RE: Why can not use both ICMP Redirect and HSRP ?

From: F. David Sinn (dsinn@cisco.com)
Date: Fri Feb 02 2001 - 16:07:29 EST


The confusion is who you ping, and who will respond from a ICMP redirect.

If you ping the actual router IP address, you will get the physical MAC
address as expected.

If you ping the HSRP address, you will get the shared virtual MAC address.

Both are correct operations.

Before the software change that was mentioned in another follow-up e-mail,
when the router responded via a ICMP redirect to a client, it would use it's
physical MAC address, not the shared virtual MAC address. So if that router
went down, the client that received the ICMP redirect would be sending
traffic into a black hole, and the benefit of HSRP is lost.

David

-----Original Message-----
From: Kent Yu [mailto:yux@lucent.com]
Sent: Friday, February 02, 2001 10:41 AM
To: cisco-nsp@puck.nether.net
Subject: Re: Why can not use both ICMP Redirect and HSRP ?

According to RFC 2281:"
While running HSRP, it is important to prevent the host from
   discovering the primary MAC addresses of the routers in its standby
   group. Thus, any protocol that informs a host of a router's primary
   address should be disabled. Thus, routers participating in HSRP on
   an interface MUST NOT send ICMP redirects on that interface."

If I simply do a ping from the host to the ip address on the interface(not
the HSRP address), the the host will learn the primary MAC address of the
interface anyway, right?
I am trying to figure out what is going to happen if I enable icmp redirect
on the interface running HSRP?

Kent



This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:12:27 EDT