ICMP is an error reporting protocol for IP. When datagram delivery errors occur, ICMP is used to report these errors back to the source of the datagram. For example, if Workstation 1 in Figure is sending a datagram to Workstation 6, but interface Fa0/0 on Router C goes down, Router C then utilizes ICMP to send a message back to Workstation 1 indicating that the datagram could not be delivered. ICMP does not correct the encountered network problem; it merely reports the problem.

When Router C receives the datagram from Workstation 1, it knows only the source and destination IP addresses of the datagram. It does not know about the exact path the datagram took on the way to Router C. Therefore, Router C can only notify Workstation 1 of the failure, and no ICMP messages are sent to Router A and Router B. ICMP reports on the status of the delivered packet only to the source device. It does not propagate information about network changes to routers.

Web Links Internet Protocol: Error and Control Messages (ICMP) http://faculty.weber.edu/wclark/ch9a.pdf

ICMP messages are encapsulated into datagrams in the same way any other data is delivered using IP. Figure displays the encapsulation of ICMP data within an IP datagram.

Since ICMP messages are transmitted in the same way as any other data, they are subject to the same delivery failures. This creates a scenario where error reports could generate more error reports, causing increased congestion on an already ailing network. For this reason, errors created by ICMP messages do not generate their own ICMP messages. It is thus possible to have a datagram delivery error that is never reported back to the sender of the data.

Web Links Best Effort Delivery http://oucsace.cs.ohiou.edu/~osterman/ class/cs444.archive/ notes/icmp.pdf

If these conditions are not met, then network communication cannot take place. For instance, the sending device may address the datagram to a non-existent IP address or to a destination device that is disconnected from its network. Routers can also be points of failure if a connecting interface is down or if the router does not have the information necessary to find the destination network. If a destination network is not accessible, it is said to be an unreachable network.

Figures and show a router receiving a packet that it is unable to deliver to its ultimate destination. The packet is undeliverable because there is no known route to the destination. Because of this, the router sends an ICMP host unreachable message to the source.

The ICMP protocol can be used to test the availability of a particular destination. Figure shows ICMP being used to issue an echo request message to the destination device. If the destination device receives the ICMP echo request, it formulates an echo reply message to send back to the source of the echo request. If the sender receives the echo reply, this confirms that the destination device can be reached via the IP protocol.

The echo request message is typically initiated using the ping command as shown in Figure . In this example, the command is used with the IP address of the destination device. The command can also be utilized as shown in Figure using the IP address of the destination device. In these examples, the ping command issues four echo requests and receives four echo replies, confirming IP connectivity between the two devices.

Situations can occur in network communication where a datagram travels in a circle, never reaching its destination. This might occur if two routers continually route a datagram back and forth between them, thinking the other should be the next hop to the destination. This is an example of faulty routing information.

The limitations of the routing protocol can result in destinations being unreachable. For example, RIP has a limit on the distance a certain routing information is allowed to travel. The hop limit of RIP is 15, which means that the packet will only be allowed to pass through 15 routers.

In either of these cases, an excessively long route exists. Whether the actual path includes a circular routing path or too many hops, the packet will eventually exceed the maximum hop count. This is also known as reaching its time-to-live (TTL), because the TTL value typically matches the maximum hop count defined by the routing protocol. A TTL value is defined in each datagram. As each router processes the datagram, it decreases the TTL value by one. When the TTL of the datagram value reaches zero, the packet is discarded. ICMP uses a time exceeded message to notify the source device that the TTL of the datagram has been exceeded.

As with any type of packet, ICMP messages have special formats. Each ICMP message type shown in Figure has its own unique characteristics, but all ICMP message formats start with these same three fields:

• Type
• Code
• Checksum

The type field indicates the type of ICMP message being sent. The code field includes further information specific to the message type. The checksum field, as in other types of packets, is used to verify the integrity of the data.

Figure shows the message format for the ICMP echo request and echo reply messages. The relevant type and code numbers are shown for each message type. The identifier and sequence number fields are unique to the echo request and echo reply messages. The identifier and sequence fields are used to match the echo replies to the corresponding echo request. The data field contains additional information that may be a part of the echo reply or echo request message.

Interactive Media Activity Drag and Drop: ICMP ECHO Message Format After completing this activity, the student will be able to ICMP ECHO message format.

Datagrams cannot always be forwarded to their destinations. Hardware failures, improper protocol configuration, down interfaces and incorrect routing information are some of the reasons successful delivery may not be possible. In these cases, ICMP delivers back to the sender a destination unreachable message indicating to the sender that the datagram could not be properly forwarded.

Figure shows an ICMP destination unreachable message header. The value of 3 in the type field indicates it is a destination unreachable message. The code value indicates the reason the packet could not be delivered. Figure has a code value of 0, indicating the network was unreachable. Figure shows the meaning for each possible code value in a destination unreachable message.

A destination unreachable message may also be sent when packet fragmentation is required in order to forward a packet. Fragmentation is usually necessary when a datagram is forwarded from a Token-Ring network to an Ethernet network. If the datagram does not allow fragmentation, the packet cannot be forwarded, so a destination unreachable message will be sent. Destination unreachable messages may also be generated if IP related services such as FTP or Web services are unavailable. To effectively troubleshoot an IP network, it is necessary to understand the various causes of ICMP destination unreachable messages.

Devices that process datagrams may not be able to forward a datagram due to some type of error in the header. This error does not relate to the state of the destination host or network but still prevents the datagram from being processed and delivered. In this case, an ICMP type 12 parameter problem message is sent to the source of the datagram. Figure shows the parameter problem message header.

The parameter problem message includes the pointer field in the header. When the code value is 0, the pointer field indicates the octet of the datagram that produced the error.

Unlike error messages, control messages are not the results of lost packets or error conditions which occur during packet transmission. Instead, they are used to inform hosts of conditions such as network congestion or the existence of a better gateway to a remote network. Like all ICMP messages, ICMP control messages are encapsulated within an IP datagram. ICMP uses IP datagrams in order to traverse multiple networks.

Multiple types of control messages are used by ICMP. Some of the most common are shown in Figure . Many of these are discussed in this section.

A common ICMP control message is the ICMP redirect/change request. This type of message can only be initiated by a gateway, which is a term commonly used to describe a router. All hosts that communicate with multiple IP networks must be configured with a default gateway. This default gateway is the address of a router port connected to the same network as the host. Figure displays a host connected to a router that has access to the Internet. Once configured with the IP address of Fa 0/0 as its default gateway, Host B uses that IP address to reach any network not directly connected to it. Normally, Host B is connected to a single gateway. However, in some circumstances, a host connects to a segment that has two or more directly connected routers. In this case, the default gateway of the host may need to use a redirect/change request to inform the host of the best path to a certain network. 

Figure shows a network where ICMP redirects would be used. Host B sends a packet to Host C on network 10.0.0.0/8. Since Host B is not directly connected to the same network, it forwards the packet to its default gateway, Router A. Router A finds the correct route to network 10.0.0.0/8 by looking into its route table. It determines that the path to the network is back out the same interface the request to forward the packet came from. It forwards the packet and sends an ICMP redirect/change request to Host B telling it to use Router B as the gateway to forward all future requests to network 10.0.0.0/8.

Default gateways only send ICMP redirect/change request messages if the following conditions are met: 

• The interface on which the packet comes into the router is the same interface on which the packet gets routed out.
• The subnet/network of the source IP address is the same subnet/network of the next-hop IP address of the routed packet.
• The datagram is not source-routed.
• The route for the redirect is not another ICMP redirect or a default route.
• The router is configured to send redirects. (By default, Cisco routers send ICMP redirects. The interface subcommand no ip redirects will disable ICMP redirects.)

The ICMP redirect/change request uses the format shown in Figure . It has an ICMP type code of 5. In addition, it has a code value of 0, 1, 2, or 3.

The Router Internet Address field in the ICMP redirect is the IP address that should be used as the default gateway for a particular network. In the example in Figure , the ICMP redirect sent from Router A to Host B would have a Router Internet Address field value of 172.16.1.200, which is the IP address of E0 on Router B.

Web Links Internet Protocol http://www.cs.panam.edu/~meng/ Course/CS6175.Protocol/ Note/ip/ip.html

The ICMP timestamp request message allows a host to ask for the current time according to the remote host. The remote host uses an ICMP timestamp reply message to respond to the request.

The type field on an ICMP timestamp message can be either 13 (timestamp request) or 14 (timestamp reply). The code field value is always set to 0 because there are no additional parameters available. The ICMP timestamp request contains an originate timestamp, which is the time on the requesting host just before the timestamp request is sent. The receive timestamp is the time that the destination host receives the ICMP timestamp request. The transmit timestamp is filled in just before the ICMP timestamp reply is returned. Originate, receive and transmit timestamps are computed in numbers milliseconds elapsed since midnight Universal Time (UT).

All ICMP timestamp reply messages contain the originate, receive and transmit timestamps. Using these three timestamps, the host can estimate transit time across the network by subtracting the originate time from the transit time. It is only an estimate however, as true transit time can vary widely based on traffic and congestion on the network. The host that originated the timestamp request can also estimate the local time on the remote computer.

While ICMP timestamp messages provide a simple way to estimate time on a remote host and total network transit time, this is not the best way to obtain this information. Instead, more robust protocols such as Network Time Protocol (NTP) at the upper layers of the TCP/IP protocol stack perform clock synchronization in a more reliable manner. 

Web Links Clock Synchronization Algorithms for Network Measurements http://www.ieee-infocom.org/2002/ papers/329.pdf

The ICMP information requests and reply messages were originally intended to allow a host to determine its network number. Figure shows the format for an ICMP information request and reply message.

Two type codes are available in this message. Type 15 signifies an information request message, and type 16 identifies an information reply message. This particular ICMP message type is considered obsolete. Other protocols such as BOOTP and Dynamic Host Configuration Protocol (DHCP) are now used to allow hosts to obtain their network numbers. 

This broadcast is received by 172.16.5.1, the local router. The router responds with the address mask reply:

The frame format for the address mask request and reply is shown in Figure . Figure shows the descriptions for each field in the address mask request message. Note that the same frame format is used for both the address mask request and the reply. However, an ICMP type number of 17 is assigned to the request and 18 is assigned to the reply.

Web Links IP Routing Tech Notes http://www.cisco.com/en/US/tech/ tk826/tk365/ tech_tech_notes_ list.html

When a host on the network boots, and the host has not been manually configured with a default gateway, it can learn of available routers through the process of router discovery. This process begins with the host sending a router solicitation message to all routers, using the multicast address 224.0.0.2 as the destination address. Figure shows the ICMP router discovery message. The router discovery message may also be broadcast to include routers that may not be configured for multicasting. If a router discovery message is sent to a router that does not support the discovery process, the solicitation will go unanswered. 

When a router that supports the discovery process receives the router discovery message , a router advertisement is sent in return. The router advertisement frame format is shown in Figure and an explanation of each field is shown in Figure .

Web Links ICMP Router Discovery Messages http://www.cis.ohio-state.edu/cgi-bin/ rfc/rfc1256.html

A small office home office (SOHO) is a scenario where ICMP source-quench messages might be used effectively. One such SOHO could consist of four computers networked together using CAT-5 cable and Internet connection sharing (ICS) over a 56K modem. It is easy to see that the 10Mbps bandwidth of the SOHO LAN could quickly overwhelm the available 56K bandwidth of the WAN link, resulting in data loss and retransmissions. With ICMP messaging, the host acting as the gateway in the ICS can request that the other hosts reduce their transmission rates to a manageable level, thus preventing continued data loss. A network where congestion on the WAN link could cause communication problems is shown in Figure .

Web Links BECN for Congestion Control in TCP/IP Networks: Study and Comparative Evaluation http://www.sce.carleton.ca/faculty/lambadaris/ recent-papers/ globecom2002.pdf

• IP is a best-effort delivery method that uses ICMP messages to alert the sender that the data did not reach its destination.
• ICMP echo request and echo reply messages allow the network administrator to test IP connectivity to aid in the troubleshooting process.
• ICMP messages are transmitted using the IP protocol so their delivery is unreliable.
• ICMP packets have their own special header information starting with a type field and a code field.
• Identify potential causes of specific ICMP error messages
• The functions of ICMP control messages
• ICMP redirect/change request messages
• ICMP clock synchronization and transit time estimation messages
• ICMP information request and reply messages
• ICMP address mask request and reply messages
• ICMP router discovery message
• ICMP router solicitation message
• ICMP congestion and flow control messages