ICMP stands for Internet control message protocol which uses protocol number 1 and is used majorly to announce to the sources of any errors occurred across the network while trying to route the packets across network path.
ICMP redirect tells the hosts on layer 2 network that a better path exist to a particular destination.
Let us take an example to understand how ICMP redirect works –
In our topology above there is an end-host configured with IP 220.127.116.11 and default gateway 18.104.22.168 which is router R1. Now let’s suppose Host needs to reach the destination network 22.214.171.124. First the packet will be sent to Router R1 on port Fa0/1. Router R1 which has a static route for 126.96.36.199 with next hop as R2 (188.8.131.52) realizes the packet is received on Fa0/1 and same is the interface through which the packet now needs to be sent out to reach to 184.108.40.206. Hence R1 sends an ICMP redirect message to the end-host to use 220.127.116.11 as its default gateway to reach 18.104.22.168 as that is the best path to reach the destination network.
So now onwards all the packets from host to reach destination 22.214.171.124 will be sent to router R2 instead of R1.
Conditions that need to be matched for the ICMP redirects to be generated are:
- The interface on which the packet comes into the router is the same interface on which the packet gets routed out.
- The subnet or network of the source IP address is on the same subnet or network of the next-hop IP address of the routed packet.
- The datagram is not source-routed.
If any of the above condition is not met the ICMP redirect message isn’t not sent.
By default Cisco routers are enabled for ICMP redirects however the same can be disabled using the ‘no ip redirects’ command at the interface level.
An interface enabled with HSRP automatically disables ICMP redirects. But from Cisco IOS version 12.1(3)T and later ip redirects are supported with HSRP as well.