[c-nsp] Missing 'packet-too-big' ICMPs on 12.2(28)SB6

Gerald Krause gk at ax.tc
Mon Sep 10 14:55:35 EDT 2007


Hi,

I have a 7206VXR as LNS under 12.2(28)SB6 and wonder if anyone
experience a strange ICMP behaviour regarding fragmentation/MTU
bounderies. It seems that the router doesn't generate appropriate
ICMP messages when pakets arrive that the system can't (or isn't
allow to) fragment.

The only problem with our config could be the fact that we have
configured a MTU of 1530 byte (because of MPLS) on the FEs. But even
if this could be problematic I would expect that in the case that a
paket arrive which can't be delivered through the VirtualInterfaces
(MTU 1448 byte) the system have to mention that in the logging buffer.
Thats why I have enabled ICMP debugging and related CEF debugging
but I never see 'packet-too-big' ICMP messages, only 'echo' and
'host/port unreachable' messages are logged. But I See that CEF is
aware of the fact that it can't deliver the packet without
fragmentation:


debug:
======
Generic IP:
  ICMP packet debugging is on
IP CEF:
  IP CEF drops debugging is on
    for access list 80
  IP CEF fragmentation debugging is on

ping with DF bit set:
=====================
(2.2.2.2)#ping -M do -s 1421 1.1.1.1

log:
====
CEF-Drop: Packet for 1.1.1.1 -- fragmentation
CEF-Drop: Packet from 2.2.2.2 (Fa4/0) to 1.1.1.1,
          Fragmentation failed

(2.2.2.2 is the source with a MTU of 1500 and 1.1.1.1 is a
destination behind a VirtualAccess interface).


Any hints what could cause this or what I'am missing?

--
Gerald   (ax/tc)


More information about the cisco-nsp mailing list