R2511-HP MSR Router Series Layer 3 - IP Services Configuration Guide(V5)
112
{ If the destination of a packet is local but the transport layer protocol of the packet is not
supported by the local device, the device sends a "protocol unreachable" ICMP error packet to
the source.
{ When receiving a packet with the destination being local and transport layer protocol being
UDP, if the packet's port number does not match the running process, the device sends the
source a "port unreachable" ICMP error packet.
{ If the source uses "strict source routing" to send packets, but the intermediate device finds that
the next hop specified by the source is not directly connected, the device sends the source a
"source routing failure" ICMP error packet.
{ When forwarding a packet, if the MTU of the sending interface is smaller than the packet, but
the packet has been set as "Don't Fragment," the device sends the source a "fragmentation
needed and Don't Fragment (DF)-set" ICMP error packet.
Disadvantages of sending ICMP error packets
Sending ICMP error packets facilitates network control and management, but it has the following
disadvantages:
• Sending a lot of ICMP packets increases network traffic.
• A device's performance degrades if it receives a lot of malicious packets that cause it to respond
with ICMP error packets.
• A host's performance degrades if the redirection function increases the size of its routing table.
• End users are affected if malicious users send ICMP destination unreachable packets.
To prevent such problems, disable the device from sending ICMP error packets.
Configuration procedure
To enable sending ICMP error packets:
Step Command Remarks
1. Enter system view.
system-view N/A
2. Enable sending ICMP
error packets.
• Enable sending ICMP redirect
packets:
ip redirects enable
• Enable sending ICMP timeout
packets:
ip ttl-expires enable
• Enable sending ICMP destination
unreachable packets:
ip unreachables enable
Disabled by default.
When sending ICMP timeout
packets is disabled, the device
does not send "TTL timeout" ICMP
error packets. However,
"reassembly timeout" error
packets are sent correctly.