We faced some strange ICMP redirect messages today on one of our devices after we configured BFD for BGP.
Device1
1
2
3
4
5
6
|
ICMP: bogus redirect from 192.168.100.1 - for 192.168.100.2 use gw 192.168.100.2
gateway address is one of our addresses
ICMP: bogus redirect from 192.168.100.1 - for 192.168.100.2 use gw 192.168.100.2
gateway address is one of our addresses
ICMP: bogus redirect from 192.168.100.1 - for 192.168.100.2 use gw 192.168.100.2
gateway address is one of our addresses
|
So we checked the device that was sending these redirects and did a short ethanalyzer capture
Device2
1
2
3
4
5
6
|
ethanalyzer local interface inband-in vdc vdc2 capture-filter "host 192.168.100.2" limit-captured-frames 0
Capturing on inband
192.168.200.2 -> 192.168.200.2 UDP 60 Source port: 49152 Destination port: bfd-echo
192.168.200.2 -> 192.168.200.2 UDP 60 Source port: 49152 Destination port: bfd-echo
192.168.200.2 -> 192.168.200.2 UDP 60 Source port: 49152 Destination port: bfd-echo
192.168.200.2 -> 192.168.200.2 UDP 60 Source port: 49152 Destination port: bfd-echo
|
So these redirect messages where triggered from the BFD Echo packets that Device2 received from Device1.
We simply forgot to disable `ip redirects` on the interface between Device2 and Device1, after we changed this the ICMP bogus redirect messages where gone.
1
2
|
interface port-channel1
no ip redirects
|
This is documented on various points on the cisco page, for example here.
Before using BFD echo mode, you must disable the sending of Internet Control Message Protocol (ICMP) redirect messages by entering the no ip redirects command, in order to avoid high CPU utilization.