Enabling sending ICMP error messages
Perform this task to enable sending ICMP error messages, including redirect, time exceeded, and destination unreachable messages.
ICMP redirect messages
A host that has only one default route sends all packets to the default gateway. The default gateway sends an ICMP redirect message to inform the host of a correct next hop by following these rules:
The receiving and sending interfaces are the same.
The selected route is not created or modified by any ICMP redirect messages.
The selected route is not destined for 0.0.0.0.
There is no source route option in the received packet.
ICMP redirect messages simplify host management and enable hosts to gradually optimize their routing table.
ICMP time exceeded messages
A device sends ICMP time exceeded messages by following these rules:
The device sends the source an ICMP TTL exceeded in transit message when the following conditions are met:
The received packet is not destined for the device.
The TTL field of the packet is 1.
When the device receives the first fragment of an IP datagram destined for it, it starts a timer. If the timer expires before all the fragments of the datagram are received, the device sends an ICMP fragment reassembly time exceeded message to the source.
ICMP destination unreachable messages
A device sends ICMP destination unreachable messages by following these rules:
The device sends the source an ICMP network unreachable message when the following conditions are met:
The packet does not match any route.
No default route exists in the routing table.
The device sends the source an ICMP protocol unreachable message when the following conditions are met:
The packet is destined for the device.
The transport layer protocol of the packet is not supported by the device.
The device sends the source an ICMP source route failed message when the following conditions are met:
The source uses Strict Source Routing to send packets.
The intermediate device finds that the next hop specified by the source is not directly connected.
The device sends the source an ICMP fragmentation needed and DF set message when the following conditions are met:
The MTU of the sending interface is smaller than the packet.
The packet has DF set.
NOTE: If a DHCP enabled device receives an ICMP echo reply without sending any ICMP echo requests, the device does not send any ICMP protocol unreachable messages to the source. For more information about DHCP, see Layer 3—IP Services Configuration Guide. | ||
The device sends the source an ICMP port unreachable message when the following conditions are met:
The UDP packet is destined for the device.
The packet's port number does not match the corresponding process.
The device sends the source an ICMP source route failed message when the following conditions are met:
The source uses Strict Source Routing to send packets.
The intermediate device finds that the next hop specified by the source is not directly connected.
The device sends the source an ICMP fragmentation needed and DF set message when the following conditions are met:
The MTU of the sending interface is smaller than the packet.
The packet has DF set.
To enable sending ICMP error messages:
Step | Command | Remarks |
---|---|---|
1. Enter system view. | system-view | N/A |
2. Enable sending ICMP error messages. |
| The default settings are disabled. |
Sending ICMP error messages facilitates network management, but sending excessive ICMP messages increases network traffic. The device performance degrades if it receives a lot of malicious ICMP messages that cause it to respond with ICMP error messages.
To prevent such problems, you can disable the device from sending ICMP error messages. A device that is disabled from sending ICMP time exceeded messages does not send ICMP TTL exceeded in transit messages. However, it can still send ICMP fragment reassembly time exceeded messages.