RE: reaction on ICMP 3 4

From: Volkov, Dmitry (IDS Canada) (dmitry_volkov@ca.ml.com)
Date: Sun Jun 29 2003 - 19:07:17 GMT-3

Howard,

As I said already it's standard W2K PCs I didn't configure anything special.
They participate in PMTDU (1460 bytes for payload)
1420 bytes I put for IPSec tunnel + GRE - You are right.

I'm sending UDP.

I just lowered ip mtu to 1300 (on Tunnel interface)
I sniff host A. I see ICMP 3 4 back to A
and after that Host A sending 1314 Length bytes (sniffer)

I'm wondering - number of lowering size - is it described in some RFC ?
Or this value transmitting somewhare inside ICMP packet. But I don't see it.

Dmitry

> -----Original Message-----
> From: Howard C. Berkowitz [mailto:hcb@gettcomm.com]
> Sent: Sunday, June 29, 2003 5:54 PM
> To: ccielab@groupstudy.com; 'security@groupstudy.com'
> Subject: RE: reaction on ICMP 3 4
>
>
> At 5:44 PM -0400 6/29/03, Volkov, Dmitry (IDS Canada) wrote:
> >HostA(W2K)----R1---(S0)R2(Tu0)---ethernet----(Tu0)R3---HostB(W2K)
> >R2#
> >int tu0
> >ip mtu 1420
> >
> >Host A generates traffic (TCP or UDP) towards to Host B
> >R2(S0) sends ICMP 3 4 back and drops 1500 bytes IP packet,
> >Host A retransmits 1420 bytes IP packet
> >
> >Dmitry
>
>
> Again, this may or may not be correct behavior based on what the host
> is trying to do, such as:
>
> RFC 1191 Path MTU discovery. J.C. Mogul, S.E. Deering. Nov-01-1990.
>
>
> You haven't yet told me what, if anything, the host is programmed to
> do when it gets the ICMP. Different behaviors are appropriate for
> different options.
>
> 1420, while not usual, isn't an unreasonable retry value if the host
> suspects there may be some tunneling in the path.
> >
> > > -----Original Message-----
> >> From: Howard C. Berkowitz [mailto:hcb@gettcomm.com]
> >> Sent: Sunday, June 29, 2003 5:34 PM
> >> To: ccielab@groupstudy.com
> >> Cc: 'security@groupstudy.com'
> >> Subject: Re: reaction on ICMP 3 4
> >>
> >>
> >> At 5:09 PM -0400 6/29/03, Volkov, Dmitry (IDS Canada) wrote:
> >> >How TCP/IP stack reacts on receiving ICMP type 3 code 4
> >> Fragmentation needed
> >> >but DF set ?
> >> >I mean how many bytes will be sent next time after receiving ICMP
> >> >unreachable.
> >> >I lowered IP mtu to 1420 and router sent ICMP and host
> >> started send 1420 !!
> >> >I sniffed ICMP packed and I didn't see anything inside ICMP
> >> indicating
> >> >allowable MTU.
> >> >How source knows what size frame to retransmit ?
> >> >
> >>
> >> More information is needed to answer this. Is the host actively
> >> participating in MTU autodiscovery, or is it just setting
> DF? There
> >> are valid reasons for the latter. For example, the old IBM RSRB
> >> method of Fast Sequenced Transport sets DF, and then steals the
> >> fragmentation fields in the header for IBM information.
> >>
> >> In any case, this is going to be a host implementation matter.
> >>
> >>
> >> ______________________________________________________________
> >> _________
> >> You are subscribed to the GroupStudy.com CCIE R&S
> Discussion Group.
> >>
> >> Subscription information may be found at:
> >> http://www.groupstudy.com/list/CCIELab.html
>
>
> ______________________________________________________________
> _________
> You are subscribed to the GroupStudy.com CCIE R&S Discussion Group.
>
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

This archive was generated by hypermail 2.1.4 : Fri Jul 04 2003 - 11:11:14 GMT-3