ICMP redirect ageing timer

huw.morgan · ‎04-30-2013

Amazed I cannot find this in any documentation but I want to know the default ageing timer for ICMP redirects on a 3750 switch running at layer 2. Can anyone help?

cadet alain · ‎04-30-2013

Hi,

ICMP redirects is enabled/disabled on a L3 interface not on a L2. What do you mean by timer ? I don't know about such timer as far as I know.

Regards

Alain

Don't forget to rate helpful posts.

shanemoss · ‎04-30-2013

The ICMP timeout value will be on the client machine and its actual value will depend on the OS.

Some Linux clients have a setting gc_timeout which specifies how long an ICMP redirected route should remain in its routing table before being flushed. On some kernel versions this value specifies how long the redirected route should remain in the table after traffic is sent to a particular destination i.e. an idle timer, rather than an absolute time.

dm · ‎09-03-2015

OK, which timer has cisco ios on catalyst 2960?

because just hit this on catalyst 2960

sh ip redirects
Default gateway is 10.4.3.10

Host Gateway Last Use Total Uses Interface
192.168.22.195 10.4.3.1 0:00 1594184 Vlan1

gateway 10.4.3.1 died several hours ago and only way to get this switch accessible from monitoring host ( 22.195) is to execute clear ip redirect...

Thank you!

huw.morgan · ‎04-30-2013

Sorry, you both misunderstand.

The layer 2 switch is the device receiving ICMP redirects. I want to know how long it keeps such entries in its cache.

cadet alain · ‎04-30-2013

Hi,

all it keeps in the CAM table is a dynamic entry with the source MAC of the L3 interface of the router which sent the ICMP redirect and this entry ages out after 5 mins of inactivity but if this same source MAC is sending traffic the counter rolls back to 5 mins.

Regards

Alain

Don't forget to rate helpful posts.

shanemoss · ‎04-30-2013

Hi folks,

I'm assuming that entries will time out but they take longer than 5 minutes to do so; the output below shows that some "last use" which is an idle timer values are as high as 11 minutes. My best guess is that it will be the same as the default ARP timeout value of four hours.

tc28_nlb2_sw1#sho ip redirects

Default gateway is 10.2.28.7

Host Gateway Last Use Total Uses Interface

8.8.8.8 10.2.28.1 0:10 4 Vlan28

10.2.0.1 10.2.28.1 0:02 20 Vlan28

10.4.0.1 10.2.28.1 0:01 15 Vlan28

10.100.109.23 10.2.28.1 0:04 72 Vlan28

10.3.14.67 10.2.28.1 0:11 2 Vlan28

10.5.76.33 10.2.28.1 0:01 908 Vlan28

10.3.103.23 10.2.28.1 0:04 341 Vlan28

cadet alain · ‎04-30-2013

Hi,

I thought the OP was asking about the L2 switches that was forwarding the ICMP redirect not the switch with a management interface receiving the ICMP redirect.

Regards

Alain

Don't forget to rate helpful posts.

shanemoss · ‎04-30-2013

You are probably correct Alain, we'll await clarification. S.

huw.morgan · ‎04-30-2013

No - it is the switch as the "client" that I meant. I suspected it might be the same as the ARP timer, but I can't find a definitive answer anywhere.

shanemoss · ‎04-30-2013

I can't find it anywhere in any show command etc. It's probably hardcoded. By observation however, I can see that the idle timeout for the redirect entry is 4 hours;

Now you see it. (8.8.8.8)

tc28_nlb2_sw1#sho ip redirect

Default gateway is 10.2.28.7

Host Gateway Last Use Total Uses Interface

8.8.8.8 10.2.28.1 4:00 4 Vlan28

10.2.0.1 10.2.28.1 0:00 114 Vlan28

10.4.0.1 10.2.28.1 0:01 107 Vlan28

Now you don't.

tc28_nlb2_sw1#sho ip redirect

Default gateway is 10.2.28.7

Host Gateway Last Use Total Uses Interface

10.2.0.1 10.2.28.1 0:00 114 Vlan28

10.4.0.1 10.2.28.1 0:01 107 Vlan28

huw.morgan · ‎04-30-2013

That is the same as the ARP timer isn't it? Might be interesting to see if it actually uses the same timer, or if it's hard coded.

Thanks

Toivo · ‎08-08-2018

We've run into this recently with IOS-XE (3650s), and it appears the entries never time out.

joby_ccna · ‎05-10-2019

Hi,

Tested today and it is 4 hours

Cisco-3850#sh ip redirects
Default gateway is 10.10.10.1

Host Gateway Last Use Total Uses Interface
a.b.c.d 10.10.10.1 3:49 0 Vlan125
a.b.c.e 10.10.10.1 3:52 0 Vlan125
a.b.c.f 10.10.10.1 4:00 0 Vlan125
a.b.c.g 10.10.10.1 4:00 0 Vlan125
a.b.c.h 10.10.10.1 3:59 0 Vlan125
a.b.c.i 10.10.10.1 0:00 0 Vlan125

Thanks

joby_ccna · ‎05-11-2019

Hello All,

Good Day

ICMP redirect command causes service impact or connectivity problem in some situations. Imagine you have an access switch, core switch and two wan routers ( primary and secondary). If the primary wan router went down and the traffic moved to the secondary wan router but the access switch had still the routing table of some subnets pointing to the old primary router, even you had a default route pointing to the core switch. If you clear arp entry also, it will not solve this issue, you need to manually, clear the IP redirect table by clear ip redirect.

Again, later the primary router comes up and now the routing table in access switches for some subnet still pointing to secondary wan router and services will not be accessible who are all connected to the Access switch.

So it is better to disable the redirect command by 'no ip redirects'.

Thanks,

Jobi