Re: Why can not use both ICMP Redirect and HSRP ?

From: Kent Yu (yux@lucent.com)
Date: Fri Feb 02 2001 - 15:51:44 EST

Next message: F. David Sinn: "RE: [nsp] MSFC CPU Utilization Pegged at 99%....but a sh proc cpu does not reveal anything past 1%"
Previous message: Kris S. Amundson: "Re: Why can not use both ICMP Redirect and HSRP ?"
In reply to: lf@elemental.net: "Re: Why can not use both ICMP Redirect and HSRP ?"
Next in thread: Kris S. Amundson: "Re: Why can not use both ICMP Redirect and HSRP ?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Mail actions: [ respond to this message ] [ mail a new topic ]

Thanks Lars, I assumed the same, but definitely want to confirmation like
your post. The RFC 2281 really confuses me by saying "While running HSRP, it
is important to prevent the host from discovering the primary MAC addresses
of the routers in its standby
   group. Thus, any protocol that informs a host of a router's primary
   address should be disabled. Thus, routers participating in HSRP on
   an interface MUST NOT send ICMP redirects on that interface."

I think it means that if you use HSRP then you should not use the real ip
address as default gateway, and Cisco just disables it by default. Actually
if it is enabled, the traffic using the real ip address as their gateway
will be icmp-redirected the some other routers, this should have nothing to
do this HSRP, as other routers redundancy is not part of this HSRP
function. I am only talking about the old IOS version. Thanks for the infor
about the new feature.

Kent Yu

----- Original Message -----
From: <lf@elemental.net>
To: "Kent Yu" <yux@lucent.com>
Cc: <cisco-nsp@puck.nether.net>
Sent: Friday, February 02, 2001 3:06 PM
Subject: Re: Why can not use both ICMP Redirect and HSRP ?

> Quoting Kent Yu (yux@lucent.com):
>
> > If I simply do a ping from the host to the ip address on the
interface(not
> > the HSRP address), the the host will learn the primary MAC address of
the
> > interface anyway, right?
>
> Yes, the host will learn the MAC address of the primary interface
> but it won't use it for any traffic (apart from your ping). ICMP
> redirects are installed into the kernel routing table and are so
> used for your "normal" traffic.
>
> > I am trying to figure out what is going to happen if I enable icmp
redirect
> > on the interface running HSRP?
>
> You will get dynamic routes installed into your host's kernel with
> the primary address of other routers as the next-hop. When one of
> these routers fails you'll basically have to wait for the routes
> installed by ICMP redirects to time out before connectivity to
> certain networks is restored.
>
> IOS allows you to configure this if you want to loose the good
> fail-over time of HSRP.
>
> Starting with 12.1(3)T ICMP redirects are supported when the
> next-hop that is redirected to is also running HSRP. See
>
http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121newft/121
t/121t3/dt_hsrpi.htm
> for the details.
>
> Cheers.
> Lars.
> --
> Lars Fenneberg, lf@elemental.net (private), lf@mcs-cityline.net (work)

Next message: F. David Sinn: "RE: [nsp] MSFC CPU Utilization Pegged at 99%....but a sh proc cpu does not reveal anything past 1%"
Previous message: Kris S. Amundson: "Re: Why can not use both ICMP Redirect and HSRP ?"
In reply to: lf@elemental.net: "Re: Why can not use both ICMP Redirect and HSRP ?"
Next in thread: Kris S. Amundson: "Re: Why can not use both ICMP Redirect and HSRP ?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Mail actions: [ respond to this message ] [ mail a new topic ]

This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:12:27 EDT