RE: reaction on ICMP 3 4

From: Howard C. Berkowitz (hcb@gettcomm.com)
Date: Sun Jun 29 2003 - 18:53:58 GMT-3

• Next message: Volkov, Dmitry (IDS Canada): "RE: reaction on ICMP 3 4"
• Previous message: Volkov, Dmitry (IDS Canada): "RE: reaction on ICMP 3 4"
• Maybe in reply to: Volkov, Dmitry (IDS Canada): "reaction on ICMP 3 4"
• Next in thread: Volkov, Dmitry (IDS Canada): "RE: reaction on ICMP 3 4"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

At 5:44 PM -0400 6/29/03, Volkov, Dmitry (IDS Canada) wrote:
>HostA(W2K)----R1---(S0)R2(Tu0)---ethernet----(Tu0)R3---HostB(W2K)
>R2#
>int tu0
>ip mtu 1420
>
>Host A generates traffic (TCP or UDP) towards to Host B
>R2(S0) sends ICMP 3 4 back and drops 1500 bytes IP packet,
>Host A retransmits 1420 bytes IP packet
>
>Dmitry

Again, this may or may not be correct behavior based on what the host
is trying to do, such as:

  RFC 1191 Path MTU discovery. J.C. Mogul, S.E. Deering. Nov-01-1990.

You haven't yet told me what, if anything, the host is programmed to
do when it gets the ICMP. Different behaviors are appropriate for
different options.

1420, while not usual, isn't an unreasonable retry value if the host
suspects there may be some tunneling in the path.
>
> > -----Original Message-----
>> From: Howard C. Berkowitz [mailto:hcb@gettcomm.com]
>> Sent: Sunday, June 29, 2003 5:34 PM
>> To: ccielab@groupstudy.com
>> Cc: 'security@groupstudy.com'
>> Subject: Re: reaction on ICMP 3 4
>>
>>
>> At 5:09 PM -0400 6/29/03, Volkov, Dmitry (IDS Canada) wrote:
>> >How TCP/IP stack reacts on receiving ICMP type 3 code 4
>> Fragmentation needed
>> >but DF set ?
>> >I mean how many bytes will be sent next time after receiving ICMP
>> >unreachable.
>> >I lowered IP mtu to 1420 and router sent ICMP and host
>> started send 1420 !!
>> >I sniffed ICMP packed and I didn't see anything inside ICMP
>> indicating
>> >allowable MTU.
>> >How source knows what size frame to retransmit ?
>> >
>>
>> More information is needed to answer this. Is the host actively
>> participating in MTU autodiscovery, or is it just setting DF? There
>> are valid reasons for the latter. For example, the old IBM RSRB
>> method of Fast Sequenced Transport sets DF, and then steals the
>> fragmentation fields in the header for IBM information.
>>
>> In any case, this is going to be a host implementation matter.
>>
>>
>> ______________________________________________________________
>> _________
>> You are subscribed to the GroupStudy.com CCIE R&S Discussion Group.
>>
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html

• Next message: Volkov, Dmitry (IDS Canada): "RE: reaction on ICMP 3 4"
• Previous message: Volkov, Dmitry (IDS Canada): "RE: reaction on ICMP 3 4"
• Maybe in reply to: Volkov, Dmitry (IDS Canada): "reaction on ICMP 3 4"
• Next in thread: Volkov, Dmitry (IDS Canada): "RE: reaction on ICMP 3 4"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Fri Jul 04 2003 - 11:11:14 GMT-3