[j-nsp] JUNOS ping utility and fragmented ICMP "echo request" probes

Martin T m4rtntns at gmail.com
Tue Oct 11 07:03:44 EDT 2011 

Hello,

I have a following setup:

Cisco891[Gi0] <-> L2 last-mile provider <-> [ae0.266]M10i


MTU of Cisco891 interface Gi0 is 1500 bytes:

CISCO891-K9>show interfaces Gi0 | i MTU
  MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec,
CISCO891-K9>


..and MTU of M10i interface ae0.266 is 1500 bytes as well:

root at M10i> show interfaces ae0.266 | match MTU
    Protocol inet, MTU: 1500
      Flags: Is-Primary, User-MTU, uRPF

root at M10i>


Cisco891 has IPv4 address 10.10.10.2 and Juniper M10i has IPv4 address
10.10.10.1. If I execute "ping 10.10.10.2 source 10.10.10.1 size 1473
count 1"(or larger packet size) in M10i and tcpdump traffic, I can see
following:


00:14:51.326107 Out 0:19:e2:8c:8c:f0 > c8:9c:1d:33:d8:d4, ethertype
802.1Q (0x8100), length 68: vlan 266, p 0, ethertype IPv4,
truncated-ip -  1450 bytes missing! 10.10.10.1 > 10.10.10.2: ICMP echo
request, id  57716, seq 0, length 1480
00:14:51.326151 Out 0:19:e2:8c:8c:f0 >  c8:9c:1d:33:d8:d4, ethertype
802.1Q (0x8100), length 39: vlan 266, p 0,  ethertype IPv4, 10.10.10.1
> 10.10.10.2: icmp
00:14:51.345959  In PFE proto 2 (ipv4): 10.10.10.2 > 10.10.10.1: ICMP
echo reply, id 57716, seq 0, length 1480


In other words ICMP "echo request" probe gets fragmented(first part is
sent out at 00:14:51.326107 and the second part is sent out at
00:14:51.326151). In addition, there is a reply from Cisco 891
received at 00:14:51.345959. Why isn't this ICMP "echo reply" message
accepted by ping utility? I mean ping utility in Juniper shows that
the ICMP "echo request" did not get "echo reply" back: 1 packets
transmitted, 0 packets received, 100% packet loss.


If I make following setup for testing purposes:

OpenSUSE[eth0] <-> [fxp1]FreeBSD

..and set MTU on both interfaces to 1500 bytes and ping from
FreeBSD(10.10.10.1) machine towards OpenSUSE(10.10.10.2) machine using
1501 byte L3 packets, then I can clearly see that ICMP "echo request"
packets are fragmented just as they should:

13:31:43.201003 IP 10.10.10.1 > 10.10.10.2: ICMP echo request, id
9988, seq 0, length 1480
13:31:43.201009 IP 10.10.10.1 > 10.10.10.2: icmp
13:31:43.202344 IP 10.10.10.2 > 10.10.10.1: ICMP echo reply, id 9988,
seq 0, length 1480
13:31:43.202355 IP 10.10.10.2 > 10.10.10.1: icmp

..but the OpenSUSE machine sends back reply for fragmented part of
ICMP "echo request" as well so the ping utility under FreeBSD counts
this as a successful result:


[root@ ~]# ping -c1 -s 1473 10.10.10.2
PING 10.10.10.2 (10.10.10.2): 1473 data bytes
1481 bytes from 10.10.10.2: icmp_seq=0 ttl=64 time=3.864 ms

--- 10.10.10.2 ping statistics ---
1 packets transmitted, 1 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 3.864/3.864/3.864/0.000 ms
[root@ ~]#


Am I correct, that this seems to be some sort of specific behavior on
Cisco 891 router? Or any other thoughts or corrections/explanations?


regards,
martin

More information about the juniper-nsp mailing list