Text only | Text with Images

Networking-Forums.com

Professional Discussions => Routing and Switching => Topic started by: wintermute000 on January 28, 2016, 05:43:03 AM

Title: ICMP redirect WTF
Post by: wintermute000 on January 28, 2016, 05:43:03 AM
OK here is a super strange scenario I got at home.


My home GW (ISP cable modem/router/wifi all-in-one) started going flaky re: mgt plane. Pings were failing 3/4 times, could not bring up web UI (though occasionally parts of the page would load). However, traffic through the thing seemed fine - zero browsing etc. issues - hence mgt plane issue.
One really weird symptom was that if I had my lab multilayer switch (Cisco SG300) up, I would get ICMP redirects. WTF
Just for laughs I fired up wireshark on my PC and corroborated it - as soon as I start sending IP packets destined for 192.168.0.1 (ISP router LAN/default GW), the multilayer switch on 192.168.0.5 would start sending a torrent of ICMP redirects directly back to my NIC.


This does not make sense. Assuming we're not talking about an attack, ICMP redirects are sent by a router back to the host when its best route is via the interface its receiving the packet on.
At no stage were any packets directed at the multilayer switch IP of 192.168.0.5 or its MAC address for that matter.
Now these redirects were NOT causing the initial problem as I could not get onto the ISP router even with the lab switch off. but what the heck is this behaviour?
I couldn't even find any setting in the multilayer switch to turn off or on ICMP redirect.


I confirmed ARP, MAC address caches etc. all fine, and the fix was simply to reboot the ISP router (duh).
And now that I've rebooted the ISP router and its responding normally to Web UI and pings.... the ICMP redirect behaviour has stopped.


I can't think of any explanation other than the ISP router 'rewriting' the MAC address for any packets destined to its IP to the MAC address of the multilayer switch.
Title: Re: ICMP redirect WTF
Post by: Reggle on January 28, 2016, 06:50:16 AM
I come to a somewhat similar conclusion. I don't know the exact topology but if it happens again, I wonder if you could do a SPAN session between the SG300 and the router.
Title: Re: ICMP redirect WTF
Post by: deanwebb on January 28, 2016, 08:45:22 AM
:itcrowd:

Just curious, how much labbing have you done with the SG300? Anything that might cause it to do crazy stuff?
Title: Re: ICMP redirect WTF
Post by: sergeyrar on February 23, 2016, 01:54:24 AM
I wouldn't be surprised if it's a bug.
I used to test SG300 switches... real piece of crap :D


(p.s - sorry my bad)
Text only | Text with Images