[c-nsp] Missing 'packet-too-big' ICMPs on 12.2(28)SB6

Gerald Krause gk at ax.tc
Tue Sep 11 11:52:23 EDT 2007


Karol Mares wrote:
> Hi,
> 
> On 9/11/07, Gerald Krause <gk at ax.tc> wrote:
>> Karol Mares wrote:
>>> Hi,
>>>
>>> On 9/10/07, Gerald Krause <gk at ax.tc> wrote:
>>>> Gerald Krause wrote:
>>>>> Hi,
>>>>>
>>>>> I have a 7206VXR as LNS under 12.2(28)SB6 and wonder if anyone
>>>>> experience a strange ICMP behaviour regarding fragmentation/MTU
>>>>> bounderies. It seems that the router doesn't generate appropriate
>>>>> ICMP messages when pakets arrive that the system can't (or isn't
>>>>> allow to) fragment.
>>>>>
>>>>> The only problem with our config could be the fact that we have
>>>>> configured a MTU of 1530 byte (because of MPLS) on the FEs. But even
>>>>> if this could be problematic I would expect that in the case that a
>>>>> paket arrive which can't be delivered through the VirtualInterfaces
>>>>> (MTU 1448 byte) the system have to mention that in the logging buffer.
>>>>> Thats why I have enabled ICMP debugging and related CEF debugging
>>>>> but I never see 'packet-too-big' ICMP messages, only 'echo' and
>>>>> 'host/port unreachable' messages are logged. But I See that CEF is
>>>>> aware of the fact that it can't deliver the packet without
>>>>> fragmentation:
>>>>>
>>>>>
>>>>> debug:
>>>>> ======
>>>>> Generic IP:
>>>>>   ICMP packet debugging is on
>>>>> IP CEF:
>>>>>   IP CEF drops debugging is on
>>>>>     for access list 80
>>>>>   IP CEF fragmentation debugging is on
>>>>>
>>>
>>> Curious, can you show me the show int fa<x> and show ip traffic  command
>> ?
>>
>> Yep, sure:
>>
>> #sh int fa0/0
>> FastEthernet0/0 is up, line protocol is up
>>   Hardware is DEC21140A, address is 0050.0b3b.5400 (bia 0050.0b3b.5400)
>>   Description:
>>   Internet address is x.x.x.x/27
>>   MTU 1530 bytes, BW 100000 Kbit, DLY 100 usec,
>>      reliability 255/255, txload 9/255, rxload 21/255
>>   Encapsulation ARPA, loopback not set
>>   Keepalive set (10 sec)
>>   Full-duplex, 100Mb/s, 100BaseTX/FX
>>   ARP type: ARPA, ARP Timeout 04:00:00
>>   Last input 00:00:00, output 00:00:00, output hang never
>>   Last clearing of "show interface" counters never
>>   Input queue: 1/75/133/4658 (size/max/drops/flushes); Total output
>> drops: 0
>>   Queueing strategy: fifo
>>   Output queue: 0/40 (size/max)
>>   5 minute input rate 8480000 bits/sec, 2907 packets/sec
>>   5 minute output rate 3777000 bits/sec, 1939 packets/sec
>>      2643939396 packets input, 3280004591 bytes, 5 no buffer
>>      Received 16131045 broadcasts (0 IP multicast)
>>      0 runts, 0 giants, 138 throttles
>>      0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
>>      0 watchdog
>>      0 input packets with dribble condition detected
>>      3432839522 packets output, 1002457105 bytes, 0 underruns
>>      0 output errors, 0 collisions, 1 interface resets
>>      0 babbles, 0 late collision, 0 deferred
>>      1 lost carrier, 0 no carrier
>>      0 output buffer failures, 0 output buffers swapped out
>>
>> #sh int fa4/0
>> FastEthernet4/0 is up, line protocol is up
>>   Hardware is DEC21140, address is 0050.0b3b.5470 (bia 0050.0b3b.5470)
>>   Description:
>>   Internet address is y.y.y.y/27
>>   MTU 1530 bytes, BW 100000 Kbit, DLY 100 usec,
>>      reliability 255/255, txload 13/255, rxload 3/255
>>   Encapsulation ARPA, loopback not set
>>   Keepalive not set
>>   Full-duplex, 100Mb/s, 100BaseTX/FX
>>   ARP type: ARPA, ARP Timeout 04:00:00
>>   Last input 00:00:00, output 00:00:00, output hang never
>>   Last clearing of "show interface" counters never
>>   Input queue: 0/75/0/3006 (size/max/drops/flushes); Total output
>> drops: 0
>>   Queueing strategy: fifo
>>   Output queue: 0/40 (size/max)
>>   5 minute input rate 1500000 bits/sec, 368 packets/sec
>>   5 minute output rate 5187000 bits/sec, 1432 packets/sec
>>      2845013786 packets input, 2383827726 bytes, 0 no buffer
>>      Received 15908291 broadcasts (0 IP multicast)
>>      0 runts, 0 giants, 0 throttles
>>      0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
>>      0 watchdog
>>      0 input packets with dribble condition detected
>>      1842783025 packets output, 2416455042 bytes, 0 underruns
>>      0 output errors, 0 collisions, 1 interface resets
>>      0 babbles, 0 late collision, 0 deferred
>>      1 lost carrier, 0 no carrier
>>      0 output buffer failures, 0 output buffers swapped out
>>
>> #sh ip traffic
>> IP statistics:
>>   Rcvd:  250484026 total, 159198119 local destination
>>          1576 format errors, 0 checksum errors, 884039 bad hop count
>>          4 unknown protocol, 35458 not a gateway
>>          0 security failures, 0 bad options, 36188 with options
>>   Opts:  8 end, 0 nop, 0 basic security, 0 loose source route
>>          0 timestamp, 0 extended security, 8 record route
>>          0 stream ID, 0 strict source route, 36180 alert, 0 cipso, 0 ump
>>          0 other
>>   Frags: 44235703 reassembled, 42 timeouts, 0 couldn't reassemble
>>          41228174 fragmented, 1072 couldn't fragment
>>   Bcast: 8313647 received, 0 sent
>>   Mcast: 29135477 received, 9634176 sent
>>   Sent:  206325022 generated, 2459945607 forwarded
>>   Drop:  1677 encapsulation failed, 0 unresolved, 0 no adjacency
>>          216 no route, 0 unicast RPF, 0 forced drop
>>          0 options denied, 4 source IP address zero
>>
>> ICMP statistics:
>>   Rcvd: 13 format errors, 220 checksum errors, 93697 redirects,
>> 33291 unreachable
>>         1769784 echo, 6415 echo reply, 0 mask requests, 0 mask
>> replies, 29 quench
>>         0 parameter, 0 timestamp, 0 info request, 0 other
>>         0 irdp solicitations, 0 irdp advertisements
>>   Sent: 0 redirects, 2399844 unreachable, 6609 echo, 1769783 echo reply
>>         0 mask requests, 0 mask replies, 0 quench, 0 timestamp
>>         0 info reply, 819068 time exceeded, 0 parameter problem
>>         0 irdp solicitations, 0 irdp advertisements
>>
>> UDP statistics:
>>   Rcvd: 66735466 total, 9 checksum errors, 3325761 no port
>>   Sent: 177825189 total, 0 forwarded broadcasts
>>
>> TCP statistics:
>>   Rcvd: 25385141 total, 2532 checksum errors, 4059 no port
>>   Sent: 18698403 total
>>
>> Probe statistics:
>>   Rcvd: 0 address requests, 0 address replies
>>         0 proxy name requests, 0 where-is requests, 0 other
>>   Sent: 0 address requests, 0 address replies (0 proxy)
>>         0 proxy name replies, 0 where-is replies
>>
>> BGP statistics:
>>   Rcvd: 20697361 total, 11 opens, 0 notifications, 20281798 updates
>>         415544 keepalives, 8 route-refresh, 0 unrecognized
>>   Sent: 801874 total, 11 opens, 2 notifications, 15207 updates
>>         786648 keepalives, 6 route-refresh
>>
>> OSPF statistics:
>>   Rcvd: 20774889 total, 0 checksum errors
>>         13832619 hello, 1109278 database desc, 5 link state req
>>         3295510 link state updates, 2537453 link state acks
>>
>>   Sent: 4781925 total
>>         2307649 hello, 46631 database desc, 8 link state req
>>         1777298 link state updates, 650641 link state acks
>>
>> IP-EIGRP statistics:
>>   Rcvd: 0 total
>>   Sent: 0 total
>>
>> PIMv2 statistics: Sent/Received
>>   Total: 0/0, 0 checksum errors, 0 format errors
>>   Registers: 0/0 (0 non-rp, 0 non-sm-group), Register Stops: 0/0,
>> Hellos: 0/0
>>   Join/Prunes: 0/0, Asserts: 0/0, grafts: 0/0
>>   Bootstraps: 0/0, Candidate_RP_Advertisements: 0/0
>>   Queue drops: 0
>>   State-Refresh: 0/0
>>
>> IGMP statistics: Sent/Received
>>   Total: 4/0, Format errors: 0/0, Checksum errors: 0/0
>>   Host Queries: 0/0, Host Reports: 0/0, Host Leaves: 0/0
>>   DVMRP: 0/0, PIM: 0/0
>>   Queue drops: 0
>>
>> ARP statistics:
>>   Rcvd: 2651898 requests, 13186 replies, 0 reverse, 0 other
>>   Sent: 14493 requests, 39548 replies (0 proxy), 0 reverse
>>   Drop due to input queue full: 0
>>
>>
>> --
>> Gerald   (ax/tc)
>>
> 
> 
> Wondering, where does the ICMP packet disappear, if it`s interpreted as
> checksum error, try to disable ip icmp rate-limit for a moment (2 packets
> per sec)

I can sucessfully ping the 7206 itself in parallel and see all
echo-reply packtes that the system generate in the logging buffer
(debug ip icmp) and on the workstation too but no type3/code4
packtes. Even with
 ip icmp rate-limit unreachable DF 1
and/or
 ip icmp rate-limit unreachable 1
I get none of these.

--
Gerald   (ax/tc)


More information about the cisco-nsp mailing list