Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
438
Views
0
Helpful
0
Replies

icmp redirect question

pascalfr0
Level 1
Level 1

‎12-08-2015 11:29 AM - edited ‎03-08-2019 03:01 AM

We have a network topology I would like to modify for standardization purpose to match the following configuration.
My question will deal mainly with icmp redirect.

On a single interconnexion network, 192.168.1.0/24, we would have :
- our provider gateway (routerX), 192.168.1.1,
- a firewall cluster (routerA) granting access to our datacenter 192.168.1.4,
- another firewall cluster (routerB) giving access to specific environments, 192.168.1.8.

Routing tables :
- provider gateway/router X :
0.0.0.0/0 via provider backbone
10.1.0.0/16 via routerA,
172.16.1.0/24 via routerB

- routerA
0.0.0.0/0 via routerX
10.1.0.0/16 via local datacenter L3 core switches.

- routerB
0.0.0.0/0 via routerX
172.16.1.0/24 via local small L3 switches.

I don't want to install routes on routerA to join 172.16.10/24 via router B, or to install routes on router B to join 10.1.0.0/16 via routerA, though they reside on the same interconnexion network.
I'd rather have kind of a hub and spoke topology where trafic between 10.1.0.0/16 and 172.16.1.0/24 must be routed through router X.
I know that's not bandwidth efficient, but there are other reasons behind this design.

I want to be sure that configuration will not lead router X to generate a lot of icmp redirect messages.
As far as I know, routerX shouldn't sent any ICMP redirect when receiving traffic from source 172.16.1.x towards 10.1.x.x (or vice versa), as router X isn't directly attached to any of these networks.
It should only redirect trafic coming from 192.168.1.x toward 172.16.1.x or 10.1.x.x. But as the only hosts on 192.168.1.x are routers or firewalls and will generate little to no trafic with their interfaces as source addresses, this shouldn't be an issue.

Can you confirm my understanding of this point ?

sources :

from Cisco :http://www.cisco.com/c/en/us/support/docs/ip/routing-information-protocol-rip/13714-43.html

    When Are ICMP Redirects Sent?
Cisco routers send ICMP redirects when all of these conditions are met:
The interface on which the packet comes into the router is the same interface on which the packet gets routed out.
The subnet or network of the source IP address is on the same subnet or network of the next-hop IP address of the routed packet. //not the case here
The datagram is not source-routed.
The kernel is configured to send redirects. (By default, Cisco routers send ICMP redirects.

RFC 792, page 13:

    The gateway sends a redirect message to a host in the following situation. A gateway, G1, receives an internet datagram from a host on a network to which the gateway is attached. The gateway, G1, checks its routing table and obtains the address of the next gateway, G2, on the route to the datagram's internet destination network, X. If G2 and the host identified by the internet source address of the datagram are on the same network, a redirect message is sent to the host. The redirect message advises the host to send its traffic for network X directly to gateway G2 as this is a shorter path to the destination. The gateway forwards the original datagram's data to its internet destination.

Labels:
0 Helpful
0 Replies 0
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card