ICMP Redirect

Table of Contents

1

What is ICMP Redirect?

An ICMP redirect message is a message in which the router informs the source host of an IP packet of the appropriate next-hop address for the destination IP address.

ICMP Redirect Behavior

ICMP Redirect informs the source host of the appropriate next hop to the destination IP address. Specifically, routers send ICMP redirect messages when the interface that received the packet and the interface that outputs the packet are the same.

Figure: Triggering of ICMP Redirect Messages

Consider the following network diagram for ICMP redirect message behavior.

Figure: ICMP Redirect Message Example Network Diagram

In this network diagram, when an IP packet is sent from the host to 192.168.2.2, R1 sends an ICMP redirect message to the host.

The IP address of 192.168.12.1 on R1 is specified as the default gateway for the host. Therefore, when a packet is sent from the host to 192.168.2.2, it is first forwarded to the default gateway 192.168.12.1.
R1 checks the destination IP address of the received packet against the routing table; it matches the routing information for 192.168.2.0/24 and forwards it to R2 (192.168.12.2). Packets can be forwarded, but the forwarding path is not efficient. Forwarding directly from the host to Router 2 is a more efficient forwarding path.
To inform the host of an efficient forwarding route to the destination IP address, R1 sends ICMP redirect messages to the host. The same interface (IF1) that received the packet from the host and the same interface (IF1) that outputs the packet is the trigger for sending the ICMP redirect message. It informs the host (192.168.12.100) to forward packets to 192.168.12.2 when sending packets to the destination (192.168.2.2).
Upon receiving an ICMP redirect message, the host automatically adds the destination IP address information to its routing table.
Thereafter, the host will forward IP packets addressed to IP address 192.168.2.2 to R2 (192.168.12.2).

Notice

The route information in the routing table for the host added by the ICMP redirect message will be the /32 host route.
Route information by ICMP redirect messages is not added if blocked by the host firewall or if ICMP redirect messages are disabled in the OS.
For added security, it is advisable to disable the addition of route information via ICMP redirect messages.
一定時間でICMPリダイレクトメッセージによって追加されたルート情報は削除されます。(Windowsでは10分間)

Configuration of ICMP redirect messages (Cisco)

Cisco routers are enabled to send ICMP redirect messages by default with the following command on the interface.

Enable ICMP redirect sending

(config)#interface <interface-name>
(config-if)#ip redirects

<interface-name> : Interface name

To disable the sending of ICMP redirect messages, enter the no ip redirects command.

Disable ICMP redirect sending

(config)#interface <interface-name>
(config-if)#no ip redirects

<interface-name> : Inerface name

Enabling/disabling the sending of ICMP redirect messages can be found with the show ip interface command.

Verify ICMP redirect sending show ip interface

R1#show ip interface fastEthernet 0/0
FastEthernet0/0 is up, line protocol is up
  Internet address is 192.168.12.1/24
  Broadcast address is 255.255.255.255
  Address determined by setup command
  MTU is 1500 bytes
  Helper address is not set
  Directed broadcast forwarding is disabled
  Outgoing access list is not set
  Inbound  access list is not set
  Proxy ARP is enabled
  Local Proxy ARP is disabled
  Security level is default
  Split horizon is enabled
  ICMP redirects are always sent
  ICMP unreachables are always sent
  ICMP mask replies are never sent
-- omitted --