Redirecting ICMP with HSRP

Problem

You want to enable ICMP redirects with HSRP.

Solution

In older IOS releases, when you enable HSRP on an interface, the router will automatically disable ICMP redirection. However, starting with IOS Version 12.1(3)T, Cisco has changed how ICMP redirection works with HSRP, and it is now enabled by default.

You can explicitly enable ICMP redirects on HSRP-enabled interfaces with the following commands:

Router2#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router2(config)#interface FastEthernet 1/0
Router2(config-if)#standby redirects enable 
Router2(config-if)#exit
Router2(config)#end
Router2#

The following commands prevent the router from the sending ICMP redirects on HSRP-enabled interfaces:

Router2#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router2(config)#interface FastEthernet 1/0
Router2(config-if)#no ip redirects 
Router2(config-if)#standby redirects disable 
Router2(config-if)#exit
Router2(config)#end
Router2#

The unknown keyword allows you to use ICMP redirection to nonHSRP routers:

Router2#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router2(config)#interface FastEthernet 1/0
Router2(config-if)#standby redirects unknown 
Router2(config-if)#exit
Router2(config)#end
Router2#

 

Discussion

When a router receives a packet from a LAN interface, but the route to the destination points to another router on the same LAN segment, the router will send an ICMP Redirect message. This is a single packet that includes information about the better route for this destination. The router will also forward the original packet over to the other router. When the end device receives the ICMP Redirect packet, it updates its own internal routing table so that all future packets for this destination use the better router.

But ICMP redirection is not usually a good idea with HSRP because it will cause the end device to update its internal routing table to use the real IP address and MAC address of one of the routers when it tries to communicate with a particular remote segment. If this router were to fail, all communication to this remote segment would stop. However, the new functionality resolves this problem by using only the virtual IP and MAC addresses if the other router is running HSRP. If the other router doesn't run HSRP, then it must use the physical addresses, of course.

This also implies that you will never see an ICMP redirect to an HSRP router that is not in the active state, because the standby router doesn't have a virtual MAC address.

Router Configuration and File Management

Router Management

User Access and Privilege Levels

TACACS+

IP Routing

RIP

EIGRP

OSPF

BGP

Frame Relay

Handling Queuing and Congestion

Tunnels and VPNs

Dial Backup

NTP and Time

DLSw

Router Interfaces and Media

Simple Network Management Protocol

Logging

Access-Lists

DHCP

NAT

First Hop Redundancy Protocols

IP Multicast

IP Mobility

IPv6

MPLS

Security

Appendix 1. External Software Packages

Appendix 2. IP Precedence, TOS, and DSCP Classifications

Index



Cisco IOS Cookbook
Cisco IOS Cookbook (Cookbooks (OReilly))
ISBN: 0596527225
EAN: 2147483647
Year: 2004
Pages: 505

Flylib.com © 2008-2020.
If you may any questions please contact us: flylib@qtcs.net