -----------
I've came across a behaviour on a cisco 2500 which I found rather
amusing and wanted to know if it's ok to you all..
I have this router configured with some subnets (classes sub-C) using
alias for the ethernet port. When I try to send a packet from a subnet
to another which MUST go trhu the router it delivers the packet but
sends an ICMP redirect message back..
on the same interface.. Does that mean it simply ignores my
subnetting ?? I mean.. Speaking of IP routing a machine can't simply
send a packet directly just because it's on the same wire.. It must
calculate, based on netmask and on its own IP if the packet should
go directly to the wire or go thru some gateway...
decisions on best path should be based on IP routing techniques,
should't them ?
In article <CZpu6.54$U4.2863@burlma1-snr2>, bar...@genuity.net says...
> But since the destination is on the same physical LAN, there *is* no
> gateway. The original question was about a LAN with two logical subnets,
> and a machine on one subnet sending to the other subnet via the router.
> This should *not* generate a redirect, since there's no gateway to redirect
> to.
Ah. I went back to read the original post. It sounds like (as you note)
that he was using secondary addressing on the Ethernet interface.
So this could be a case of Cisco box getting confused because of the
secondary addressing and proxy arp. Or it's just plain confused. As
Barry notes, ICMP redirect should be sent if there is a _BETTER router
that can service the request *ON THE SAME SUBNET*... The default
behaviour is to send the redirect to the originator, and forward the
packet to the _better_ router. I'd like to see the content of the ICMP
redirect message. It's supposed to have the source and destination of
the origina packet, so it might be interesting.
hsb