590 likes | 740 Views
Using ICMP to Coordinate Systems. ICMP: Internet Control Message Protocol. ICMPv4. ICMP header. ICMP Data. IP header. ICMP datagrams are routed exactly like others; there is no additional reliability or priority. Thus, error messages themselves may be lost or discarded.
E N D
ICMP: Internet Control Message Protocol ICMPv4 ICMP header ICMP Data IP header ICMP datagrams are routed exactly like others; there is no additional reliability or priority. Thus, error messages themselves may be lost or discarded. Furthermore, in an already congested network, the error message may cause additional congestion.
ICMP: Internet Control Message Protocol ICMPv4 An exception is made to the error handling procedures if an IP datagram carrying an ICMP message causes an error. The exception, established to avoid the problem of having error messages about error messages, specifies that ICMP messages are not generated for errors that result from datagrams carrying ICMP error massages. It is important to keep in mind that even though ICMP messages are encapsulated and sent using IP. ICMP is not considered a higher level protocol-it is a required part of IP.
ICMP: Internet Control Message Protocol ICMPv4 8-bit type 8-bit code 16-bit checksum (Contents depend on type and code) ICMP uses the same additive checksum algorithm as IP, but the ICMP checksum only covers the ICMP message. ICMP messages that report errors always include the IP header and first 64 data bits of the datagram causing the problem. (The 64 bits will include, for example, TCP or UDP header.)
ICMP: Internet Control Message Protocol Type Field ICMP Message Type 0 Echo Reply (Ping reply) 3 Destination Unreachable 4 Source Quench 5 Redirect (change a route) 8 Echo Request (Ping request) 11 Time exceeded for a datagram 12 Parameter problem on a datagram 13 Timestamp request 14 Timestamp reply 15 Information request (obsolete) 16 Information reply (obsolete) 17 Address mask request 18 Address mask reply
ICMPv6: Internet Control Message Protocol Error messages (1-127) Informational messages
ICMPv6: Internet Control Message Protocol Checksum calculation
ICMPv6: Internet Control Message Protocol By including the pseudo header in its checksum, ICMP protects against more than simple data corruption in transit. It also ensures that the systems’ protocol implementations interface correctly. Suppose IP mistakenly delivers a UDP message to ICMP. Since the pseudo header includes the IP next header value and this value differs for ICMP and UDP, the checksum will detect this error. If the checksum is invalid, ICMP immediately discards such datagrams without further processing.
ICMPv6: Internet Control Message Protocol Selecting a Source IP Address Router Which interface address to use? ICMP standard provides four specific rules for selecting the source address.
ICMPv6: Internet Control Message Protocol Selecting a Source IP Address First The first two rules consider ICMP replies. The source address of the reply should be the same as the destination address of the original (request) message. Second If the original message was sent to a multicast or anycast group, then the response should use as its source the IP address of the interface on which the request arrived.
ICMPv6: Internet Control Message Protocol Selecting a Source IP Address The third rule applies to ICMP error messages. Error messages are often generated by systems that are not the ultimate destination of the datagram in error. Therefore, it cannot use the original destination as the error’s source. Instead, they should use a source address that provides the most information about error being reported. For example, if the ICMP message is a Packet Too Big error, then its source should be the IP address of the interface over which the original datagram would not fit.
ICMPv6: Internet Control Message Protocol Selecting a Source IP Address Unsolicited ICMP messages, as well as those not covered previously, follow the fourth rule. The source address for such messages should be an IP address of the link on which the message is transmitted. Neighbor discovery also constrains the destination address of its ICMP messages. That destination must be a link-local address. (If the destination is multicast, then the multicast address must be of link-local scope.) The restriction confines neighbor discovery to the local link, protecting against an accidental (or deliberate) “leaking” of neighbor discovery beyond its intended scope.
ICMPv6: Internet Control Message Protocol Neighbor Discovery (ND) Neighbor discovery lets a system identify other hosts and routers on its links. Systems learn about hosts on their links so that they can forward datagrams addressed to those hosts. Hosts learn of at least one router so they can forward datagrams to systems not on their links. Nodes use the protocol to actively keep track of which neighbors are reachable and which are not, and to detect changed link-layer addresses Replace ARP, ICMP Router discovery, and ICMP Redirect used in IPv4
Router discovery Discover the local hosts on an attached link Equivalent to ICMPv4 Router discovery Prefix discovery Discovery the network prefix Equivalent to ICMPv4 address mask request/reply Parameter discovery Discovery additional parameter (ex: link MTU, default hop limit for outgoing packet) Address autoconfiguration Configure IP address for interfaces Address resolution Equivalent to ARP in IPv4 IPv6 ND Processes
Next-hop determination Destination address, or Address of an on-link default router Neighbor unreachable detection (NUD) Duplicate address detection (DAD) Determine that an address considered for use in not already in use by a neighboring node First-hop redirect function Inform a host of a better first-hop IPv6 address to reach a destination Equivalent to ICMPv4 redirect IPv6 ND Processes (cont.)
5 ND messages: Router solicitation Router advertisement Neighbor solicitation Neighbor advertisement Redirect All ND message are send with hop limit = 255 If it is not set to 255, the message is silently discarded Provide protection from ND-based network attacks launched from off-link nodes Router can not have forwarded the ND message from an off-link node ND messages
ICMPv6: Internet Control Message Protocol Neighbor Discovery
ICMPv6: Internet Control Message Protocol Neighbor Discovery Link-local address
ICMPv6: Internet Control Message Protocol Address Resolution Neighbor discovery comes into play with the first IP datagram sent across the network (do the ARP function). Suppose that the workstation must send a datagram to the PC. multicast i.e. ARP function
ICMPv6: Internet Control Message Protocol Address Resolution If the workstation fails to get a response to its solicitation, it may repeat the request an many as nine additional times. To avoid straining the network, though, successive requests must be at least one second apart. (Fig. 5.5 The Neighbor solicitation message, the Hops = 255, if received the message which Hops less than 255 the message has processed by router. i.e. The message go out of local link range, discard it DA IP is multicast address which appends the last 32-bit of the PC IP address to the 96-bit prefix FF02::1:0:0.)
ICMPv6 R=1: sent by router S=1: responding to a solicitation O=1: Override cache entry and update the cached link-layer address O Target link address option Reply to the neighbor solicitation
ICMPv6 Router Discovery (Router sends router advertisement packet to the hosts on the link
Router Advertisement Message Use DHCP for IP address (Managed address configuration) Link-local multicast Configuration for other information
Possible options for router advertisements Source link-layer address The link-layer address of the interface from which the Router Advertisement is sent. Only used on link layers that have addresses. MTU SHOULD be sent on links that have a variable MTU (as specified in the document that describes how to run IP over the particular link type). MAY be sent on other links. Prefix Information These options specify the prefixes that are on-link (net-ID) and/or are used for address autoconfiguration.
ICMPv6 Router advertisement format Max hops (255): recommend a maximum hop limit for any datagram a host transmits, 0 means unspecified reachability timeout: suggest a time limit to place on neighbor information that a host learns, If a host fails to hear from a neighbor within this time period, it can suspect that the neighbor is no longer reachable (time in milliseconds) reachability retransmission interval: limit the frequency of neighbor solicitations for a destination (time in milliseconds) router lifetime: determine how long hosts should consider the source of this message available (time in seconds). If this time interval passes without another router advertisement, hosts view the router as unavailable
ICMPv6 Router advertisement format An option defines a prefix address for the link. Links may have multiple prefixes, and thus router advertisements may include several options of this type. Routers advertise prefixes for two different reasons. First, they indicate which IP addresses refer to systems on the link. If a destination IP address does not match a link’s prefix, the system is not on the link. Reaching this destination requires the services of a router. Prefix extensions used to indicate this information have the L bit set. Prefixes may also play a role in address autoconfiguration. These prefixes have the A bit set.
ICMPv6 Router advertisement format valid lifetime: determine how long the prefix will remain valid, in the absence of further advertisements. preferred lifetime: used only for address autoconfiguration, indicate the number of seconds before a prefix become obsolete. An obsolete prefix may still be used so long as its valid lifetime has not expired. (Use 0xFFFFFFFF for infinite lifetime.)
ICMPv6 Router solicitation message
ICMPv6 Router solicitation message When a router responds to a solicitation, it does so by sending a router advertisement directly to the system making the request (use unicast, not multicast . All routers address
ICMPv6 Redirection Routers solicitations and advertisements let a host find a router, but they do not guarantee that a host finds the best router for a particular destination. ?
ICMPv6 Redirection Make the wrong choice The left router can most easily detect the problem. This situation calls for an ICMP redirect message, which tells the host of a more efficient path to a particular destination.
ICMPv6 Redirection
ICMPv6 Redirection
ICMPv6 Redirection Copy of original datagram included 1280
ICMPv6 Neighbor discovery : address resolution, router discovery, and redirection Detection the loss of a neighbor Even on healthy networks, neighbors do not remain present indefinitely. Hardware can fail, a system may change its interface card, or a mobile system can move to a new link. When these changes occur, systems must recognize the new topology and react appropriately. The process by which systems learn of these changes is neighbor unreachability detection (NUD).
ICMPv6 Detection the loss of a neighbor As long as the local system has traffic to send to a neighbor, ICMP periodically probes the neighbor by sending it neighbor solicitations. If the neighbor responds with a neighbor advertisement, and the advertisement has the S bit set (reply to solicitation), the neighbor remains reachable. If the bit is clear, then the advertisement is unsolicited, and there is no guarantee that the neighbor actually heard the solicitation (the path may be one-way).
ICMPv6 Detection the loss of a neighbor The other bit in neighbor advertisements, the R bit, also has a role in NUD. When a host hears a neighbor advertisement from a system it believes to be a router, it should check this bit. If the bit is clear, then the neighbor is no longer acting as a router. The local system should refrain from using this neighbor to forward traffic to distant destinations.
ICMPv6 Address Autoconfiguration IPv6 provides two ways to ease the administration of IP addresses. The standards name them stateless address autoconfiguration and stateful address configuration. The stateful approach relies on the Dynamic Host Configuration Protocol. Stateless configuration is ICMP’s responsibility.
ICMPv6 Address Autoconfiguration To insure that all configured addresses are likely to be unique on a given link, nodes run a "duplicate address detection" algorithm on addresses before assigning them to an interface. The Duplicate Address Detection algorithm is performed on all addresses, independent of whether they are obtained via stateless or stateful autoconfiguration.
ICMPv6 Address Autoconfiguration
ICMPv6 Address Autoconfiguration Flags in Router Advertisements M If set, hosts should not use address autoconfiguration, instead, they should rely on DHCP to determine their IP address O If set, hosts can use address autoconfiguration, but should use DHCP for other configuration information
ICMPv6 Group Membership (Multicast Listener Query messages, like IGMP for IPv4) In addition to administering unicast IP addresses, ICMP also manages group addresses. It provides a way for systems to announce (and later renounce) their membership in groups. Routers listen to these messages to track group membership on the link. They can then know whether to forward datagrams addresses to specific groups. All group membership messages have the same format, but each message has its own ICMP type.
ICMPv6 Group Membership Type: 130: Query 131: Report (join, reply to query) 132: Termination (leave)
ICMPv6 Group Membership In most cases, the messages are sent to the group address in question. The destination IP address will then be the same as the multicast IP address in the message body. It is also possible to query for membership in all groups. In such cases, the destination address is the All nodes address (FF02::1, local-link multicast), and the IP multicast address is set to zero. maximum response delay (milliseconds): the maximum amount of time that a system may delay before responding to the query. To prevent every group member from responding simultaneously, each should delay a random amount of time ranging from zero to the MRD.
ICMPv6 Error Reporting Hops:3 Hops:2 Hops:1
ICMPv6 Error Reporting ICMP time exceeded error
ICMPv6 Error Reporting To avoid choking a network with error messages, ICMP has specific rules that define when error messages are permissible.