Configuring icmp to send error packets, Advantages of sending icmp error packets, Disadvantages of sending icmp error packets – H3C Technologies H3C S5120 Series Switches User Manual

1-5

Configuring ICMP to Send Error Packets

Sending error packets is a major function of ICMP. In case of network abnormalities, ICMP packets are

usually sent by the network or transport layer protocols to notify corresponding devices so as to

facilitate control and management.

Advantages of sending ICMP error packets

1) Sending ICMP timeout packets

If the device received an IP packet with a timeout error, it drops the packet and sends an ICMP timeout

packet to the source.

The device will send an ICMP timeout packet under the following conditions:

z

If the device finds the destination of a packet is not itself and the TTL field of the packet is 1, it will

send a “TTL timeout” ICMP error message.

z

When the device receives the first fragment of an IP datagram whose destination is the device itself,

it starts a timer. If the timer times out before all the fragments of the datagram are received, the

device will send a “reassembly timeout” ICMP error packet.

2) Sending ICMP destination unreachable packets

If the device receives an IP packet with the destination unreachable, it will drop the packet and send an

ICMP destination unreachable error packet to the source.

Conditions for sending this ICMP packet:

z

If neither a route nor the default route for forwarding a packet is available, the device will send a

“network unreachable” ICMP error packet.

z

If the destination of a packet is local while the transport layer protocol of the packet is not supported

by the local device, the device sends a “protocol unreachable” ICMP error packet to the source.

z

When receiving a packet with the destination being local and transport layer protocol being UDP, if

the packet’s port number does not match the running process, the device will send the source a

“port unreachable” ICMP error packet.

z

If the source uses “strict source routing" to send packets, but the intermediate device finds that the

next hop specified by the source is not directly connected, the device will send the source a “source

routing failure” ICMP error packet.

z

When forwarding a packet, if the MTU of the sending interface is smaller than the packet but the

packet has been set “Don’t Fragment”, the device will send the source a “fragmentation needed

and Don’t Fragment (DF)-set” ICMP error packet.

Disadvantages of sending ICMP error packets

Although sending ICMP error packets facilitates network control and management, it still has the

following disadvantages:

z

Sending a lot of ICMP packets will increase network traffic.

z

If a device receives a lot of malicious packets that cause it to send ICMP error packets, its

performance will be reduced.

z

If a host sends malicious ICMP destination unreachable packets, end users may be affected.

To prevent such problems, you can disable the device from sending ICMP error packets.

Follow these steps to enable sending of ICMP error packets: