Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4244
Views
39
Helpful
16
Replies

ip redirects - which direction?

Kevin Dorrell
Level 10
Level 10

‎02-05-2014 07:29 AM - edited ‎03-07-2019 06:01 PM

I am troubleshooting an issue with CPU utilization on a 3750X stack. The show controllers cpu-interface tells me that the icmp queue counter is growing quite fast ... about 5000 per second. I read that this is a queue for ICMP redirect messages.

Now, I know what ICMP redirects are about, and how they are supposed to work. What I need to know is what would be the effect of the no ip redirects command on the SVI of the switch? Which direction of traffic does it apply to? Would it be:

  1. If I receive a packet, and I know a better router that could handle it, but I will not send a redirect to tell the host so,
  2. If I forward a packet, and receive a redirect, then I will not take the redirection into account,
  3. Both of the above,
  4. None of the above.

Thanks in advance.

Kevin Dorrell

Luxembourg

Labels:
0 Helpful
16 Replies 16

Joseph W. Doherty
Hall of Fame
Hall of Fame
In response to Jon Marshall

‎02-07-2014 06:25 AM 

jon.marshall wrote:
Kevin 
P.S.  I am astounded that the forum has censored the colloqualism I just used!  I hear that expression enough during Cisco-Live presentations.  I never even occurred to me that it might be misinterpreted
  
Yes, i've been caught out a few times with this as well. Whoever is responsible for which words you can and cannot use is a very sensitive soul

My favorite is when I try write about multiple autonomous systems, using the command abbreviation, AS, and then trying to add a "s" for plural.

0 Helpful

Kevin Dorrell
Level 10
Level 10

‎02-08-2014 07:04 AM

Thanks for all your help guys.  This forum is awesome.  Yes, I know I could sort it out by going into a corner with GNS3, but somehow talking it over with my peers is a much better way of learning.

Anyway, I did  go and try a few things in the lab.  First of all, Rick is right to say that the router does not take any account of incoming redirects ... unless you have no ip routing, in which case you have a host and not a router any more.  If you do disable ip routing, then it does take account of redirects, storing them in a cache which you can see with show ip redirects.  Now, if it is acting as a host, can you get it to ignore the redirects?  No you cannot.  The command no ip redirects has no effect on incoming redirects.  So the router is behaving as a host, and not a very secure one at that(!).

I also tested the normal operation of ip redirects, and no ip redirects does disable the generation of IP redirect message.

I did find one difference between my router lab and my live production 3750X though.  In the lab, my 3640 did not attempt to generate an ip redirect to the alternate gateway unless the alternate gateway was on the same subnet as the source of the original packet.  So it would not generate a redirect for a packet that was coming in from its primary subnet and getting sent out to a gateway in its secondary subnet.

Kevin Dorrell

Luxembourg

Customers Also Viewed These Support Documents