Page 255

TCP/IP Protocols 231

router forwards these packets, but the second router discards it and sends a "TTL exceeded"
message as well. Eventually, a set of packets is delivered to the destination, which sends back
an "ICMP port unreachable" message. The original packets sent by the host trace command
use a destination port number that is very unlikely to be used so that the destination host will
return the "port unreachable" message. The "ICMP port unreachable" message signifies that the
packets reached the true destination host, without having TTL exceeded. Example 5-1 shows a
trace command from a router (Router A) that is one hop away from a host; another router
(Router B) has debug ip icmp enabled, which shows the resulting TTL exceeded messages.
The commands were performed in the network in Figure 5-13.

Redirect ICMP Message

ICMP redirect messages provide a very important element in routed IP networks. Many hosts
are preconfigured with a default router IP address. When sending packets destined to subnets
other than the one to which they are directly connected, these hosts send the packets to their
default router. If there is a better local router to which the host should send the packets, an ICMP
redirect can be used to tell the host to send the packets to this different router.

For example, in Figure 5-14, the PC uses Router B as its default router. However, Router A's
route to subnet 10.1.4.0 is a better route. (Assume use of mask 255.255.255.0 in each subnet in
Figure 5-14.) The PC sends a packet to Router B (Step 1 in Figure 5-14). Router B then
forwards the packet based on its own routing table (Step 2); that route points through A, which
has a better route. Finally, Router B sends the ICMP redirect message to the PC (Step 3), telling
it to forward future packets destined for 10.1.4.0 to Router A instead. Ironically, the host can
ignore the redirect and keep sending the packets to Router B.

In summary, ICMP defines several message types and several subtypes, called codes. Popular
use of terminology treats each differing code as a different message; the exam is likely to treat
these codes as different messages as well, although it is unlikely that the level of granularity
will be important toward getting the right answer. Pay particular attention to the messages
denoted with asterisks in Table 5-5. Finally, RFC 792 is a short and straightforward RFC to read
if you want more information.

Example 5-1

ICMP debug on Router B, When Running trace Command on Router A

RouterA#trace 10.1.2.14

Type escape sequence to abort.
Tracing the route to 10.1.2.14

1 10.1.3.253 8 msec 4 msec 4 msec
2 10.1.2.14 12 msec 8 msec 4 msec
RouterA#
___________________________________________________________________________
RouterB#
ICMP: time exceeded (time to live) sent to 10.1.3.251 (dest was 10.1.2.14)
ICMP: time exceeded (time to live) sent to 10.1.3.251 (dest was 10.1.2.14)
ICMP: time exceeded (time to live) sent to 10.1.3.251 (dest was 10.1.2.14)

ch05.fm Page 231 Monday, March 20, 2000 5:06 PM