Hi

I have a CCR, but i don’t think its a problem with it.

But lacp, vlans off there.
I have 1 vlan 213 I have attached to ip networks there
10.172.213.193/24
192.168.213.2/24

I have a vm with nic in the vlan with ip 192.168.213.52 and I am trying to ping 10.172.213.51
routing is via 192.168.213.2

but ROS is sending a icmp redirect !

21:14:38.652399 IP 192.168.213.52 > 10.172.213.51: ICMP echo request, id 58422, seq 2, length 64
21:14:38.652615 IP 192.168.213.2 > 192.168.213.52: ICMP redirect 10.172.213.51 to host 10.172.213.51, length 92

I went to ip setting and tried to turn off redirect but same thing

Thats never going to work , ,why is it sending a redirect


\

ADDRESS NETWORK INTERFACE

0 10.172.213.193/24 10.172.213.0 yboRTR
1 192.168.213.2/24 192.168.213.0 yboRTR


can you not route on the same interface ???

Because both networks are in the same the same network segment, redirect telling the sending host to send packets to 10.x directly.

Try moving the 10.x ip to a loopback interface (i.e. no longer in the same L2 broadcast domain)

You definitely can. ICMP redirect doesn’t mean that the router isn’t forwarding the packets. Think of ICMP Redirect like this:
“Ummm, you know that you can just go ‘here’ right?”
If the sending host ignores the redirect then nothing’s going to change. The packets are still going to bounce off of the router properly.

Suppose a slightly different network topology - suppose you have a LAN 192.168.1.0/24

You have R1 = 192.168.1.1 and R2 = 192.168.1.2, and let’s say 192.168.2.0/24 lies beyond R2, but that hosts on 192.168.1.0/24 are using R1 as their default GW. It would be inefficient if packets for 192.168.2.x were all sent to R1 just for it to turn around and send them right back out the same interface for R2. So R1 will send an ICMP redirect to hosts, nudging them to use R2 as the next hop for this destination.

It’s a hint, and hosts may not take it, and they only use the hint for the exact destination IP, and the hint times out, so it will happen all the time on such a network. This is why I prefer to make router-to-router links instead of putting two routers directly onto a LAN segment.

I am a bit surprised that the Mikrotik is redirecting to a next hop that’s part of a different subnet, though. You could put a drop rule in the output filter chain if you really want the redirects off of your network.

Just because they are in the same broadcast domain, doesn’t mean they can talk to each other. They are on different ip networks.

I understand what the redirects are for, I don’t understand why the mikrotik is sending them. There is no way for the 2 machines to talk to each other . Yes same vlan/broadcast domain but different networks. even stranger is when i turn of redirects /ip settings it still sends them .

I will have to do more testing… Very strange. I know cisco ASA don’t by default allow hair pin routing like this. Wonder if there is an option somewhere in ROS for this ?

Okay user error.

the ccr had a address of .193 and I had the server user .2 so couldn’t route. on the reverse path it I presume eventually sent out a redirect.. not sure why ..

any way solved my problem (of my own making by the looks of things )