[c-nsp] how to get ICMP host unreachables?

lee.e.rian at census.gov lee.e.rian at census.gov
Fri Apr 8 10:07:05 EDT 2005


Thanks Oli.  That makes my job a lot easier; now I get to tell the users
"nope, nothing I can do for you" <grin>


Just out of curiosity tho...  it does seem like the router saves at least
one packet  while waiting for the arp reply.
If I do a 'clear arp' on the router only some of the arp entries disappear.
Picking one of the hosts that does have it's arp entry cleared out, pinging
it gets a 100% response rate.  Is there something else going on under the
hood that keeps the first ping packet around while the router sends the arp
request & waits for the reply?  If it makes a difference, the router in
question is a cat6500/SUP720 running IOS 12.2(17d)SXB6 and, at least as far
as I can tell, CEF is enabled.

Thanks again,
Lee


"Oliver Boehmer \(oboehmer\)" <oboehmer at cisco.com> wrote on 04/08/2005
08:40:39 AM:

> lee.e.rian at census.gov <> wrote on Friday, April 08, 2005 1:57 PM:
>
> > Will a cisco router ever send a host unreachable because a host
> > doesn't answer ARP requests?
>
> It won't.
>
> RFC1812 states in 3.3.2:
>
>    The link layer MUST NOT report a Destination Unreachable error to IP
>    solely because there is no ARP cache entry for a destination; it
>    SHOULD queue up to a small number of datagrams breifly while
>    performing the ARP request/reply sequence, and reply that the
>    destination is unreachable to one of the queued datagrams only when
>    this proves fruitless
>
> IOS does not implement the "SHOULD" clause, i.e. it does not queue the
> datagrams (assuming CEF) and it also doesn't send unreachables.. This
> has been day-one behaviour, and I'm not sure why this is needed.
>
> Further down in the RFC it says:
>
> 4.3.3.1 Destination Unreachable
>
>   If a packet is to be forwarded to a host on a network that is
>   directly connected to the router (i.e., the router is the last-hop
>   router) and the router has ascertained that there is no path to the
>   destination host then the router MUST generate a Destination
>   Unreachable, Code 1 (Host Unreachable) ICMP message.
>
> Can we ascertain that there is no path if we don't receive an ARP reply?
> I think this is debatable, unfortunately this hasn't been defined more
> precisely.
>
>    oli



More information about the cisco-nsp mailing list