Check Your Understanding 759 12. An administrative distance of 15 indicates which of the following? A. The IP address is static. B. The IP address is dynamic. C. The routing information source is relatively trustworthy. D. The routing information source is relatively untrustworthy. 13. If you just added a new LAN to your internetwork and you want to manually add the network to your routing table, what command structure would you use? A. router (config)> ip route 2.0.0.0 255.0.0.0 via 1.0.0.2 B. router (config)# ip route 2.0.0.0 255.0.0.0 1.0.0.2 C. router (config)# ip route 2.0.0.0 via 1.0.0.2 D. router (config)# ip route 2.0.0.0 1.0.0.2 using 255.0.0.0 1102.book Page 759 Tuesday, May 20, 2003 2:53 PM Objectives Upon completion of this chapter, you will be able to ■ Describe ICMP ■ Describe the ICMP message format ■ Identify ICMP error message types ■ Identify potential causes of specific ICMP error messages ■ Identify a variety of ICMP control messages used in networks today ■ Determine the causes for ICMP control messages 1102.book Page 760 Tuesday, May 20, 2003 2:53 PM Chapter 17 TCP/IP Error and Control Messages Now that you have learned about the router configuration process, it is time to learn about Transmission Control Protocol/Internet Protocol (TCP/IP) suite error and control messages. In this chapter, you learn how the Internet Control Message Protocol (ICMP) provides control and message functions. In addition, you learn about potential causes of ICMP error messages and how to identify them. Please be sure to look at this chapter’s associated e-Labs, Videos, and PhotoZooms that you will find on the CD-ROM accompanying this book. These CD elements are designed to supplement the material and reinforce the concepts introduced in this chapter. Functionality and Role of IP in Error Control The function of IP is to facilitate network communication between hosts. The design of IP allows for the addressing of hosts and networks. This distinguishes IP from nonroutable protocols that can address individual hosts but that are not designed to make distinctions between networks. IP acceptance is so widespread that, in addition to being the protocol used for data delivery over the Internet, it has become the default internal protocol for small LANs that do not necessarily require routing capabilities. The limitation of IP is that it is a best-effort delivery system. IP has no mechanism to ensure that the data is delivered regardless of any problems encountered on the network. Data might fail to reach its destination for a variety of reasons, such as hardware failure, improper configuration, or incorrect routing information. If an intermediary device such as a router fails, or if a destination device is disconnected from the network, data cannot be delivered. This is why applications that use IP are typically faster: They don’t have the 1102.book Page 761 Tuesday, May 20, 2003 2:53 PM 762 Chapter 17: TCP/IP Error and Control Messages error control or reliable mechanism that TCP has. To help identify these failures, IP uses the Internet Control Message Protocol (ICMP). ICMP notifies the sender of the data that an error occurred in the delivery process. The following sections review the different types of ICMP error messages and the forms they take. Knowledge of ICMP error messages and an understanding of the potential causes of these messages are essential parts of network troubleshooting. ICMP ICMP is the component of the TCP/IP protocol stack that addresses IP’s failure to ensure data delivery. ICMP does not overcome the unreliability limitation that exists in IP. ICMP simply sends error messages to the sender of the data, indicating that problems occurred with data delivery. Figure 17-1 shows where ICMP resides within the TCP/IP model. Figure 17-1 ICMP and the TCP/IP Model This section covers the various facets of ICMP, including ICMP message delivery, error reporting and correction, and ways of detecting and handling reachabilty issues. ICMP Message Delivery ICMP messages are delivered using the IP protocol. ICMP messages are encapsulated into datagrams in the same way that any other data is delivered using IP. Table 17-1 dis- plays the encapsulation of an ICMP packet within the IP packet datagram data area. The frame header can be from a LAN protocol, such as Ethernet, or a WAN protocol, such as HDLC. 1102.book Page 762 Tuesday, May 20, 2003 2:53 PM ICMP 763 Data is encapsulated within a datagram when it reaches the network layer. From there, the datagram and its encapsulated data are encapsulated further into a frame at the data link layer. ICMP messages have their own header information. However, this informa- tion, along with the ICMP data, is encapsulated just as any other data is within the datagram. ICMP messages are transmitted in the same way as any other data. Therefore, ICMP messages are subject to the same delivery failures. This creates a scenario in which error reports could generate more error reports, causing increased congestion on an already ailing network. For this reason, errors created by ICMP messages do not gen- erate their own ICMP messages. Therefore, it is possible for a datagram delivery error to occur but never be reported back to the sender of the data. Error Reporting and Error Correction ICMP is an error-reporting protocol for IP. When datagram delivery errors occur, ICMP reports these errors to the sender of the datagram. For example, Workstation 1 in Figure 17-2 is sending a datagram to Workstation 6. When the corresponding interface on Router C goes down, Router C uses ICMP to send a message back to Workstation 1 indicating that the datagram could not be delivered. ICMP does not correct the encountered network problem. In the example from Figure 17-2, ICMP does not attempt to correct the problem with the interface on Router C that is preventing datagram delivery. The only capability of ICMP is to report the errors back to Workstation 1. Router C will not notify the intermediary devices of the delivery failure. Therefore, Router C will not send ICMP messages to Router A and Router B or to the originating device. Router C also does not know what path the datagram has taken to arrive there. Datagrams contain only source and destination IP addresses; they do not contain infor- mation about all the intermediary devices. The reporting device has only the sender’s IP address with which to communicate. Although Routers A and B are not notified directly, they might become aware of the down interface on Router C. However, dis- seminating this information to neighbor routers is not the function of ICMP. Instead, ICMP reports on the status of the delivered packet to the sender; its function is not to propagate information about network changes. Table 17-1 ICMP Encapsulation Frame header IP datagram header ICMP header ICMP data Frame header IP datagram header IP datagram data area Frame header Frame data area 1102.book Page 763 Tuesday, May 20, 2003 2:53 PM 764 Chapter 17: TCP/IP Error and Control Messages Figure 17-2 Error Reporting Being Updated Unreachable Networks Network communication depends on certain basic conditions: ■ The TCP/IP protocol stack must be properly configured in the sending and receiv- ing devices. This includes the installation of TCP/IP and proper configuration of the IP address and the subnet mask. A default gateway also must be configured if datagrams are to travel outside the local network. ■ Intermediary devices must be in place to route the datagram from the source device and its network to the destination network. Routers serve this function. ■ A router must have the TCP/IP protocol properly configured on its interfaces, and it must use an appropriate routing protocol or static routes. If these conditions are not met, network communication cannot take place. For example, the sending device might address the datagram to a nonexistent IP address or to a des- tination device that is disconnected from its network. Routers also can be points of failure if a connecting interface is down or if the router does not have the information necessary to find the destination network. If a destination network is not accessible, it is said to be an unreachable network. 1102.book Page 764 Tuesday, May 20, 2003 2:53 PM ICMP 765 Destination unreachable messages include the following: ■ Network unreachable—This message usually implies routing or addressing failures. ■ Host unreachable—This message usually implies delivery failures, such as a wrong subnet mask. ■ Protocol unreachable—This message usually implies that the destination does not support the upper-layer protocol specified in the packet. ■ Port unreachable—This message usually implies that the TCP port (socket) is not available. Figure 17-3 shows a router receiving a packet that it cannot deliver to its ultimate des- tination. The packet might be undeliverable because there is no known route to the destination. Because there is no known route, the router sends an ICMP host unreach- able message to the source. Figure 17-3 ICMP Host Unreachable Using ping to Test Destination Reachability The ICMP protocol can be used to test the availability of a particular destination. Figure 17-4 shows ICMP being used to issue an echo request message to the destina- tion device. When the destination device receives the ICMP echo request, it formulates an echo reply message to send back to the source of the echo request. If the sender receives the echo reply, this confirms that the destination device can be reached using the IP protocol. 1102.book Page 765 Tuesday, May 20, 2003 2:53 PM 766 Chapter 17: TCP/IP Error and Control Messages Figure 17-4 Echo Request The echo request message typically is initiated using the ping command, as demon- strated in Example 17-1. In this example, the command is used with the IP address of the destination device. Example 17-1 and Figure 17-5 show a successful ping or echo request/reply. Figure 17-5 ICMP ping Example 17-1 Echo Request Initiated by ping C:\> ping 198.133.219.25 Pinging 198.133.219.25 with 32 bytes of data: Reply from 198.133.219.25: bytes=32 time=30ms TTL=247 Reply from 198.133.219.25: bytes=32 time=20ms TTL=247 B 1102.book Page 766 Tuesday, May 20, 2003 2:53 PM ICMP 767 The ping command also can be used as demonstrated in Example 17-2 using the DNS name of the destination device (assuming that DNS is available). In these workstation examples, the ping command issues four echo requests and receives four echo replies confirming IP connectivity between the two devices. The output gen- erated by the router ping command is somewhat different than the workstation ping command. Example 17-3 shows a successful and unsuccessful ping from RouterA to RouterB (IP address 192.168.100.100). The exclamation marks (!) indicate a successful ping, and the periods (.) indicate failure. Table 17-2 shows Cisco ping return codes generated when pinging between Cisco devices. Reply from 198.133.219.25: bytes=32 time=20ms TTL=247 Reply from 198.133.219.25: bytes=32 time=20ms TTL=247 Ping statistics for 198.133.219.25: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 20ms, Maximum = 30ms, Average = 22ms C:\> Example 17-2 Using ping with Destination Device DNS Name C:\> ping www.cisco.com Pinging www.cisco.com [198.133.219.25] with 32 bytes of data: Reply from 198.133.219.25: bytes=32 time=30ms TTL=247 Reply from 198.133.219.25: bytes=32 time=20ms TTL=247 Reply from 198.133.219.25: bytes=32 time=20ms TTL=247 Reply from 198.133.219.25: bytes=32 time=20ms TTL=247 Ping statistics for 198.133.219.25: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 20ms, Maximum = 30ms, Average = 22ms C:\> Example 17-1 Echo Request Initiated by ping (Continued) 1102.book Page 767 Tuesday, May 20, 2003 2:53 PM 768 Chapter 17: TCP/IP Error and Control Messages Example 17-3 Router ping Examples: Success and Failure RouterA# ping 192.168.100.100 Type escape sequence to abort. Sending 5, 100byte ICMP Echoes to 192.168.100.100, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 36/36/36 ms RouterA# ping 192.168.100.100 Type escape sequence to abort. Sending 5, 100byte ICMP Echoes to 192.168.100.100, timeout is 2 seconds: . . . . . Success rate is 0 percent (0/5) Table 17-2 Cisco ping Return Codes Code Meaning Possible Cause(s) ! Each exclamation point indicates receipt of an ICMP echo reply. The ping completed successfully. . Each period indicates that the net- work server timed out while waiting for a reply. This message can indicate many problems: ■ The ping was blocked by an access list or firewall. ■ A router along the path did not have a route to the destination and did not send an ICMP desti- nation unreachable message. ■ A physical connectivity problem occurred somewhere along the path. U An ICMP unreachable message was received. A router along the path did not have a route to the destination address. 1102.book Page 768 Tuesday, May 20, 2003 2:53 PM . [19 8 .13 3. 21 9 .25 ] with 32 bytes of data: Reply from 19 8 .13 3. 21 9 .25 : bytes= 32 time=30ms TTL =24 7 Reply from 19 8 .13 3. 21 9 .25 : bytes= 32 time =20 ms TTL =24 7 Reply from 19 8 .13 3. 21 9 .25 : bytes= 32 time =20 ms. Figure 17 -5 ICMP ping Example 17 -1 Echo Request Initiated by ping C:> ping 19 8 .13 3. 21 9 .25 Pinging 19 8 .13 3. 21 9 .25 with 32 bytes of data: Reply from 19 8 .13 3. 21 9 .25 : bytes= 32 time=30ms TTL =24 7 Reply. Table 17 -2 shows Cisco ping return codes generated when pinging between Cisco devices. Reply from 19 8 .13 3. 21 9 .25 : bytes= 32 time =20 ms TTL =24 7 Reply from 19 8 .13 3. 21 9 .25 : bytes= 32 time =20 ms TTL =24 7 Ping