Re: reaction on ICMP 3 4

From: sohu (xieji@sohu.com)
Date: Mon Jun 30 2003 - 02:18:58 GMT-3

Hello
   Please image the following situation:
     If I issue ping -s 2000 from h1 to h2,the mtu between h1 and r1 is 1500,so the packet shall be fragmented to two segment s,one is 1500 bytes long,another is 500 btyes long.I do not know wheater the h1 shall set the two packets DF bit on(do not fragment).If this bit is on,these fragments shall be drop on r1 because the mtu is only 1400 and icmp 3 4 shall be send to h1 to indicate the suitable MTU is 1400.If the PMTUD only effect on tcp, so the icmp shall not succeed.wheather it is true? wheather the packet is fragmented to two or more segments,the df bit shall be set unconditionlly?
   Best Regards
   xieji
----- Original Message -----
From: "Volkov, Dmitry (IDS Canada)" <dmitry_volkov@ca.ml.com>
To: "'sohu'" <xieji@sohu.com>
Cc: <ccielab@groupstudy.com>
Sent: Monday, June 30, 2003 12:22 PM
Subject: RE: reaction on ICMP 3 4

> > -----Original Message-----
> > From: sohu [mailto:xieji@sohu.com]
> > Sent: Sunday, June 29, 2003 11:46 PM
> > To: Volkov, Dmitry (IDS Canada)
> > Cc: ccielab@groupstudy.com
> > Subject: Re: reaction on ICMP 3 4
> >
> >
> > Hello
> > I know that the host shall negotiate with the peer the MSS
> > value by TCP SYN option.when the host receives icmp 3 4,the
> > tcp conncetion shall automaticlly adjust its MSS to the value
> > the ICMP gave.Because only tcp protocol shall reponse to ICMP
> > 3 4 ,I have a little confusion about how UDP or IP to adjust
> > theire sending MTU ?
> > For example:
> > h1(MTU 1500)---r1(MTU1400)---r2--(MTU1500)host2
> > if I issue ping -s 1500 to the destination to h2 with DF
> > bit =1.When the packet reaches r1,the r1 shall drop this
> > packet becasue the MTU value is 1400 and the packet DF=1
> > set.The R1 shall send icmp 3 4 with recommend mtu=1400 to
> > the source of the packet which is h1.If the h1 can not adjust
> > the sending MTU,so the ping can not succeed any time.Wheather
> > this statement is true ??
>
> In rfc 1191 said :
> Normally, the host continues to set DF in all datagrams, so that if
> the route changes and the new PMTU is lower, it will be discovered.
>
> I guess it's about TCP.
> ICMP and UDP as far as I noticed have DF=0, It means that
> routers will defrag packets if necessary. When I did test with ICMP/UDP I
> changed DF bit to 1
> in the middle of paket way:
>
> egress interface
> ip mtu 1420
> ingress interface
> ip policy route-map set-df
> !
> route-map clear-df permit 10
> match ip address 101
> set ip df 1
> !
> access-list 101 permit udp any any
> access-list 101 permit icmp any any
>
> Then router change DF bit, drops packet and sends ICMP 3 4 back to the
> source of ICMP/UDP.
> Source reacts on this notifaction exactly as for TCP. It lowers MTU.
>
> > ----- Original Message -----
> > From: "Volkov, Dmitry (IDS Canada)" <dmitry_volkov@ca.ml.com>
> > To: "'Howard C. Berkowitz'" <hcb@gettcomm.com>;
> > <ccielab@groupstudy.com>
> > Cc: <security@groupstudy.com>
> > Sent: Monday, June 30, 2003 6:58 AM
> > Subject: RE: reaction on ICMP 3 4
> >
> >
> > > I was blind new next Hop MTU is inside ICMP 3 4:
> > >
> > > 7 and 8 th bytes of ICMP header.
> > >
> > > To support the Path MTU Discovery
> > > technique specified in this memo, the router MUST
> > include the MTU of
> > > that next-hop network in the low-order 16 bits of the ICMP header
> > > field that is labelled "unused" in the ICMP
> > specification [7]. The
> > > high-order 16 bits remain unused, and MUST be set to zero.
> > > http://www.ietf.org/rfc/rfc1191.txt
> > >
> > >
> > http://www.cisco.com/en/US/tech/tk827/tk369/technologies_white
> > _paper09186a00
> > > 800d6979.shtml#second
> > >
> > > Thanks, Howard.
> > >
> > > Dmitry
> > >
> > > > -----Original Message-----
> > > > From: Howard C. Berkowitz [mailto:hcb@gettcomm.com]
> > > > Sent: Sunday, June 29, 2003 5:34 PM
> > > > To: ccielab@groupstudy.com
> > > > Cc: 'security@groupstudy.com'
> > > > Subject: Re: reaction on ICMP 3 4
> > > >
> > > >
> > > > At 5:09 PM -0400 6/29/03, Volkov, Dmitry (IDS Canada) wrote:
> > > > >How TCP/IP stack reacts on receiving ICMP type 3 code 4
> > > > Fragmentation needed
> > > > >but DF set ?
> > > > >I mean how many bytes will be sent next time after receiving ICMP
> > > > >unreachable.
> > > > >I lowered IP mtu to 1420 and router sent ICMP and host
> > > > started send 1420 !!
> > > > >I sniffed ICMP packed and I didn't see anything inside ICMP
> > > > indicating
> > > > >allowable MTU.
> > > > >How source knows what size frame to retransmit ?
> > > > >
> > > >
> > > > More information is needed to answer this. Is the host actively
> > > > participating in MTU autodiscovery, or is it just setting
> > DF? There
> > > > are valid reasons for the latter. For example, the old IBM RSRB
> > > > method of Fast Sequenced Transport sets DF, and then steals the
> > > > fragmentation fields in the header for IBM information.
> > > >
> > > > In any case, this is going to be a host implementation matter.
> > >
> > >
> > >
> > ______________________________________________________________
> > _________
> > > You are subscribed to the GroupStudy.com CCIE R&S Discussion Group.
> > >
> > > Subscription information may be found at:
> > > http://www.groupstudy.com/list/CCIELab.html

This archive was generated by hypermail 2.1.4 : Fri Jul 04 2003 - 11:11:14 GMT-3