Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
641
Views
0
Helpful
1
Replies

how does a host handle an incomeing packet

dannan lin
Level 1
Level 1

‎10-15-2011 07:50 PM - edited ‎03-07-2019 02:49 AM

i wan running an experiment with packet tracer .

and while i was testing the auto-summary feature in RIPv1,  i found one question.

2011-10-16_095256.jpg

the R0's IP: 172.16.1.1 /24

the R2's IP  172.16.2.2 /24

I tried to ping 172.16.1.1 , becuase of the auto-summary feature( router assumed both R0 and R2 are in the 172.16.0.0/16 network), the packets went to two different directions .

and here is the question, when i traced the packet movement, i realised that

1. when R2 firstly received the packet, This packet it was sent to the worng address (R2 IP: 172.16.2.2) , so R2 replied R1 with "host unreachable " message. so there was a packet sent from R2 to R1.

2. But when R2 received the ICMP packet 2nd time, it just dropped it. (why it didn't reply with host unreachable message ?)

3. and when R2 received the ICMP packet 3rd time , it replied host unreachable message. so there was a message back to R1 .

why was this happening ?

why R2 didn't send "host unreachable "message every time ?

why R2 didn't just drop the packet instead?

can anyone explain these questions for me. much appreciated.

Labels:
115507-pk-training.pkt.zip
207 KB
0 Helpful
1 Reply 1

Peter Paluch
Cisco Employee
Cisco Employee

‎10-16-2011 12:14 AM

Hello,

Generating ICMP messages is a work that has to be done by the router's CPU. Many times, routing packets can be done in an optimized way that either bypasses the CPU completely, or is performed by CPU but in a highly optimized manner that creates as less load as possible. However, generating an ICMP Unreachable message is more demanding than just routing a packet: your router has to create a completely new IP/ICMP packet, address it back to the sender of the original packet, take the original packet's header, insert it into the ICMP Unreachable message body, and send this entire message (i.e. route it) back to the sender of the original dropped packet. If there is a high number of packets being dropped, generating an ICMP Unreachable message for each of them can overload the router's CPU. This could even be considered a security threat, as it is very easy to create a huge stream of undeliverable packets that would need to be dropped at some point in network, and possibly overload the processor on that device.

In order to prevent this from happening, ICMP Unreachable messages are rate limited - they are not sent for each and every dropped packet, but rather only for some dropped packets. By default, Cisco routers are allowed to send only one ICMP Unreachable message within a period of 500 ms. That may be the reason why you see the ICMP Unreachable message being received from R2 only sporadically, as the throttling is kicking in.

You may want to read more here:

http://www.cisco.com/en/US/docs/ios/ipapp/command/reference/iap_i1.html#wp1111982

http://www.cisco.com/en/US/docs/ios-xml/ios/ipapp/configuration/12-4t/iap-ipserv.html#GUID-739070EA-632F-47F1-83C3-461DBF7FA88F

Best regards,

Peter

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card