[nsp] ICMP: time exceeded (reassembly)
Victor Sudakov
sudakov at sibptus.tomsk.ru
Mon Feb 2 23:50:10 EST 2004
Colleagues,
A GRE tunnel is configured between a Cisco router and a FreeBSD host.
The config on the router is:
!
interface Tunnel5
description test
ip address 212.73.125.5 255.255.255.252
ip verify unicast reverse-path
tunnel source 212.73.125.217
tunnel destination 212.192.122.147
!
The problem is that large datagrams cannot pass through the tunnel
and the router sends the following ICMP messages to the other tunnel endpoint:
24782: ICMP: time exceeded (reassembly) sent to 212.192.122.147 (dest was 212.73.125.217)
24783: ICMP: time exceeded (reassembly) sent to 212.192.122.147 (dest was 212.73.125.217)
24826: ICMP: time exceeded (reassembly) sent to 212.192.122.147 (dest was 212.73.125.217)
I suppose the datagrams get fragmented because packets are larger than
the tunnel MTU which is the default 1476 on both sides. My question is
why is the router unable to reassemble the fragments?
RFC792 reads:
=========================
ICMP Fields:
Type
11
Code
0 = time to live exceeded in transit;
1 = fragment reassembly time exceeded.
[dd]
Description
If the gateway processing a datagram finds the time to live field
is zero it must discard the datagram. The gateway may also notify
the source host via the time exceeded message.
If a host reassembling a fragmented datagram cannot complete the
reassembly due to missing fragments within its time limit it
discards the datagram, and it may send a time exceeded message.
If fragment zero is not available then no time exceeded need be
sent at all.
Code 0 may be received from a gateway. Code 1 may be received
from a host.
=========================
Looks like a Cisco router is not supposed to send Code 1 messages at
all, because it is a router and not a host.
Any help is appreciated.
--
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
More information about the cisco-nsp
mailing list