Network Analysis: Investigating ICMP Redirects
Many network analysts have little interest in investigating small issues if they don't think the fine-tuning will make a perceivable difference. They want the biggest bang for their troubleshooting buck. I counter that assumption with some basic logic: “How do you know what the result is if you don’t make the change?”
Internet Control Message Protocol (ICMP) redirects can be overlooked by network analysts, but investigating them often pays off. ICMP redirect packets might be the result of an intentional design, a misconfiguration problem or a security issue. A redirect packet basically informs the host that there is a better way to get to the destination host or network. ICMP redirects are ICMP Field Type 5 and include codes that provide specific information:
0 = Redirect datagrams for the network
1 = Redirect datagrams for the host
2 = Redirect datagrams for the type of service and network
3 = Redirect datagrams for the type of service and host
In this video, you will see that while working at a client's site, I saw some ICMP redirect packets that turned out to be a simple client reconfiguration issue.
I’ve seen applications or routers silently rely on ICMP redirects or other messages for everyday operation. Then one day, someone blindly blocks all ICMP redirects and things go wonky.
If you’re lucky, the change causes an outage. I say lucky, because an outage would force you to investigate and resolve the issue. If you’re not lucky, you will get reports of what seems to be intermittent application slowdowns and disconnects. The randomness of these reports would make it difficult for an analyst to figure out the root cause.
There are a few caveats you should be aware of when capturing ICMP redirect packets;
- Don't use packet slicing; if you need slicing, use a value that's large enough to get all the ICMP information (you will have to capture 70 to 80 bytes)
- Be aware of physical or software firewalls that can block or alter ICMP redirect packets
- Get familiar with your network management software and figure out if it records or alerts on the different types of ICMP packets.
Recommended For You
In honor of St. Patrick’s Day, there’s no better time to reflect on those instants when life threw us a curveball, but we were able to hit a home run.
The success of modern enterprises, especially those utilizing real-time communications solutions, is highly reliant on IT infrastructure availability.
To understand the critical role of HTTP/2 in streamlining operations, we must look back at the technologies and implementation gaps that got us where we are today.
A video overview and best practices on how to reduce broadcasts and find other things to tune.
This is a great example of the perfect storm of variables coming together to cause performance issues. Watch the video to see how the problem was found.
Providers should be making infrastructure work for everyone in 2019, improving efficiency and opening up networks for all apps on their infrastructure.