Ch.

8 TCP/IP Suite Error and

Control Messages (ICMP)

CCNA 2
version 3.1
Overview

IP is a best effort delivery system.

• Data may fail to reach its destination for a variety of reasons, such
as hardware failure, improper configuration, incorrect routing
information or down interfaces.
• IP does not have a built-in mechanism for sending error and control
messages.
• IP also lack a mechanism for host and management queries.
Internet Control Message Protocol (ICMP) was designed to handle
these issues.
2
ICMP

• ICMP messages can be divided into categories (depending

upon the author.
• The Cisco curriculum divides it into:
– Error-Reporting Messages
– Suite Control Messages
3
Internet Control Message Protocol (ICMP)

• IP is an unreliable method for delivery of network data.

• Nothing in its basic design allows IP to notify the sender that a data
transmission has failed.
• Internet Control Message Protocol (ICMP) is the component of the
TCP/IP protocol stack that addresses this basic limitation of IP.
• ICMP does not overcome the unreliability issues in IP.
• Reliability must be provided by upper layer protocols (TCP or the
application) if it is needed. .
4
Error reporting and error
correction
• When datagram delivery errors
occur, ICMP is used to report
these errors back to the source
ICMP X
of the datagram. msg
source
destination

Example
• Workstation 1 is sending a datagram to Workstation 6
• Fa0/0 on Router C goes down
• Router C then utilizes ICMP to send a message back to Workstation 1
indicating that the datagram could not be delivered.
• ICMP does not correct the encountered network problem.
• Router C knows only the source and destination IP addresses of the
datagram, not know about the exact path the datagram took to Router
C, therefore, Router C can only notify Workstation 1 of the failure
• ICMP reports on the status of the delivered packet only to the source
device.
5
ICMP message delivery

ICMP Message

• ICMP messages are encapsulated into datagrams in the same way

any other data is delivered using IP.
• Subject to the same delivery failures as any IP packet.
• This creates a scenario where error reports could generate more error
reports, causing increased congestion on an already ailing network.
• For this reason, errors created by ICMP messages do not generate
their own ICMP messages.
• It is thus possible to have a datagram delivery error that is never
reported back to the sender of the data.
6
 Format of an ICMP
Message
http://www.iana.org/assignments/icmp-parameters

Type Field
Type Name Type Name
---- ------------------------- ---- -------------------------
0 Echo Reply 17 Address Mask Request
1 Unassigned 18 Address Mask Reply
2 Unassigned 19 Reserved (for Security)
3 Destination Unreachable 20-29 Reserved (for Robustness Experiment)
4 Source Quench
30 Traceroute
5 Redirect
31 Datagram Conversion Error
6 Alternate Host Address 32 Mobile Host Redirect
7 Unassigned 33 IPv6 Where-Are-You
8 Echo 34 IPv6 I-Am-Here
9 Router Advertisement 35 Mobile Registration Request
10 Router Solicitation 36 Mobile Registration Reply
11 Time Exceeded 37 Domain Name Request
12 Parameter Problem 38 Domain Name Reply
13 Timestamp 39 SKIP
14 Timestamp Reply 40 Photuris
41-255 Reserved
15 Information Request
16 Information Reply

7
 Format of an ICMP
Message
http://www.iana.org/assignments/icmp-parameters

Many of these ICMP types have a "code"

Code Field field.
Type 3: Destination Unreachable Here are the assigned code fields for Type 3
Destination Unreachable.
Codes
0 Net Unreachable Codes 2 and 3 are created only by the
1 Host Unreachable Destination Host, all others are created only
2 Protocol Unreachable by routers.
3 Port Unreachable
4 Fragmentation Needed and Don't Fragment was Set
5 Source Route Failed
6 Destination Network Unknown
7 Destination Host Unknown
8 Source Host Isolated
9 Communication with Destination Network is Administratively Prohibited

10 Communication with Destination Host is Administratively Prohibited

11 Destination Network Unreachable for Type of Service
12 Destination Host Unreachable for Type of Service
13 Communication Administratively Prohibited
14 Host Precedence Violation
15 Precedence cutoff in effect

8
ICMP Error Messages

.
Unreachable
networks

Network communication depends upon certain basic conditions being

met:
• Sending and receiving devices must have the TCP/IP protocol stack
properly configured.
 proper configuration of IP address and subnet mask.
 A default gateway must also be configured if datagrams are to
travel outside of the local network.
• A router also must have the TCP/IP protocol properly configured on its
interfaces, and it must use an appropriate routing protocol.
If these conditions are not met, then network communication cannot take
place. 10
Unreachable
networks

Examples of problems:
• Sending device may address the datagram to a non-existent IP
address
• Destination device that is disconnected from its network.
• Router’s connecting interface is down
• Router does not have the information necessary to find the destination
network.

11
Destination unreachable message

ICMP Destination Unreachable

Type = 3

• If datagrams cannot always be forwarded to their destinations,

ICMP delivers back to the sender a destination unreachable
message indicating to the sender that the datagram could not be
properly forwarded.
• A destination unreachable message may also be sent when packet
fragmentation is required in order to forward a packet.
– Fragmentation is usually necessary when a datagram is forwarded
from a Token-Ring network to an Ethernet network.
– If the datagram does not allow fragmentation, the packet cannot be
forwarded, so a destination unreachable message will be sent.
• Destination unreachable messages may also be generated if IP
related services such as FTP or Web services are unavailable.
12
ICMP Echo (Request) and Echo Reply

Echo = Type 8
Echo Reply = Type 0

Ethernet Header IP Header ICMP Message Ether.

(Layer 2) (Layer 3) (Layer 3) Tr.
Ethernet Ethernet Frame Source IP Add. Type Code Check- ID Seq. Data FCS
Destination Source Type Dest. IP Add. 0 or 8 0 sum Num.
Address Address Protocol field
(MAC) (MAC)

• The echo request message is typically initiated using the ping

command .

13
 Detecting excessively long routes
IP Header
0 15 16 31
4-bit 4-bit 8-bit Type Of
Version Header Service 16-bit Total Length (in bytes)
Length (TOS)
3-bit
16-bit Identification Flags 13-bit Fragment Offset

8 bit Time To Live 8-bit Protocol 16-bit Header Checksum

TTL

32-bit Source IP Address

32-bit Destination IP Address

ICMP Time Exceeded
Options (if any)
Type = 11
Data

• A TTL value is defined in each datagram (IP packet).

• As each router processes the datagram, it decreases the TTL value by
one.
• When the TTL of the datagram value reaches zero, the packet is
discarded.
• ICMP uses a time exceeded message to notify the source device that
the TTL of the datagram has been exceeded.

14
http://www.switch.ch/docs/ttl_default.html
TTL Overview - Disclaimer:
The following list is a best effort overview of some widely used TCP/IP stacks. The
information was provided by vendors and many helpful system administrators. We would
like to thank all these contributors for their precious help ! SWITCH cannot, however,
take any responsibility that the provided information is correct. Furthermore, SWITCH
cannot be made liable for any damage that may arise by the use of this information.

+--------------------+----------+----------+------------+
| OS Version | "safe" | TCP TTL | UDP TTL |
+--------------------+----------+----------+------------+
AIX n 60 30 Assigned Numbers (RFC
DEC Pathworks V5 n 30 30
1700, J. Reynolds, J.
FreeBSD 2.1R y 64 64
HP/UX 9.0x n 30 30 Postel, October 1994):
HP/UX 10.01 y 64 64
Irix 5.3 y 60 60
IP TIME TO LIVE
Irix 6.x y 60 60 PARAMETER
Linux y 64 64
MacOS/MacTCP 2.0.x y 60 60
The current
OS/2 TCP/IP 3.0 y 64 64 recommended default
OSF/1 V3.2A n 60 30 time to live (TTL)
Solaris 2.x y 255 255 for the Internet
SunOS 4.1.3/4.1.4 y 60 60 Protocol (IP) is 64.
Ultrix V4.1/V4.2A n 60 30
VMS/Multinet y 64 64
VMS/TCPware y 60 64
VMS/Wollongong 1.1.1.1 n 128 30 Safe: TCP and UDP
VMS/UCX (latest rel.) y 128 128 initial TTL values
MS WfW n 32 32
MS Windows 95 n 32 32
should be set to a
MS Windows NT 3.51 n 32 32 "safe" value of at
MS Windows NT 4.0 y 128 128 least 60 days.
15
IP Parameter Problem

ICMP Parameter Problem

Type = 12

• Devices that process datagrams may not be able to forward a

datagram due to some type of error in the header.
• This error does not relate to the state of the destination host or
network but still prevents the datagram from being processed and
delivered.
• An ICMP type 12 parameter problem message is sent to the source of
the datagram.

16
ICMP Control Messages

.
Introduction to ICMP Control Messages

• Unlike error messages, control messages are not the

results of lost packets or error conditions which occur
during packet transmission.
• Instead, they are used to inform hosts of conditions such
as:
– Network congestion
– Existence of a better gateway to a remote network

18
ICMP Redirect
3

1 2
4

• ICMP Redirect messages can only be sent by routers

• Host H sends a packet to Host 10.1.1.1 on network 10.0.0.0/8.
• Since Host H is not directly connected to the same network, it forwards
the packet to its default gateway, Router R1 at 172.16.1.100.
• Router R1 finds the correct route to network 10.0.0.0/8 by looking in its
route table.
• It determines that the path to the network is back out the same
interface, the request to forward the packet came from
• R1 forwards the packet to R2 and sends an ICMP redirect/change
request to Host H telling it to use Router R2 at 172.16.1.200 as the
gateway to forward all future requests to network 10.0.0.0/8.
19
ICMP Redirects

ICMP Redirect
Type = 5 Code = 0 to 3
0 Redirected datagrams for the Network
1 Redirected datagrams for the host
2 Redirected datagrams for the type of services and networks
3 Redirected datagrams for the type of services and hosts

• Default gateways only send ICMP redirect/change request messages if

the following conditions are met:
– The interface on which the packet comes into the router is the
same interface on which the packet gets routed out.
– The subnet/network of the source IP address is the same
subnet/network of the next-hop IP address of the routed packet.
– The route for the redirect is not another ICMP redirect or a default
route.
– The router is configured to send redirects. (By default, Cisco
routers send ICMP redirects. The interface subcommand no ip
redirects will disable ICMP redirects.)
20
Clock synchronization and transit time
estimation Replaced by

ICMP Timestamp Request

Type = 13 or 14

• The TCP/IP protocol suite allows systems to connect to one another

over vast distances through multiple networks.
• Each of these individual networks provides clock synchronization in its
own way.
• As a result, hosts on different networks who are trying to
communicate using software that requires time synchronization
can sometimes encounter problems.
• The ICMP timestamp message type is designed to help alleviate this
problem.
• The ICMP timestamp request message allows a host to ask for the
current time according to the remote host.
• The remote host uses an ICMP timestamp reply message to respond
to the request.
21
 Clock synchronization and transit time
estimation Replaced by

ICMP Timestamp
Type = 13 or 14

• All ICMP timestamp reply messages contain the originate, receive and
transmit timestamps.
• Using these three timestamps, the host can estimate transit time across
the network by subtracting the originate time from the Receive time.
• It is only an estimate however, as true transit time can vary widely based
on traffic and congestion on the network.
• The host that originated the timestamp request can also estimate the local
time on the remote computer.
• While ICMP timestamp messages provide a simple way to estimate time
on a remote host and total network transit time, this is not the best way to
obtain this information.
• Instead, more robust protocols such as Network Time Protocol (NTP) at
the upper layers of the TCP/IP protocol stack perform clock
synchronization in a more reliable manner.
22
 Information requests and reply message
formats
ICMP Information Request/Reply
Type = 15 or 16

Replaced by
• The ICMP information requests and reply
messages were originally intended to
allow a host to determine its network
number.
• This particular ICMP message type is
considered obsolete.
• Other protocols such as BOOTP and
Dynamic Host Configuration Protocol
(DHCP) are now used to allow hosts to
obtain their network numbers.

23
 Address Masks

ICMP Address Mask Request/Reply

Type = 17 or 18

• When a network is divided into subnets, new subnet mask Replaced

is by
created
• This new subnet mask is crucial in identifying network,
subnet, and host bits in an IP address.
• If a host does not know the subnet mask, it may send an
address mask request to the local router.
• If the address of the router is known, this request may be
sent directly to the router.
• Otherwise, the request will be broadcast.
• When the router receives the request, it will respond with an
address mask reply.
• Somewhat obsolete, was used with diskless workstations
that used RARP for the IP address and ICMP for the subnet
mask.

24
Router Solicitation and Advertisement

ICMP Router Solicitation

Type = 10

ICMP Router Advertisement

Type = 9
Replaced by
• When a host on the network boots, and the host
has not been manually configured with a
default gateway, it can learn of available
routers through the process of router discovery.
• This process begins with the host sending a
router solicitation message to all routers,
using the multicast address 224.0.0.2 as the
destination address. (May also be broadcast).
• When a router that supports the discovery
process receives the router discovery
message, a router advertisement is sent in
return.
• Routers may also periodically advertise router
advertisement messages.
25
ICMP source-
quench messages
ICMP Source Quench
Type = 4

• Congestion can also occur for various reasons including when traffic
from a high speed LAN reaches a slower WAN connection.
• Dropped packets occur when there is too much congestion on a
network.
• ICMP source-quench messages are used to reduce the amount of data
lost.
• The source-quench message asks senders to reduce the rate at which
they are transmitting packets.
• In most cases, congestion will subside after a short period of time, and
the source will slowly increase the transmission rate as long as no other
source-quench messages are received.
• Most Cisco routers do not send source-quench messages by
default, because the source-quench message may itself add to the
network congestion.
26
ICMP source-
quench messages
ICMP Source Quench
Type = 4

• IP has no mechanism for flow control

• Some issues with ICMP Source Quench:
– A router or destination host (buffers full) will send one source-
quench message for each discarded packet.
– No mechanism to tell the source that the congestion has been
relieved and source can resume sending at previous rate.
• Remember, TCP/IP uses TCP mechanisms for flow control and
reliability including sliding windows.

27
 Terms

• Fragmentation: When a packet is too large to be sent across a link as a single

unit, a router can fragment the packet.
– This means that it splits it into multiple parts which contain enough
information for the receiver to glue them together again.
– Note that this is not done on a hop-by-hop basis, but once fragmented a
packet will not be put back together until it reaches its destination.
– Fragmentation is undesirable for numerous reasons, including:
• If any one fragment from a packet is dropped, the entire packet needs to
be retransmitted. This is a very significant problem.
• It imposes extra processing load on the routers that have to split the
packets.
28