[c-nsp] Missing 'packet-too-big' ICMPs on 12.2(28)SB6

Karol Mares karol.mares at gmail.com
Tue Sep 11 10:25:42 EDT 2007 

Hi,

On 9/11/07, Gerald Krause <gk at ax.tc> wrote:
>
> Karol Mares wrote:
> > Hi,
> >
> > On 9/10/07, Gerald Krause <gk at ax.tc> wrote:
> >> Gerald Krause wrote:
> >>> Hi,
> >>>
> >>> I have a 7206VXR as LNS under 12.2(28)SB6 and wonder if anyone
> >>> experience a strange ICMP behaviour regarding fragmentation/MTU
> >>> bounderies. It seems that the router doesn't generate appropriate
> >>> ICMP messages when pakets arrive that the system can't (or isn't
> >>> allow to) fragment.
> >>>
> >>> The only problem with our config could be the fact that we have
> >>> configured a MTU of 1530 byte (because of MPLS) on the FEs. But even
> >>> if this could be problematic I would expect that in the case that a
> >>> paket arrive which can't be delivered through the VirtualInterfaces
> >>> (MTU 1448 byte) the system have to mention that in the logging buffer.
> >>> Thats why I have enabled ICMP debugging and related CEF debugging
> >>> but I never see 'packet-too-big' ICMP messages, only 'echo' and
> >>> 'host/port unreachable' messages are logged. But I See that CEF is
> >>> aware of the fact that it can't deliver the packet without
> >>> fragmentation:
> >>>
> >>>
> >>> debug:
> >>> ======
> >>> Generic IP:
> >>>   ICMP packet debugging is on
> >>> IP CEF:
> >>>   IP CEF drops debugging is on
> >>>     for access list 80
> >>>   IP CEF fragmentation debugging is on
> >>>
> >
> >
> > Curious, can you show me the show int fa<x> and show ip traffic  command
> ?
>
> Yep, sure:
>
> #sh int fa0/0
> FastEthernet0/0 is up, line protocol is up
>   Hardware is DEC21140A, address is 0050.0b3b.5400 (bia 0050.0b3b.5400)
>   Description:
>   Internet address is x.x.x.x/27
>   MTU 1530 bytes, BW 100000 Kbit, DLY 100 usec,
>      reliability 255/255, txload 9/255, rxload 21/255
>   Encapsulation ARPA, loopback not set
>   Keepalive set (10 sec)
>   Full-duplex, 100Mb/s, 100BaseTX/FX
>   ARP type: ARPA, ARP Timeout 04:00:00
>   Last input 00:00:00, output 00:00:00, output hang never
>   Last clearing of "show interface" counters never
>   Input queue: 1/75/133/4658 (size/max/drops/flushes); Total output
> drops: 0
>   Queueing strategy: fifo
>   Output queue: 0/40 (size/max)
>   5 minute input rate 8480000 bits/sec, 2907 packets/sec
>   5 minute output rate 3777000 bits/sec, 1939 packets/sec
>      2643939396 packets input, 3280004591 bytes, 5 no buffer
>      Received 16131045 broadcasts (0 IP multicast)
>      0 runts, 0 giants, 138 throttles
>      0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
>      0 watchdog
>      0 input packets with dribble condition detected
>      3432839522 packets output, 1002457105 bytes, 0 underruns
>      0 output errors, 0 collisions, 1 interface resets
>      0 babbles, 0 late collision, 0 deferred
>      1 lost carrier, 0 no carrier
>      0 output buffer failures, 0 output buffers swapped out
>
> #sh int fa4/0
> FastEthernet4/0 is up, line protocol is up
>   Hardware is DEC21140, address is 0050.0b3b.5470 (bia 0050.0b3b.5470)
>   Description:
>   Internet address is y.y.y.y/27
>   MTU 1530 bytes, BW 100000 Kbit, DLY 100 usec,
>      reliability 255/255, txload 13/255, rxload 3/255
>   Encapsulation ARPA, loopback not set
>   Keepalive not set
>   Full-duplex, 100Mb/s, 100BaseTX/FX
>   ARP type: ARPA, ARP Timeout 04:00:00
>   Last input 00:00:00, output 00:00:00, output hang never
>   Last clearing of "show interface" counters never
>   Input queue: 0/75/0/3006 (size/max/drops/flushes); Total output
> drops: 0
>   Queueing strategy: fifo
>   Output queue: 0/40 (size/max)
>   5 minute input rate 1500000 bits/sec, 368 packets/sec
>   5 minute output rate 5187000 bits/sec, 1432 packets/sec
>      2845013786 packets input, 2383827726 bytes, 0 no buffer
>      Received 15908291 broadcasts (0 IP multicast)
>      0 runts, 0 giants, 0 throttles
>      0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
>      0 watchdog
>      0 input packets with dribble condition detected
>      1842783025 packets output, 2416455042 bytes, 0 underruns
>      0 output errors, 0 collisions, 1 interface resets
>      0 babbles, 0 late collision, 0 deferred
>      1 lost carrier, 0 no carrier
>      0 output buffer failures, 0 output buffers swapped out
>
> #sh ip traffic
> IP statistics:
>   Rcvd:  250484026 total, 159198119 local destination
>          1576 format errors, 0 checksum errors, 884039 bad hop count
>          4 unknown protocol, 35458 not a gateway
>          0 security failures, 0 bad options, 36188 with options
>   Opts:  8 end, 0 nop, 0 basic security, 0 loose source route
>          0 timestamp, 0 extended security, 8 record route
>          0 stream ID, 0 strict source route, 36180 alert, 0 cipso, 0 ump
>          0 other
>   Frags: 44235703 reassembled, 42 timeouts, 0 couldn't reassemble
>          41228174 fragmented, 1072 couldn't fragment
>   Bcast: 8313647 received, 0 sent
>   Mcast: 29135477 received, 9634176 sent
>   Sent:  206325022 generated, 2459945607 forwarded
>   Drop:  1677 encapsulation failed, 0 unresolved, 0 no adjacency
>          216 no route, 0 unicast RPF, 0 forced drop
>          0 options denied, 4 source IP address zero
>
> ICMP statistics:
>   Rcvd: 13 format errors, 220 checksum errors, 93697 redirects,
> 33291 unreachable
>         1769784 echo, 6415 echo reply, 0 mask requests, 0 mask
> replies, 29 quench
>         0 parameter, 0 timestamp, 0 info request, 0 other
>         0 irdp solicitations, 0 irdp advertisements
>   Sent: 0 redirects, 2399844 unreachable, 6609 echo, 1769783 echo reply
>         0 mask requests, 0 mask replies, 0 quench, 0 timestamp
>         0 info reply, 819068 time exceeded, 0 parameter problem
>         0 irdp solicitations, 0 irdp advertisements
>
> UDP statistics:
>   Rcvd: 66735466 total, 9 checksum errors, 3325761 no port
>   Sent: 177825189 total, 0 forwarded broadcasts
>
> TCP statistics:
>   Rcvd: 25385141 total, 2532 checksum errors, 4059 no port
>   Sent: 18698403 total
>
> Probe statistics:
>   Rcvd: 0 address requests, 0 address replies
>         0 proxy name requests, 0 where-is requests, 0 other
>   Sent: 0 address requests, 0 address replies (0 proxy)
>         0 proxy name replies, 0 where-is replies
>
> BGP statistics:
>   Rcvd: 20697361 total, 11 opens, 0 notifications, 20281798 updates
>         415544 keepalives, 8 route-refresh, 0 unrecognized
>   Sent: 801874 total, 11 opens, 2 notifications, 15207 updates
>         786648 keepalives, 6 route-refresh
>
> OSPF statistics:
>   Rcvd: 20774889 total, 0 checksum errors
>         13832619 hello, 1109278 database desc, 5 link state req
>         3295510 link state updates, 2537453 link state acks
>
>   Sent: 4781925 total
>         2307649 hello, 46631 database desc, 8 link state req
>         1777298 link state updates, 650641 link state acks
>
> IP-EIGRP statistics:
>   Rcvd: 0 total
>   Sent: 0 total
>
> PIMv2 statistics: Sent/Received
>   Total: 0/0, 0 checksum errors, 0 format errors
>   Registers: 0/0 (0 non-rp, 0 non-sm-group), Register Stops: 0/0,
> Hellos: 0/0
>   Join/Prunes: 0/0, Asserts: 0/0, grafts: 0/0
>   Bootstraps: 0/0, Candidate_RP_Advertisements: 0/0
>   Queue drops: 0
>   State-Refresh: 0/0
>
> IGMP statistics: Sent/Received
>   Total: 4/0, Format errors: 0/0, Checksum errors: 0/0
>   Host Queries: 0/0, Host Reports: 0/0, Host Leaves: 0/0
>   DVMRP: 0/0, PIM: 0/0
>   Queue drops: 0
>
> ARP statistics:
>   Rcvd: 2651898 requests, 13186 replies, 0 reverse, 0 other
>   Sent: 14493 requests, 39548 replies (0 proxy), 0 reverse
>   Drop due to input queue full: 0
>
>
> --
> Gerald   (ax/tc)
>


Wondering, where does the ICMP packet disappear, if it`s interpreted as
checksum error, try to disable ip icmp rate-limit for a moment (2 packets
per sec)

--
        iso

More information about the cisco-nsp mailing list