Project

General

Profile

Actions

Bug #5565

closed

Gateway with alternate monitor ip creates unexpected ICMP redirect

Added by Andreas Pflug over 5 years ago. Updated over 5 years ago.

Status:
Not a Bug
Priority:
Normal
Assignee:
-
Category:
Gateway Monitoring
Target version:
-
Start date:
12/02/2015
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.2.4
Affected Architecture:

Description

I created a gateway with the LAN IP address, and a remote machine's IP (reachable via an IPSEC tunnel) to monitor the health of the tunnel.

When pinging the remote machine from the LAN, every ping will throw an additional redirect. Most machines will simply ignore this, but a voice device did not and further on tried to resolve the remote machine's MAC using arp-who-has because it was redirected away from the std-gw.

I didn't expect any side effects from a gateway definition until it's actually used. Specifically, I wonder what this redirect should be good for.

Worse: the redirect happens even if the gateway entry is disabled. Only way to stop is deleting, or setting net.inet.ip.redirect=0

Actions #1

Updated by Jim Pingle over 5 years ago

  • Status changed from New to Not a Bug

That is expected behavior. When you add a monitor IP address it adds a route to it through the specified gateway. The gateway monitoring system isn't meant to be an NMS in that fashion.

Actions #2

Updated by Andreas Pflug over 5 years ago

Jim P wrote:

That is expected behavior. When you add a monitor IP address it adds a route to it through the specified gateway. The gateway monitoring system isn't meant to be an NMS in that fashion.

That monitored address is indeed reachable through that gateway, but the redirect notifies that it should be accessed directly, which is obviously wrong.

In addition, IMHO it's unexpected that a disabled entry still has some effect.

Actions

Also available in: Atom PDF