The Internet Control Message Protocol

IP is an unreliable protocol, and as such, delivery is not guaranteed to occur. In this model, if important datagrams are lost then a higher-layer protocol (such as a transport-layer protocol like TCP, or an application-layer protocol like TFTP) will eventually recognize that a problem has occurred and deal with it. As the theory goes, important data will eventually get through.

However, sometimes a problem crops up that prevents all datagrams from getting through to their destination. When these kind of non-transient errors occur, IP fails for a specific and avoidable reason, and the sender should be notified about the problem so that it can either stop sending data to that destination, or modify its behavior so that the specific problem is avoided. IP uses the Internet Control Message Protocol (ICMP) for reporting these kinds of problems.

Transient failures such as invalid checksums are generally ignored, since it is assumed that the sender will eventually notice the failure and retransmit any important data (which may be handled by TCP or by an application-specific reliability mechanism). If the data wasn't important enough for the sender to use a reliable protocol, then the sender probably doesn't care that delivery failed, and the problem can go unreported. In this model, transient errors can be safely ignored, since it is somewhat unlikely that the next packet will have the exact same problem. Eventually, the transport or application protocol in use will detect the error, and the failure itself does not indicate that there is a problem with the network at large.

Conversely, semi-permanent failures (such as invalid destination IP addresses) need to be reported to the sender immediately, since these kinds of failures represent fundamental problems with the network itself, or at least indicate that there is a problem in the way that the sender is trying to use the network. In either case, semi-permanent failures should always be reported back to the sender, thus causing it to either stop sending data to that destination, or forcing it to modify its behavior so that the specific problem is avoided.

ICMP is the protocol used to send failure messages back to a system when a semi-permanent delivery problem has been detected. This includes events such as a destination being unreachable, the IP Time-to-Live value reaching zero, and so forth. In addition, ICMP can also be used to exchange general information about the network, or for probing the network for certain characteristics. For example, the popular ping program uses ICMP messages to test basic connectivity between two devices.

ICMP Error Messages

ICMP Error Messages are used when it is necessary to report a problem that is preventing delivery from occurring. Although IP is an unreliable protocol that may fail without warning, it is important for the network to know when problems occur that will prevent delivery from ever occurring.

Destination Unreachable

A Destination Unreachable Error Message can signify any number of problems. It can mean that a router was unable to find a path to a remote system, or it can mean that a port number on the destination system is currently unavailable, or a variety of other problems.

Time Exceeded

Time Exceeded Error Messages are used to indicate that a forwarding or reassembly operation took too long to complete, and the reporting device is discarding the data.

Redirect

The Redirect Error Message is used whenever a router needs to inform a sender of a shorter path to the specified destination. This message is typically seen when users only have a single (default) route defined on a network with multiple routers, and they should be sending datagrams for a specific network to a router other than the default. If the users don't send the datagrams to the "better" router, then the default router may use Redirect Error Messages to inform the sender of the correct router to use.

Source Quench

Whenever a device is sending too much data for the destination host to process, the recipient can send an ICMP Source Quench Error Message back to the sender, suggesting the sender throttle back on the rate at which it is sending data. If the sender does not slow down, then some packets are likely be discarded by the congested device.

Parameter Problem

The Parameter Problem Error Message generally means that something is wrong with the IP datagram itself, and that the datagram is being discarded.

ICMP Query Messages

Since ICMP is a generic messaging protocol, it is also useful for determining general characteristics about the network. ICMP Query Messages provide this service, allowing systems to request information about the network in general.

ICMP queries are conversational by nature, with one system seeking information from another, and with the remote system returning the requested information. This is seen with the ping program's use of Echo Request Query Messages, which are responded to with Echo Reply Query Messages. This model is in contrast to the "one-way" nature of ICMP Error Messages, which are sent but not responded to.

Echo Request and Echo Reply

The ICMP Echo Request Query Message is a probe sent by a user to a destination system, which responds with an ICMP Echo Reply Query Message (assuming it received the original Echo Request Query Message). RFC 1122 states that "every host must implement an ICMP Echo server." Since this service is mandatory, any user should be able to send an ICMP Echo Request to any host on the Internet and receive an ICMP Echo Reply message back. However, this is not always the case, as firewalls may be blocking the packets (for security reasons), or the packets may simply fail to be delivered.

Timestamp Request and Timestamp Reply

Another pair of ICMP Query Messages that can be useful for testing the network is the Timestamp Request and Timestamp Reply Query Messages, which allow a sender to determine the amount of latency that a particular network is experiencing, bi-directionally. A message is sent with an originating timestamp, and a reply is generated with a "received" timestamp and a "returned" timestamp. The original sender can compare these fields to determine the amount of latency for each direction, as well as the amount of processor utilization on the target host.

Addres Mask Request and Address Mask Reply

RFC 792 defined a variety of host-configuration messages, allowing diskless systems to obtain IP addresses and other data during the boot process by using ICMP messages. However, the primary ICMP Query Messages used for this - the Information Request and Information Reply Query Messages - have since been deprecated and are now obsolete. The Address Mask Request and Address Mask Reply Query Messages are also somewhat obsolete, although their usage has not been deprecated as of yet.

Router Solicitation and Router Advertisement

The Router Discovery protocol consists of a Router Solicitation Query Message which is issued by hosts when they first become active on the network (sent to the all-routers multicast address of 224.0.0.2). Each router on the network should then respond to the Router Solicitation Query Messages with a unicast Router Advertisement Query Message, informing the querying device directly of the IP addresses that can be used for packet forwarding. In addition, routers will also issue unsolicited Router Advertisement messages on a periodic basis (sent to the all-hosts multicast address of 224.0.0.1), allowing hosts to change their routing tables as higher-priority routers become available, or to expire old routers if they are no longer being advertised after a certain length of time.

Written by Eric A. Hall.
Copyright © 2000 O'Reilly & Associates. Used with permission.