The ICMP Redirect

You will not find this very often though, you may come across a network where there are two routers on the same broadcast segment, each responsible for different networks.

So how do you get your hosts to know which gateway should they use? You could setup two default gateways – both Windows and Linux allow that. However, you could also rely on ICMP Redirects. In this blog, I will show you what ICMP redirect is and in what circumstances it can be useful.

I will be working on the following topology:

The routing table on HOST1 and ROUTER1 look like this:

You can see that HOST1 is set with one single gateway of 192.168.1.254 pointing at ROUTER1 which in turn, is configured with a default gateway pointing to ROUTER2.

Ok … now let’s see the routing in action and to kick it off, I will send few ICMP packets down to 192.168.3.4. Once this is done, let’s check the routing tables again:

The following is to be noticed:

  • The ping was successful telling us that packets got delivered successfully
  • ROUTER1 sends an ICMP redirect message to HOST1 which should be read as: Next time you need to send a packet to the host with IP address 192.168.3.1, use ROUTER2 directly (192.168.1.253).
  • As a result of the ICMP redirect message, HOST1 has automatically installed o host route for 192.168.3.1, pointing to 192.168.1.253

In more details, this is what happens:

  1. When HOST1 sends ICMP packets to HOST4, HOST1 identifies the destination IP is not on the same LAN and as a result, will send the packets to ROUTER1.
  2. ROUTER1 knows how to reach 192.168.3.0 network through ROUTER2 and will therefore forward the packet to ROUTER2 – but it does so, using the same interface as where the packet was received! This will then trigger he ICMP Redirect message.
  3. Next time HOST1 sends a packet to host 192.168.3.1, it will use the gateway of 192.168.1.253.

This is different from standard cases whereby, ROUTER1 would forward the traffic out to another router using a different interface from the one the packet was received on!

Just to emphasise again – the new automatically added route on HOST1, is a host route; not a network route. You can imagine what would happen in a network with hundreds of hosts behind ROUTER2, right?

Furthermore, as useful as this feature can be, it should be disabled as it brings security concerns. I personally believe that having to enable ICMP redirects, would be a result of a bad network design.

Thank you,

Rafael A. Couto Cabral • LinkedIn Profile
Cisco​ | F5 | VMware Certified • PRINCE2 Practitioner

Originally posted 2019-04-18 10:00:56.

Related Post

  • 1
    Share

Leave a Reply