In this lab PC1 tries to communicate with PC2
R1, R2 and R3 are in the same network
Static routing is configured on routers R1, R2 and R3 such as
At R2, PC-2 network is reachable via R1
At R3, PC-1 network is reachable via R1
A “debug ip cef input” on R2 shows the packet is received
The same debug on R3 shows that
The same thing done on R1 shows that the packets from R2 and R3 are being received by R1
But what are the ethernet mac addresses being used
in the packet from pc-1, the source mac address is set to R1
in the packet from pc-2, the destination mac is set to R1 too
The arp table shows the mac address ip address correspondence in vlan 204
But R1 is not on the optimal path between R2 and R3
Traffic from R2 must cross 123.0.0.0/24 network twice to reach PC-2 behind R3
Why in this case, the ip icmp redirect is not into play? R1 could hint R2 on a better gateway that is R3 to reach PC-2 network…
the show command confirms that redirects were sent
checked the version of these routers
the ip redirects are enabled on the ip interfaces
and globally
Let’s send a ping directly from R2 and enable a debug icmp
Now we check that a redirect messages was received from R1 for 23.0.0.1 and hints him to use the gateway R3 instead
On R1 we check
And nothing happens on R3 (the second gateway!)
What is the most suitable option? Have R3 to send the ip redirect? Or keep R1?
Even if R1 receives redirection messages, the path PC-1 packets take does not change
a trace from PC-1 shows that the path includes R1
Let’s disable ip routing on R2, and configure a default gateway towards R1, and see
Now the redirection is installed
and confirmed by packets being sent to R3 mac address directly instead of R1’s (redirect, ARP, echo request, reply)
We enable the ip routing on R2 and configure it to NAT PC-1 traffic now
R1 still sends ip redirects
But these packets do not get processed by R2
at least the debug ip icmp returns nothing…
a debug ip nat shows that packets from R1 get Nated too
On the wire (R1 and R2 link) we check that redirects are sent
Traffic from R1 (redirects) gets also Nated, passes through R2!
And redirects are being received by PC-1
A regular traffic from R1 (marked by a packet size of 1500 bytes) did not get passed through R2 evenif Nat sessions are still active
What RFC 792 says? about icmp redirection?
R1 checks the packet is coming from 123.0.0.0/24 (source ip address)
it checks its routing table and found a better gateway towards R3
the packet source ip and R3 fa0/0 interface are on the same subnet
R1 sends a redirect message to R2
a full redirect message received by R2
if we consider the first ipv4 header, why this packet get Nated?
is the identification field, in the ip packet, used in overload Nat to distinguish and identify Nat sessions from the same host? in this case why does R2 consider the embedded ipv4 packet? instead of the outer one…
when ip routing is disabled we’ve seen that R2 does not use ip redirects (icmp) it receives…