Re: ICMP redirects RV320

dickson.cheng@gmail.com · ‎09-02-2018

Hello,

I have used the RV320 interVLAN routing function, my access point talking to my Controller with 2 different subnet. However, the RV320 is sending ICMP redirect for both my Access point and controller for the TCP traffic.

Do you know how to stop the icmp redirect? why the RV320 is doing this?

Thanks,

Dickson

ptimmons · ‎08-04-2019

Hi.

I have that same problem on a rv325 with firmware 1.4.2.22 (when I started to use vlans).

I have a device that starts doing arp requests because of the ICMP Redirect and hence can't be reached from other vlans. The device is on port 10 (and port 13 in a active/backup mode) and the client is on port 2.

As far as I know (rfc-792 - Internet Control Message Protocol - page 12 - Redirect message - Description) a ICMP Redirect should not be sent in this case.

      The gateway sends a redirect message to a host in the following
      situation.  A gateway, G1, receives an internet datagram from a
      host on a network to which the gateway is attached.  The gateway,
      G1, checks its routing table and obtains the address of the next
      gateway, G2, on the route to the datagram's internet destination
      network, X.  If G2 and the host identified by the internet source
      address of the datagram are on the same network, a redirect
      message is sent to the host.  The redirect message advises the
      host to send its traffic for network X directly to gateway G2 as
      this is a shorter path to the destination.  The gateway forwards
      the original datagram's data to its internet destination.

Hyperion:~ timmons$ tcpdump -r Desktop/Hyperion-vlan10_to_TS-412_vlan1\ -\ ICMP.pcapng  -n -N -# -e
reading from PCAP-NG file Desktop/Hyperion-vlan10_to_TS-412_vlan1 - ICMP.pcapng
 
    1  16:33:39.951392 04:0c:ce:e3:65:fe > 00:f6:63:f3:56:4c, ethertype 802.1Q (0x8100), length 82: vlan 10,  p 0, ethertype IPv4, 192.168.10.37.49537 > 192.168.2.16.8080:
       Flags [S], seq 419718586, win 65535, options [mss 1460,nop,wscale 5,nop,nop,TS val 588675992 ecr 0,sackOK,eol], length 0

    2  16:33:39.951996 00:f6:63:f3:56:4c > 00:08:9b:cf:5f:0e, ethertype 802.1Q (0x8100), length 82: vlan 1,   p 0, ethertype IPv4, 192.168.10.37.49537 > 192.168.2.16.8080:
       Flags [S], seq 419718586, win 65535, options [mss 1460,nop,wscale 5,nop,nop,TS val 588675992 ecr 0,sackOK,eol], length 0

    3  16:33:39.952054 00:08:9b:cf:5f:0e > 00:f6:63:f3:56:4c, ethertype 802.1Q (0x8100), length 78: vlan 1,   p 0, ethertype IPv4, 192.168.2.16.8080 > 192.168.10.37.49537:
       Flags [S.], seq 238353122, ack 419718587, win 14480, options [mss 1460,sackOK,TS val 42594202 ecr 588675992,nop,wscale 5], length 0

    4  16:33:39.952485 00:f6:63:f3:56:4c > 00:08:9b:cf:5f:0e, ethertype 802.1Q (0x8100), length 106: vlan 1,  p 0, ethertype IPv4, 192.168.2.1 > 192.168.2.16:
       ICMP redirect 192.168.10.37 to host 192.168.10.37, length 68

    5  16:33:39.952490 00:f6:63:f3:56:4c > 04:0c:ce:e3:65:fe, ethertype 802.1Q (0x8100), length 78: vlan 10,  p 0, ethertype IPv4, 192.168.2.16.8080 > 192.168.10.37.49537:
       Flags [S.], seq 238353122, ack 419718587, win 14480, options [mss 1460,sackOK,TS val 42594202 ecr 588675992,nop,wscale 5], length 0

    6  16:33:39.952492 00:08:9b:cf:5f:0e > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 64: vlan 1,   p 0, ethertype ARP,
       Request who-has 192.168.10.37 tell 192.168.2.16, length 46

    7  16:33:39.953227 04:0c:ce:e3:65:fe > 00:f6:63:f3:56:4c, ethertype 802.1Q (0x8100), length 70: vlan 10,  p 0, ethertype IPv4, 192.168.10.37.49537 > 192.168.2.16.8080:
       Flags [.], ack 1, win 4117, options [nop,nop,TS val 588675995 ecr 42594202], length 0

    8  16:33:39.953330 00:f6:63:f3:56:4c > 00:08:9b:cf:5f:0e, ethertype 802.1Q (0x8100), length 70: vlan 1,   p 0, ethertype IPv4, 192.168.10.37.49537 > 192.168.2.16.8080:
       Flags [.], ack 1, win 4117, options [nop,nop,TS val 588675995 ecr 42594202], length 0

    9  16:33:39.954240 04:0c:ce:e3:65:fe > 00:f6:63:f3:56:4c, ethertype 802.1Q (0x8100), length 415: vlan 10, p 0, ethertype IPv4, 192.168.10.37.49537 > 192.168.2.16.8080:
       Flags [P.], seq 1:346, ack 1, win 4117, options [nop,nop,TS val 588675995 ecr 42594202], length 345: HTTP: GET /filestation/ HTTP/1.1

   10  16:33:39.954244 00:f6:63:f3:56:4c > 00:08:9b:cf:5f:0e, ethertype 802.1Q (0x8100), length 415: vlan 1,  p 0, ethertype IPv4, 192.168.10.37.49537 > 192.168.2.16.8080:
       Flags [P.], seq 1:346, ack 1, win 4117, options [nop,nop,TS val 588675995 ecr 42594202], length 345: HTTP: GET /filestation/ HTTP/1.1

   11  16:33:39.999253 04:0c:ce:e3:65:fe > 00:f6:63:f3:56:4c, ethertype 802.1Q (0x8100), length 415: vlan 10, p 0, ethertype IPv4, 192.168.10.37.49537 > 192.168.2.16.8080:
       Flags [P.], seq 1:346, ack 1, win 4117, options [nop,nop,TS val 588676040 ecr 42594202], length 345: HTTP: GET /filestation/ HTTP/1.1

   12  16:33:39.999256 00:f6:63:f3:56:4c > 00:08:9b:cf:5f:0e, ethertype 802.1Q (0x8100), length 415: vlan 1,  p 0, ethertype IPv4, 192.168.10.37.49537 > 192.168.2.16.8080:
       Flags [P.], seq 1:346, ack 1, win 4117, options [nop,nop,TS val 588676040 ecr 42594202], length 345: HTTP: GET /filestation/ HTTP/1.1

So, is this a bug or am I misconfiguring the router?

Here is the relevant config on the rv325:

DHCP server is ISC DHCP:

subnet 192.168.2.0 netmask 255.255.255.0 {

        range 192.168.2.248 192.168.2.254;
        option routers 192.168.2.1;
        option broadcast-address 192.168.2.255;

        default-lease-time 86400; # 24 hours
        max-lease-time 2592000;

}

subnet 192.168.10.0 netmask 255.255.255.0 {

        range 192.168.10.248 192.168.10.254;
        option routers 192.168.10.1;
        option broadcast-address 192.168.10.255;
                
        default-lease-time 2592000; # 30 days
        max-lease-time 2592000; # 30 hours

}

host hyperion-w {
        hardware ethernet 04:0c:ce:e3:65:fe;
        fixed-address 192.168.2.37, 192.168.8.37, 192.168.9.37, 192.168.10.37;
}