I am learning about ICMP Redirect and I struggle with understanding it.
For example, I have a network like this :
I want to communicate from PC0 to PC1 which are on different subnet and at the beginning ICMP packet will be send to default gateway ( Router 3)
1) I have static routing like this :
Router3 – > Router2 -> Router1 -> Router0
2) I have static routing like this :
Router3 -> Router1 -> Router0
3) I have static routing like this :
Router3 -> Router0
and please let me know if I am right
ad 1 :
there won't be ICMP redirect, because next hop of Router 3 , which is Router 2 isn't on the same subnet as PC0 is. Every time PC0 will communicate with PC1 the path will be
PC0 -> Router3 -> Router2 -> Router1 -> Router0 -> PC1
ad 2:
At the begining communication will be PC0 -> Router3 -> Router1 -> Router0 -> PC1
Then ICMP redirect will send and next communication will be
PC0 -> Router1 -> Router0 -> PC1
and ICMP redirect will send again and next communication will be
PC0 -> Router0 -> PC1
ad 3:
At the begining PC0 -> Router3 -> Router0 -> PC1.
Then, ICMP redirect and the path will be PC0 -> Router0 -> PC1
Sorry for my English
Best Answer
You are almost correct.
Absolutely correct. Since Router3 doesn't know the full path, only the next hop, it would just forward the packet to Router2
Almost. You are correct in saying that Router 3 will send an ICMP Redirect to PC0, informing PC0 that the proper 'next-hop' to get to PC1 is to use Router1. However, when the ICMP Redirect is sent to the original sender, the original packet is still forwarded. Which means when Router1 receives the original packet, it will be receiving a packet from a host in its own network, for which a better next-hop exists, also in the same network (Router0). So Router1 will also send an ICMP redirect from the first packet.
So the path of the first packet will actually go Router3 -> Router1 -> Router0 -> PC1. But both Router3 and Router1 will send PC0 an ICMP Redirect informing PC0 of the better next hop. Since Router1's ICMP redirect will come after Router3's, then Router1's ICMP redirect will overwrite Router3's. So the second packet will go PC0 -> Router0 -> PC1.
Absolutely Correct.
Two final points to keep in mind:
First, in all cases, the ICMP Redirect is temporary. I believe that PC0 will use the information in the ICMP redirect for 10 minutes, before 'going back to' what it knew before... which would prompt additional ICMP redirects, and an additional 10 minutes of more efficient routing.
Second, ICMP Redirect was created when the Internet was a nice place, with trust worthy people. Now a days, the Internet is a dark and scary place, for which you should have very little trust. As a security best practice, most Network Admins prevent their Routers from sending ICMP Redirects and prevent their Routers from 'obeying' ICMP redirects. Similarly, a lot of client OS's also flat out ignore ICMP redirects.
The reason for this is it would be very easy to abuse the ICMP redirect to become a Man in the Middle. If you and I happen to be on the same network, I could easily send you an ICMP Redirect message that tells you the "better next hop" to reach your [Facebook, Banking, e-Commerce, Intra-net Portal, anything] network is through my own IP. Voila, instant Man in the Middle.
As such, I think its good to know the basics of ICMP Redirect, but I think it isn't very functional to spend much time mastering how they work. Its nearly across the board disabled and/or disallowed -- for good reason.