[nsp] ICMP redirects & secondary interfaces

From: Martin Cooper (mjc@cooper.org.uk)
Date: Mon Jun 04 2001 - 13:38:41 EDT


On subnets with secondary interfaces, Ciscos appear to emit
ICMP redirects with a source address of the primary interface
IP address, rather than the host's default gateway interface
IP address. RFC1620 (published 1994), quoting RFC1122 (1989)
seems to suggest this is incorrect behaviour - would anyone
agree, and if so, is it worth opening a TAC case to report
this as a bug?

> The target address contained in the routing cache is updated
> by Redirect messages. There is currently a restriction on
> what target addresses may be accepted in Redirect messages
> [RFC-1122 3.2.2.2], which would prevent foreign Redirects
> from working:
>
> A Redirect message SHOULD be silently discarded if the
> new router address it specifies is not on the same
> connected (sub-) net through which the Redirect arrived,
> or if the source of the Redirect is not the current
> first-hop router for the specified destination.
>
> To support foreign Redirects requires simply removing the
> first validity check. The second check, which requires an
> acceptable Redirect to come from the node to which the
> datagram that triggered the Redirect was sent, is retained.
> The same validity check would be used for XRedirects.

M.



This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:12:39 EDT