ICMP redirect supported on LTM VE ?

Hi, I appreciate that this thread is quite old already, but I want to follow up anyway. I once raised a similar request towards support. I would really love to see this implemented in iRules, for example. SIDEBAND, for example, is able to establish tcp sessions and send udp datagram. This could be extended to also be able to send crafted icmp messages. Did anybody raise a request like this with support as well? Did anybody find a different solution to this? Regards, Matt

Hi, I am not trying to achieve resilience by sending icmp redirects. I don't think that Eli was either.

I have a bunch of servers. Each of them has their default-gateway pointing to the Loadbalancer in order to be able to receive non-snatted, loadbalancened traffic to their single one IP address. There is also a firewall in this subnet: Assume Server A initiating a tcp-session with Server B in order to send a big file. It sends the SYN to the loadbalancer which would forward according to its config. All traffic from Server A to Server B would have to pass the BigIP. By making the bigip send icmp redirects for specific hosts, it could make the server install temporary routes pointing to the firewall for this and subsequent transmissions.

There is an iRule Command "SIDEBAND" that can be used to craft udp datagrams. I guess I will raise an RFE to also be able to craft icmp datagrams there.

Cheers, Matt

To me, the answer is quite easy: Administrative overhead. It's static routes to maintain on hundreds of servers vs. one iRule containing three lines of code configured on a central point in the network. And personally, I don't see a reason why udp and even tcp are available in iRules with sideband, and icmp is not, it should be relatively easy to implement, and low-cost with regards to resource-consumption on the LTM.

Hello, Has anyone figured out how to do ICMP redirect with F5? using a command? or irule?

Thanks. Regards, -lmn