Internet Control Message Protocol - ICMP

General requirements for ICMP were discussed in Section [4.3].

This section discusses ICMP messages which are sent only by routers.

5.2.7.1 Destination Unreachable

The ICMP Destination Unreachable message is sent by a router in response to a packet which it cannot forward because the

destination (or next hop) is unreachable or a service is unavailable

A router MUST be able to generate ICMP Destination Unreachable messages and SHOULD choose a response code that most closely matches the reason why the message is being generated.

The following codes are defined in [INTERNET:8] and [INTRO:2]:

0 = Network Unreachable - generated by a router if a

forwarding path (route) to the destination network is not available;

1 = Host Unreachable - generated by a router if a forwarding path (route) to the destination host on a directly

connected network is not available;

2 = Protocol Unreachable - generated if the transport protocol designated in a datagram is not supported in the transport layer of the final destination;

3 = Port Unreachable - generated if the designated transport protocol (e.g. UDP) is unable to demultiplex the datagram in the transport layer of the final destination but has no protocol mechanism to inform the sender;

4 = Fragmentation Needed and DF Set - generated if a router needs to fragment a datagram but cannot since the DF flag is set;

5 = Source Route Failed - generated if a router cannot forward a packet to the next hop in a source route option;

6 = Destination Network Unknown - This code SHOULD NOT be generated since it would imply on the part of the router that the destination network does not exist (net

unreachable code 0 SHOULD be used in place of code 6);

7 = Destination Host Unknown - generated only when a router can determine (from link layer advice) that the

destination host does not exist;

11 = Network Unreachable For Type Of Service - generated by a router if a forwarding path (route) to the destination network with the requested or default TOS is not

available;

12 = Host Unreachable For Type Of Service - generated if a router cannot forward a packet because its route(s) to the destination do not match either the TOS requested in the datagram or the default TOS (0).

The following additional codes are hereby defined:

13 = Communication Administratively Prohibited - generated if a router cannot forward a packet due to administrative

filtering;

14 = Host Precedence Violation. Sent by the first hop router to a host to indicate that a requested precedence is not permitted for the particular combination of

source/destination host or network, upper layer protocol, and source/destination port;

15 = Precedence cutoff in effect. The network operators have imposed a minimum level of precedence required for

operation, the datagram was sent with a precedence below this level;

NOTE: [INTRO:2] defined Code 8 for source host isolated.

Routers SHOULD NOT generate Code 8; whichever of Codes 0 (Network Unreachable) and 1 (Host Unreachable) is appropriate SHOULD be used instead. [INTRO:2] also defined Code 9 for communication with destination network administratively

prohibited and Code 10 for communication with destination host administratively prohibited. These codes were intended for use by end-to-end encryption devices used by U.S military agencies.

Routers SHOULD use the newly defined Code 13 (Communication Administratively Prohibited) if they administratively filter packets.

Routers MAY have a configuration option that causes Code 13 (Communication Administratively Prohibited) messages not to be generated. When this option is enabled, no ICMP error message is sent in response to a packet which is dropped because its

forwarding is administratively prohibited.

Similarly, routers MAY have a configuration option that causes Code 14 (Host Precedence Violation) and Code 15 (Precedence Cutoff in Effect) messages not to be generated. When this option is enabled, no ICMP error message is sent in response to a packet which is dropped because of a precedence violation.

Routers MUST use Host Unreachable or Destination Host Unknown codes whenever other hosts on the same destination network might be reachable; otherwise, the source host may erroneously conclude that all hosts on the network are unreachable, and that may not be the case.

[INTERNET:14] describes a slight modification the form of Destination Unreachable messages containing Code 4

(Fragmentation needed and DF set). A router MUST use this modified form when originating Code 4 Destination Unreachable messages.

5.2.7.2 Redirect

The ICMP Redirect message is generated to inform a host on the same subnet that the router used by the host to route certain packets should be changed.

Routers MUST NOT generate the Redirect for Network or Redirect for Network and Type of Service messages (Codes 0 and 2)

specified in [INTERNET:8]. Routers MUST be able to generate the Redirect for Host message (Code 1) and SHOULD be able to generate the Redirect for Type of Service and Host message (Code 3) specified in [INTERNET:8].

DISCUSSION:

If the directly-connected network is not subnetted, a router can normally generate a network Redirect which applies to all hosts on a specified remote network. Using a network rather than a host Redirect may economize slightly on

network traffic and on host routing table storage. However, the savings are not significant, and subnets create an

ambiguity about the subnet mask to be used to interpret a network Redirect. In a general subnet environment, it is difficult to specify precisely the cases in which network Redirects can be used. Therefore, routers must send only host (or host and type of service) Redirects.

A Code 3 (Redirect for Host and Type of Service) message is

generated when the packet provoking the redirect has a destination for which the path chosen by the router would depend (in part) on the TOS requested.

Routers which can generate Code 3 redirects (Host and Type of Service) MUST have a configuration option (which defaults to on) to enable Code 1 (Host) redirects to be substituted for Code 3 redirects. A router MUST send a Code 1 Redirect in place of a Code 3 Redirect if it has been configured to do so.

If a router is not able to generate Code 3 Redirects then it MUST generate Code 1 Redirects in situations where a Code 3 Redirect is called for.

Routers MUST NOT generate a Redirect Message unless all of the following conditions are met:

o The packet is being forwarded out the same physical interface that it was received from,

o The IP source address in the packet is on the same Logical IP (sub)network as the next-hop IP address, and

o The packet does not contain an IP source route option.

The source address used in the ICMP Redirect MUST belong to the same logical (sub)net as the destination address.

A router using a routing protocol (other than static routes) MUST NOT consider paths learned from ICMP Redirects when forwarding a packet. If a router is not using a routing protocol, a router MAY have a configuration which, if set, allows the router to consider routes learned via ICMP Redirects when forwarding packets.

DISCUSSION:

ICMP Redirect is a mechanism for routers to convey routing information to hosts. Routers use other mechanisms to learn routing information, and therefore have no reason to obey redirects. Believing a redirect which contradicted the router’s other information would likely create routing loops.

On the other hand, when a router is not acting as a router, it MUST comply with the behavior required of a host.

5.2.7.3 Time Exceeded

A router MUST generate a Time Exceeded message Code 0 (In

Transit) when it discards a packet due to an expired TTL field.

A router MAY have a per-interface option to disable origination of these messages on that interface, but that option MUST

default to allowing the messages to be originated.

5.2.8 INTERNET GROUP MANAGEMENT PROTOCOL - IGMP

IGMP [INTERNET:4] is a protocol used between hosts and multicast routers on a single physical network to establish hosts’

membership in particular multicast groups. Multicast routers use this information, in conjunction with a multicast routing

protocol, to support IP multicast forwarding across the Internet.

A router SHOULD implement the multicast router part of IGMP.

5.3 SPECIFIC ISSUES