Internet Control Message Protocol

Earlier in this chapter, you read about how to configure IP addresses and how to perform some basic troubleshooting. For troubleshooting, you have seen how to look at the routing table with the show ip route command, how to look at interface status with several options on the show interfaces command, and how to use standard and extended ping commands for basic troubleshooting.

TCP/IP includes a protocol specifically to help manage and control the operation of a TCP/IP network, called the Internet Control Message Protocol (ICMP). The ICMP protocol provides a wide variety of information about the health and operational status of a network. Control Message is the most descriptive part of the name—ICMP defines messages that helps control and manage the work of IP and, therefore, is considered to be part of TCP/IP's network layer. Because ICMP helps control IP, it can provide useful troubleshooting information. In fact, the ICMP messages sit inside an IP packet, with no transport layer header at all-so it is truly just an extension of the TCP/IP network layer.

RFC 792 defines ICMP and includes the following excerpt, which describes the protocol well:

Occasionally a gateway (router) or destination host will communicate with a source host, for example, to report an error in datagram processing. For such purposes, this protocol, the Internet Control Message Protocol (ICMP), is used. ICMP uses the basic support of IP as if it were a higher level protocol; however, ICMP is actually an integral part of IP and must be implemented by every IP module.

ICMP uses messages to accomplish its tasks. Many of these messages are used in even the smallest IP network. Table 13-4 lists several ICMP messages.

Table 13-4 ICMP Message Types

Message

Purpose

Destination unreachable

This tells the source host that there is a problem delivering a packet.

Time exceeded

The time that it takes a packet to be delivered has expired; the packet has been discarded.

Redirect

The router sending this message has received some packet for which another router would have had a better route; the message tells the sender to use the better route.

Echo

This is used by the ping command to verify connectivity.

ICMP Echo Request and Echo Reply

The ICMP echo request and echo reply messages are sent and received by the ping command. In fact, when people say that they "sent a ping packet," they really mean that they sent an ICMP echo request. These two messages are very self-explanatory. The echo request simply means that the host to which it is addressed should reply to the packet. The echo reply is the ICMP message type that should be used in the reply. The echo request includes some data that can be specified by the ping command; whatever data is sent in the echo request is sent back in the echo reply.

Example 13-8 shows two ping commands testing IP connectivity from Albuquerque to Yosemite. Figure 13-2 precedes the example, as a reminder of the topology and IP addresses in the network.

Figure 13-2 Sample Network Used for ping Example

Bugs Daffy a

110.1.1.251

10.1.128.252 s0

10.1.128.252 s0

10.1.129.0

Yosemite 10.1.2.252

10.1.129.252 S1

Seville d a.

Seville

10.1.129.253

10.1.3.253

10.1.3.0

V

Elmer Red

Example 13-8 Example with One Working ping, and One Failing ping Albuquerque#show ip route

Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route

Gateway of last resort is not set

10.0.0.0/24 is subnetted, 3 subnets

C 10.1.1.0 is directly connected, Ethernet0

C 10.1.130.0 is directly connected, Serial1

C 10.1.128.0 is directly connected, Serial0

Albuquerque#ping 10.1.128.252 Type escape sequence to abort.

Example 13-8 Example with One Working ping, and One Failing ping

Sending 5, 100-byte ICMP Echos to 10.1.128.252, timeout is 2 seconds:

Example 13-8 Example with One Working ping, and One Failing ping

Sending 5, 100-byte ICMP Echos to 10.1.128.252, timeout is 2 seconds:

Illll

Success rate is 100 percent (5/5)

round-trip

min/avg/max = 4/4/8 ms

Albuquerque#ping 10.1.2.252

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to

10.1.2.252,

timeout is 2 seconds:

Success rate is 0 percent (0/5)

The ping command sends a packet to the stated destination address. The TCP/IP software at the destination then replies to the ping packet with a similar packet. The ping command sends the first packet and waits on the response. If a response is received, the command displays an exclamation mark (!). If no response is received within the default timeout of 2 seconds, the ping command displays a period (.). The IOS ping command sends five of these packets by default.

In Example 13-8, the ping 10.1.128.2 command works, but the ping 10.1.2.252 command does not. The first ping command works because Albuquerque has a route to the subnet in which 10.1.128.2 resides (subnet 10.1.128.0). However, the second ping to 10.1.2.252 does not work because the subnet in which 10.1.2.252 resides, subnet 10.1.2.0, is not connected to Albuquerque, so Albuquerque does not have a route to that subnet. So, none of the five ping packets works, resulting in five periods in the output of the ping command. (The ping would have worked if a routing protocol had been implemented successfully in this network.) Had these routers been using a routing protocol, the correct routes would have been known, and the second ping would have worked.

The ping command itself supplies many creative ways to use echo requests and replies. For instance, the ping command enables you to specify the length as well as the source and destination addresses, and it also enables you to set other fields in the IP header.

Destination Unreachable ICMP Message

The ICMP Destination Unreachable message is sent when a message cannot be delivered completely to the application at the destination host. Because packet delivery can fail for many reasons, there are five separate unreachable functions (codes) using this single ICMP unreachable message. All five code types pertain directly to an IP, TCP, or UDP feature. The network shown in Figure 13-3 helps you understand them.

Figure 13-3 Sample Network for Discussing ICMP Unreachable Codes

Fred

Assume that Fred is trying to connect to the web server, called Web. (Web uses HTTP, which in turn uses TCP as the transport layer protocol.) Three of the ICMP unreachable codes can possibly be used by Routers A and B. The other two codes are used by the web server. These ICMP codes are sent to Fred as a result of the packet originally sent by Fred.

Table 13-5 summarizes the more common ICMP unreachable codes. After the table, the text explains how each ICMP code might be needed for the network in Figure 13-3.

Table 13-5 ICMP Unreachable Codes

Unreachable Code

When It Is Used

What It Typically Is Sent By

Network unreachable

There is no match in a routing table for the packet's destination.

Router

Host unreachable

The packet can be routed to a router connected to the destination subnet, but the host is not responding.

Router

Can't fragment

The packet has the Don't Fragment bit set, and a router must fragment to forward the packet.

Router

continues continues

Table 13-5 ICMP Unreachable Codes (Continued)

Unreachable Code

When It Is Used

What It Typically Is Sent By

Protocol unreachable

The packet is delivered to the destination host, but the transport layer protocol is not available on that host.

Endpoint host

Port unreachable

The packet is delivered to the destination host, but the destination port has not been opened by an application.

Endpoint host

The following list explains each code in Table 8-8 in greater detail using the network in

Figure 13-3 as an example:

■ Network unreachable—Router A uses this code if it does not have a route telling it where to forward the packet. In this case, Router A needs a route to subnet 10.1.2.0. Router A sends Fred the ICMP Destination Unreachable message with the code "network unreachable" in response to Fred's packet destined for 10.1.2.14.

■ Host unreachable—This code implies that the single destination host is unavailable. If Router A has a route to 10.1.2.0, the packet is delivered to Router B. However, if the web server is down, Router B does not get an ARP reply from the web server. Router B sends Fred the ICMP Destination Unreachable message with the code "host unreachable" in response to Fred's packet destined for 10.1.2.14.

■ Can't fragment—This code is the last of the three ICMP unreachable codes that a router might send. Fragmentation defines the process in which a router needs to forward a packet, but the outgoing interface allows only packets that are smaller than the forwarded packet. The router can break the packet into pieces. However, if Router A or B needs to fragment the packet but the Do Not Fragment bit is set in the IP header, the router discards the packet. Router A or B sends Fred the ICMP Destination Unreachable message with the code "can't fragment" in response to Fred's packet destined for 10.1.2.14.

■ Protocol unreachable—If the packet successfully arrives at the web server, two other unreachable codes are possible. One implies that the protocol above IP, typically TCP or UDP, is not running on that host. This is highly unlikely, because most operating systems that use TCP/IP use a single software package that provides IP, TCP, and UDP functions. But if the host receives the IP packet and TCP or UDP is unavailable, the web server host sends Fred the ICMP Destination Unreachable message with the code "protocol unreachable" in response to Fred's packet destined for 10.1.2.14.

■ Port unreachable—The final code field value is more likely today. If the server is up but the web server software is not running, the packet can get to the server but cannot be delivered to the web server software. The web server host sends Fred the ICMP Destination Unreachable message with the code "port unreachable" in response to Fred's packet destined for 10.1.2.14.

One key to troubleshooting with the ping command is understanding the various codes the command uses to signify the various responses it can receive. Table 13-6 lists the various codes that the Cisco IOS software ping command can supply.

Table 13-6 Codes That the ping Command Receives in Response to Its ICMP Echo Request

ping Command Code

Description

!

ICMP Echo Reply received

Nothing was received before the ping command timed out

U

ICMP unreachable (destination) received

N

ICMP unreachable (network) received

P

ICMP unreachable (port) received

Q

ICMP source quench received

M

ICMP Can't Fragment message received

?

Unknown packet received

Was this article helpful?

0 0

Post a comment