ICMP Redirect on Cisco IOS

ICMP redirect messages are used by routers to inform hosts that there is a better next hop to reach a certain destination. Take a look at the following topology for an example:

Cisco R1 R2 ICMP Redirect

Let me explain the topology above:

  • R1, R2 and the host are connected to the 192.168.12.0 /24 network.
  • R1 is connected to an ISP to reach the Internet, it will use a default route to get there.
  • R2 is connected to R3, there’s a server behind R3 that is reachable at IP address 3.3.3.3.
  • R1 uses a static route to reach 3.3.3.3.
  • Hosts on the 192.168.12.0 /24 network will use R1 as their default gateway.

Whenever our host tries to reach 3.3.3.3 then it will send its packets to its default gateway. R1 however has a static route for this destination that points to R2.

This is a bit pointless since packets from the host will enter and exit the same interface on R1. To prevent this from happening, our routers can use ICMP redirect.

When R1 receives IP packets from the host with 3.3.3.3 as its destination then it will send an ICMP redirect message telling the host to use R2 as their gateway for this destination. Most hosts will respect these ICMP messages and will use R2 to reach 3.3.3.3 from now on.

Cisco IOS routers will send ICMP redirects when the following conditions are met:

  • The IP packet should be received and transmitted on the same interface.
  • The source IP address of the incoming packet should be on the same subnet as the new next hop IP address.
  • The IP packet doesn’t use source routing.
  • ICMP redirect has to be enabled, on Cisco IOS routers this is enabled by default.

Let’s take a look at some configuration examples so you can see how this works. I’ll use the following topology for this:

ICMP Redirect Windows Linux Cisco Host

I will use the same topology but I’ve added a couple of hosts:

  • Windows 8 host
  • Linux host
  • Cisco router as host (IP routing disabled)

Let’s see how these hosts act when they receive an ICMP redirect.

Configuration

First let me show you the routing tables of R1 and R2:

R1#show ip route static | begin via
S*    0.0.0.0/0 [1/0] via 192.168.14.4
      3.0.0.0/32 is subnetted, 1 subnets
S        3.3.3.3 [1/0] via 192.168.12.2

R1 has two static routes, a default route and an entry for 3.3.3.3. Here’s R2:

R2#show ip route static | begin via
S        3.3.3.3 [1/0] via 192.168.23.3

R2 only has a static route for 3.3.3.3 with R3 as its next hop.

Let’s enable ICMP debugging on R1, this will show us when R1 is sending ICMP redirects:

R1#debug ip icmp 
ICMP packet debugging is on

Now let’s generate some traffic from our hosts.

Windows Host

We will start with the Windows host. Let’s send a ping to 3.3.3.3:

C:Usersvmware>ping 3.3.3.3

Pinging 3.3.3.3 with 32 bytes of data:
Reply from 3.3.3.3: bytes=32 time=4ms TTL=254
Reply from 3.3.3.3: bytes=32 time=1ms TTL=254
Reply from 3.3.3.3: bytes=32 time=2ms TTL=254
Reply from 3.3.3.3: bytes=32 time=2ms TTL=254

Ping statistics for 3.3.3.3:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 1ms, Maximum = 4ms, Average = 2ms

We don’t see anything spectacular on the host but R1 generates the following message:

We're Sorry, Full Content Access is for Members Only...

If you like to keep on reading, Become a Member Now!

  • Learn any CCNA, CCNP and CCIE R&S Topic. Explained As Simple As Possible.
  • Try for Just $1. The Best Dollar You’ve Ever Spent on Your Cisco Career!
  • Full Access to our 799 Lessons. More Lessons Added Every Week!
  • Content created by Rene Molenaar (CCIE #41726)
560 Sign Ups in the last 30 days
satisfaction-guaranteed

  • 100% Satisfaction Guaranteed!
  • You may cancel your monthly membership at any time.
  • No Questions Asked!

Tags: ,


Forum Replies

  1. Hi Rene,
    How to disable the ip redirect (receive) in Router acting as a host?

    Thanks ,
    Srini

  2. Hi Srini,

    Hmm good question, I’m not sure if there is a command for it to disable this. You might be able to filter the incoming ICMP redirect message with an access-list, that could do the trick.

    This is an exception situation btw, IP routing has to be disabled on the router which is not a common thing to do.

    Rene

  3. Hi Rene,

    The IP redirect only redirect ICMP? Any other protocol will redirect other than this?

    Davis

  4. Hi Davis,

    When you receive an ICMP redirect then it will apply to all IPv4 traffic.

    Rene

12 more replies! Ask a question or join the discussion by visiting our Community Forum