The Internet Control Message Protocol (ICMP) is a supporting protocol in the Internet protocol group. It is used by network devices, to send error messages and operational information indicating that a requested service is not available or destination could not be reached.
ICMP redirect messages are used by network devices to notify the hosts on the data link that a better route is available for a particular destination.
For example, the two routers INB_R1 and INB_R2 are connected to the same Ethernet segment as Host INB_H. The default gateway for Host INB_H is configured to use router INB_R1. Host INB_H sends a packet to router INB_R1 to reach the destination on Branch office INB_Host 10.1.1.1. Router INB_R1, after it consults its routing table, finds that the next-hop to reach INB_Host 10.1.1.1 is router INB_R2. Now router INB_R1 must forward the packet out the same Ethernet interface on which it was received. Router INB_R1 forwards the packet to router INB_R2 and also sends an ICMP redirect message to Host INB_H. This informs the host that the best route to reach INB_Host 10.1.1.1 is by way of router INB_R2. Host INB_H then forwards all the subsequent packets destined for INB_Host 10.1.1.1 to router INB_R2.
When Are ICMP Redirects Sent?
Cisco routers send ICMP redirects when all of these conditions are met:
- The interface on which the packet comes into the router is the same interface on which the packet gets routed out.
- The subnet or network of the source IP address is on the same subnet or network of the next-hop IP address of the routed packet.
- The datagram is not source-routed.
- The kernel is configured to send redirects. (By default, Cisco routers send ICMP redirects. The interface subcommand no ip redirects can be used to disable ICMP redirects.)
Note: ICMP redirects are disabled by default if Hot Standby Router Protocol (HSRP) is configured on the interface. In Cisco IOS Software Release 12.1(3)T and later, ICMP Redirect is allowed to be enabled on interfaces configured with HSRP.
For example, if a router has two IP addresses on one of its interfaces:
interface ethernet 0
ip address 192.168.1.1 255.255.255.0
ip address 192.168.2.1 255.255.255.0 secondary
If the router receives a packet that is sourced from a host in the subnet 192.168.1.0 and destined to a host in the subnet 192.168.2.0, the router does not send an ICMP redirect because only the first condition is met, not the second.
The original packet for which the router sends a redirect still gets routed to the correct destination.