Networks week 8

Networks week 8 Midterm Exam Corboy 522

ICMP: Internet Control Message Protocol
and some things it's used for

ICMP consists of a set of host-to-host messages about network status and errors. Because they are host-to-host, they are never delivered to a specific port, even if they are sent in response to an error related to something sent from that port.

Here are the ICMP types, with subtypes listed in the description (from wikipedia). I've pruned the list to the most common values.

Type	Description
Echo Reply	Echo reply (used by "ping")
Destination Unreachable	Destination network unreachable
	Destination host unreachable
	Destination port unreachable
	Fragmentation required, and DF flag set
	Network administratively prohibited
Source Quench	Source quench (congestion control)
Redirect Message	Redirect Datagram for the Network
	Redirect Datagram for the Host
	Redirect Datagram for the TOS & network
	Redirect Datagram for the TOS & host
Echo Request	Echo request
Router Solicitation	Router discovery/selection/solicitation
Time Exceeded	TTL expired in transit
Time Exceeded	Fragment reassembly time exceeded
Parameter Problem: Bad IP header	Pointer indicates the error
	Missing a required option
	Bad length

ICMP is perhaps best known for Echo Request/Reply, on which the ping tool is based. Ping remains very useful for network troubleshooting: if you can ping a host, then the network is reachable, and any problems are higher up the protocol chain. Note that ping replies are blocked by default by the Microsoft firewall, most likely on the idea that revealing even the existence of computers is a security risk. This significantly impairs the utility of ping. Most routers do still pass ping requests, but some site routers block them.

Source Quench is used to signal that congestion has been encountered. A router that drops a packet due to congestion experience is encouraged to send source quench to the originating host.

Destination Unreachable has a large number of subtypes:

Network unreachable: some router had no entry for forwarding the packet, and no default route
Host unreachable: the packet reached a router that was on the same LAN as the host, but the host failed to respond to ARP queries
Port unreachable: the packet was sent to a UDP port on a given host, but that port was not open. Note that TCP deals with this by replying to the connecting endpoint with RST. Note also that the UDP Port Unreachable message is sent to the host, not to the application on that host that sent the undeliverable packet, and so is close to useless as a practical way for applications to be informed when packets cannot be delivered.
Administratively Prohibited is sent by a router that knows it can reach the network in question, but has configured to drop the packet and send back Administratively Prohibited messages. A router can also be configured to blackhole messages: to drop the packet and send back nothing.

Path MTU Discovery

Frag Reqd/DF Set is used by Path MTU Discovery. How large should packets be? Once upon a time, local packets were 1500 bytes (the Ethernet max) and all others were just big enough for 512 bytes of data, plus headers. Sending larger packets is always possible, but fragmentation leads to a major performance loss. But backbone internet links can now almost always carry 1500-byte packets without fragmentation. The Path MTU is the largest packet size that can be sent along a path without fragmentation, and Path MTU Discovery is an endpoint protocol that attempts to guess the Path MTU. It has been incorporated in TCP for several years; it is not available for UDP.

The strategy is to send an initial data packet with the DF bit set. If the ICMP message Frag Reqd/DF Set comes back, the sender tries a smaller size. If we receive a TCP ACK for the packet, on the other hand, indicating that it made it through to the other end, the sender might try a larger size. Usually, the range 512-1500 is covered by a range of maybe half a dozen discrete sizes; the point is not to find the exact Path MTU but to determine a reasonable approximation rapidly.

Traceroute

The traceroute program uses ICMP Time Exceeded messages. A packet is sent to the destination (often UDP to an unused port), with the TTL set to 1. The first router the packet reaches decrements the TTL to 0, drops it, and returns an ICMP Time Exceeded message. The sender now knows the first router on the chain. The second packet is sent with TTL set to 2, and the second router on the path will be the one to return ICMP Time Exceeded. This continues until finally the remote host returns something, likely ICMP Port Unreachable.

Many routers no longer respond with ICMP Time Exceeded messages when they drop packets.

Traceroute assumes the path does not change. This is not always the case.

Once upon a time (~2001), traceroute showed that traffic from my home to Loyola went through MAE-EAST, outside of Washington DC. That inefficient route was later fixed.

Traceroute demos:
    www.luc.edu
    orion.it.luc.edu
    www.anl.gov
    gargoyle.cs.uchicago.edu
    java.sun.com
    4.0.0.1
    207.119.43.12

Redirects

Here's a classic example of redirects:

    R1---------+--------R2-------B
               |
               A

A is configured so that its default router is R1. It addresses a packet to B, and sends it to R1. R1 receives the packet, and forwards it to R2. However, R1 also notices that R2 and A are on the same network, and so A could have sent the packet to R2 directly. So R1 sends an appropriate ICMP redirect message to R2 ("Redirect Datagram for the Network"), and A adds a route to B to its own routing table.

Router Solicitation

These are used by some router protocols to identify immediate neighbors.