Priscilla Oppenheimer wrote:
>
> By the way, I stumbled on this somewhat helpful document:
>
> http://www.cisco.com/warp/public/63/ping_traceroute.html
>
> Couldn't find it by starting with the Tech Tips pages, but the search
> engine found it when I searched on something bizarre.
>
Great article, Priscilla -- thanks for sharing!
At 09:16 PM 7/4/01, Chuck Larrieu wrote:
> >next - sending 1500-byte packets - get the big M!
> >
> >Router_1#
> >Router_1#ping
> >Protocol [ip]:
> >Target IP address: 175.175.1.1
> >Repeat count [5]:
> >Datagram size [100]: 1500
> >Timeout in seconds [2]:
> >Extended commands [n]: y
> >Source address or interface: l 0
> >Type of service [0]:
> >Set DF bit in IP header? [no]: yes
> >Validate reply data? [no]:
> >Data pattern [0xABCD]:
> >Loose, Strict, Record, Timestamp, Verbose[none]:
> >Sweep range of sizes [n]:
> >Type escape sequence to abort.
> >Sending 5, 1500-byte ICMP Echos to 175.175.1.1, timeout is 2 seconds:
> >M.M.M Success rate is 0 percent (0/5)
> >Router_1#
> >Router_1#
> >
> >irritating annoyance - note the M.M.M why aren't they all M's????
Actually I prefer M&Ms, doesn't everyone? Sorry, chocoholic attack. :-)
The router which generated the ICMP message rate-limited same to
no greater than one per second per source IP. It's one way that IOS
tries to prevent one errant traffic stream from impacting others.
Note that as soon as the first "M" was received by Router_1, it
immediately fired off the second ping. Hence the downstream router
decided not to generate another ICMP message, forcing Router_1 to
time out (in two seconds). Ping #3 occurred more than one second
after #2, so the ICMP message was generated. And so on...
The more common pattern seen is "U.U.U" for host unreachable.
To explain a bit further about the rationale, remember that the
downstream router would really like to spend its resources successfully
forwarding packets, in a fast-switching mode (fast/CEF/optimum/whatever).
This is performed in interrupt mode. It's not possible to generate
new messages in interrupt mode, so all exception cases must be handled
by an IOS process (IP input). Doing this is more CPU and buffer
expensive and competes with successful traffic flows. So IOS throttles
this activity for each source IP, in case the source is brain dead
or potentially malicious (a DoS attack). In fact, the fast-switching
code can silently drop the unroutable packet without even scheduling
a process to run.
Thanks to both of you for digging and actually trying these on real
gear -- it helps everyone learn much more thoroughly.
Marty Adkins Email: [EMAIL PROTECTED]
Mentor Technologies Phone: 240-568-6526
133 National Business Pkwy WWW: http://www.mentortech.com
Annapolis Junction, MD 20701 Cisco CCIE #1289
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=11113&t=10910
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
