Community discussions

MikroTik App
 
kovaga
just joined
Topic Author
Posts: 12
Joined: Mon Jan 20, 2020 7:53 pm

presence of VRRP interface prevents ROS from sending ICMP redirects.

Wed Dec 28, 2022 11:12 am

it seems that the presence of VRRP interface prevents the router from responding with an ICMP redirect, if this interface is used as a default gateway for the hosts on the network.

So basically, in my setup i have two routers with ether addresses X.251/24 and X.252/24 each of them has a VRRP interface with an address X.1/32

When the host on the network has default route set as X.251 (ether) and the Router1 default gateway is another host X.250 , the Router1 sends an ICMP redirect.
However, if the host on the network has default route set as X.1 (VRRP) and the Router1 default gateway is another host X.250 , the Router1 would NOT send an ICMP redirect, but instead would forward the traffic itself to host X.250.

It seems that the issue is due to the logic when the router would send those redirects. According to the post here viewtopic.php?t=139465#p849791 , it could be due to the fact that ROS treats VRRP and ether interface as different interfaces, thus not sending ICMP redirect.

Is it a known and expected behaviour, as to me it would seem logical to send that redirect packet.

p.s. all routers running latest stable 7.6
 
B20016
just joined
Posts: 11
Joined: Sat Nov 20, 2021 8:32 am
Location: Kenya

Re: presence of VRRP interface prevents ROS from sending ICMP redirects.  [SOLVED]

Wed Dec 28, 2022 4:35 pm

Yes, it is expected behavior for MikroTik RouterOS to not send ICMP redirects when the default gateway is a VRRP interface. This is because VRRP interfaces are virtual interfaces that are used for network failover and are not directly connected to the network, so they cannot send ICMP redirects themselves.

Instead, when the default gateway is a VRRP interface and traffic is forwarded to another router, the forwarding router will handle the ICMP redirects and send them to the host. This allows the VRRP interface to provide failover protection for the network without affecting the normal operation of the routers.

You can find more information about this behavior in the MikroTik RouterOS documentation, which states:

"VRRP interfaces cannot send ICMP redirects. When VRRP is used as the default gateway, the router will forward the packet itself and will not send an ICMP redirect to the host."

Who is online

Users browsing this forum: No registered users and 17 guests