Autoconfiguring level 2 visibility between subnets in a shared network?

John Hascall john at iastate.edu
Thu Jul 27 20:51:22 UTC 2006


> John Hascall wrote:
> >Typically this is something that your router and the routing
> >agents on the clients would handle.  192.168.22.client would
> >send a packet destined for 192.168.33.other to 192.168.22.router
> >and in addition to forwarding the packet the router can send
> >a ICMP redirect back to 192.168.22.client telling it that it
> >can talk directly to 192.168.33.other -- so only the first
> >packet makes the extra hop.

> Something I was going to add - but ...
> .. recently I was setting up a network with two routers and found 
> that at least one of the Windows machines did NOT respond to a 
> redirect (filtered as a security mechanism perhaps ?) I've also never 
> looked into whether the process also works on a shared network - I am 
> familiar with "you can route to X via Y", is there an equivalent ICMP 
> redirect that says "you can route to X via your local interface" ?

I should add that this only works if the router thinks that
192.168.22.X and 192.168.33.X are the same network (a big
supernet in this case).  Sadly, it does not work with
"secondary" interface addresses (to use cisco-speak).

And, yes, it can be a security issue, so I wouldn't be surprised to
see them filtered/ignored despite the RFC 1122's insistence that the
host MUST process them.

John


More information about the dhcp-users mailing list