Description

Glossary

RFCs

Publications

Obsolete RFCs

Description:

The ICMP destination unreachable message is generated by a router to inform the source host that the destination unicast address is unreachable.

The IP header plus the first 8 bytes of the original datagram's data is returned to the sender. This data is used by the host to match the message to the appropriate process. If a higher level protocol uses port numbers, they are assumed to be in the first 64 data bits of the original datagram's data.

RFC 792, page 5:

If, according to the information in the gateway's routing tables, the network specified in the internet destination field of a datagram is unreachable, e.g., the distance to the network is infinity, the gateway may send a destination unreachable message to the internet source host of the datagram. In addition, in some networks, the gateway may be able to determine if the internet destination host is unreachable. Gateways in these networks may send destination unreachable messages to the source host when the destination host is unreachable.

If, in the destination host, the IP module cannot deliver the datagram because the indicated protocol module or process port is not active, the destination host may send a destination unreachable message to the source host.

Another case is when a datagram must be fragmented to be forwarded by a gateway yet the Don't Fragment flag is on. In this case the gateway must discard the datagram and may return a destination unreachable message.

Host Implementation:

RFC 792, page 5:

If, in the destination host, the IP module cannot deliver the datagram because the indicated protocol module or process port is not active, the destination host may send a destination unreachable message to the source host.

RFC 1122, page 40:

A host SHOULD generate Destination Unreachable messages with code: 2 (Protocol Unreachable), when the designated transport protocol is not supported; or 3 (Port Unreachable), when the designated transport protocol (e.g., UDP) is unable to demultiplex the datagram but has no protocol mechanism to inform the sender.

A Destination Unreachable message that is received MUST be reported to the transport layer. A transport protocol that has its own mechanism for notifying the sender that a port is unreachable (e.g., TCP, which sends RST segments) MUST nevertheless accept an ICMP Port Unreachable for the same purpose.

A Destination Unreachable message that is received with code 0 (Net), 1 (Host), or 5 (Bad Source Route) may result from a routing transient and MUST therefore be interpreted as only a hint, not proof, that the specified destination is unreachable. For example, it MUST NOT be used as proof of a dead gateway.

Router Implementation:

RFC 1191, page 3:

In this memo, we describe a technique for using the Don't Fragment (DF) bit in the IP header to dynamically discover the PMTU of a path. The basic idea is that a source host initially assumes that the PMTU of a path is the (known) MTU of its first hop, and sends all datagrams on that path with the DF bit set. If any of the datagrams are too large to be forwarded without fragmentation by some router along the path, that router will discard them and return ICMP Destination Unreachable messages with a code meaning "fragmentation needed and DF set". Upon receipt of such a message henceforth called a "Datagram Too Big" message), the source host reduces its assumed PMTU for the path.

RFC 1191, page 6:

When a router is unable to forward a datagram because it exceeds the MTU of the next-hop network and its Don't Fragment bit is set, the router is required to return an ICMP Destination Unreachable message to the source of the datagram, with the Code indicating "fragmentation needed and DF set". To support the Path MTU Discovery technique specified in this memo, the router MUST include the MTU of that next-hop network in the low-order 16 bits of the ICMP header field that is labelled "unused" in the ICMP specification. The high-order 16 bits remain unused, and MUST be set to zero.

RFC 1435, page 1:

While reviewing the Path MTU Discovery Protocol for Draft Standard [RFC1191], the Internet Engineering Steering Group (IESG) became aware from the reports of various implementors that some vendors have added to their routers the ability to disable ICMP messages generated by the router. This is to protect older BSD hosts, which would drop all connections to a host it found an ICMP message on any of the connections, even if it was a non-fatal ICMP message. While this protects older BSD hosts, it causes MTU discovery to fail in a silent, hard to diagnose way.

From the descriptions the IESG has obtained, adjusting the routers to continue to send ICMP message Type 3 code 4 (destination unreachable, don't fragment (DF) bit sent and fragmentation required) even when they have their "don't send ICMP messages" switch turned on would allow path MTU discovery to work but not effect older BSD hosts, since they never set the DF bit in their packets.

RFC 1812, pages 56 and 57:

If a router cannot forward a packet because it has no routes at all (including no default route) to the destination specified in the packet, then the router MUST generate a Destination Unreachable, Code 0 (Network Unreachable) ICMP message. If the router does have routes to the destination network specified in the packet but the (Type of Service) TOS specified for the routes is neither the default TOS (0000) nor the TOS of the packet that the router is attempting to route, then the router MUST generate a Destination Unreachable, Code 11 (Network Unreachable for TOS) ICMP message.

If a packet is to be forwarded to a host on a network that is directly connected to the router (i.e., the router is the last-hop router) and the router has ascertained that there is no path to the destination host then the router MUST generate a Destination Unreachable, Code 1 (Host Unreachable) ICMP message. If a packet is to be forwarded to a host that is on a network that is directly connected to the router and the router cannot forward the packet because no route to the destination has a TOS that is either equal to the TOS requested in the packet or is the default TOS (0000) then the router MUST generate a Destination Unreachable, Code 12 (Host Unreachable for TOS) ICMP message.

RFC 1812, pages 80 and 82:

The ICMP Destination Unreachable message is sent by a router in response to a packet which it cannot forward because the destination (or next hop) is unreachable or a service is unavailable. Examples of such cases include a message addressed to a host which is not there and therefore does not respond to ARP requests, and messages addressed to network prefixes for which the router has no valid route.

A router MUST be able to generate ICMP Destination Unreachable messages and SHOULD choose a response code that most closely matches the reason the message is being generated.

Routers SHOULD NOT generate Code 8; whichever of Codes 0 (Network Unreachable) and 1 (Host Unreachable) is appropriate SHOULD be used instead. Codes 9 and 10 were intended for use by end-to-end encryption devices used by U.S military agencies. Routers SHOULD use Code 13 (Communication Administratively Prohibited) if they administratively filter packets.

Routers MAY have a configuration option that causes Code 13 (Communication Administratively Prohibited) messages not to be generated. When this option is enabled, no ICMP error message is sent in response to a packet that is dropped because its forwarding is administratively prohibited.

Similarly, routers MAY have a configuration option that causes Code 14 (Host Precedence Violation) and Code 15 (Precedence Cutoff in Effect) messages not to be generated. When this option is enabled, no ICMP error message is sent in response to a packet that is dropped because of a precedence violation.

Routers MUST use Host Unreachable or Destination Host Unknown codes whenever other hosts on the same destination network might be reachable; otherwise, the source host may erroneously conclude that all hosts on the network are unreachable, and that may not be the case.

RFC 1191 describes a slight modification of Destination Unreachable messages containing Code 4 (Fragmentation needed and DF set). A router MUST use this modified form when originating Code 4 Destination Unreachable messages.

RFC 1940, page 11:

If the encapsulating router decides to forward a datagram along a particular SDRP route that has an MTU smaller than the length of the datagram, then if the payload header has the Don't Fragment flag set to 1, the router should generate an ICMP Destination Unreachable message with a code meaning "fragmentation needed and DF set". The ICMP message must be sent to the original source host. The router should then discard the original datagram.

RFC 1940, page 24:

To correlate information carried in the ICMP messages with the SDRP routes used by the router, the router uses the portion of the SDRP datagram returned by ICMP. This must contain the Source Route Identifier of the SDRP route used by the router.

ICMP Destination Unreachable messages with a code meaning "fragmentation needed and DF set" should be used for SDRP MTU discovery.

All other ICMP Unreachable messages indicate that the associated route is not feasible.

RFC 2003, pages 6 and 7:

After an encapsulated datagram has been sent, the encapsulator may receive an ICMP message from any intermediate router within the tunnel other than the tunnel exit point. The action taken by the encapsulator depends on the type of ICMP message received. When the received message contains enough information, the encapsulator MAY use the incoming message to create a similar ICMP message, to be sent to the originator of the original unencapsulated IP datagram (the original sender). This process will be referred to as "relaying" the ICMP message from the tunnel.

ICMP Destination Unreachable messages are handled by the encapsulator depending upon their Code field. The model suggested here allows the tunnel to "extend" a network to include non-local (e.g., mobile) nodes. Thus, if the original destination in the unencapsulated datagram is on the same network as the encapsulator, certain Destination Unreachable Code values may be modified to conform to the suggested model.

• Network Unreachable (Code 0). An ICMP Destination Unreachable message SHOULD be returned to the original sender. If the original destination in the unencapsulated datagram is on the same network as the encapsulator, the newly generated Destination Unreachable message sent by the encapsulator MAY have Code 1 (Host Unreachable), since presumably the datagram arrived at the correct network and the encapsulator is trying to create the appearance that the original destination is local to that network even if it is not. Otherwise, if the encapsulator returns a Destination Unreachable message, the Code field MUST be set to 0 (Network Unreachable).
• Host Unreachable (Code 1). The encapsulator SHOULD relay Host Unreachable messages to the sender of the original unencapsulated datagram, if possible.
• Protocol Unreachable (Code 2). When the encapsulator receives an ICMP Protocol Unreachable message, it SHOULD send a Destination Unreachable message with Code 0 or 1 (see the discussion for Code 0) to the sender of the original unencapsulated datagram. Since the original sender did not use protocol 4 in sending the datagram, it would be meaningless to return Code 2 to that sender.
• Port Unreachable (Code 3). This Code should never be received by the encapsulator, since the outer IP header does not refer to any port number. It MUST NOT be relayed to the sender of the original unencapsulated datagram.
• Datagram Too Big (Code 4). The encapsulator MUST relay ICMP Datagram Too Big messages to the sender of the original unencapsulated datagram.
• Source Route Failed (Code 5). This Code SHOULD be handled by the encapsulator itself. It MUST NOT be relayed to the sender of the original unencapsulated datagram.

ICMP type 3, Destination unreachable message:

Type. 8 bits. Set to 3.

Code. 8 bits.
Specifies the reason for the error.

ICMP Header Checksum. 16 bits.
The 16-bit one's complement of the one's complement sum of the ICMP message, starting with the ICMP Type field. When the checksum is computed, the checksum field should be cleared to 0. When the data packet is transmitted, the checksum is computed and inserted into this field. When the data packet is received, the checksum is again computed and verified against the checksum field. If the two checksums do not match then an error has occurred.

unused. 16 bits. Always cleared to 0.

Next-Hop MTU. 16 bits.
(RFC 1191) For use when the code is set to 4 (Datagram too big). When a router is unable to forward a datagram because it exceeds the MTU of the next-hop network and the DF (Don't Fragment) bit is set, the router is required to return an ICMP Destination Unreachable message to the source of the datagram, with the Code indicating fragmentation is needed and DF set. To support the Path MTU Discovery technique specified in this memo, the router MUST include the MTU of that next-hop network in the low-order 16 bits of the ICMP header field that is labelled "unused" in the ICMP specification. The high-order 16 bits remain unused, and MUST be set to zero. The size in bytes of the largest datagram that could be forwarded, along the path of the original datagram, without being fragmented at this router. The size includes the IP header and IP data, and does not include any lower-level headers. This field will never contain a value less than 68 since every router must be able to forward a 68 byte datagram without fragmentation.

Internet Header + 64 bits of Original Data Datagram.
The internet header plus the first 64 bits of the original datagram's data. This data is used by the host to match the message to the appropriate process. If a higher level protocol uses port numbers, they are assumed to be in the first 64 data bits of the original datagram's data.

Glossary:

RFCs:

[RFC 792] INTERNET CONTROL MESSAGE PROTOCOL.

• STD: 5.
• Defines the ICMP protocol.
• Updates:
  IEN 109, IEN 128, RFC 760, RFC 777.

[RFC 1122] Requirements for Internet Hosts -- Communication Layers.

• STD: 3.
• Updated by:
  RFC 1349, RFC 4379.

[RFC 1191] Path MTU Discovery.

• Obsoletes:
  RFC 1063.

[RFC 1435] IESG Advice from Experience with Path MTU Discovery.

[RFC 1812] Requirements for IP Version 4 Routers.

• Category: Standards Track.
• Obsoletes:
  RFC 1009, RFC 1716.

[RFC 1940] Source Demand Routing: Packet Format and Forwarding Specification (Version 1).

• Category: Informational.

[RFC 2003] IP Encapsulation within IP.

• Category: Standards Track.

[RFC 2474] Definition of the Differentiated Services Field (DS Field) in the IPv4 and IPv6 Headers.

• Category: Standards Track.
• Defines use of the Differentiated Services Field in the IP and IPv6 headers.
• Obsoletes:
  RFC 1349, RFC 1455.

Publications:

Obsolete RFCs:

[RFC 1009] Requirements for Internet Gateways.

• Obsoleted by:
  RFC 1812.
• Obsoletes:
  RFC 985.

[RFC 1063] IP MTU Discovery Options.

• Obsoleted by:
  RFC 1191.

[RFC 1349] Type of Service in the Internet Protocol Suite.

• Obsoleted by:
  RFC 2474.
• Updates:
  RFC 791, RFC 1060, RFC 1122, RFC 1123, RFC 1195, RFC 1247, RFC 1248.

[RFC 1716] Towards Requirements for IP Routers.

• Category: Informational.
• Obsoleted by:
  RFC 1812.

Description

Glossary

RFCs

Publications

Obsolete RFCs