Cisco Challenge 9/5/2012: ICMP Fun!

NetworkVeteranNetworkVeteran Member Posts: 2,338 ■■■■■■■■□□
Your topology is as follows--

R1
R2
R3

All is at their defaults except all interfaces are "no shut" with IPs assigned, static routing has been correctly configured to achieve full connectivity, and "logging console debug" is enabled.

1. On R1's console, you enable "debug ip icmp" and then "ping 3.3.3.3" (r3's address). You do not see any outgoing ICMP messages. Why?

2. On R1's console, you enable "debug ip icmp" and then "traceroute 3.3.3.3" (r3's address). You do not see any outgoing ICMP messages. Why?

3. On R2's console, you enable "debug ip icmp". On R1's console you "ping 3.3.3.3" (r3's address). You do not see any ICMP messages on R2's console. Why?

Comments

  • vinbuckvinbuck Member Posts: 785 ■■■■□□□□□□
    Nice one...i'm digging. I had some initial thoughts but disproved them before I could even get them typed.
    Cisco was my first networking love, but my "other" router is a Mikrotik...
  • NetworkVeteranNetworkVeteran Member Posts: 2,338 ■■■■■■■■□□
    A thread yesterday got me thinking about all of the protocol's little quirks, and that a misunderstanding of them, can complicate your debugging process. :)
  • fluk3dfluk3d Member Posts: 141 ■■■□□□□□□□
    Comment removed... spoke to soon without thinking
    "Imagination is more important than knowledge." - Albert Einstein
  • networker050184networker050184 Mod Posts: 11,962 Mod
    I'd assume it has to do with the processing of the messages. An incoming packet shows as the CPU processes the packet, but outgoing packets are generated and sent on their way without CPU processing in the same way.
    An expert is a man who has made all the mistakes which can be made.
  • vinbuckvinbuck Member Posts: 785 ■■■■□□□□□□
    @networker050184

    That's what I first thought, but it seems like he is looking for something specific to the ICMP protocol, whereas if the CPU or if CEF/hardware processes a packet seems more in line with overall packet flow for all protocols.
    Cisco was my first networking love, but my "other" router is a Mikrotik...
  • MrBrianMrBrian Member Posts: 520
    Good one, we need more mind games like this everyday! As for the question, I know ICMP pretty well, but don't really ever use the "debug ip icmp" very often so not familiar with its output. Maybe I'll lab a little lol
    Currently reading: Internet Routing Architectures by Halabi
  • kalebkspkalebksp Member Posts: 1,033 ■■■■■□□□□□
    Particularly curious since outgoing IPv6 echo requests are logged with "ipv6 icmp debug".
  • DPGDPG Member Posts: 780 ■■■■■□□□□□
    It has something to do with the ping command itself. It isn't part of IOS. I can't really figure out how to explain this.

    Also, +1 for this post. It is a nice change from the usual blog-spam.
  • ZartanasaurusZartanasaurus Member Posts: 2,008 ■■■■■■■■■□
    Your topology is as follows--

    R1
    R2
    R3

    All is at their defaults except all interfaces are "no shut" with IPs assigned, static routing has been correctly configured to achieve full connectivity, and "logging console debug" is enabled.

    1. On R1's console, you enable "debug ip icmp" and then "ping 3.3.3.3" (r3's address). You do not see any outgoing ICMP messages. Why?

    2. On R1's console, you enable "debug ip icmp" and then "traceroute 3.3.3.3" (r3's address). You do not see any outgoing ICMP messages. Why?

    3. On R2's console, you enable "debug ip icmp". On R1's console you "ping 3.3.3.3" (r3's address). You do not see any ICMP messages on R2's console. Why?
    2) You wouldn't see anything with debug ip icmp outgoing since a UDP packet is sent for traceroute, not ICMP (as opposed to Windows which sends ICMP for tracert).

    I don't have any real educated guesses on #1 and #3. I thought #3 was because of CEF/fast-switching, but even disabling it doesn't show the transit ICMP traffic. It will show up under debug ip packet though. It must be some quirk in how debug ip icmp is programmed. I'm guessing it was designed to only show ICMP traffic destined for the router and if you want to see all of the traffic, you use debug ip packet.

    ETA: A quick google search reveals the answer to #1 and #3. Interesting. I was close.
    Currently reading:
    IPSec VPN Design 44%
    Mastering VMWare vSphere 5​ 42.8%
  • NetworkVeteranNetworkVeteran Member Posts: 2,338 ■■■■■■■■□□
    Good answers and effort everyone. :)

    1. "debug ip icmp" doesn't show echo (type 8 ICMP messages, which is the outgoing message type when you run the IOS ping command. To observe these, you may run "debug ip packet detail" combined with an extended ACL that matches the ICMP protocol. "debug ip icmp" shows most other message types--echo-reply, time-exceeded, redirect, unreachable, etc.

    2. The IOS traceroute command relies on incoming ICMP time-exceeded messages, but what it actually sends in the outbound direction are UDP messages. This has bitten me when I believed I was classifying outbound traceroute traffic with an ACL matching ICMP.

    3. "debug ip icmp" and "debug ip packet" only show process-switched packets! To see transit packets on R2, disable CEF (no ip cef) and Fast Switching (no ip route-cache). Note: These operations are not recommended unless the implications in terms of feature-support (mpls, qos, etc.) are understood and the device load is low enough to permit this.
  • MickQMickQ Member Posts: 628 ■■■■□□□□□□
    Great stuff to know. Keep this up!
Sign In or Register to comment.