Internet Control Management Protocol Redirects
search cancel

Internet Control Management Protocol Redirects

book

Article ID: 344105

calendar_today

Updated On:

Products

VMware vSphere ESXi

Issue/Introduction

By default, when an ESXi host communicates with any destination server on another subnet, it communicates through its default gateway router.

If the traffic sent to the default gateway router is destined to be forwarded by that router to another router on the same subnet, the default gateway reply to the ESXi host with an Internet Control Management Protocol (ICMP) Redirect message.
 
The purpose of this ICMP Redirect message is to tell ESXi that there is a better route to the destination host and it must instead communicate with the other router.

This article provides steps to view the ICMP Redirect route table.



Resolution

Notes:
  • The consequence of the ICMP Redirect message is that ESXi will add a new dynamic host route entry to its routing table.
  • This entry is specifically for the destination host and its route will be the IP of the alternative route.
  • The default gateway of the ESX/ESXi host does not change.

To view the route table:

  1. Connect to the host with an SSH session. For more information, see Using ESXi Shell in ESXi (311213).
  2. Run this command to see the default gateway:

    # esxcfg-route
    VMkernel default gateway is 10.27.32.21

    In this example, the default gateway is 10.27.32.21

  3. Run this command to see the route table:

    # esxcfg-route -l
    VMkernel Routes:
    Network Netmask Gateway Interface
    ------------- ---------------- ------------- -------------
    8.8.8.8 255.255.255.255 10.27.47.254 vmk0
    10.26.162.185 255.255.255.255 10.27.47.254 vmk0
    10.27.32.0 255.255.240.0 Local Subnet vmk0
    default 0.0.0.0 10.27.32.21 vmk0

    Notes    :
    • The preceding output shows that two dynamic host routes have been added, one for each destination host.
    • Instead of using the default gateway of 10.27.32.21, any communication to these two IPs goes through 10.27.47.254.
    • The output of the esxcli command shows that these are manual entries


  4. Run this command to see additional output if the route is manual or dynamic:

    # esxcli network ip route ipv4 list
    Network Netmask Gateway Interface Source
    ------------- --------------- --------- ------
    default 0.0.0.0 10.27.32.21 vmk0 MANUAL
    8.8.8.8 255.255.255.255 10.27.47.254 vmk0 MANUAL
    10.26.162.185 255.255.255.255 10.27.47.254 vmk0 MANUAL
    10.27.32.0 255.255.240.0 0.0.0.0 vmk0 MANUAL

    Notes:

    • Normal manual static routes get added to /etc/vmware/esx.conf file so that they persist reboots. Dynamic host route entries created by ICMP Redirect do not get added into esx.conf file, these dynamic host routes are lost when the network or host is restarted.
    • Dynamic host route entries have a timeout of one hour by default. During this timeout period if the ESXi communicates with the destination host the timeout will be reset and restarts its countdown.
    • If a new ICMP redirect is received that would supersede an existing dynamic route, then the previous dynamic route would be expired immediately even if the 1 hour timeout period has not yet elapsed.

  5. To manually trigger the clearing of the ICMP Redirect generated routes, restart the network using these commands:

    #esxcli network ip interface set -e false -i vmk0; esxcli network ip interface set -e true -i vmk0



Attachments

2081185_icmp_redirect.zip get_app
Powered by Wolken Software