Re: [nsp] ICMP Unreachable and CEF

From: Steven W. Raymond (steven_raymond@eli.net)
Date: Thu Jan 24 2002 - 13:34:23 EST


I disagree. "icmp unreachable" messages' purpose is to inform the
sender that the next-hop is not available. Routing a packet to an
interface which lacks an IP address should indeed generate an ICMP
unreachable message back to the sender. Thankfully Cisco allows us to
turn this off with "no ip unreachables" on a per-interface basis.
But this behavior seems to be an intrinsicly useful feature of ICMP, and
without being very familiar with the author's intentions, I feel safe in
assuming that is what they designed it to do.
At least one use of icmp unreachables is helping to identify ingress
points of certain spoofed-source address DOS attacks.

john heasley wrote:
>
> it should not return anything. null0 == /dev/null
>
> Thu, Jan 24, 2002 at 11:36:20AM -0500, Steven W. Raymond:
> > Have experienced this same problem also and working with Cisco, was
> > provided the following bug id: CSCdj55180
> > Output is very terse. Is there anyone here from Cisco that can
> > elaborate on an expected fix timeline?
> > I believe that one workaround (somewhat lame) is to instead route to
> > another unused interface which is up/up but without an IP address. This
> > will generate an ICMP unreachable due to the unnumbered interface. Be
> > sure to turn off cef on that interface. It was explained to me that if
> > cef is turned on, then the RSP (which generates the ICMP unreachable)
> > never sees the packet.
> > The problem is not observed on the 12000 platform with the exact same
> > code version 12.0(14)S5.
> > Regards
> >
> >
> > Elijah Kagan wrote:
> > >
> > > I always thought that when a router forwards packets to Null0 it also
> > > generates ICMP Unreachable message to indicate this event. It seems that
> > > this is not the case on routers running CEF. I checked this on several
> > > platforms: 7500, 7200 and 3600. Whenever CEF is turned off I see those
> > > unreachables pouring in, with CEF on - nothing.
> > >
> > > Is this the expected behavior? Can anyone expand on this issue?
> > >
> > > -- elijah
> > >
> > > P.S. I am running 12.0(x)S on 7200 and 7500.



This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:13:29 EDT