[c-nsp] Opinions about ICMP Destination Unreachable

Jen Linkova furry13 at gmail.com
Thu Nov 27 06:15:02 EST 2008


On Thu, Nov 27, 2008 at 8:10 AM, Dino Farinacci <dino at cisco.com> wrote:
> I am just wondering how many people have ICMP Destination Unreachables
> disabled on their core routers. Could an CPE router, which may encapsulate
> data, be able to depend on ICMP Unreachables to be sent to it?
>
> I know there are many cases where router implementations default it to off
> (to not send ICMP DUs), but wondering who leaves it this way or turns them
> on? Of when it defaults to on, who explicitly turns them off.

Most of people who disable ICMP DU just don't understand what ICMP DU
is for. Need I mention that PMTUD relies on ICMP type 3/code 4...
In addition, it looks like that "no ip unreach" interface command
disables "too big" message as well, breaking PMTUD.
I prefer to enable ICMP DU on any interfaces where fragmentation may occur.

P.S. Fortunately, there are separate types for "Packet Too Big" and
"Destination Unreachable" messages in ICMPv6 ;-)

-- 
SY, Jen Linkova aka Furry


More information about the cisco-nsp mailing list