Time Exceeded ICMP Message

The CCNA exam requires that you understand how routing protocols avoid creating routing loops. However, if a loop occurs, the Time To Live (TTL) field in the IP header is used to time out looping packets so that the packets do not loop forever.

The Time Exceeded ICMP message is used in conjunction with the IP TTL header field. One of the two codes for Time Exceeded will be described here—namely, the Time To Live (TTL) code option.

An analogy for Time Exceeded may help. In the 1970s, a science fiction movie called Logan's Run was created. When they turned 30, citizens on this planet participated in a religious ceremony in which they were cremated; the reason was for population control. Logan turned 30 and decided that he did not like the rules—so he ran.

The TTL field in the IP header is like the counter used for citizens in Logan's Run. When the counter expires, so does the packet. Each router decrements the TTL field in each packet header. (The router does not actually calculate a time that should be decremented; it just decrements by 1.) However, if TTL decrements to 0, the packet is discarded. (For those who remember Logan's Run, you can think of TTL as the Logan's Run field.)

The TTL exceeded option is used in a message generated by the router that discards the packet when TTL expires. The router sends the "ICMP Time Exceeded, code Time To Live Exceeded" message to the originator of the discarded packet. TTL is used to ensure that packets that are looping do not do so forever. TTL exceeded lets the originating host know that a routing loop may be occurring.

The trace command uses the "TTL exceeded" message to its advantage. By purposefully sending IP packets (with a UDP transport layer) with TTL set to 1, an "ICMP Time Exceeded" message is returned by the first router in the route. That's because that router decrements TTL to 0, causing it to discard the packet, and also sends the "TTL exceeded" message. The trace command learns the IP address of the first router by receiving the "TTL exceeded" message from that router. (The trace command actually sends three successive packets with TTL=1.) Another set of three IP packets, this time with TTL=2, is sent by the trace command. The first router forwards these packets, but the second router discards it and sends a "TTL exceeded" message as well. Eventually, a set of packets is delivered to the destination, which sends back an "ICMP port unreachable" message. The original packets sent by the host trace command use a destination port number that is very unlikely to be used so that the destination host will return the "port unreachable" message. The "ICMP port unreachable" message signifies that the packets reached the true destination host, without having TTL exceeded. Example 5-1 shows a trace command from a router (Router A) that is one hop away from a host; another router (Router B) has debug ip icmp enabled, which shows the resulting TTL exceeded messages. The commands were performed in the network in Figure 5-13.

Example 5-1 ICMP debug on Router B, When Running trace Command on Router A

RouterA#trace 10.1.2.14

Type escape sequence to abort.

Tracing the route to 10.1.2.

14

1 10.1.3.253 8 msec 4 msec

4 msec

2 10.1.2.14 12 msec 8 msec

4 msec

RouterA#

RouterB#

ICMP: time exceeded (time to

live) sent

to

10

.1

3

251

(dest

was

10

.1

.2.

14)

ICMP: time exceeded (time to

live) sent

to

10

.1

3

251

(dest

was

10

.1

.2.

14)

ICMP: time exceeded (time to

live) sent

to

10

.1

3

251

(dest

was

10

.1

.2.

14)

+1 0

Post a comment