I’am not a good gateway… set redirection!

In this lab PC1 tries to communicate with PC2

R1, R2 and R3 are in the same network

Static routing is configured on routers R1, R2 and R3 such as

At R2, PC-2 network is reachable via R1

At R3, PC-1 network is reachable via R1

A “debug ip cef input” on R2 shows the packet is received

The same debug on R3 shows that

The same thing done on R1 shows that the packets from R2 and R3 are being received by R1

But what are the ethernet mac addresses being used

in the packet from pc-1, the source mac address is set to R1

in the packet from pc-2, the destination mac is set to R1 too

The arp table shows the mac address ip address correspondence in vlan 204

But R1 is not on the optimal path between R2 and R3

Traffic from R2 must cross network twice to reach PC-2 behind R3

Why in this case, the ip icmp redirect is not into play? R1 could hint R2 on a better gateway that is R3 to reach PC-2 network…

the show command confirms that redirects were sent

checked the version of these routers

the ip redirects are enabled on the ip interfaces

and globally

Let’s send a ping directly from R2 and enable a debug icmp

Now we check that a redirect messages was received from R1 for and hints him to use the gateway R3 instead

On R1 we check

And nothing happens on R3 (the second gateway!)

What is the most suitable option? Have R3 to send the ip redirect? Or keep R1?

Even if R1 receives redirection messages, the path PC-1 packets take does not change

a trace from PC-1 shows that the path includes R1

Let’s disable ip routing on R2, and configure a default gateway towards R1, and see

Now the redirection is installed

and confirmed by packets being sent to R3 mac address directly instead of R1’s (redirect, ARP, echo request, reply)

We enable the ip routing on R2 and configure it to NAT PC-1 traffic now

R1 still sends ip redirects

But these packets do not get processed by R2

at least the debug ip icmp returns nothing…

a debug ip nat shows that packets from R1 get Nated too

On the wire (R1 and R2 link) we check that redirects are sent

Traffic from R1 (redirects) gets also Nated, passes through R2!

And redirects are being received by PC-1

A regular traffic from R1 (marked by a packet size of 1500 bytes) did not get passed through R2 evenif Nat sessions are still active

What RFC 792 says? about icmp redirection?

R1 checks the packet is coming from (source ip address)

it checks its routing table and found a better gateway towards R3

the packet source ip and R3 fa0/0 interface are on the same subnet

R1 sends a redirect message to R2

a full redirect message received by R2

if we consider the first ipv4 header, why this packet get Nated?

is the identification field, in the ip packet, used in overload Nat to distinguish and identify Nat sessions from the same host? in this case why does R2 consider the embedded ipv4 packet? instead of the outer one…

when ip routing is disabled we’ve seen that R2 does not use ip redirects (icmp) it receives…


Learn More →

Leave a Reply

Translate »