ICMP Unreachable and Redirects
The Internet
Control Message Protocol (ICMP)
is one of the main protocols of the Internet Protocol Collection. It is used by
network devices, like routers, to send error messages representing, for
example, that a requested service is not available or that a host or router
could not be reached.
ICMP can also be used to relay query messages. It is assigned
protocol number. ICMP differs from carrying protocols such as TCP and UDP in
that it is not typically used to interchange data between systems, nor is it consistently
employed by end-user network applications
ICMP transmit messages are used by routers to notify the hosts on
the data link that a better route is available for a particular destination.
Note:
The below mentioned topology is for demo purposes and has no relevance with any of the enterprise or other network. The IP used here is only to showcase and define the below mentioned topology.
 |
Fig 1.1-ICMP Unreachable and Redirects
|
For example, the two routers RouteXP_R1 and RouteXP_R2 are
connected to the same Ethernet segment as Host H. The default gateway for Host
H is configured to use router RouteXP_R1.
Host H sends a packet to router RouteXP_R1
to reach the destination on Remote Branch Office Host 10.1.1.1. Router RouteXP_R1,
after it consults its routing table, finds that the next-hop to reach Host
10.1.1.1 is router RouteXP_R2.
Now router RouteXP_R1 must forward the packet out the same
Ethernet interface on which it was received. Router RouteXP_R1 forwards the
packet to router RouteXP_R2 and also sends an ICMP redirect message to Host H.
This informs the host that the best route to reach Host 10.1.1.1 is by way of
router RouteXP_R2. Host H then forwards all the subsequent packets destined for
Host 10.1.1.1 to router RouteXP_R2.
This debug message shows
router RouteXP_R1, as in the network diagram, sending an ICMP
redirect message to Host H (172.16.1.1).
Cisco routers send ICMP redirects when all of these conditions are
met:
- The interface on which the packet comes into the router
is the same interface on which the packet gets routed out.
- The subnet or network of the source IP address is on
the same subnet or network of the next-hop IP address of the routed
packet.
- The datagram is not source-routed.
- The kernel is configured to send redirects. (By
default, Cisco routers send ICMP redirects. The interface subcommand no ip redirects can be used to disable ICMP
redirects.)
Note: ICMP redirects are disabled by default if Hot Standby Router
Protocol (HSRP) is configured on the interface. In Cisco IOS Software Release
12.1(3)T and later, ICMP Redirect is allowed to be enabled on interfaces
configured with HSRP. For more information, refer to HSRP Support for ICMP
Redirects section of Hot Standby Router Protocol Features and Functionality.
For example, if a router has two IP addresses on one of its
interfaces:
!
interface
ethernet 0
ip address 171.68.179.1 255.255.255.0
ip address 171.68.254.1 255.255.255.0
secondary
!
If the router receives a packet that is sourced from a host in the
subnet 171.68.179.0 and destined to a host in the subnet 171.68.254.0, the
router does not send an ICMP redirect because only the first condition is met,
not the second.
The original packet for which the router sends a redirect still
gets routed to the correct destination
