If you have old network design like route-on-a-stick although L3 switch was present. Basically, all Switch Virtual Interfaces(SVIs) for the VLANs are on the router. It might be okay until Microsoft Windows Deployment System(WDS) on the network for Laptop imaging. Probably someone noticed that Internet got slow and Cisco Call Manager Express(Built-in Cisco IP PBX) is not working and so on. Main reason is that all the traffic between VLANs are passing thru the router. It make CPU spike to %100. Also, router is not for the L2 traffic switch like switch, whole performance will be dropping down big time.
How you are going to resolve this issue? Especially, if network design is not a option. ICMP redirection message would be the one of simple Swiss knife.
We know what is ICMP redirect messages that are used by routers to notify the hosts on the data link that a better route is available for a particular destination.
When does router send ICMP Redirects message? All the following conditions are met:
- The packet is being forwarded out the same physical/logical interface that it was received from.
- The source IP address in the packet is on the same Logical IP network as the next-hop IP address.
- The packet does not contain an IP source route option on the router.
- IP redirect is enable on the interface.(Default)
Back to the original question, how to avoid burst traffic between VLANs by ICMP redirection message?
There are few trick configurations that make router think destiantion is reaching out same physical path. How? using static route or Policy Based Routing(PBR). Here is example.
Option#1. Using static route; It will make route to generate ICMP Redirection message.
Note;
VLAN10 SVI on the router : 10.10.10.1/24
VLAN10 SVI on the switch : 10.10.10.2/24
VLAN20 SVI on the router : 20.20.20.1/24
VLAN20 SVI on the switch :20.20.20.2/24
- Create SVI interfaces on the L3 switch and assign x.x.x.2 (if x.x.x.1 is assigned on Router)
- Enable “ip routing” on the L3 switch
- Add ip route 0.0.0.0 0.0.0.0 and point out to x.x.x.1 on the L3 switch
- Static route for all VLANs to SVI interface of L3.
ip route 20.20.20.0 255.255.255.0 10.10.10.2
ip route 20.20.20.128 255.255.255.128 10.10.10.2
ip route 10.10.10.0 255.255.255.0 10.10.10.2
ip route 10.10.10.128 255.255.255.128 10.10.10.2
* Reason why /25? more specific route is more preferred route by routing decision.
Option#2. Using PBR; It will make route to generate ICMP Redirection message.
Note;
VLAN10 SVI on the router : 10.10.10.1/24
VLAN10 SVI on the switch : 10.10.10.2/24
VLAN20 SVI on the router : 20.20.20.1/24
VLAN20 SVI on the switch :20.20.20.2/24
- Create SVI interfaces on the L3 switch and assign x.x.x.2 (if x.x.x.1 is assigned on Router)
- Enable “ip routing” on the L3 switch
- Add ip route 0.0.0.0 0.0.0.0 and point out to x.x.x.1 on the L3 switch
- Apply Policy Based Routing (PBR)
- Create ACL
access-list 100 ip permit 10.10.10.0 0.0.0.255 20.20.20.0 0.0.0.255
access-list 101 ip permit 20.20.20.0.0 0.0.0.255 10.10.10.0 0.0.0.255
2. Create route-map
route-map VLAN10TOVLAN20 permit 10
match ip address 100
set ip next-hop 10.10.10.2
route-map VLAN10TOVLAN20 permit 20
route-map VLAN20TOVLAN10 permit 10
match ip address 101
set ip next-hop 20.20.20.2
route-map VLAN20TOVLAN10 permit 20
The www.ipBalance.com runs by a volunteer group with IT professionals and experts at least over 25 years of experience developing and troubleshooting IT in general. ipBalance.com is a free online resource that offers IT tutorials, tools, product reviews, and other resources to help you and your need.
