Are ICMP Redirect messages really bad?











up vote
7
down vote

favorite












Due to potential for MITM attack, ICMP redirect messages should be blocked. However, the original purpose of the ICMP redirect message is to inform the host of a better router (or gateway).



Then, is there a speed issue with disabling ICMP redirect messages on the host? Or is it negligible?










share|improve this question
























  • In a properly configured network, redirects don't happen and aren't necessary. Strict adherence to rules would see the packet dropped -- never forward a packet out the interface on which it was received, but no one has done that for decades. Redirects cannot be trusted, so most hosts don't honor them, so most admins config their routers to no bother sending them.
    – Ricky Beam
    Dec 6 at 13:26















up vote
7
down vote

favorite












Due to potential for MITM attack, ICMP redirect messages should be blocked. However, the original purpose of the ICMP redirect message is to inform the host of a better router (or gateway).



Then, is there a speed issue with disabling ICMP redirect messages on the host? Or is it negligible?










share|improve this question
























  • In a properly configured network, redirects don't happen and aren't necessary. Strict adherence to rules would see the packet dropped -- never forward a packet out the interface on which it was received, but no one has done that for decades. Redirects cannot be trusted, so most hosts don't honor them, so most admins config their routers to no bother sending them.
    – Ricky Beam
    Dec 6 at 13:26













up vote
7
down vote

favorite









up vote
7
down vote

favorite











Due to potential for MITM attack, ICMP redirect messages should be blocked. However, the original purpose of the ICMP redirect message is to inform the host of a better router (or gateway).



Then, is there a speed issue with disabling ICMP redirect messages on the host? Or is it negligible?










share|improve this question















Due to potential for MITM attack, ICMP redirect messages should be blocked. However, the original purpose of the ICMP redirect message is to inform the host of a better router (or gateway).



Then, is there a speed issue with disabling ICMP redirect messages on the host? Or is it negligible?







icmp






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Dec 6 at 9:34









Maximillian Laumeister

1034




1034










asked Dec 6 at 0:48









baeharam

753




753












  • In a properly configured network, redirects don't happen and aren't necessary. Strict adherence to rules would see the packet dropped -- never forward a packet out the interface on which it was received, but no one has done that for decades. Redirects cannot be trusted, so most hosts don't honor them, so most admins config their routers to no bother sending them.
    – Ricky Beam
    Dec 6 at 13:26


















  • In a properly configured network, redirects don't happen and aren't necessary. Strict adherence to rules would see the packet dropped -- never forward a packet out the interface on which it was received, but no one has done that for decades. Redirects cannot be trusted, so most hosts don't honor them, so most admins config their routers to no bother sending them.
    – Ricky Beam
    Dec 6 at 13:26
















In a properly configured network, redirects don't happen and aren't necessary. Strict adherence to rules would see the packet dropped -- never forward a packet out the interface on which it was received, but no one has done that for decades. Redirects cannot be trusted, so most hosts don't honor them, so most admins config their routers to no bother sending them.
– Ricky Beam
Dec 6 at 13:26




In a properly configured network, redirects don't happen and aren't necessary. Strict adherence to rules would see the packet dropped -- never forward a packet out the interface on which it was received, but no one has done that for decades. Redirects cannot be trusted, so most hosts don't honor them, so most admins config their routers to no bother sending them.
– Ricky Beam
Dec 6 at 13:26










2 Answers
2






active

oldest

votes

















up vote
8
down vote



accepted










ICMP re-directs are most often seen when you have a host or router A in the same subnet with two other routers B & C and connectivity to both. Consider the following network:



   |__192.168.1.0/24__|
| | |
|
| |___192.168.8.0/24__|
| | | |
B C
|____|_____|____|
| | |
A


A will have a route (most likely a default) pointing to B, and B will have a more specific route to a 192.168.8.0/24 pointing to C.



Without ICMP redirects, all traffic from A to 192.168.8.0/24 will be routed A->B->C



With ICMP re-direct enabled, B will inform A that C is a better next-hop and subsequent traffic will be routed A->C.



Obviously B is an extra hop and depending on what kind of box it is, it may introduce extra latency.



Disabling ICMP-Redirects and redesigning the network to avoid this situation entirely would be the preferred solution eg:



   |__192.168.1.0/24__|
| | |
|
| |___192.168.8.0/24__|
| | | |
B-----C
|____|__________|
| | |
A


(or remove C entirely and hang 192.168.8.0/24 directly off B).






share|improve this answer





















  • Then, what you mean is that structure of network is more important than ICMP redirect?
    – baeharam
    Dec 6 at 1:19










  • ICMP redirect indicates that there is sub-optimal routing configured and tries to resolve this - IMO this is a design problem
    – Benjamin Dale
    Dec 6 at 4:47






  • 1




    Actually, your redesign just removes the possibility of using an ICMP redirect to optimize the route - all you get is an unavoidable A->B->C route and back(!). An optimizing redesign should remove C and connect its subnet/link to B.
    – Zac67
    Dec 6 at 18:35












  • Yes - this did occur to me when I was doing the redesign : ) But I figured that removing C might have changed things too much - sometimes C might be an unavoidable requirement (provider/3rd-part NTU to another network etc.)
    – Benjamin Dale
    Dec 6 at 21:49


















up vote
6
down vote













ICMP redirect is a remnant from an era of trust - partly because networked machines had administrators and BYOD was unimaginable.



Ignoring the redirect on the client means it will continue to be sent through the less efficient gateway. This will lead to unnecessary work by that router, and unnecessary traffic on its interface, slightly reducing performance for everyone using that gateway.



It will also increase the latency for the client, as each packet has to take an extra hop.



However, in the general case, on a modern network both of these "costs" will be negligible.



The ideal way of resolving the issue is for a route to be added on the client to use the correct gateway. ICMP redirect provided a way for it to happen automatically, but probably shouldn't be trusted - but they remain a clue that a better route exists, and logging them allows one to consider making such a change, perhaps after consulting with the network administrators.



Redesigning the network is probably the wrong thing to do.






share|improve this answer










New contributor




JCRM is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.


















  • Absolutely: Sometimes configuration simplicity is much, much, more important than packet efficiency. I've seen networks where all routing was static, lots of "suboptmal" routes, traffic low, configuration errors never. Happy network admin kept perfect static routes on central router and that was that. Always keep reference to your own organisation's priorities. Certainly don't redesign a network unless there is an actual problem
    – jonathanjo
    Dec 6 at 10:18










  • thanks for fixing they typo @jonathanjo
    – JCRM
    Dec 6 at 11:23










  • "on a modern network both of these "costs" will be negligible" - yes, but only as long as there's ample link bandwidth (which you might include in "modern" ;-).
    – Zac67
    Dec 6 at 18:40










  • Static routes on hosts? shudder simple, yes, but very hard to capture
    – Benjamin Dale
    Dec 6 at 21:51











Your Answer








StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "496"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});














draft saved

draft discarded


















StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fnetworkengineering.stackexchange.com%2fquestions%2f55235%2fare-icmp-redirect-messages-really-bad%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown

























2 Answers
2






active

oldest

votes








2 Answers
2






active

oldest

votes









active

oldest

votes






active

oldest

votes








up vote
8
down vote



accepted










ICMP re-directs are most often seen when you have a host or router A in the same subnet with two other routers B & C and connectivity to both. Consider the following network:



   |__192.168.1.0/24__|
| | |
|
| |___192.168.8.0/24__|
| | | |
B C
|____|_____|____|
| | |
A


A will have a route (most likely a default) pointing to B, and B will have a more specific route to a 192.168.8.0/24 pointing to C.



Without ICMP redirects, all traffic from A to 192.168.8.0/24 will be routed A->B->C



With ICMP re-direct enabled, B will inform A that C is a better next-hop and subsequent traffic will be routed A->C.



Obviously B is an extra hop and depending on what kind of box it is, it may introduce extra latency.



Disabling ICMP-Redirects and redesigning the network to avoid this situation entirely would be the preferred solution eg:



   |__192.168.1.0/24__|
| | |
|
| |___192.168.8.0/24__|
| | | |
B-----C
|____|__________|
| | |
A


(or remove C entirely and hang 192.168.8.0/24 directly off B).






share|improve this answer





















  • Then, what you mean is that structure of network is more important than ICMP redirect?
    – baeharam
    Dec 6 at 1:19










  • ICMP redirect indicates that there is sub-optimal routing configured and tries to resolve this - IMO this is a design problem
    – Benjamin Dale
    Dec 6 at 4:47






  • 1




    Actually, your redesign just removes the possibility of using an ICMP redirect to optimize the route - all you get is an unavoidable A->B->C route and back(!). An optimizing redesign should remove C and connect its subnet/link to B.
    – Zac67
    Dec 6 at 18:35












  • Yes - this did occur to me when I was doing the redesign : ) But I figured that removing C might have changed things too much - sometimes C might be an unavoidable requirement (provider/3rd-part NTU to another network etc.)
    – Benjamin Dale
    Dec 6 at 21:49















up vote
8
down vote



accepted










ICMP re-directs are most often seen when you have a host or router A in the same subnet with two other routers B & C and connectivity to both. Consider the following network:



   |__192.168.1.0/24__|
| | |
|
| |___192.168.8.0/24__|
| | | |
B C
|____|_____|____|
| | |
A


A will have a route (most likely a default) pointing to B, and B will have a more specific route to a 192.168.8.0/24 pointing to C.



Without ICMP redirects, all traffic from A to 192.168.8.0/24 will be routed A->B->C



With ICMP re-direct enabled, B will inform A that C is a better next-hop and subsequent traffic will be routed A->C.



Obviously B is an extra hop and depending on what kind of box it is, it may introduce extra latency.



Disabling ICMP-Redirects and redesigning the network to avoid this situation entirely would be the preferred solution eg:



   |__192.168.1.0/24__|
| | |
|
| |___192.168.8.0/24__|
| | | |
B-----C
|____|__________|
| | |
A


(or remove C entirely and hang 192.168.8.0/24 directly off B).






share|improve this answer





















  • Then, what you mean is that structure of network is more important than ICMP redirect?
    – baeharam
    Dec 6 at 1:19










  • ICMP redirect indicates that there is sub-optimal routing configured and tries to resolve this - IMO this is a design problem
    – Benjamin Dale
    Dec 6 at 4:47






  • 1




    Actually, your redesign just removes the possibility of using an ICMP redirect to optimize the route - all you get is an unavoidable A->B->C route and back(!). An optimizing redesign should remove C and connect its subnet/link to B.
    – Zac67
    Dec 6 at 18:35












  • Yes - this did occur to me when I was doing the redesign : ) But I figured that removing C might have changed things too much - sometimes C might be an unavoidable requirement (provider/3rd-part NTU to another network etc.)
    – Benjamin Dale
    Dec 6 at 21:49













up vote
8
down vote



accepted







up vote
8
down vote



accepted






ICMP re-directs are most often seen when you have a host or router A in the same subnet with two other routers B & C and connectivity to both. Consider the following network:



   |__192.168.1.0/24__|
| | |
|
| |___192.168.8.0/24__|
| | | |
B C
|____|_____|____|
| | |
A


A will have a route (most likely a default) pointing to B, and B will have a more specific route to a 192.168.8.0/24 pointing to C.



Without ICMP redirects, all traffic from A to 192.168.8.0/24 will be routed A->B->C



With ICMP re-direct enabled, B will inform A that C is a better next-hop and subsequent traffic will be routed A->C.



Obviously B is an extra hop and depending on what kind of box it is, it may introduce extra latency.



Disabling ICMP-Redirects and redesigning the network to avoid this situation entirely would be the preferred solution eg:



   |__192.168.1.0/24__|
| | |
|
| |___192.168.8.0/24__|
| | | |
B-----C
|____|__________|
| | |
A


(or remove C entirely and hang 192.168.8.0/24 directly off B).






share|improve this answer












ICMP re-directs are most often seen when you have a host or router A in the same subnet with two other routers B & C and connectivity to both. Consider the following network:



   |__192.168.1.0/24__|
| | |
|
| |___192.168.8.0/24__|
| | | |
B C
|____|_____|____|
| | |
A


A will have a route (most likely a default) pointing to B, and B will have a more specific route to a 192.168.8.0/24 pointing to C.



Without ICMP redirects, all traffic from A to 192.168.8.0/24 will be routed A->B->C



With ICMP re-direct enabled, B will inform A that C is a better next-hop and subsequent traffic will be routed A->C.



Obviously B is an extra hop and depending on what kind of box it is, it may introduce extra latency.



Disabling ICMP-Redirects and redesigning the network to avoid this situation entirely would be the preferred solution eg:



   |__192.168.1.0/24__|
| | |
|
| |___192.168.8.0/24__|
| | | |
B-----C
|____|__________|
| | |
A


(or remove C entirely and hang 192.168.8.0/24 directly off B).







share|improve this answer












share|improve this answer



share|improve this answer










answered Dec 6 at 1:09









Benjamin Dale

6,2991036




6,2991036












  • Then, what you mean is that structure of network is more important than ICMP redirect?
    – baeharam
    Dec 6 at 1:19










  • ICMP redirect indicates that there is sub-optimal routing configured and tries to resolve this - IMO this is a design problem
    – Benjamin Dale
    Dec 6 at 4:47






  • 1




    Actually, your redesign just removes the possibility of using an ICMP redirect to optimize the route - all you get is an unavoidable A->B->C route and back(!). An optimizing redesign should remove C and connect its subnet/link to B.
    – Zac67
    Dec 6 at 18:35












  • Yes - this did occur to me when I was doing the redesign : ) But I figured that removing C might have changed things too much - sometimes C might be an unavoidable requirement (provider/3rd-part NTU to another network etc.)
    – Benjamin Dale
    Dec 6 at 21:49


















  • Then, what you mean is that structure of network is more important than ICMP redirect?
    – baeharam
    Dec 6 at 1:19










  • ICMP redirect indicates that there is sub-optimal routing configured and tries to resolve this - IMO this is a design problem
    – Benjamin Dale
    Dec 6 at 4:47






  • 1




    Actually, your redesign just removes the possibility of using an ICMP redirect to optimize the route - all you get is an unavoidable A->B->C route and back(!). An optimizing redesign should remove C and connect its subnet/link to B.
    – Zac67
    Dec 6 at 18:35












  • Yes - this did occur to me when I was doing the redesign : ) But I figured that removing C might have changed things too much - sometimes C might be an unavoidable requirement (provider/3rd-part NTU to another network etc.)
    – Benjamin Dale
    Dec 6 at 21:49
















Then, what you mean is that structure of network is more important than ICMP redirect?
– baeharam
Dec 6 at 1:19




Then, what you mean is that structure of network is more important than ICMP redirect?
– baeharam
Dec 6 at 1:19












ICMP redirect indicates that there is sub-optimal routing configured and tries to resolve this - IMO this is a design problem
– Benjamin Dale
Dec 6 at 4:47




ICMP redirect indicates that there is sub-optimal routing configured and tries to resolve this - IMO this is a design problem
– Benjamin Dale
Dec 6 at 4:47




1




1




Actually, your redesign just removes the possibility of using an ICMP redirect to optimize the route - all you get is an unavoidable A->B->C route and back(!). An optimizing redesign should remove C and connect its subnet/link to B.
– Zac67
Dec 6 at 18:35






Actually, your redesign just removes the possibility of using an ICMP redirect to optimize the route - all you get is an unavoidable A->B->C route and back(!). An optimizing redesign should remove C and connect its subnet/link to B.
– Zac67
Dec 6 at 18:35














Yes - this did occur to me when I was doing the redesign : ) But I figured that removing C might have changed things too much - sometimes C might be an unavoidable requirement (provider/3rd-part NTU to another network etc.)
– Benjamin Dale
Dec 6 at 21:49




Yes - this did occur to me when I was doing the redesign : ) But I figured that removing C might have changed things too much - sometimes C might be an unavoidable requirement (provider/3rd-part NTU to another network etc.)
– Benjamin Dale
Dec 6 at 21:49










up vote
6
down vote













ICMP redirect is a remnant from an era of trust - partly because networked machines had administrators and BYOD was unimaginable.



Ignoring the redirect on the client means it will continue to be sent through the less efficient gateway. This will lead to unnecessary work by that router, and unnecessary traffic on its interface, slightly reducing performance for everyone using that gateway.



It will also increase the latency for the client, as each packet has to take an extra hop.



However, in the general case, on a modern network both of these "costs" will be negligible.



The ideal way of resolving the issue is for a route to be added on the client to use the correct gateway. ICMP redirect provided a way for it to happen automatically, but probably shouldn't be trusted - but they remain a clue that a better route exists, and logging them allows one to consider making such a change, perhaps after consulting with the network administrators.



Redesigning the network is probably the wrong thing to do.






share|improve this answer










New contributor




JCRM is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.


















  • Absolutely: Sometimes configuration simplicity is much, much, more important than packet efficiency. I've seen networks where all routing was static, lots of "suboptmal" routes, traffic low, configuration errors never. Happy network admin kept perfect static routes on central router and that was that. Always keep reference to your own organisation's priorities. Certainly don't redesign a network unless there is an actual problem
    – jonathanjo
    Dec 6 at 10:18










  • thanks for fixing they typo @jonathanjo
    – JCRM
    Dec 6 at 11:23










  • "on a modern network both of these "costs" will be negligible" - yes, but only as long as there's ample link bandwidth (which you might include in "modern" ;-).
    – Zac67
    Dec 6 at 18:40










  • Static routes on hosts? shudder simple, yes, but very hard to capture
    – Benjamin Dale
    Dec 6 at 21:51















up vote
6
down vote













ICMP redirect is a remnant from an era of trust - partly because networked machines had administrators and BYOD was unimaginable.



Ignoring the redirect on the client means it will continue to be sent through the less efficient gateway. This will lead to unnecessary work by that router, and unnecessary traffic on its interface, slightly reducing performance for everyone using that gateway.



It will also increase the latency for the client, as each packet has to take an extra hop.



However, in the general case, on a modern network both of these "costs" will be negligible.



The ideal way of resolving the issue is for a route to be added on the client to use the correct gateway. ICMP redirect provided a way for it to happen automatically, but probably shouldn't be trusted - but they remain a clue that a better route exists, and logging them allows one to consider making such a change, perhaps after consulting with the network administrators.



Redesigning the network is probably the wrong thing to do.






share|improve this answer










New contributor




JCRM is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.


















  • Absolutely: Sometimes configuration simplicity is much, much, more important than packet efficiency. I've seen networks where all routing was static, lots of "suboptmal" routes, traffic low, configuration errors never. Happy network admin kept perfect static routes on central router and that was that. Always keep reference to your own organisation's priorities. Certainly don't redesign a network unless there is an actual problem
    – jonathanjo
    Dec 6 at 10:18










  • thanks for fixing they typo @jonathanjo
    – JCRM
    Dec 6 at 11:23










  • "on a modern network both of these "costs" will be negligible" - yes, but only as long as there's ample link bandwidth (which you might include in "modern" ;-).
    – Zac67
    Dec 6 at 18:40










  • Static routes on hosts? shudder simple, yes, but very hard to capture
    – Benjamin Dale
    Dec 6 at 21:51













up vote
6
down vote










up vote
6
down vote









ICMP redirect is a remnant from an era of trust - partly because networked machines had administrators and BYOD was unimaginable.



Ignoring the redirect on the client means it will continue to be sent through the less efficient gateway. This will lead to unnecessary work by that router, and unnecessary traffic on its interface, slightly reducing performance for everyone using that gateway.



It will also increase the latency for the client, as each packet has to take an extra hop.



However, in the general case, on a modern network both of these "costs" will be negligible.



The ideal way of resolving the issue is for a route to be added on the client to use the correct gateway. ICMP redirect provided a way for it to happen automatically, but probably shouldn't be trusted - but they remain a clue that a better route exists, and logging them allows one to consider making such a change, perhaps after consulting with the network administrators.



Redesigning the network is probably the wrong thing to do.






share|improve this answer










New contributor




JCRM is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.









ICMP redirect is a remnant from an era of trust - partly because networked machines had administrators and BYOD was unimaginable.



Ignoring the redirect on the client means it will continue to be sent through the less efficient gateway. This will lead to unnecessary work by that router, and unnecessary traffic on its interface, slightly reducing performance for everyone using that gateway.



It will also increase the latency for the client, as each packet has to take an extra hop.



However, in the general case, on a modern network both of these "costs" will be negligible.



The ideal way of resolving the issue is for a route to be added on the client to use the correct gateway. ICMP redirect provided a way for it to happen automatically, but probably shouldn't be trusted - but they remain a clue that a better route exists, and logging them allows one to consider making such a change, perhaps after consulting with the network administrators.



Redesigning the network is probably the wrong thing to do.







share|improve this answer










New contributor




JCRM is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.









share|improve this answer



share|improve this answer








edited Dec 6 at 11:24





















New contributor




JCRM is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.









answered Dec 6 at 8:46









JCRM

1612




1612




New contributor




JCRM is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.





New contributor





JCRM is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.






JCRM is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.












  • Absolutely: Sometimes configuration simplicity is much, much, more important than packet efficiency. I've seen networks where all routing was static, lots of "suboptmal" routes, traffic low, configuration errors never. Happy network admin kept perfect static routes on central router and that was that. Always keep reference to your own organisation's priorities. Certainly don't redesign a network unless there is an actual problem
    – jonathanjo
    Dec 6 at 10:18










  • thanks for fixing they typo @jonathanjo
    – JCRM
    Dec 6 at 11:23










  • "on a modern network both of these "costs" will be negligible" - yes, but only as long as there's ample link bandwidth (which you might include in "modern" ;-).
    – Zac67
    Dec 6 at 18:40










  • Static routes on hosts? shudder simple, yes, but very hard to capture
    – Benjamin Dale
    Dec 6 at 21:51


















  • Absolutely: Sometimes configuration simplicity is much, much, more important than packet efficiency. I've seen networks where all routing was static, lots of "suboptmal" routes, traffic low, configuration errors never. Happy network admin kept perfect static routes on central router and that was that. Always keep reference to your own organisation's priorities. Certainly don't redesign a network unless there is an actual problem
    – jonathanjo
    Dec 6 at 10:18










  • thanks for fixing they typo @jonathanjo
    – JCRM
    Dec 6 at 11:23










  • "on a modern network both of these "costs" will be negligible" - yes, but only as long as there's ample link bandwidth (which you might include in "modern" ;-).
    – Zac67
    Dec 6 at 18:40










  • Static routes on hosts? shudder simple, yes, but very hard to capture
    – Benjamin Dale
    Dec 6 at 21:51
















Absolutely: Sometimes configuration simplicity is much, much, more important than packet efficiency. I've seen networks where all routing was static, lots of "suboptmal" routes, traffic low, configuration errors never. Happy network admin kept perfect static routes on central router and that was that. Always keep reference to your own organisation's priorities. Certainly don't redesign a network unless there is an actual problem
– jonathanjo
Dec 6 at 10:18




Absolutely: Sometimes configuration simplicity is much, much, more important than packet efficiency. I've seen networks where all routing was static, lots of "suboptmal" routes, traffic low, configuration errors never. Happy network admin kept perfect static routes on central router and that was that. Always keep reference to your own organisation's priorities. Certainly don't redesign a network unless there is an actual problem
– jonathanjo
Dec 6 at 10:18












thanks for fixing they typo @jonathanjo
– JCRM
Dec 6 at 11:23




thanks for fixing they typo @jonathanjo
– JCRM
Dec 6 at 11:23












"on a modern network both of these "costs" will be negligible" - yes, but only as long as there's ample link bandwidth (which you might include in "modern" ;-).
– Zac67
Dec 6 at 18:40




"on a modern network both of these "costs" will be negligible" - yes, but only as long as there's ample link bandwidth (which you might include in "modern" ;-).
– Zac67
Dec 6 at 18:40












Static routes on hosts? shudder simple, yes, but very hard to capture
– Benjamin Dale
Dec 6 at 21:51




Static routes on hosts? shudder simple, yes, but very hard to capture
– Benjamin Dale
Dec 6 at 21:51


















draft saved

draft discarded




















































Thanks for contributing an answer to Network Engineering Stack Exchange!


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.





Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


Please pay close attention to the following guidance:


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fnetworkengineering.stackexchange.com%2fquestions%2f55235%2fare-icmp-redirect-messages-really-bad%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







Popular posts from this blog

"Incorrect syntax near the keyword 'ON'. (on update cascade, on delete cascade,)

Alcedinidae

Origin of the phrase “under your belt”?