From: Brian Dennis (bdennis@internetworkexpert.com)
Date: Tue Dec 14 2004 - 15:22:24 GMT-3
An ICMP redirect will reveal the real IP addresses of the HSRP routers.
So why do were care? Think about this situation:
R1 and R2 area running HSRP on their E0/0 interfaces. R1 is the active
router and R2 is the standby router. Behind R1 and R2 reachable via
their S0/0 interfaces are the 10.0.0.0/8 and the 172.16.0.0/16 networks.
They are running EIGRP on their E0/0 and S0/0 interfaces. R1 and R2
both route the 10/8 and 172.16/16 networks out their respective S0/0
interfaces. Now due to a change in the network topology, R1 (the active
HSRP router) stops routing out its S0/0 interface to reach the 10/8 and
172.16/16 networks and uses the alternate route over it's E0/0 via R2 to
reach the networks. Now when a host on the Ethernet segment forwards a
packet destined for 10.1.1.1 to its default gateway (the HSRP IP
address) which R1 is the active router for, R1 will have to route to
packet back out on the same Ethernet interface (E0/0) over to R2. Now
normally (non-HSRP environment) you would want R1 to send an ICMP
redirect to the host so it will forward future packets to that
destination directly to R2 since R1 is having the route the packet out
the same interface it was received on. But if R1 does send the ICMP
redirect, R1 would reveal R2's real IP address to the client and the
client would then from that point on forward all packets destined to
that host directly to R2 and not to the HSRP IP address.
Brian Dennis, CCIE #2210 (R&S/ISP-Dial/Security)
bdennis@internetworkexpert.com
Internetwork Expert, Inc.
http://www.InternetworkExpert.com
Toll Free: 877-224-8987
Direct: 775-745-6404 (Outside the US and Canada)
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
ccie zeng
Sent: Tuesday, December 14, 2004 2:07 AM
To: ccielab@groupstudy.com
Subject: "no ip redirects" [SECOND TRY]
Hi:
Could any one help me to understand that why I saw "no ip redirects"
is configured in some HSRP scenario? I could not figure it out why? in
which scenario should we configure no ip redirects under HSRP?
Thanks
Wei
This archive was generated by hypermail 2.1.4 : Mon Jan 03 2005 - 10:31:27 GMT-3