ICMP redirect messages are used by routers to inform hosts that there is a better next hop to reach a certain destination. Take a look at the following topology for an example:
Let me explain the topology above:
- R1, R2 and the host are connected to the 192.168.12.0 /24 network.
- R1 is connected to an ISP to reach the Internet, it will use a default route to get there.
- R2 is connected to R3, there’s a server behind R3 that is reachable at IP address 188.8.131.52.
- R1 uses a static route to reach 184.108.40.206.
- Hosts on the 192.168.12.0 /24 network will use R1 as their default gateway.
Whenever our host tries to reach 220.127.116.11 then it will send its packets to its default gateway. R1 however has a static route for this destination that points to R2.
This is a bit pointless since packets from the host will enter and exit the same interface on R1. To prevent this from happening, our routers can use ICMP redirect.
When R1 receives IP packets from the host with 18.104.22.168 as its destination then it will send an ICMP redirect message telling the host to use R2 as their gateway for this destination. Most hosts will respect these ICMP messages and will use R2 to reach 22.214.171.124 from now on.
Cisco IOS routers will send ICMP redirects when the following conditions are met:
- The IP packet should be received and transmitted on the same interface.
- The source IP address of the incoming packet should be on the same subnet as the new next hop IP address.
- The IP packet doesn’t use source routing.
- ICMP redirect has to be enabled, on Cisco IOS routers this is enabled by default.
Let’s take a look at some configuration examples so you can see how this works. I’ll use the following topology for this:
I will use the same topology but I’ve added a couple of hosts:
- Windows 8 host
- Linux host
- Cisco router as host (IP routing disabled)
Let’s see how these hosts act when they receive an ICMP redirect.
First let me show you the routing tables of R1 and R2:
R1#show ip route static | begin via S* 0.0.0.0/0 [1/0] via 192.168.14.4 126.96.36.199/32 is subnetted, 1 subnets S 188.8.131.52 [1/0] via 192.168.12.2
R1 has two static routes, a default route and an entry for 184.108.40.206. Here’s R2:
R2#show ip route static | begin via S 220.127.116.11 [1/0] via 192.168.23.3
R2 only has a static route for 18.104.22.168 with R3 as its next hop.
Let’s enable ICMP debugging on R1, this will show us when R1 is sending ICMP redirects:
R1#debug ip icmp ICMP packet debugging is on
Now let’s generate some traffic from our hosts.
We will start with the Windows host. Let’s send a ping to 22.214.171.124:
C:Usersvmware>ping 126.96.36.199 Pinging 188.8.131.52 with 32 bytes of data: Reply from 184.108.40.206: bytes=32 time=4ms TTL=254 Reply from 220.127.116.11: bytes=32 time=1ms TTL=254 Reply from 18.104.22.168: bytes=32 time=2ms TTL=254 Reply from 22.214.171.124: bytes=32 time=2ms TTL=254 Ping statistics for 126.96.36.199: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 1ms, Maximum = 4ms, Average = 2ms
We don’t see anything spectacular on the host but R1 generates the following message: