> Worley, Dale R wrote: > I'm no expert in this, but isn't this what ICMP Redirect messages > are for? Aren't routers required to generate them in these cases? Unfortunately, ICMP redirects are often broken. It is a well-known issue that the introduction of Windows XP SP2 (a while ago) and the Windows Firewall did that. The typical setup was a network with multiple subnets/VLANs and a firewall/NAT/VPN box. The default gateway for the Internet and remote VPN tunnels was the firewall, the default gateway for other VLANs was the L3 switch that was doing the inter-VLAN routing. In theory, the host would send the traffic for a given destination, if the traffic was an inside VLAN the firewall would send the redirect to the host, forward the traffic to the L3 switch, and further traffic would go directly to the L3 switch as the result of the ICMP redirect. Before XP SP2 this was straightforward, a "route print" on the host would indeed show the new route installed by the ICMP redirect. In practice after XP SP2, the result was that the firewall indeed sent the redirect to the host but since the host ignored it and kept sending traffic to the wrong gateway, a large amount of firewall-to-L3switch was present, effectively clogging the network at times. Maintaining a correct routing table in hosts has always been the Achilles' heel of networks with multiple gateways, which is why many enterprise network operators tend to design a one-gateway solution. Michel. _______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf