[c-nsp] Missing 'packet-too-big' ICMPs on 12.2(28)SB6

Gerald Krause gk at ax.tc
Mon Sep 10 15:27:22 EDT 2007 

Gerald Krause wrote:
> Hi,
> 
> I have a 7206VXR as LNS under 12.2(28)SB6 and wonder if anyone
> experience a strange ICMP behaviour regarding fragmentation/MTU
> bounderies. It seems that the router doesn't generate appropriate
> ICMP messages when pakets arrive that the system can't (or isn't
> allow to) fragment.
> 
> The only problem with our config could be the fact that we have
> configured a MTU of 1530 byte (because of MPLS) on the FEs. But even
> if this could be problematic I would expect that in the case that a
> paket arrive which can't be delivered through the VirtualInterfaces
> (MTU 1448 byte) the system have to mention that in the logging buffer.
> Thats why I have enabled ICMP debugging and related CEF debugging
> but I never see 'packet-too-big' ICMP messages, only 'echo' and
> 'host/port unreachable' messages are logged. But I See that CEF is
> aware of the fact that it can't deliver the packet without
> fragmentation:
> 
> 
> debug:
> ======
> Generic IP:
>   ICMP packet debugging is on
> IP CEF:
>   IP CEF drops debugging is on
>     for access list 80
>   IP CEF fragmentation debugging is on
> 
> ping with DF bit set:
> =====================
> (2.2.2.2)#ping -M do -s 1421 1.1.1.1
> 
> log:
> ====
> CEF-Drop: Packet for 1.1.1.1 -- fragmentation
> CEF-Drop: Packet from 2.2.2.2 (Fa4/0) to 1.1.1.1,
>           Fragmentation failed
> 
> (2.2.2.2 is the source with a MTU of 1500 and 1.1.1.1 is a
> destination behind a VirtualAccess interface).
> 
> 
> Any hints what could cause this or what I'am missing?

What I forgot: the CEF stats show that no punting take place after
fragmentation failures. Any ideas?

7206VXR#sh ip cef switching statistics

Path   Reason                          Drop       Punt  Punt2Host
RP LES Packet destined for us             0  169924398          0
RP LES Encapsulation resource             0       4443          0
RP LES Incomplete adjacency               9          0         15
RP LES Bad checksum                       4          0          0
RP LES TTL expired                        0          0    1542325
RP LES IP options set                     0          0          1
RP LES Bad IP packet length               1          0          0
RP LES Fragmentation failed         2484946          0          0
RP LES Routed to Null0                79548          0       3576
RP LES Unclassified reason              522          0          0
RP LES Total                        2565030  169928841    1545917

RP PAS No route                         178          0        192
RP PAS Packet destined for us          7533  169884745          0
RP PAS Encapsulation failure            186          0          0
RP PAS No adjacency                       8          0       1306
RP PAS Incomplete adjacency           23138          0      64349
RP PAS Unresolved route                  14          0          0
RP PAS Bad checksum                    2215          0          0
RP PAS TTL expired                        0          0   32084439
RP PAS Bad IP packet length         3826577          0          0
RP PAS Routed to Null0              1020697          0    1886370
RP PAS Features                           0  135367832          0
RP PAS Unclassified reason            10886          0          0
RP PAS Total                        4891432  305252577   34036656

All    Total                        7456462  475181418   35582573

--
Gerald   (ax/tc)

More information about the cisco-nsp mailing list