Solved: sh ip route ICMP redirect cache

afsharki2 · ‎11-17-2015

Hello,

I don't believe I have posted this question in the right section. I have a bunch of access layer switches like 3850s, 2960x and 4510s.

I was wondering, why does my 2960x switches show this when exectuing 'sh ip route':

Default gateway is 1.1.1.1

Host Gateway Last Use Total Uses Interface
ICMP redirect cache is empty

And when excecuting it on other switches like 3850 and 4510, they actually show a routing tables with a couple entries like the connected, local and static route out of the switch.

Is this just platform based?

what is the ICMP redirect cache in a nutshell?

Thank you

Peter Paluch · ‎11-17-2015

Hi,

This is because your 2960-X switches are not configured with ip routing command and therefore do not have their own routing table; instead, they use the default gateway specified by the ip default-gateway to talk to anyone outside their management VLAN. On the 3850 and 4510, you are probably having the ip routing configured and so they behave like routers as well as switches, including a normal routing table.

ICMP Redirect messages were used in old times when hosts such as workstations did not allow their administrator to define multiple gateways toward multiple targets. On these hosts, you could have only a single default gateway configured, but you could still be connected to a network with multiple routers, each one of them providing connectivity to a different target network. If the workstation sent a packet to its preconfigured gateway but this gateway had to forward the packet back the same interface it came through to a different router, it could send an ICMP Redirect message to the host saying: "Hey, to reach this destination, don't use me; rather, use this different gateway - you'll save an unnecessary hop this way."

ICMP Redirect messages can still be used but nowadays, they're not as important as they once were.

Feel welcome to ask further!

Best regards,
Peter

View solution in original post

Peter Paluch · ‎11-17-2015

Hi,

This is because your 2960-X switches are not configured with ip routing command and therefore do not have their own routing table; instead, they use the default gateway specified by the ip default-gateway to talk to anyone outside their management VLAN. On the 3850 and 4510, you are probably having the ip routing configured and so they behave like routers as well as switches, including a normal routing table.

ICMP Redirect messages were used in old times when hosts such as workstations did not allow their administrator to define multiple gateways toward multiple targets. On these hosts, you could have only a single default gateway configured, but you could still be connected to a network with multiple routers, each one of them providing connectivity to a different target network. If the workstation sent a packet to its preconfigured gateway but this gateway had to forward the packet back the same interface it came through to a different router, it could send an ICMP Redirect message to the host saying: "Hey, to reach this destination, don't use me; rather, use this different gateway - you'll save an unnecessary hop this way."

ICMP Redirect messages can still be used but nowadays, they're not as important as they once were.

Feel welcome to ask further!

Best regards,
Peter

afsharki2 · ‎11-17-2015

Great answer, thanks very much!

You are right about the configuration. Now I'm wondering why IP routing is enabled on my other switches, when all they need is a default gateway like the 2960x!? They are just access layer switches connected to a distribution switch; no other paths, just one way out.

Peter Paluch · ‎11-17-2015

Hi,

You are welcome! :)

Regarding why some of your switches use ip routing while others don't, it would appear that on 3850 and 4510, ip routing is on by default. The 2960/3550/3560/3750 series Catalysts did not have the ip routing on by default - it had to be activated explicitly.

This is actually something worth keeping an eye on. The gotcha is that on devices that have ip routing configured, the ip default-gateway command has no effect even though it can be configured. Instead, on these devices, the default gateway has to be configured as a default route using the well-known ip route 0.0.0.0 0.0.0.0 next-hop-address command.

Best regards,
Peter

afsharki2 · ‎11-18-2015

Hey Peter,

Thanks for the help. I just have one more quick question: All the access switches that have the routing tables active - how do i find the 'ip routing' command in the sh run? I cannot find it when searching the show run.

thank you

Peter Paluch · ‎11-18-2015

Hi,

how do i find the 'ip routing' command in the sh run? I cannot find it when searching the show run.

This command obviously falls under the class of commands whose default value is not displayed in the running-config. Only if you configured no ip routing this command would be visible in the configuration. Of course, please do not attempt to configure this on a real network, as you would most probably get yourself locked out of the device if accessing it remotely, and all parts of configuration that relate to routing would be automatically removed.

Sometimes, show running-config all can be used to display the configuration including the default commands and their values but I am not holding my breath here - your mileage may vary.

Best regards,
Peter