OT [LINK] RFI: Packet

Glen Turner glen.turner at aarnet.edu.au
Sun Apr 18 05:37:25 EST 2004 

This was getting a tad technical for link so I answered directly.

If you have a link layer that doesn't implement a mechanism [1] that
drops carrier at both receivers upon an error then the sender
doesn't know that the link is unavailable and will continue
to send packets.

If the neighbours are running a routing protocol then the
neighbours eventually notice the lack of connectivity [2].
They withdraw the neighbour's routes from the routing
table. Future traffic for that neighbour leads to a ICMP
Network Unreachable response to the sender.

Neighbours which use a static route never notice that their
transmitted packets are going into the bit bucket. Thus
no ICMP Unreachable is ever sent.  Many ISP customers use
a static route to their ISP rather than a routing protocol,
so this problem is becoming more prevalent as the use of
ethernet for metro links becomes more popular.

[ AARNet members may wonder why we run a BGP connection
   to single-homed GbE-connected sites.  Now you know. ]

 > Unlikely that ICMP would be routed differently to everything else,
 > don't you think ?

I wouldn't use ICMP to imply anything about much about
the network.  Normal packets travel through hardware,
ICMP is handled by the CPU.  ICMP transit traffic is
rate limited so that DoS attacks are ameliorated.

 > I'd imagine that that it's (IME, the most common problem lately)
 > packet-too-big, but blanket-ICMP-disabled-at-router block. This is
 > exacerbated by certain types of DSL (not pointing any fingers :)

It's usually the firewalling routers used by customers. Some
manufacturuers block the useful ICMP messages, especially
"Fragmentation required but Do Not Fragment flag set" message
use by IPv4 Path MTU Discovery.

I also get this at big sites.  Unfortunately the IT security
people who configure firewalls usually don't understand
networking.  If this sounds bizaare, then recall that the
major task of IT security people is to establish workable
IT security policies and procedures and get sufficient
corporate-wide buy-in so that the polices actually happen
in practice, a task which is much more political than
technical.


Regards,
Glen


  [1] ie, lacks an Operations and Management protocol.
      eg, ethernet.

  [2] routing processes regularly send updates or "hello?"
      packets.  Using this to detect loss of carrier
      takes 5 to 45 seconds on average (90s worst case),
      depending on the routing protocol used.

More information about the Link mailing list