Are ICMP Redirect messages really bad?
up vote
7
down vote
favorite
Due to potential for MITM attack, ICMP redirect messages should be blocked. However, the original purpose of the ICMP redirect message is to inform the host of a better router (or gateway).
Then, is there a speed issue with disabling ICMP redirect messages on the host? Or is it negligible?
icmp
add a comment |
up vote
7
down vote
favorite
Due to potential for MITM attack, ICMP redirect messages should be blocked. However, the original purpose of the ICMP redirect message is to inform the host of a better router (or gateway).
Then, is there a speed issue with disabling ICMP redirect messages on the host? Or is it negligible?
icmp
In a properly configured network, redirects don't happen and aren't necessary. Strict adherence to rules would see the packet dropped -- never forward a packet out the interface on which it was received, but no one has done that for decades. Redirects cannot be trusted, so most hosts don't honor them, so most admins config their routers to no bother sending them.
– Ricky Beam
Dec 6 at 13:26
add a comment |
up vote
7
down vote
favorite
up vote
7
down vote
favorite
Due to potential for MITM attack, ICMP redirect messages should be blocked. However, the original purpose of the ICMP redirect message is to inform the host of a better router (or gateway).
Then, is there a speed issue with disabling ICMP redirect messages on the host? Or is it negligible?
icmp
Due to potential for MITM attack, ICMP redirect messages should be blocked. However, the original purpose of the ICMP redirect message is to inform the host of a better router (or gateway).
Then, is there a speed issue with disabling ICMP redirect messages on the host? Or is it negligible?
icmp
icmp
edited Dec 6 at 9:34
Maximillian Laumeister
1034
1034
asked Dec 6 at 0:48
baeharam
753
753
In a properly configured network, redirects don't happen and aren't necessary. Strict adherence to rules would see the packet dropped -- never forward a packet out the interface on which it was received, but no one has done that for decades. Redirects cannot be trusted, so most hosts don't honor them, so most admins config their routers to no bother sending them.
– Ricky Beam
Dec 6 at 13:26
add a comment |
In a properly configured network, redirects don't happen and aren't necessary. Strict adherence to rules would see the packet dropped -- never forward a packet out the interface on which it was received, but no one has done that for decades. Redirects cannot be trusted, so most hosts don't honor them, so most admins config their routers to no bother sending them.
– Ricky Beam
Dec 6 at 13:26
In a properly configured network, redirects don't happen and aren't necessary. Strict adherence to rules would see the packet dropped -- never forward a packet out the interface on which it was received, but no one has done that for decades. Redirects cannot be trusted, so most hosts don't honor them, so most admins config their routers to no bother sending them.
– Ricky Beam
Dec 6 at 13:26
In a properly configured network, redirects don't happen and aren't necessary. Strict adherence to rules would see the packet dropped -- never forward a packet out the interface on which it was received, but no one has done that for decades. Redirects cannot be trusted, so most hosts don't honor them, so most admins config their routers to no bother sending them.
– Ricky Beam
Dec 6 at 13:26
add a comment |
2 Answers
2
active
oldest
votes
up vote
8
down vote
accepted
ICMP re-directs are most often seen when you have a host or router A
in the same subnet with two other routers B
& C
and connectivity to both. Consider the following network:
|__192.168.1.0/24__|
| | |
|
| |___192.168.8.0/24__|
| | | |
B C
|____|_____|____|
| | |
A
A
will have a route (most likely a default) pointing to B
, and B
will have a more specific route to a 192.168.8.0/24
pointing to C
.
Without ICMP redirects, all traffic from A
to 192.168.8.0/24
will be routed A->B->C
With ICMP re-direct enabled, B
will inform A
that C
is a better next-hop and subsequent traffic will be routed A->C
.
Obviously B is an extra hop and depending on what kind of box it is, it may introduce extra latency.
Disabling ICMP-Redirects and redesigning the network to avoid this situation entirely would be the preferred solution eg:
|__192.168.1.0/24__|
| | |
|
| |___192.168.8.0/24__|
| | | |
B-----C
|____|__________|
| | |
A
(or remove C
entirely and hang 192.168.8.0/24 directly off B
).
Then, what you mean is that structure of network is more important than ICMP redirect?
– baeharam
Dec 6 at 1:19
ICMP redirect indicates that there is sub-optimal routing configured and tries to resolve this - IMO this is a design problem
– Benjamin Dale
Dec 6 at 4:47
1
Actually, your redesign just removes the possibility of using an ICMP redirect to optimize the route - all you get is an unavoidable A->B->C route and back(!). An optimizing redesign should remove C and connect its subnet/link to B.
– Zac67
Dec 6 at 18:35
Yes - this did occur to me when I was doing the redesign : ) But I figured that removing C might have changed things too much - sometimes C might be an unavoidable requirement (provider/3rd-part NTU to another network etc.)
– Benjamin Dale
Dec 6 at 21:49
add a comment |
up vote
6
down vote
ICMP redirect is a remnant from an era of trust - partly because networked machines had administrators and BYOD was unimaginable.
Ignoring the redirect on the client means it will continue to be sent through the less efficient gateway. This will lead to unnecessary work by that router, and unnecessary traffic on its interface, slightly reducing performance for everyone using that gateway.
It will also increase the latency for the client, as each packet has to take an extra hop.
However, in the general case, on a modern network both of these "costs" will be negligible.
The ideal way of resolving the issue is for a route to be added on the client to use the correct gateway. ICMP redirect provided a way for it to happen automatically, but probably shouldn't be trusted - but they remain a clue that a better route exists, and logging them allows one to consider making such a change, perhaps after consulting with the network administrators.
Redesigning the network is probably the wrong thing to do.
New contributor
Absolutely: Sometimes configuration simplicity is much, much, more important than packet efficiency. I've seen networks where all routing was static, lots of "suboptmal" routes, traffic low, configuration errors never. Happy network admin kept perfect static routes on central router and that was that. Always keep reference to your own organisation's priorities. Certainly don't redesign a network unless there is an actual problem
– jonathanjo
Dec 6 at 10:18
thanks for fixing they typo @jonathanjo
– JCRM
Dec 6 at 11:23
"on a modern network both of these "costs" will be negligible" - yes, but only as long as there's ample link bandwidth (which you might include in "modern" ;-).
– Zac67
Dec 6 at 18:40
Static routes on hosts? shudder simple, yes, but very hard to capture
– Benjamin Dale
Dec 6 at 21:51
add a comment |
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
8
down vote
accepted
ICMP re-directs are most often seen when you have a host or router A
in the same subnet with two other routers B
& C
and connectivity to both. Consider the following network:
|__192.168.1.0/24__|
| | |
|
| |___192.168.8.0/24__|
| | | |
B C
|____|_____|____|
| | |
A
A
will have a route (most likely a default) pointing to B
, and B
will have a more specific route to a 192.168.8.0/24
pointing to C
.
Without ICMP redirects, all traffic from A
to 192.168.8.0/24
will be routed A->B->C
With ICMP re-direct enabled, B
will inform A
that C
is a better next-hop and subsequent traffic will be routed A->C
.
Obviously B is an extra hop and depending on what kind of box it is, it may introduce extra latency.
Disabling ICMP-Redirects and redesigning the network to avoid this situation entirely would be the preferred solution eg:
|__192.168.1.0/24__|
| | |
|
| |___192.168.8.0/24__|
| | | |
B-----C
|____|__________|
| | |
A
(or remove C
entirely and hang 192.168.8.0/24 directly off B
).
Then, what you mean is that structure of network is more important than ICMP redirect?
– baeharam
Dec 6 at 1:19
ICMP redirect indicates that there is sub-optimal routing configured and tries to resolve this - IMO this is a design problem
– Benjamin Dale
Dec 6 at 4:47
1
Actually, your redesign just removes the possibility of using an ICMP redirect to optimize the route - all you get is an unavoidable A->B->C route and back(!). An optimizing redesign should remove C and connect its subnet/link to B.
– Zac67
Dec 6 at 18:35
Yes - this did occur to me when I was doing the redesign : ) But I figured that removing C might have changed things too much - sometimes C might be an unavoidable requirement (provider/3rd-part NTU to another network etc.)
– Benjamin Dale
Dec 6 at 21:49
add a comment |
up vote
8
down vote
accepted
ICMP re-directs are most often seen when you have a host or router A
in the same subnet with two other routers B
& C
and connectivity to both. Consider the following network:
|__192.168.1.0/24__|
| | |
|
| |___192.168.8.0/24__|
| | | |
B C
|____|_____|____|
| | |
A
A
will have a route (most likely a default) pointing to B
, and B
will have a more specific route to a 192.168.8.0/24
pointing to C
.
Without ICMP redirects, all traffic from A
to 192.168.8.0/24
will be routed A->B->C
With ICMP re-direct enabled, B
will inform A
that C
is a better next-hop and subsequent traffic will be routed A->C
.
Obviously B is an extra hop and depending on what kind of box it is, it may introduce extra latency.
Disabling ICMP-Redirects and redesigning the network to avoid this situation entirely would be the preferred solution eg:
|__192.168.1.0/24__|
| | |
|
| |___192.168.8.0/24__|
| | | |
B-----C
|____|__________|
| | |
A
(or remove C
entirely and hang 192.168.8.0/24 directly off B
).
Then, what you mean is that structure of network is more important than ICMP redirect?
– baeharam
Dec 6 at 1:19
ICMP redirect indicates that there is sub-optimal routing configured and tries to resolve this - IMO this is a design problem
– Benjamin Dale
Dec 6 at 4:47
1
Actually, your redesign just removes the possibility of using an ICMP redirect to optimize the route - all you get is an unavoidable A->B->C route and back(!). An optimizing redesign should remove C and connect its subnet/link to B.
– Zac67
Dec 6 at 18:35
Yes - this did occur to me when I was doing the redesign : ) But I figured that removing C might have changed things too much - sometimes C might be an unavoidable requirement (provider/3rd-part NTU to another network etc.)
– Benjamin Dale
Dec 6 at 21:49
add a comment |
up vote
8
down vote
accepted
up vote
8
down vote
accepted
ICMP re-directs are most often seen when you have a host or router A
in the same subnet with two other routers B
& C
and connectivity to both. Consider the following network:
|__192.168.1.0/24__|
| | |
|
| |___192.168.8.0/24__|
| | | |
B C
|____|_____|____|
| | |
A
A
will have a route (most likely a default) pointing to B
, and B
will have a more specific route to a 192.168.8.0/24
pointing to C
.
Without ICMP redirects, all traffic from A
to 192.168.8.0/24
will be routed A->B->C
With ICMP re-direct enabled, B
will inform A
that C
is a better next-hop and subsequent traffic will be routed A->C
.
Obviously B is an extra hop and depending on what kind of box it is, it may introduce extra latency.
Disabling ICMP-Redirects and redesigning the network to avoid this situation entirely would be the preferred solution eg:
|__192.168.1.0/24__|
| | |
|
| |___192.168.8.0/24__|
| | | |
B-----C
|____|__________|
| | |
A
(or remove C
entirely and hang 192.168.8.0/24 directly off B
).
ICMP re-directs are most often seen when you have a host or router A
in the same subnet with two other routers B
& C
and connectivity to both. Consider the following network:
|__192.168.1.0/24__|
| | |
|
| |___192.168.8.0/24__|
| | | |
B C
|____|_____|____|
| | |
A
A
will have a route (most likely a default) pointing to B
, and B
will have a more specific route to a 192.168.8.0/24
pointing to C
.
Without ICMP redirects, all traffic from A
to 192.168.8.0/24
will be routed A->B->C
With ICMP re-direct enabled, B
will inform A
that C
is a better next-hop and subsequent traffic will be routed A->C
.
Obviously B is an extra hop and depending on what kind of box it is, it may introduce extra latency.
Disabling ICMP-Redirects and redesigning the network to avoid this situation entirely would be the preferred solution eg:
|__192.168.1.0/24__|
| | |
|
| |___192.168.8.0/24__|
| | | |
B-----C
|____|__________|
| | |
A
(or remove C
entirely and hang 192.168.8.0/24 directly off B
).
answered Dec 6 at 1:09
Benjamin Dale
6,2991036
6,2991036
Then, what you mean is that structure of network is more important than ICMP redirect?
– baeharam
Dec 6 at 1:19
ICMP redirect indicates that there is sub-optimal routing configured and tries to resolve this - IMO this is a design problem
– Benjamin Dale
Dec 6 at 4:47
1
Actually, your redesign just removes the possibility of using an ICMP redirect to optimize the route - all you get is an unavoidable A->B->C route and back(!). An optimizing redesign should remove C and connect its subnet/link to B.
– Zac67
Dec 6 at 18:35
Yes - this did occur to me when I was doing the redesign : ) But I figured that removing C might have changed things too much - sometimes C might be an unavoidable requirement (provider/3rd-part NTU to another network etc.)
– Benjamin Dale
Dec 6 at 21:49
add a comment |
Then, what you mean is that structure of network is more important than ICMP redirect?
– baeharam
Dec 6 at 1:19
ICMP redirect indicates that there is sub-optimal routing configured and tries to resolve this - IMO this is a design problem
– Benjamin Dale
Dec 6 at 4:47
1
Actually, your redesign just removes the possibility of using an ICMP redirect to optimize the route - all you get is an unavoidable A->B->C route and back(!). An optimizing redesign should remove C and connect its subnet/link to B.
– Zac67
Dec 6 at 18:35
Yes - this did occur to me when I was doing the redesign : ) But I figured that removing C might have changed things too much - sometimes C might be an unavoidable requirement (provider/3rd-part NTU to another network etc.)
– Benjamin Dale
Dec 6 at 21:49
Then, what you mean is that structure of network is more important than ICMP redirect?
– baeharam
Dec 6 at 1:19
Then, what you mean is that structure of network is more important than ICMP redirect?
– baeharam
Dec 6 at 1:19
ICMP redirect indicates that there is sub-optimal routing configured and tries to resolve this - IMO this is a design problem
– Benjamin Dale
Dec 6 at 4:47
ICMP redirect indicates that there is sub-optimal routing configured and tries to resolve this - IMO this is a design problem
– Benjamin Dale
Dec 6 at 4:47
1
1
Actually, your redesign just removes the possibility of using an ICMP redirect to optimize the route - all you get is an unavoidable A->B->C route and back(!). An optimizing redesign should remove C and connect its subnet/link to B.
– Zac67
Dec 6 at 18:35
Actually, your redesign just removes the possibility of using an ICMP redirect to optimize the route - all you get is an unavoidable A->B->C route and back(!). An optimizing redesign should remove C and connect its subnet/link to B.
– Zac67
Dec 6 at 18:35
Yes - this did occur to me when I was doing the redesign : ) But I figured that removing C might have changed things too much - sometimes C might be an unavoidable requirement (provider/3rd-part NTU to another network etc.)
– Benjamin Dale
Dec 6 at 21:49
Yes - this did occur to me when I was doing the redesign : ) But I figured that removing C might have changed things too much - sometimes C might be an unavoidable requirement (provider/3rd-part NTU to another network etc.)
– Benjamin Dale
Dec 6 at 21:49
add a comment |
up vote
6
down vote
ICMP redirect is a remnant from an era of trust - partly because networked machines had administrators and BYOD was unimaginable.
Ignoring the redirect on the client means it will continue to be sent through the less efficient gateway. This will lead to unnecessary work by that router, and unnecessary traffic on its interface, slightly reducing performance for everyone using that gateway.
It will also increase the latency for the client, as each packet has to take an extra hop.
However, in the general case, on a modern network both of these "costs" will be negligible.
The ideal way of resolving the issue is for a route to be added on the client to use the correct gateway. ICMP redirect provided a way for it to happen automatically, but probably shouldn't be trusted - but they remain a clue that a better route exists, and logging them allows one to consider making such a change, perhaps after consulting with the network administrators.
Redesigning the network is probably the wrong thing to do.
New contributor
Absolutely: Sometimes configuration simplicity is much, much, more important than packet efficiency. I've seen networks where all routing was static, lots of "suboptmal" routes, traffic low, configuration errors never. Happy network admin kept perfect static routes on central router and that was that. Always keep reference to your own organisation's priorities. Certainly don't redesign a network unless there is an actual problem
– jonathanjo
Dec 6 at 10:18
thanks for fixing they typo @jonathanjo
– JCRM
Dec 6 at 11:23
"on a modern network both of these "costs" will be negligible" - yes, but only as long as there's ample link bandwidth (which you might include in "modern" ;-).
– Zac67
Dec 6 at 18:40
Static routes on hosts? shudder simple, yes, but very hard to capture
– Benjamin Dale
Dec 6 at 21:51
add a comment |
up vote
6
down vote
ICMP redirect is a remnant from an era of trust - partly because networked machines had administrators and BYOD was unimaginable.
Ignoring the redirect on the client means it will continue to be sent through the less efficient gateway. This will lead to unnecessary work by that router, and unnecessary traffic on its interface, slightly reducing performance for everyone using that gateway.
It will also increase the latency for the client, as each packet has to take an extra hop.
However, in the general case, on a modern network both of these "costs" will be negligible.
The ideal way of resolving the issue is for a route to be added on the client to use the correct gateway. ICMP redirect provided a way for it to happen automatically, but probably shouldn't be trusted - but they remain a clue that a better route exists, and logging them allows one to consider making such a change, perhaps after consulting with the network administrators.
Redesigning the network is probably the wrong thing to do.
New contributor
Absolutely: Sometimes configuration simplicity is much, much, more important than packet efficiency. I've seen networks where all routing was static, lots of "suboptmal" routes, traffic low, configuration errors never. Happy network admin kept perfect static routes on central router and that was that. Always keep reference to your own organisation's priorities. Certainly don't redesign a network unless there is an actual problem
– jonathanjo
Dec 6 at 10:18
thanks for fixing they typo @jonathanjo
– JCRM
Dec 6 at 11:23
"on a modern network both of these "costs" will be negligible" - yes, but only as long as there's ample link bandwidth (which you might include in "modern" ;-).
– Zac67
Dec 6 at 18:40
Static routes on hosts? shudder simple, yes, but very hard to capture
– Benjamin Dale
Dec 6 at 21:51
add a comment |
up vote
6
down vote
up vote
6
down vote
ICMP redirect is a remnant from an era of trust - partly because networked machines had administrators and BYOD was unimaginable.
Ignoring the redirect on the client means it will continue to be sent through the less efficient gateway. This will lead to unnecessary work by that router, and unnecessary traffic on its interface, slightly reducing performance for everyone using that gateway.
It will also increase the latency for the client, as each packet has to take an extra hop.
However, in the general case, on a modern network both of these "costs" will be negligible.
The ideal way of resolving the issue is for a route to be added on the client to use the correct gateway. ICMP redirect provided a way for it to happen automatically, but probably shouldn't be trusted - but they remain a clue that a better route exists, and logging them allows one to consider making such a change, perhaps after consulting with the network administrators.
Redesigning the network is probably the wrong thing to do.
New contributor
ICMP redirect is a remnant from an era of trust - partly because networked machines had administrators and BYOD was unimaginable.
Ignoring the redirect on the client means it will continue to be sent through the less efficient gateway. This will lead to unnecessary work by that router, and unnecessary traffic on its interface, slightly reducing performance for everyone using that gateway.
It will also increase the latency for the client, as each packet has to take an extra hop.
However, in the general case, on a modern network both of these "costs" will be negligible.
The ideal way of resolving the issue is for a route to be added on the client to use the correct gateway. ICMP redirect provided a way for it to happen automatically, but probably shouldn't be trusted - but they remain a clue that a better route exists, and logging them allows one to consider making such a change, perhaps after consulting with the network administrators.
Redesigning the network is probably the wrong thing to do.
New contributor
edited Dec 6 at 11:24
New contributor
answered Dec 6 at 8:46
JCRM
1612
1612
New contributor
New contributor
Absolutely: Sometimes configuration simplicity is much, much, more important than packet efficiency. I've seen networks where all routing was static, lots of "suboptmal" routes, traffic low, configuration errors never. Happy network admin kept perfect static routes on central router and that was that. Always keep reference to your own organisation's priorities. Certainly don't redesign a network unless there is an actual problem
– jonathanjo
Dec 6 at 10:18
thanks for fixing they typo @jonathanjo
– JCRM
Dec 6 at 11:23
"on a modern network both of these "costs" will be negligible" - yes, but only as long as there's ample link bandwidth (which you might include in "modern" ;-).
– Zac67
Dec 6 at 18:40
Static routes on hosts? shudder simple, yes, but very hard to capture
– Benjamin Dale
Dec 6 at 21:51
add a comment |
Absolutely: Sometimes configuration simplicity is much, much, more important than packet efficiency. I've seen networks where all routing was static, lots of "suboptmal" routes, traffic low, configuration errors never. Happy network admin kept perfect static routes on central router and that was that. Always keep reference to your own organisation's priorities. Certainly don't redesign a network unless there is an actual problem
– jonathanjo
Dec 6 at 10:18
thanks for fixing they typo @jonathanjo
– JCRM
Dec 6 at 11:23
"on a modern network both of these "costs" will be negligible" - yes, but only as long as there's ample link bandwidth (which you might include in "modern" ;-).
– Zac67
Dec 6 at 18:40
Static routes on hosts? shudder simple, yes, but very hard to capture
– Benjamin Dale
Dec 6 at 21:51
Absolutely: Sometimes configuration simplicity is much, much, more important than packet efficiency. I've seen networks where all routing was static, lots of "suboptmal" routes, traffic low, configuration errors never. Happy network admin kept perfect static routes on central router and that was that. Always keep reference to your own organisation's priorities. Certainly don't redesign a network unless there is an actual problem
– jonathanjo
Dec 6 at 10:18
Absolutely: Sometimes configuration simplicity is much, much, more important than packet efficiency. I've seen networks where all routing was static, lots of "suboptmal" routes, traffic low, configuration errors never. Happy network admin kept perfect static routes on central router and that was that. Always keep reference to your own organisation's priorities. Certainly don't redesign a network unless there is an actual problem
– jonathanjo
Dec 6 at 10:18
thanks for fixing they typo @jonathanjo
– JCRM
Dec 6 at 11:23
thanks for fixing they typo @jonathanjo
– JCRM
Dec 6 at 11:23
"on a modern network both of these "costs" will be negligible" - yes, but only as long as there's ample link bandwidth (which you might include in "modern" ;-).
– Zac67
Dec 6 at 18:40
"on a modern network both of these "costs" will be negligible" - yes, but only as long as there's ample link bandwidth (which you might include in "modern" ;-).
– Zac67
Dec 6 at 18:40
Static routes on hosts? shudder simple, yes, but very hard to capture
– Benjamin Dale
Dec 6 at 21:51
Static routes on hosts? shudder simple, yes, but very hard to capture
– Benjamin Dale
Dec 6 at 21:51
add a comment |
Thanks for contributing an answer to Network Engineering Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Some of your past answers have not been well-received, and you're in danger of being blocked from answering.
Please pay close attention to the following guidance:
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fnetworkengineering.stackexchange.com%2fquestions%2f55235%2fare-icmp-redirect-messages-really-bad%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
In a properly configured network, redirects don't happen and aren't necessary. Strict adherence to rules would see the packet dropped -- never forward a packet out the interface on which it was received, but no one has done that for decades. Redirects cannot be trusted, so most hosts don't honor them, so most admins config their routers to no bother sending them.
– Ricky Beam
Dec 6 at 13:26