Switches, Hubs, and Modems
cancel
Showing results for 
Search instead for 
Did you mean: 

5308 & icmp type 5 flood

SOLVED
Go to solution
Matt Chan
Occasional Contributor

5308 & icmp type 5 flood

Hi All,

Hope someone has a suggestion on how to resolve a small problem I'm seeing.

Have a network infrastructure consisting of 2 x 5308XL using xrrp failover connecting 4 HP C7000 blade chassis using nortel GBe2c switches, all seems to be functioning ok but we are seeing massive volumes of icmp type 5 traffic which appears to be coming from the primaray 5308's management IP.

The traffic eventually gets routed to the boundary firewall which drops & logs it, the destination address is in 169.254.x.x but I really do not understand why the switch would be sending such traffic.

Any ideas or suggestions would be appreciated.

Cheers
Matt
4 REPLIES
Olaf Borowski
Respected Contributor
Solution

Re: 5308 & icmp type 5 flood

Matt,
ICMP type 5 are redirects which means:

The ICMP redirect message indicates that the gateway to which the host sent the datagram is no longer the best gateway to reach the net in question. The gateway will have forwarded the datagram, but the host should revise its routing table to have a different immediate address for this net.

The address looks like a Windows PC that can't get an address via DHCP and it falls back to using a 169.x.x.x address.
Find the MAC address of the device sending this and stop it there.
Matt Chan
Occasional Contributor

Re: 5308 & icmp type 5 flood

Hi Olaf,

thanks for the info, do you know if the mac address will be in the data portion of the packets?

Cheers
Matt
Olaf Borowski
Respected Contributor

Re: 5308 & icmp type 5 flood

Matt,

yes, it should be (source mac) but you can also do a "show arp" on the 53xx and look for the 169.x.x.x address.
Matt Chan
Occasional Contributor

Re: 5308 & icmp type 5 flood

Hi Olaf, thanks for the help!

sh arp didn't turn up anything recognisable as the 169.254.x.x address in question however, it appears there are two "issues" one is that the icmp type 5 packets are correct, the boundary firewall is not using the most efficient path, thus the switch is letting it know. Secondly, since a firmware update the firewall is now seeing these packets on its HA interface and rejecting them causing the logging problem.

Thanks again for pointing me in the right direction.

Cheers
Matt